/// <summary> /// Secret key operation. Signs biHash with the keydata /// in the given secret key packet. /// </summary> /// <param name="biHash">The hash value of a message that is about to /// be signed</param> /// <param name="skpKey">The secret key packet with the key /// material for the signature</param> /// <param name="strPassphrase">The passphrase for the /// keymaterial</param> /// <returns>The signed hash as array of biginteger. Only return[0] /// contains a value: the signed hash.</returns> /// <remarks>No remarks</remarks> public override BigInteger[] Sign(BigInteger biHash, SecretKeyPacket skpKey, string strPassphase) { DSA_Secret_Key dskKey = new DSA_Secret_Key(); dskKey = ParseSecretKey(skpKey, strPassphase); //check if the key has been mangled with if (!CheckKey(dskKey)) throw(new Exception("This key does not fullfill the requirements of a valid DSA key. Please check if someone messed with your keys!")); //if (biHash == null) // throw new ArgumentNullException(); // (a) Select a random secret integer k; 0 < k < q. BigInteger k = new BigInteger(); k = BigInteger.genRandom(160); while (k >= dskKey.q) k = BigInteger.genRandom(160); // (b) Compute r = ( k mod p) mod q BigInteger r = (dskKey.g.modPow (k, dskKey.p)) % dskKey.q; // (c) Compute k -1 mod q (e.g., using Algorithm 2.142). // (d) Compute s = k -1 fh(m) +arg mod q. BigInteger s = (k.modInverse (dskKey.q) * (biHash + dskKey.x * r)) % dskKey.q; BigInteger[] biReturn = new BigInteger[2]; biReturn[0] = r; biReturn[1] = s; return biReturn; }
/// <summary> /// Creates a new RSA secret key and returns it as a /// 2 dimensional array of biginteger. return[0] holds /// the public values of the key and return[1] all the /// secret values. /// </summary> /// <remarks> /// Creates a new RSA secret key and returns it as a /// 2 dimensional array of biginteger. return[0] holds /// the public values of the key and return[1] all the /// secret values.<br></br> /// The order of the public components is n, e. /// The order of the secret components is d, p, /// q and u. /// </remarks> /// <param name="nbits">The size of the key in bits.</param> /// <returns>A new RSA secret key as a /// 2 dimensional array of biginteger. return[0] holds /// the public values of the key and return[1] all the /// secret values.<br></br> /// The order of the public components is n, e. /// The order of the secret components is d, p, /// q and u.</returns> /// <exception cref="System.ArgumentException">Throws an /// Argumentexception if the keysize is not between 768 /// and 4096 bits.</exception> public override BigInteger[][] Generate(int nbits) { BigInteger p, q; /* the two primes */ BigInteger d; /* the private key */ BigInteger u; BigInteger t1, t2; BigInteger n = new BigInteger(); /* the public key */ BigInteger e; /* the exponent */ BigInteger phi; /* helper: (p-1)(q-1) */ BigInteger g; BigInteger f; Random rand = new Random(); if ((nbits < 768) || (nbits > 4096)) throw new ArgumentException("Only keysizes betwen 768 and 4096 bit are allowed!"); /* make sure that nbits is even so that we generate p, q of equal size */ if ( (nbits&1)==1 ) nbits++; do { /* select two (very secret) primes */ p = new BigInteger(); q = new BigInteger(); p = BigInteger.genPseudoPrime(nbits / 2); q = BigInteger.genPseudoPrime(nbits / 2); /* p shall be smaller than q (for calc of u)*/ if (q > p) { BigInteger tmp = p; p = q; q = tmp; } /* calculate the modulus */ n = p * q; } while ( n.bitCount() != nbits ); /* calculate Euler totient: phi = (p-1)(q-1) */ t1 = p - new BigInteger(1); t2 = q - new BigInteger(1); phi = t1 * t2; g = t1.gcd(t2); f = phi / g; /* find an public exponent. We use 41 as this is quite fast and more secure than the commonly used 17. */ e = new BigInteger(41); t1 = e.gcd(phi); if( t1 != new BigInteger(1) ) { e = new BigInteger(257); t1 = e.gcd(phi); if( t1 != new BigInteger(1) ) { e = new BigInteger(65537); t1 = e.gcd(phi); /* (while gcd is not 1) */ while( t1 != new BigInteger(1) ) { e += 2; t1 = e.gcd(phi); } } } /* calculate the secret key d = e^1 mod phi */ d = e.modInverse(f); /* calculate the inverse of p and q (used for chinese remainder theorem)*/ u = p.modInverse(q); RSA_Secret_Key sk = new RSA_Secret_Key(); sk.n = n; sk.e = e; sk.p = p; sk.q = q; sk.d = d; sk.u = u; this.biGeneratedKey = ParseSecretKey(sk); return this.biGeneratedKey; /* now we can test our keys (this should never fail!) */ // test_keys( sk, nbits - 64 ); }