public static AsymmetricCipherKeyPair GetDsaKeyPair(DSA dsa) { return(GetDsaKeyPair(dsa.ExportParameters(true))); }
public void ImportKeyNode() { string keyName = "Mono::"; string dsaP = "rjxsMU368YOCTQejWkiuO9e/vUVwkLtq1jKiU3TtJ53hBJqjFRuTa228vZe+BH2su9RPn/vYFWfQDv6zgBYe3eNdu4Afw+Ny0FatX6dl3E77Ra6Tsd3MmLXBiGSQ1mMNd5G2XQGpbt9zsGlUaexXekeMLxIufgfZLwYp67M+2WM="; string dsaQ = "tf0K9rMyvUrU4cIkwbCrDRhQAJk="; string dsaG = "S8Z+1pGCed00w6DtVcqZLKjfqlCJ7JsugEFIgSy/Vxtu9YGCMclV4ijGEbPo/jU8YOSMuD7E9M7UaopMRcmKQjoKZzoJjkgVFP48Ohxl1f08lERnButsxanx3+OstFwUGQ8XNaGg3KrIoZt1FUnfxN3RHHTvVhjzNSHxMGULGaU="; string dsaY = "LnrxxRGLYeV2XLtK3SYz8RQHlHFZYrtznDZyMotuRfO5uC5YODhSFyLXvb1qB3WeGtF4h3Eo4KzHgMgfN2ZMlffxFRhJgTtH3ctbL8lfQoDkjeiPPnYGhspdJxr0tyZmiy0gkjJG3vwHYrLnvZWx9Wm/unqiOlGBPNuxJ+hOeP8="; string dsaJ = "9RhE5TycDtdEIXxS3HfxFyXYgpy81zY5lVjwD6E9JP37MWEi80BlX6ab1YPm6xYSEoqReMPP9RgGiW6DuACpgI7+8vgCr4i/7VhzModJAA56PwvTu6UMt9xxKU/fT672v8ucREkMWoc7lEey"; string dsaSeed = "HxW3N4RHWVgqDQKuGg7iJTUTiCs="; string dsaPgenCounter = "Asw="; string rsaModulus = "9DC4XNdQJwMRnz5pP2a6U51MHCODRilaIoVXqUPhCUb0lJdGroeqVYT84ZyIVrcarzD7Tqs3aEOIa3rKox0N1bxQpZPqayVQeLAkjLLtzJW/ScRJx3uEDJdgT1JnM1FH0GZTinmEdCUXdLc7+Y/c/qqIkTfbwHbRZjW0bBJyExM="; string rsaExponent = "AQAB"; string x509cert = "MIICHTCCAYYCARQwDQYJKoZIhvcNAQEEBQAwWDELMAkGA1UEBhMCQ0ExHzAdBgNVBAMTFktleXdpdG5lc3MgQ2FuYWRhIEluYy4xKDAmBgorBgEEASoCCwIBExhrZXl3aXRuZXNzQGtleXdpdG5lc3MuY2EwHhcNOTYwNTA3MDAwMDAwWhcNOTkwNTA3MDAwMDAwWjBYMQswCQYDVQQGEwJDQTEfMB0GA1UEAxMWS2V5d2l0bmVzcyBDYW5hZGEgSW5jLjEoMCYGCisGAQQBKgILAgETGGtleXdpdG5lc3NAa2V5d2l0bmVzcy5jYTCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEAzSP6KuHtmPTp0JM+13qAAkzMwQKvXLYff/pXQm8w0SDFtSEHQCyphsLzZISuPYUu7YW9VLAYKO9q+BvnCxYfkyVPx/iOw7nKmIQOVdAv73h3xXIoX2C/GSvRcqK32D/glzRaAb0EnMh4Rc2TjRXydhARq7hbLp5S3YE+nGTIKZMCAQMwDQYJKoZIhvcNAQEEBQADgYEAMho1ur9DJ9a01Lh25eObTWzAhsl3NbprFi0TRkqwMlOhW1rpmeIMhogXTg3+gqxOR+/7/zms7jXI+lI3CkmtWa3iiqkcxl8f+G9zfs2gMegMvvVN2bKrihK2MHhoEXwN8UlNo/2y6f8d8JH6VIX/M5Dowb+km6RiRr1hElmYQYk="; string retrievalElementUri = @"http://www.go-mono.org/"; string value = $@"<KeyInfo xmlns=""http://www.w3.org/2000/09/xmldsig#""> <KeyName>{keyName}</KeyName> <KeyValue xmlns=""http://www.w3.org/2000/09/xmldsig#""> <DSAKeyValue> <P>{dsaP}</P> <Q>{dsaQ}</Q> <G>{dsaG}</G> <Y>{dsaY}</Y> <J>{dsaJ}</J> <Seed>{dsaSeed}</Seed> <PgenCounter>{dsaPgenCounter}</PgenCounter> </DSAKeyValue> </KeyValue> <KeyValue xmlns=""http://www.w3.org/2000/09/xmldsig#""> <RSAKeyValue> <Modulus>{rsaModulus}</Modulus> <Exponent>{rsaExponent}</Exponent> </RSAKeyValue> </KeyValue> <RetrievalElement URI=""{retrievalElementUri}"" /> <X509Data xmlns=""http://www.w3.org/2000/09/xmldsig#""> <X509Certificate>{x509cert}</X509Certificate> </X509Data> </KeyInfo>"; XmlDocument doc = new XmlDocument(); doc.LoadXml(value); info.LoadXml(doc.DocumentElement); Assert.Equal(5, info.Count); int i = 0; int pathsCovered = 0; foreach (var clause in info) { i++; if (clause is KeyInfoName) { pathsCovered |= 1 << 0; var name = clause as KeyInfoName; Assert.Equal(keyName, name.Value); } else if (clause is DSAKeyValue) { pathsCovered |= 1 << 1; var dsaKV = clause as DSAKeyValue; DSA dsaKey = dsaKV.Key; DSAParameters dsaParams = dsaKey.ExportParameters(false); Assert.Equal(Convert.FromBase64String(dsaP), dsaParams.P); Assert.Equal(Convert.FromBase64String(dsaQ), dsaParams.Q); Assert.Equal(Convert.FromBase64String(dsaG), dsaParams.G); Assert.Equal(Convert.FromBase64String(dsaY), dsaParams.Y); // J is an optimization it should either be null or correct value if (dsaParams.J != null) { Assert.Equal(Convert.FromBase64String(dsaJ), dsaParams.J); } // Seed and Counter are not guaranteed to roundtrip // they should either both be non-null or both null if (dsaParams.Seed != null) { Assert.Equal(Convert.FromBase64String(dsaSeed), dsaParams.Seed); byte[] counter = Convert.FromBase64String(dsaPgenCounter); Assert.InRange(counter.Length, 1, 4); int counterVal = 0; for (int j = 0; j < counter.Length; j++) { counterVal <<= 8; counterVal |= counter[j]; } Assert.Equal(counterVal, dsaParams.Counter); } else { Assert.Null(dsaParams.Seed); Assert.Equal(default(int), dsaParams.Counter); } } else if (clause is RSAKeyValue) { pathsCovered |= 1 << 2; var rsaKV = clause as RSAKeyValue; RSA rsaKey = rsaKV.Key; RSAParameters rsaParameters = rsaKey.ExportParameters(false); Assert.Equal(Convert.FromBase64String(rsaModulus), rsaParameters.Modulus); Assert.Equal(Convert.FromBase64String(rsaExponent), rsaParameters.Exponent); } else if (clause is KeyInfoNode) { pathsCovered |= 1 << 3; var keyInfo = clause as KeyInfoNode; XmlElement keyInfoEl = keyInfo.GetXml(); Assert.Equal("RetrievalElement", keyInfoEl.LocalName); Assert.Equal("http://www.w3.org/2000/09/xmldsig#", keyInfoEl.NamespaceURI); Assert.Equal(1, keyInfoEl.Attributes.Count); Assert.Equal("URI", keyInfoEl.Attributes[0].Name); Assert.Equal(retrievalElementUri, keyInfoEl.GetAttribute("URI")); } else if (clause is KeyInfoX509Data) { pathsCovered |= 1 << 4; var x509data = clause as KeyInfoX509Data; Assert.Equal(1, x509data.Certificates.Count); X509Certificate cert = x509data.Certificates[0] as X509Certificate; Assert.NotNull(cert); Assert.Equal(Convert.FromBase64String(x509cert), cert.GetRawCertData()); } else { Assert.True(false, $"Unexpected clause type: {clause.GetType().FullName}"); } } // 0x1f = b11111, number of ones = 5 Assert.Equal(0x1f, pathsCovered); Assert.Equal(5, i); }
public static DsaPublicKeyParameters GetDsaPublicKey(DSA dsa) { return(DotNetUtilities.GetDsaPublicKey(dsa.ExportParameters(false))); }
public void ExchangeDSAKey() { DSA dsa = DSA.Create(); AsymmetricKeyExchangeDeformatter keyex = new RSAPKCS1KeyExchangeDeformatter(dsa); }
static public DSA FromCapiPublicKeyBlobDSA(byte[] blob, int offset) { if (blob == null) { throw new ArgumentNullException("blob"); } if (offset >= blob.Length) { throw new ArgumentException("blob is too small."); } try { if ((blob [offset] != 0x06) || // PUBLICKEYBLOB (0x06) (blob [offset + 1] != 0x02) || // Version (0x02) (blob [offset + 2] != 0x00) || // Reserved (word) (blob [offset + 3] != 0x00) || (ToUInt32LE(blob, offset + 8) != 0x31535344)) // DWORD magic { throw new CryptographicException("Invalid blob header"); } int bitlen = ToInt32LE(blob, offset + 12); DSAParameters dsap = new DSAParameters(); int bytelen = bitlen >> 3; int pos = offset + 16; dsap.P = new byte [bytelen]; Buffer.BlockCopy(blob, pos, dsap.P, 0, bytelen); Array.Reverse(dsap.P); pos += bytelen; dsap.Q = new byte [20]; Buffer.BlockCopy(blob, pos, dsap.Q, 0, 20); Array.Reverse(dsap.Q); pos += 20; dsap.G = new byte [bytelen]; Buffer.BlockCopy(blob, pos, dsap.G, 0, bytelen); Array.Reverse(dsap.G); pos += bytelen; dsap.Y = new byte [bytelen]; Buffer.BlockCopy(blob, pos, dsap.Y, 0, bytelen); Array.Reverse(dsap.Y); pos += bytelen; dsap.Counter = ToInt32LE(blob, pos); pos += 4; dsap.Seed = new byte [20]; Buffer.BlockCopy(blob, pos, dsap.Seed, 0, 20); Array.Reverse(dsap.Seed); pos += 20; DSA dsa = (DSA)DSA.Create(); dsa.ImportParameters(dsap); return(dsa); } catch (Exception e) { throw new CryptographicException("Invalid blob.", e); } }
public override bool VerifyData(DSA dsa, byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm) => dsa.VerifyData(data, signature, hashAlgorithm);
public override bool VerifyData(DSA dsa, byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm) => dsa.VerifyData(new MemoryStream(data), signature, hashAlgorithm);
public static X509Certificate2 CopyWithPrivateKey(this X509Certificate2 certificate, DSA privateKey) { if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } if (privateKey == null) { throw new ArgumentNullException(nameof(privateKey)); } throw new NotImplementedException(); }
public override AsymmetricSignatureDeformatter GetSignatureDeformatter(string algorithm) { // We support one of the two algoritms, but not both. // XmlDsigDSAUrl = "http://www.w3.org/2000/09/xmldsig#dsa-sha1"; // XmlDsigRSASHA1Url = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; if (string.IsNullOrEmpty(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(algorithm, SR.Format(SR.EmptyOrNullArgumentString, nameof(algorithm))); } object algorithmObject = CryptoHelper.GetAlgorithmFromConfig(algorithm); if (algorithmObject != null) { SignatureDescription description = algorithmObject as SignatureDescription; if (description != null) { return(description.CreateDeformatter(PublicKey)); } try { AsymmetricSignatureDeformatter asymmetricSignatureDeformatter = algorithmObject as AsymmetricSignatureDeformatter; if (asymmetricSignatureDeformatter != null) { asymmetricSignatureDeformatter.SetKey(PublicKey); return(asymmetricSignatureDeformatter); } } catch (InvalidCastException e) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.AlgorithmAndPublicKeyMisMatch, e)); } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.Format(SR.UnsupportedAlgorithmForCryptoOperation, algorithm, nameof(GetSignatureDeformatter)))); } switch (algorithm) { case SignedXml.XmlDsigDSAUrl: // Ensure that we have a DSA algorithm object. DSA dsa = (PublicKey as DSA); if (dsa == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException("PublicKeyNotDSA")); } return(new DSASignatureDeformatter(dsa)); case SignedXml.XmlDsigRSASHA1Url: case SecurityAlgorithms.RsaSha256Signature: // Ensure that we have an RSA algorithm object. RSA rsa = (PublicKey as RSA); if (rsa == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.PublicKeyNotRSA)); } return(new RSAPKCS1SignatureDeformatter(rsa)); default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.UnsupportedCryptoAlgorithm, algorithm))); } }
private Renci.SshNet.SftpClient _getSFtpClientWithCertificate() { #if NETSTANDARD2_0 || NET472 throw new NotSupportedException($"ClientCertificate does not support X509 Certificate in NETCORE2.0 nor NET472"); #else var connInfo = _getConnectionInfo(); var cert = FtpConfig.ClientCertificate; string keyExchangeAlgorithm = null; byte[] privateKeyBytes = null; string privateKeyPemString; bool isKeyNull = false; switch (cert.PublicKey.Oid.Value) { case _rsa: { using RSA rsaKey = cert.GetRSAPrivateKey(); keyExchangeAlgorithm = rsaKey.KeyExchangeAlgorithm; if (rsaKey != null) { privateKeyBytes = rsaKey.ExportRSAPrivateKey(); } else { isKeyNull = true; } break; } case _dsa: { using DSA dsaKey = cert.GetDSAPrivateKey(); keyExchangeAlgorithm = dsaKey.KeyExchangeAlgorithm; if (dsaKey != null) { privateKeyBytes = dsaKey.ExportPkcs8PrivateKey(); } else { isKeyNull = true; } break; } case _ecdsa: { using ECDsa ecdsaKey = cert.GetECDsaPrivateKey(); keyExchangeAlgorithm = ecdsaKey.KeyExchangeAlgorithm; if (ecdsaKey != null) { privateKeyBytes = ecdsaKey.ExportPkcs8PrivateKey(); } else { isKeyNull = true; } break; } default: throw new NotSupportedException($"ClientCertificate does not support the given algorithm {cert.PublicKey.Oid.FriendlyName}"); } if (isKeyNull) { throw new ArgumentNullException($"ClientCertificate has a null Key"); } #if NET5_0_OR_GREATER var privateKeyPem = PemEncoding.Write($"{keyExchangeAlgorithm} PRIVATE KEY", privateKeyBytes); privateKeyPemString = new string(privateKeyPem); #else var builder = new StringBuilder(); builder.AppendLine($"-----BEGIN {keyExchangeAlgorithm} PRIVATE KEY-----"); builder.AppendLine( Convert.ToBase64String(privateKeyBytes, Base64FormattingOptions.InsertLineBreaks)); builder.AppendLine($"-----END {keyExchangeAlgorithm} PRIVATE KEY-----"); privateKeyPemString = builder.ToString(); #endif var byteArray = Encoding.UTF8.GetBytes(privateKeyPemString); using var ms = new MemoryStream(byteArray); using var privateKeyFile = new PrivateKeyFile(ms); return(new Renci.SshNet.SftpClient(connInfo.Host, connInfo.Username, new PrivateKeyFile[] { privateKeyFile }) { KeepAliveInterval = _keepAliveInterval, OperationTimeout = _operationTimeout, }); #endif }
public void FixtureSetUp() { // key generation is VERY long so one time is enough dsa = DSA.Create(); rsa = RSA.Create(); }
public static void hogehoge(string[] args) { try { #region Variables #region Env // https://github.com/dotnet/corefx/issues/29404#issuecomment-385287947 // *.pfxから証明書を開く場合、X509KeyStorageFlags.Exportableの指定が必要な場合がある。 // Linuxのキーは常にエクスポート可能だが、WindowsやMacOSでは必ずしもそうではない。 X509KeyStorageFlags x509KSF = 0; x509KSF = X509KeyStorageFlags.DefaultKeySet; #endregion #region Token string token = ""; IDictionary <string, object> headers = null; IDictionary <string, object> payload = null; payload = new Dictionary <string, object>() { { "sub", "*****@*****.**" }, { "exp", 1300819380 } }; #endregion #region Keys string jwk = ""; byte[] secretKey = null; byte[] x = null; byte[] y = null; byte[] d = null; string privateX509Path = ""; string publicX509Path = ""; X509Certificate2 publicX509Key = null; X509Certificate2 privateX509Key = null; RSA rsa = null; //DSA dsa = null; CngKey publicKeyOfCng = null; //CngKey privateKeyOfCng = null; ECParameters eCParameters = new ECParameters(); #endregion #region DigitalSign byte[] data = CustomEncode.StringToByte("hogehoge", CustomEncode.UTF_8); byte[] sign = null; #endregion #endregion #region Test of the X.509 Certificates #region RSA privateX509Path = @"SHA256RSA.pfx"; publicX509Path = @"SHA256RSA.cer"; privateX509Key = new X509Certificate2(privateX509Path, "test", x509KSF); publicX509Key = new X509Certificate2(publicX509Path, "", x509KSF); WriteLine.InspectPrivateX509Key("RSA", privateX509Key); WriteLine.InspectPublicX509Key("RSA", publicX509Key); #endregion #region DSA // https://github.com/dotnet/corefx/issues/18733#issuecomment-296723615 privateX509Path = @"SHA256DSA.pfx"; publicX509Path = @"SHA256DSA.cer"; privateX509Key = new X509Certificate2(privateX509Path, "test"); publicX509Key = new X509Certificate2(publicX509Path, ""); WriteLine.InspectPrivateX509Key("DSA", privateX509Key); WriteLine.InspectPublicX509Key("DSA", publicX509Key); DSA privateDSA = privateX509Key.GetDSAPrivateKey(); WriteLine.OutPutDebugAndConsole("privateDSA", (privateDSA == null ? "is null" : "is not null")); //DSA publicDSA = null; // publicX509Key.GetDSAPublicKey(); // Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException #endregion #region ECDsa // https://github.com/dotnet/corefx/issues/18733#issuecomment-296723615 privateX509Path = @"SHA256ECDSA.pfx"; publicX509Path = @"SHA256ECDSA.cer"; privateX509Key = new X509Certificate2(privateX509Path, "test"); publicX509Key = new X509Certificate2(publicX509Path, ""); WriteLine.InspectPrivateX509Key("ECDsa", privateX509Key); WriteLine.InspectPublicX509Key("ECDsa", publicX509Key); ECDsa privateECDsa = privateX509Key.GetECDsaPrivateKey(); WriteLine.OutPutDebugAndConsole("privateECDsa", (privateECDsa == null ? "is null" : "is not null")); ECDsa publicECDsa = publicX509Key.GetECDsaPublicKey(); WriteLine.OutPutDebugAndConsole("publicECDsa", (publicECDsa == null ? "is null" : "is not null")); #endregion #endregion WriteLine.OutPutDebugAndConsole("----------------------------------------------------------------------------------------------------"); #region Test of the OpenTouryo.Public.Security. DigitalSignParam dsParam = null; DigitalSignXML dsXML = null; DigitalSignX509 dsX509 = null; #region RSA dsParam = new DigitalSignParam(EnumDigitalSignAlgorithm.RsaOpenSsl_SHA256); sign = dsParam.Sign(data); WriteLine.OutPutDebugAndConsole("DigitalSignParam.Verify(RS256)", dsParam.Verify(data, sign).ToString()); dsXML = new DigitalSignXML(EnumDigitalSignAlgorithm.RsaOpenSsl_SHA256); sign = dsXML.Sign(data); WriteLine.OutPutDebugAndConsole("DigitalSignXML.Verify(RS256)", dsXML.Verify(data, sign).ToString()); dsX509 = new DigitalSignX509(@"SHA256RSA.pfx", "test", "SHA256"); sign = dsX509.Sign(data); WriteLine.OutPutDebugAndConsole("DigitalSignX509.Verify(RSA)", dsX509.Verify(data, sign).ToString()); // 鍵の相互変換 jwk = RsaPublicKeyConverter.ParamToJwk( ((RSA)dsX509.AsymmetricAlgorithm).ExportParameters(false)); WriteLine.OutPutDebugAndConsole("RSA JWK", jwk); dsParam = new DigitalSignParam( RsaPublicKeyConverter.JwkToParam(jwk), EnumDigitalSignAlgorithm.RsaCSP_SHA256); WriteLine.OutPutDebugAndConsole("DigitalSignX509.Verify(RSA JWK)", dsParam.Verify(data, sign).ToString()); #endregion #region DSA dsParam = new DigitalSignParam(EnumDigitalSignAlgorithm.DsaOpenSsl_SHA1); sign = dsParam.Sign(data); WriteLine.OutPutDebugAndConsole( "DigitalSignParam.Verify(DS1)", dsParam.Verify(data, sign).ToString()); dsXML = new DigitalSignXML(EnumDigitalSignAlgorithm.DsaOpenSsl_SHA1); sign = dsXML.Sign(data); WriteLine.OutPutDebugAndConsole( "DigitalSignXML.Verify(DS1)", dsXML.Verify(data, sign).ToString()); dsX509 = new DigitalSignX509(@"SHA256DSA.pfx", "test", "SHA256"); sign = dsX509.Sign(data); WriteLine.OutPutDebugAndConsole( "DigitalSignX509.Verify(DSA)", dsX509.Verify(data, sign).ToString()); #endregion #region ECDSA // .NET Core on Linux DigitalSignECDsaX509 ecDsX509 = new DigitalSignECDsaX509( @"SHA256ECDSA.pfx", "test", HashAlgorithmName.SHA256); sign = ecDsX509.Sign(data); WriteLine.OutPutDebugAndConsole( "DigitalSignX509.Verify(ECDSA)", ecDsX509.Verify(data, sign).ToString()); token = ""; token = JWT.Encode(payload, ((ECDsa)ecDsX509.AsymmetricAlgorithm), JwsAlgorithm.ES256); // 鍵の相互変換 jwk = EccPublicKeyConverter.ParamToJwk( ((ECDsa)ecDsX509.AsymmetricAlgorithm).ExportParameters(false)); WriteLine.OutPutDebugAndConsole("ECDSA JWK", jwk); DigitalSignECDsaOpenSsl ecDsParam = new DigitalSignECDsaOpenSsl( EccPublicKeyConverter.JwkToParam(jwk), HashAlgorithmCmnFunc.GetHashAlgorithmFromNameString(HashNameConst.SHA256)); WriteLine.OutPutDebugAndConsole( "DigitalSignX509.Verify(ECDSA JWK)", ecDsParam.Verify(data, sign).ToString()); Program.VerifyResult("JwsAlgorithm.ES256", token, ecDsParam.AsymmetricAlgorithm); #endregion #endregion WriteLine.OutPutDebugAndConsole("----------------------------------------------------------------------------------------------------"); #region Test of the jose-jwt #region JWT #region Unsecured JWT // Creating Plaintext (unprotected) Tokens // https://github.com/dvsekhvalnov/jose-jwt#creating-plaintext-unprotected-tokens token = ""; token = JWT.Encode(payload, null, JwsAlgorithm.none); WriteLine.OutPutDebugAndConsole("JwsAlgorithm.none", token); #endregion #region JWS (Creating signed Tokens) // https://github.com/dvsekhvalnov/jose-jwt#creating-signed-tokens #region HS-* family // HS256, HS384, HS512 // https://github.com/dvsekhvalnov/jose-jwt#hs--family secretKey = new byte[] { 164, 60, 194, 0, 161, 189, 41, 38, 130, 89, 141, 164, 45, 170, 159, 209, 69, 137, 243, 216, 191, 131, 47, 250, 32, 107, 231, 117, 37, 158, 225, 234 }; token = ""; token = JWT.Encode(payload, secretKey, JwsAlgorithm.HS256); Program.VerifyResult("JwsAlgorithm.HS256", token, secretKey); #endregion #region RS-* and PS-* family // RS256, RS384, RS512 and PS256, PS384, PS512 // https://github.com/dvsekhvalnov/jose-jwt#rs--and-ps--family // X509Certificate2 x509Certificate2 = new X509Certificate2(); privateX509Path = @"SHA256RSA.pfx"; publicX509Path = @"SHA256RSA.cer"; privateX509Key = new X509Certificate2(privateX509Path, "test", x509KSF); publicX509Key = new X509Certificate2(publicX509Path, "", x509KSF); token = ""; rsa = (RSA)privateX509Key.PrivateKey; token = JWT.Encode(payload, rsa, JwsAlgorithm.RS256); Program.VerifyResult("JwsAlgorithm.RS256", token, rsa); #endregion #region ES- * family // ES256, ES384, ES512 ECDSA signatures // https://github.com/dvsekhvalnov/jose-jwt#es---family x = new byte[] { 4, 114, 29, 223, 58, 3, 191, 170, 67, 128, 229, 33, 242, 178, 157, 150, 133, 25, 209, 139, 166, 69, 55, 26, 84, 48, 169, 165, 67, 232, 98, 9 }; y = new byte[] { 131, 116, 8, 14, 22, 150, 18, 75, 24, 181, 159, 78, 90, 51, 71, 159, 214, 186, 250, 47, 207, 246, 142, 127, 54, 183, 72, 72, 253, 21, 88, 53 }; d = new byte[] { 42, 148, 231, 48, 225, 196, 166, 201, 23, 190, 229, 199, 20, 39, 226, 70, 209, 148, 29, 70, 125, 14, 174, 66, 9, 198, 80, 251, 95, 107, 98, 206 }; eCParameters = new ECParameters(); // Curve eCParameters.Curve = EccPublicKeyConverter.GetECCurveFromCrvString( EccPublicKeyConverter.GetCrvStringFromXCoordinate(x)); // x, y, d eCParameters.Q.X = x; eCParameters.Q.Y = y; eCParameters.D = d; ECDsaOpenSsl eCDsaOpenSsl = new ECDsaOpenSsl(eCParameters.Curve); eCDsaOpenSsl.ImportParameters(eCParameters); token = ""; token = JWT.Encode(payload, eCDsaOpenSsl, JwsAlgorithm.ES256); Program.VerifyResult("JwsAlgorithm.ES256", token, eCDsaOpenSsl); try { privateX509Path = @"SHA256ECDSA.pfx"; publicX509Path = @"SHA256ECDSA.cer"; privateX509Key = new X509Certificate2(privateX509Path, "test"); publicX509Key = new X509Certificate2(publicX509Path, ""); // ECCurveを分析してみる。 ECCurve eCCurve = ((ECDsaOpenSsl)privateX509Key.GetECDsaPrivateKey()).ExportExplicitParameters(true).Curve; WriteLine.OutPutDebugAndConsole("Inspect ECCurve", ObjectInspector.Inspect(eCCurve)); token = ""; token = JWT.Encode(payload, privateX509Key.GetECDsaPrivateKey(), JwsAlgorithm.ES256); Program.VerifyResult("JwsAlgorithm.ES256", token, publicX509Key.GetECDsaPublicKey()); } catch (Exception ex) { WriteLine.OutPutDebugAndConsole("JwsAlgorithm.ES256", ex.GetType().ToString() + ", " + ex.Message); } #endregion #endregion #region JWE (Creating encrypted Tokens) // https://github.com/dvsekhvalnov/jose-jwt#creating-encrypted-tokens #region RSA-* key management family of algorithms // RSA-OAEP-256, RSA-OAEP and RSA1_5 key // https://github.com/dvsekhvalnov/jose-jwt#rsa--key-management-family-of-algorithms privateX509Path = @"SHA256RSA.pfx"; publicX509Path = @"SHA256RSA.cer"; privateX509Key = new X509Certificate2(privateX509Path, "test", x509KSF); publicX509Key = new X509Certificate2(publicX509Path, "", x509KSF); // RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256 token = ""; token = JWT.Encode(payload, publicX509Key.PublicKey.Key, JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256); Program.VerifyResult("JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256", token, privateX509Key.PrivateKey); // RSAES-OAEP and AES GCM try { token = ""; token = JWT.Encode(payload, publicX509Key.PublicKey.Key, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM); Program.VerifyResult("JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM", token, privateX509Key.PrivateKey); } catch (Exception ex) { // Unhandled Exception: System.DllNotFoundException: Unable to load DLL 'bcrypt.dll' at ubunntu WriteLine.OutPutDebugAndConsole("JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM", ex.GetType().ToString() + ", " + ex.Message); } #endregion #region Other key management family of algorithms secretKey = new byte[] { 164, 60, 194, 0, 161, 189, 41, 38, 130, 89, 141, 164, 45, 170, 159, 209, 69, 137, 243, 216, 191, 131, 47, 250, 32, 107, 231, 117, 37, 158, 225, 234 }; #region DIR direct pre-shared symmetric key family of algorithms // https://github.com/dvsekhvalnov/jose-jwt#dir-direct-pre-shared-symmetric-key-family-of-algorithms token = ""; token = JWT.Encode(payload, secretKey, JweAlgorithm.DIR, JweEncryption.A128CBC_HS256); Program.VerifyResult("JweAlgorithm.DIR, JweEncryption.A128CBC_HS256", token, secretKey); #endregion #region AES Key Wrap key management family of algorithms // AES128KW, AES192KW and AES256KW key management // https://github.com/dvsekhvalnov/jose-jwt#aes-key-wrap-key-management-family-of-algorithms token = ""; token = JWT.Encode(payload, secretKey, JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512); Program.VerifyResult("JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512", token, secretKey); #endregion #region AES GCM Key Wrap key management family of algorithms // AES128GCMKW, AES192GCMKW and AES256GCMKW key management // https://github.com/dvsekhvalnov/jose-jwt#aes-gcm-key-wrap-key-management-family-of-algorithms try { token = ""; token = JWT.Encode(payload, secretKey, JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512); Program.VerifyResult("JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512", token, secretKey); } catch (Exception ex) { // Unhandled Exception: System.DllNotFoundException: Unable to load DLL 'bcrypt.dll' at ubunntu WriteLine.OutPutDebugAndConsole("JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512", ex.GetType().ToString() + ", " + ex.Message); } #endregion #region ECDH-ES and ECDH-ES with AES Key Wrap key management family of algorithms // ECDH-ES and ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW key management // https://github.com/dvsekhvalnov/jose-jwt#ecdh-es-and-ecdh-es-with-aes-key-wrap-key-management-family-of-algorithms try { x = new byte[] { 4, 114, 29, 223, 58, 3, 191, 170, 67, 128, 229, 33, 242, 178, 157, 150, 133, 25, 209, 139, 166, 69, 55, 26, 84, 48, 169, 165, 67, 232, 98, 9 }; y = new byte[] { 131, 116, 8, 14, 22, 150, 18, 75, 24, 181, 159, 78, 90, 51, 71, 159, 214, 186, 250, 47, 207, 246, 142, 127, 54, 183, 72, 72, 253, 21, 88, 53 }; publicKeyOfCng = EccKey.New(x, y, usage: CngKeyUsages.KeyAgreement); token = ""; token = JWT.Encode(payload, publicKeyOfCng, JweAlgorithm.ECDH_ES, JweEncryption.A256GCM); Program.VerifyResult("JweAlgorithm.ECDH_ES, JweEncryption.A256GCM", token, publicKeyOfCng); } catch (Exception ex) { // System.NotImplementedException: 'not yet' WriteLine.OutPutDebugAndConsole("JweAlgorithm.ECDH_ES, JweEncryption.A256GCM", ex.GetType().ToString() + ", " + ex.Message); } #endregion #region PBES2 using HMAC SHA with AES Key Wrap key management family of algorithms token = ""; token = JWT.Encode(payload, "top secret", JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512); Program.VerifyResult("JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512", token, "top secret"); #endregion #endregion #endregion #endregion #endregion } catch (Exception ex) { WriteLine.OutPutDebugAndConsole(ex.ToString()); } }
public static byte[] Encode(DSA dsa) { return(ASN1Convert.FromUnsignedBigInteger(dsa.ExportParameters(true).X).GetBytes()); }
private static Authority MakeRoot() { DSA dsa = new DSA(new DSAParameters(512)); CryptoKey key = new CryptoKey(dsa); X509Name subject = new X509Name("CN=."); X509Certificate cert = new X509Certificate( 0, subject, subject, key, TimeSpan.FromDays(365)); cert.Sign(key, MessageDigest.DSS1); return new Authority(cert, key); }
// // public constructors // public DSAKeyValue() { _key = DSA.Create(); }
public override AsymmetricSignatureFormatter GetSignatureFormatter(string algorithm) { // One can sign only if the private key is present. if (PrivateKey == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.NoPrivateKeyAvailable)); } if (string.IsNullOrEmpty(algorithm)) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperArgument(algorithm, SR.Format(SR.EmptyOrNullArgumentString, nameof(algorithm))); } // We support: // XmlDsigDSAUrl = "http://www.w3.org/2000/09/xmldsig#dsa-sha1"; // XmlDsigRSASHA1Url = "http://www.w3.org/2000/09/xmldsig#rsa-sha1"; // RsaSha256Signature = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; AsymmetricAlgorithm privateKey = PrivateKey; object algorithmObject = CryptoHelper.GetAlgorithmFromConfig(algorithm); if (algorithmObject != null) { SignatureDescription description = algorithmObject as SignatureDescription; if (description != null) { return(description.CreateFormatter(privateKey)); } try { AsymmetricSignatureFormatter asymmetricSignatureFormatter = algorithmObject as AsymmetricSignatureFormatter; if (asymmetricSignatureFormatter != null) { asymmetricSignatureFormatter.SetKey(privateKey); return(asymmetricSignatureFormatter); } } catch (InvalidCastException e) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.AlgorithmAndPrivateKeyMisMatch, e)); } throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new CryptographicException(SR.Format(SR.UnsupportedAlgorithmForCryptoOperation, algorithm, nameof(GetSignatureFormatter)))); } switch (algorithm) { case SignedXml.XmlDsigDSAUrl: // Ensure that we have a DSA algorithm object. DSA dsa = (PrivateKey as DSA); if (dsa == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.PrivateKeyNotDSA)); } return(new DSASignatureFormatter(dsa)); case SignedXml.XmlDsigRSASHA1Url: // Ensure that we have an RSA algorithm object. RSA rsa = (PrivateKey as RSA); if (rsa == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.PrivateKeyNotRSA)); } return(new RSAPKCS1SignatureFormatter(rsa)); case SecurityAlgorithms.RsaSha256Signature: // Ensure that we have an RSA algorithm object. RSA rsaSha256 = (privateKey as RSA); if (rsaSha256 == null) { throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.PrivateKeyNotRSA)); } return(new RSAPKCS1SignatureFormatter(rsaSha256)); default: throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.Format(SR.UnsupportedCryptoAlgorithm, algorithm))); } }
public Authority(string name) { DSA dsa = new DSA(new DSAParameters(512)); this.key = new CryptoKey(dsa); this.name = name; }
public DSAKeyValue(DSA key) { _key = key; }
public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => dsa.SignData(new MemoryStream(data), hashAlgorithm);
public DSAKeyValue() { dsa = (DSA)DSA.Create(); }
public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => TryWithOutputArray(dest => dsa.TrySignData(data, dest, hashAlgorithm, out int bytesWritten) ? (true, bytesWritten) : (false, 0));
public DSAKeyValue(DSA key) { dsa = key; }
static public DSA FromCapiPrivateKeyBlobDSA(byte[] blob, int offset) { if (blob == null) { throw new ArgumentNullException("blob"); } if (offset >= blob.Length) { throw new ArgumentException("blob is too small."); } DSAParameters dsap = new DSAParameters(); try { if ((blob [offset] != 0x07) || // PRIVATEKEYBLOB (0x07) (blob [offset + 1] != 0x02) || // Version (0x02) (blob [offset + 2] != 0x00) || // Reserved (word) (blob [offset + 3] != 0x00) || (ToUInt32LE(blob, offset + 8) != 0x32535344)) // DWORD magic { throw new CryptographicException("Invalid blob header"); } int bitlen = ToInt32LE(blob, offset + 12); int bytelen = bitlen >> 3; int pos = offset + 16; dsap.P = new byte [bytelen]; Buffer.BlockCopy(blob, pos, dsap.P, 0, bytelen); Array.Reverse(dsap.P); pos += bytelen; dsap.Q = new byte [20]; Buffer.BlockCopy(blob, pos, dsap.Q, 0, 20); Array.Reverse(dsap.Q); pos += 20; dsap.G = new byte [bytelen]; Buffer.BlockCopy(blob, pos, dsap.G, 0, bytelen); Array.Reverse(dsap.G); pos += bytelen; dsap.X = new byte [20]; Buffer.BlockCopy(blob, pos, dsap.X, 0, 20); Array.Reverse(dsap.X); pos += 20; dsap.Counter = ToInt32LE(blob, pos); pos += 4; dsap.Seed = new byte [20]; Buffer.BlockCopy(blob, pos, dsap.Seed, 0, 20); Array.Reverse(dsap.Seed); pos += 20; } catch (Exception e) { throw new CryptographicException("Invalid blob.", e); } #if INSIDE_CORLIB && MOBILE DSA dsa = (DSA)DSA.Create(); dsa.ImportParameters(dsap); #else DSA dsa = null; try { dsa = (DSA)DSA.Create(); dsa.ImportParameters(dsap); } catch (CryptographicException ce) { // this may cause problem when this code is run under // the SYSTEM identity on Windows (e.g. ASP.NET). See // http://bugzilla.ximian.com/show_bug.cgi?id=77559 try { CspParameters csp = new CspParameters(); csp.Flags = CspProviderFlags.UseMachineKeyStore; dsa = new DSACryptoServiceProvider(csp); dsa.ImportParameters(dsap); } catch { // rethrow original, not the later, exception if this fails throw ce; } } #endif return(dsa); }
public static ClaimsIdentity CreateFromCertificate(X509Certificate2 certificate, string authenticationType = "X.509", bool includeAllClaims = false) { var claims = new List <Claim>(); var issuer = certificate.Issuer; claims.Add(new Claim("issuer", issuer)); var thumbprint = certificate.Thumbprint; claims.Add(new Claim(ClaimTypes.Thumbprint, thumbprint, ClaimValueTypes.Base64Binary, issuer)); string name = certificate.SubjectName.Name; if (!string.IsNullOrEmpty(name)) { claims.Add(new Claim(ClaimTypes.X500DistinguishedName, name, ClaimValueTypes.String, issuer)); } if (includeAllClaims) { name = certificate.SerialNumber; if (!string.IsNullOrEmpty(name)) { claims.Add(new Claim(ClaimTypes.SerialNumber, name, "http://www.w3.org/2001/XMLSchema#string", issuer)); } name = certificate.GetNameInfo(X509NameType.DnsName, false); if (!string.IsNullOrEmpty(name)) { claims.Add(new Claim(ClaimTypes.Dns, name, ClaimValueTypes.String, issuer)); } name = certificate.GetNameInfo(X509NameType.SimpleName, false); if (!string.IsNullOrEmpty(name)) { claims.Add(new Claim(ClaimTypes.Name, name, ClaimValueTypes.String, issuer)); } name = certificate.GetNameInfo(X509NameType.EmailName, false); if (!string.IsNullOrEmpty(name)) { claims.Add(new Claim(ClaimTypes.Email, name, ClaimValueTypes.String, issuer)); } name = certificate.GetNameInfo(X509NameType.UpnName, false); if (!string.IsNullOrEmpty(name)) { claims.Add(new Claim(ClaimTypes.Upn, name, ClaimValueTypes.String, issuer)); } name = certificate.GetNameInfo(X509NameType.UrlName, false); if (!string.IsNullOrEmpty(name)) { claims.Add(new Claim(ClaimTypes.Uri, name, ClaimValueTypes.String, issuer)); } RSA key = certificate.PublicKey.Key as RSA; if (key != null) { claims.Add(new Claim(ClaimTypes.Rsa, key.ToXmlString(false), ClaimValueTypes.RsaKeyValue, issuer)); } DSA dsa = certificate.PublicKey.Key as DSA; if (dsa != null) { claims.Add(new Claim(ClaimTypes.Dsa, dsa.ToXmlString(false), ClaimValueTypes.DsaKeyValue, issuer)); } var expiration = certificate.GetExpirationDateString(); if (!string.IsNullOrEmpty(expiration)) { claims.Add(new Claim(ClaimTypes.Expiration, expiration, ClaimValueTypes.DateTime, issuer)); } } return(new ClaimsIdentity(claims, authenticationType)); }
public DSA Create() { return(DSA.Create()); }
/// <summary> /// Adds an enveloped digital signature of type DSA-SHA1 to the eData content and /// saves it to a new file. /// </summary> /// <param name="key"></param> /// <param name="saveFile"></param> public void Sign(DSA key, string saveFile) { Sign(null, key, saveFile); }
static public byte[] Encode(DSA dsa) { DSAParameters param = dsa.ExportParameters(true); return(ASN1Convert.FromUnsignedBigInteger(param.X).GetBytes()); }
public abstract byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm);
public static void CreateWithKeysize_InvalidKeySize(int keySizeInBits) { Assert.Throws <CryptographicException>(() => DSA.Create(keySizeInBits)); }
public abstract bool VerifyData(DSA dsa, byte[] data, byte[] signature, HashAlgorithmName hashAlgorithm);
public static DsaPublicKeyParameters GetDsaPublicKey(DSA dsa) { return(GetDsaPublicKey(dsa.ExportParameters(false))); }
public override byte[] SignData(DSA dsa, byte[] data, HashAlgorithmName hashAlgorithm) => dsa.SignData(data, hashAlgorithm);
private static void VerifyKey_DSA(DSA dsa) { DSAParameters dsaParameters = dsa.ExportParameters(false); byte[] expected_g = ( "859B5AEB351CF8AD3FABAC22AE0350148FD1D55128472691709EC08481584413" + "E9E5E2F61345043B05D3519D88C021582CCEF808AF8F4B15BD901A310FEFD518" + "AF90ABA6F85F6563DB47AE214A84D0B7740C9394AA8E3C7BFEF1BEEDD0DAFDA0" + "79BF75B2AE4EDB7480C18B9CDFA22E68A06C0685785F5CFB09C2B80B1D05431D").HexToByteArray(); byte[] expected_p = ( "871018CC42552D14A5A9286AF283F3CFBA959B8835EC2180511D0DCEB8B97928" + "5708C800FC10CB15337A4AC1A48ED31394072015A7A6B525986B49E5E1139737" + "A794833C1AA1E0EAAA7E9D4EFEB1E37A65DBC79F51269BA41E8F0763AA613E29" + "C81C3B977AEEB3D3C3F6FEB25C270CDCB6AEE8CD205928DFB33C44D2F2DBE819").HexToByteArray(); byte[] expected_q = "E241EDCF37C1C0E20AADB7B4E8FF7AA8FDE4E75D".HexToByteArray(); byte[] expected_y = ( "089A43F439B924BEF3529D8D6206D1FCA56A55CAF52B41D6CE371EBF07BDA132" + "C8EADC040007FCF4DA06C1F30504EBD8A77D301F5A4702F01F0D2A0707AC1DA3" + "8DD3251883286E12456234DA62EDA0DF5FE2FA07CD5B16F3638BECCA7786312D" + "A7D3594A4BB14E353884DA0E9AECB86E3C9BDB66FCA78EA85E1CC3F2F8BF0963").HexToByteArray(); Assert.Equal(expected_g, dsaParameters.G); Assert.Equal(expected_p, dsaParameters.P); Assert.Equal(expected_q, dsaParameters.Q); Assert.Equal(expected_y, dsaParameters.Y); }
static void Main(string[] args) { Authorities(); return; SimpleSerialNumber seq = new SimpleSerialNumber(); X509CertificateAuthority ca = X509CertificateAuthority.SelfSigned( seq, new X509Name("CN=."), TimeSpan.FromDays(10) ); Console.WriteLine(ca.Certificate); DSA dsa = new DSA(new DSAParameters(512)); CryptoKey key = new CryptoKey(dsa); X509Request req = new X509Request(0, new X509Name("CN=com."), key); req.Sign(key, MessageDigest.DSS1); X509Certificate cert = ca.ProcessRequest(req, TimeSpan.FromDays(10)); Console.WriteLine(cert); Console.WriteLine("CA Verified: " + cert.Verify(ca.Key)); Console.WriteLine("Self Verified: " + cert.Verify(key)); SimpleSerialNumber serial2 = new SimpleSerialNumber(); X509CertificateAuthority caSelf = new X509CertificateAuthority( cert, key, serial2); X509Request req2 = cert.CreateRequest(key, MessageDigest.DSS1); X509Name subject = req2.Subject; Console.WriteLine("Request1: " + req); Console.WriteLine("Request2: " + req2); X509Certificate cert2 = caSelf.ProcessRequest(req2, TimeSpan.FromDays(10)); Console.WriteLine("Cert2: " + cert2); DH dh = new DH(128, 5); MessageDigestContext mdc = new MessageDigestContext(MessageDigest.DSS1); byte[] msg = dh.PublicKey; byte[] sig = mdc.Sign(msg, key); Console.WriteLine(dh); Console.WriteLine("DH P : " + BitConverter.ToString(dh.P)); Console.WriteLine("DH G : " + BitConverter.ToString(dh.G)); Console.WriteLine("DH Secret Key: " + BitConverter.ToString(dh.PrivateKey)); Console.WriteLine("DH Public Key: " + BitConverter.ToString(msg)); Console.WriteLine("DH Signature : " + BitConverter.ToString(sig)); Console.WriteLine(mdc.Verify(msg, sig, key)); }