public byte[] RsaDecryptToBytes(CipherString encyptedValue, byte[] privateKey)
{
if (privateKey == null)
{
privateKey = PrivateKey;
}
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
IAsymmetricKeyAlgorithmProvider provider = null;
switch (encyptedValue.EncryptionType)
{
case EncryptionType.Rsa2048_OaepSha256_B64:
provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha256);
break;
case EncryptionType.Rsa2048_OaepSha1_B64:
provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha1);
break;
default:
throw new ArgumentException("EncryptionType unavailable.");
}
var cryptoKey = provider.ImportKeyPair(privateKey, CryptographicPrivateKeyBlobType.Pkcs8RawPrivateKeyInfo);
var decryptedBytes = WinRTCrypto.CryptographicEngine.Decrypt(cryptoKey, encyptedValue.CipherTextBytes);
return(decryptedBytes);
}
/// <summary>
/// Creates a cryptographic key based on the specified RSA parameters.
/// </summary>
/// <param name="provider">The asymmetric algorithm provider.</param>
/// <param name="parameters">The RSA parameters from which to initialize the key.</param>
/// <returns>The cryptographic key.</returns>
public static ICryptographicKey ImportParameters(this IAsymmetricKeyAlgorithmProvider provider, RSAParameters parameters)
{
Requires.NotNull(provider, nameof(provider));
byte[] keyBlob = KeyFormatter.Pkcs1.Write(parameters);
return(KeyFormatter.HasPrivateKey(parameters)
? provider.ImportKeyPair(keyBlob, CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey)
: provider.ImportPublicKey(keyBlob, CryptographicPublicKeyBlobType.Pkcs1RsaPublicKey));
}
/// <summary>Creates a cryptographic key based on the specified RSA parameters.</summary>
/// <param name="provider">The asymmetric algorithm provider.</param>
/// <param name="parameters">The RSA parameters from which to initialize the key.</param>
/// <returns>The cryptographic key.</returns>
public static ICryptographicKey ImportParameters(this IAsymmetricKeyAlgorithmProvider provider, RSAParameters parameters)
{
#if PCL
throw new NotImplementedException("Not implemented in reference assembly.");
#else
Requires.NotNull(provider, "provider");
byte[] keyBlob = KeyFormatter.Pkcs1.Write(parameters);
return(KeyFormatter.HasPrivateKey(parameters)
? provider.ImportKeyPair(keyBlob, CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey)
: provider.ImportPublicKey(keyBlob, CryptographicPublicKeyBlobType.Pkcs1RsaPublicKey));
#endif
}
// signature
public static string CreateSignature(string email, string password, RSAParameters key)
{
IAsymmetricKeyAlgorithmProvider alg = PCLCrypto.WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha1);
var importedKey = alg.ImportParameters(key);
var hasher = WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Sha1);
byte[] prefix = { 0x00 };
byte[] keyArray = GoogleKeyUtils.KeyToStruct(key);
byte[] something = Encoding.UTF8.GetBytes(email + "\x00" + password);
byte[] hash = hasher.HashData(keyArray).Take(4).ToArray();
byte[] encrypted = WinRTCrypto.CryptographicEngine.Encrypt(importedKey, something, null);
byte[] combinedBytes = DataTypeUtils.CombineBytes(prefix, hash, encrypted);
return(DataTypeUtils.UrlSafeBase64(combinedBytes));
}
public void KeyPairRoundTrip(AsymmetricAlgorithm algorithm, int keySize, CryptographicPrivateKeyBlobType format)
{
IAsymmetricKeyAlgorithmProvider keyAlgorithm = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(algorithm);
using (ICryptographicKey key = keyAlgorithm.CreateKeyPair(keySize))
{
byte[] keyBlob = key.Export(format);
using (var key2 = keyAlgorithm.ImportKeyPair(keyBlob, format))
{
byte[] key2Blob = key2.Export(format);
Assert.Equal(Convert.ToBase64String(keyBlob), Convert.ToBase64String(key2Blob));
this.logger.WriteLine(Convert.ToBase64String(keyBlob));
}
}
}
public byte[] RsaDecryptToBytes(CipherString encyptedValue, byte[] privateKey)
{
if (privateKey == null)
{
privateKey = PrivateKey;
}
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
if (EncKey?.MacKey != null && !string.IsNullOrWhiteSpace(encyptedValue.Mac))
{
var computedMacBytes = Crypto.ComputeMac(encyptedValue.CipherTextBytes, EncKey.MacKey);
if (!Crypto.MacsEqual(EncKey.MacKey, computedMacBytes, encyptedValue.MacBytes))
{
throw new InvalidOperationException("MAC failed.");
}
}
IAsymmetricKeyAlgorithmProvider provider = null;
switch (encyptedValue.EncryptionType)
{
case EncryptionType.Rsa2048_OaepSha256_B64:
case EncryptionType.Rsa2048_OaepSha256_HmacSha256_B64:
provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha256);
break;
case EncryptionType.Rsa2048_OaepSha1_B64:
case EncryptionType.Rsa2048_OaepSha1_HmacSha256_B64:
provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaOaepSha1);
break;
default:
throw new ArgumentException("EncryptionType unavailable.");
}
var cryptoKey = provider.ImportKeyPair(privateKey, CryptographicPrivateKeyBlobType.Pkcs8RawPrivateKeyInfo);
var decryptedBytes = WinRTCrypto.CryptographicEngine.Decrypt(cryptoKey, encyptedValue.CipherTextBytes);
return(decryptedBytes);
}
public void LegalKeySizes(AsymmetricAlgorithm name, int minSize, int maxSize, int stepSize)
{
IAsymmetricKeyAlgorithmProvider provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(name);
IReadOnlyList <KeySizes>? result = provider.LegalKeySizes;
Assert.NotNull(result);
Assert.NotEmpty(result);
Action <int> attemptKeySize = size =>
{
provider.CreateKeyPair(size).Dispose();
};
KeySizes range = result.Single();
Assert.Equal(minSize, range.MinSize);
Assert.Equal(maxSize, range.MaxSize);
Assert.Equal(stepSize, range.StepSize);
}
public byte[] Encrypt(byte[] data, Dictionary <string, byte[]> publicKeyIdAndPublicKeyMap, out Dictionary <string, byte[]> publicKeyIdAndEncryptedKeyMap)
{
publicKeyIdAndEncryptedKeyMap = new Dictionary <string, byte[]>();
if (publicKeyIdAndPublicKeyMap == null || publicKeyIdAndPublicKeyMap.Count < 1)
{
return(data);
}
IAsymmetricKeyAlgorithmProvider provider = GetAsymmetricKeyAlgorithm();
byte[] randomAesKey = WinRTCrypto.CryptographicBuffer.GenerateRandom(AesKeySize);
byte[] iv = WinRTCrypto.CryptographicBuffer.GenerateRandom(AesIvSize); //not sure it makes sence to encrypt iv as well.
byte[] encryptedData = Aes.Encrypt(randomAesKey, data, iv);
foreach (var item in publicKeyIdAndPublicKeyMap)
{
var publicKeyId = item.Key;
var publicKey = item.Value;
try
{
ICryptographicKey encryptionKey = provider.ImportPublicKey(publicKey, CryptographicPublicKeyBlobType.Pkcs1RsaPublicKey);
byte[] messageKey = WinRTCrypto.CryptographicEngine.Encrypt(encryptionKey, randomAesKey);
var keyBytes = new byte[messageKey.Length + iv.Length];
Buffer.BlockCopy(messageKey, 0, keyBytes, 0, messageKey.Length);
Buffer.BlockCopy(iv, 0, keyBytes, messageKey.Length, iv.Length);
publicKeyIdAndEncryptedKeyMap[publicKeyId] = keyBytes;
}
catch (Exception)
{
publicKeyIdAndEncryptedKeyMap[publicKeyId] = new byte[] { 0 };
}
}
return(encryptedData);
}
public static ICryptographicKey CreateKey(int keySize = 2048)
{
IAsymmetricKeyAlgorithmProvider provider = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaPkcs1);
return(provider.CreateKeyPair(keySize));
}
