/// <summary>The encryption of a digest it the atomic operation done by the SSCD.</summary> /// <remarks> /// The encryption of a digest it the atomic operation done by the SSCD. This encryption (RSA, DSA, ...) create the /// signature value. /// </remarks> /// <param name="digest"></param> /// <param name="keyEntry"></param> /// <returns></returns> /// <exception cref="Sharpen.NoSuchAlgorithmException">Sharpen.NoSuchAlgorithmException /// </exception> public virtual byte[] EncryptDigest(Digest digest, IDssPrivateKeyEntry keyEntry) { return this.EncryptDigest(digest.GetValue(), digest.GetAlgorithm(), keyEntry); }
public static byte[] Encrypt(this IDssPrivateKeyEntry keyEntry, byte[] digestValue) { IBufferedCipher cipher = CipherUtilities.GetCipher( keyEntry.GetSignatureAlgorithm().GetPadding()); cipher.Init(true, ((KSPrivateKeyEntry)keyEntry).PrivateKey); return(cipher.DoFinal(digestValue)); }
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> /// <exception cref="System.IO.IOException"></exception> public virtual byte[] Sign(Stream stream, DigestAlgorithm digestAlgo, IDssPrivateKeyEntry keyEntry) { if (SignatureAlgorithm.RSA == keyEntry.GetSignatureAlgorithm()) { IDigest digester = DigestUtilities.GetDigest(digestAlgo.GetName()); byte[] buffer = new byte[4096]; int count = 0; while ((count = stream.Read(buffer, 0, buffer.Length)) > 0) { digester.BlockUpdate(buffer, 0, count); } byte[] digestValue = DigestUtilities.DoFinal(digester); return EncryptDigest(digestValue, digestAlgo, keyEntry); } else { //jbonilla throw new System.NotImplementedException("Implementar cuando no es RSA"); //Sharpen.Signature signature = Sharpen.Signature.GetInstance(keyEntry.GetSignatureAlgorithm // ().GetJavaSignatureAlgorithm(digestAlgo)); //try //{ // signature.InitSign(((KSPrivateKeyEntry)keyEntry).GetPrivateKey()); // byte[] buffer = new byte[4096]; // int count = 0; // while ((count = stream.Read(buffer)) > 0) // { // signature.Update(buffer, 0, count); // } // byte[] signValue = signature.Sign(); // return signValue; //} //catch (SignatureException e) //{ // throw new RuntimeException(e); //} //catch (InvalidKeyException e) //{ // throw new RuntimeException(e); //} } }
public byte[] Sign(Stream stream, DigestAlgorithm digestAlgo, IDssPrivateKeyEntry keyEntry) { byte[] signedBytes; if (keyEntry is KSX509Certificate2Entry) { var cert = ((KSX509Certificate2Entry)keyEntry).Cert2; X509Certificate2Signature signer = new X509Certificate2Signature(cert, digestAlgo.GetName()); signedBytes = signer.Sign(Streams.ReadAll(stream)); stream.Close(); return(signedBytes); } throw new ArgumentException("Only allowed KSX509Certificate2Entry", "keyEntry"); }
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> /// <exception cref="System.IO.IOException"></exception> public virtual byte[] Sign(Stream stream, DigestAlgorithm digestAlgo, IDssPrivateKeyEntry keyEntry) { if (SignatureAlgorithm.RSA == keyEntry.GetSignatureAlgorithm()) { IDigest digester = DigestUtilities.GetDigest(digestAlgo.GetName()); byte[] buffer = new byte[4096]; int count = 0; while ((count = stream.Read(buffer, 0, buffer.Length)) > 0) { digester.BlockUpdate(buffer, 0, count); } byte[] digestValue = DigestUtilities.DoFinal(digester); return(EncryptDigest(digestValue, digestAlgo, keyEntry)); } else { //jbonilla throw new System.NotImplementedException("Implementar cuando no es RSA"); //Sharpen.Signature signature = Sharpen.Signature.GetInstance(keyEntry.GetSignatureAlgorithm // ().GetJavaSignatureAlgorithm(digestAlgo)); //try //{ // signature.InitSign(((KSPrivateKeyEntry)keyEntry).GetPrivateKey()); // byte[] buffer = new byte[4096]; // int count = 0; // while ((count = stream.Read(buffer)) > 0) // { // signature.Update(buffer, 0, count); // } // byte[] signValue = signature.Sign(); // return signValue; //} //catch (SignatureException e) //{ // throw new RuntimeException(e); //} //catch (InvalidKeyException e) //{ // throw new RuntimeException(e); //} } }
public byte[] Sign(Stream stream, DigestAlgorithm digestAlgo, IDssPrivateKeyEntry keyEntry) { byte[] signedBytes; if (keyEntry is KSX509Certificate2Entry) { var cert = ((KSX509Certificate2Entry)keyEntry).Cert2; X509Certificate2Signature signer = new X509Certificate2Signature(cert, digestAlgo.GetName()); signedBytes = signer.Sign(Streams.ReadAll(stream)); stream.Close(); return signedBytes; } throw new ArgumentException("Only allowed KSX509Certificate2Entry", "keyEntry"); }
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> public override byte[] EncryptDigest(byte[] digestValue, DigestAlgorithm digestAlgo , IDssPrivateKeyEntry keyEntry) { try { DigestInfo digestInfo = new DigestInfo(digestAlgo.GetAlgorithmIdentifier(), digestValue ); //Sharpen.Cipher cipher = Sharpen.Cipher.GetInstance(keyEntry.GetSignatureAlgorithm // ().GetPadding()); IBufferedCipher cipher = CipherUtilities.GetCipher(keyEntry.GetSignatureAlgorithm ().GetPadding()); //cipher.Init(Sharpen.Cipher.ENCRYPT_MODE, ((KSPrivateKeyEntry)keyEntry).GetPrivateKey // ()); cipher.Init(true, ((KSPrivateKeyEntry)keyEntry).PrivateKey); return(cipher.DoFinal(digestInfo.GetDerEncoded())); } /*catch (NoSuchPaddingException e) * { * throw new RuntimeException(e); * }*/ catch (InvalidKeyException e) { throw new RuntimeException(e); } /*catch (IllegalBlockSizeException e) * { * throw new RuntimeException(e); * } * catch (BadPaddingException) * { * // More likely the password is not good. * throw new BadPasswordException(BadPasswordException.MSG.PKCS12_BAD_PASSWORD); * }*/ }
/// <summary>The encryption of a digest it the atomic operation done by the SSCD.</summary> /// <remarks> /// The encryption of a digest it the atomic operation done by the SSCD. This encryption (RSA, DSA, ...) create the /// signature value. /// </remarks> /// <param name="digestValue"></param> /// <param name="digestAlgo"></param> /// <param name="keyEntry"></param> /// <returns></returns> /// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> public abstract byte[] EncryptDigest(byte[] digestValue, DigestAlgorithm digestAlgo , IDssPrivateKeyEntry keyEntry);
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> public override byte[] EncryptDigest(byte[] digestValue, DigestAlgorithm digestAlgo , IDssPrivateKeyEntry keyEntry) { try { ByteArrayOutputStream digestInfo = new ByteArrayOutputStream(); //jbonilla: cambio de enum a clase. if (digestAlgo.Equals(DigestAlgorithm.SHA1)) { digestInfo.Write(Constants.SHA1_DIGEST_INFO_PREFIX); } else { if (digestAlgo.Equals(DigestAlgorithm.SHA256)) { digestInfo.Write(Constants.SHA256_DIGEST_INFO_PREFIX); } else { if (digestAlgo.Equals(DigestAlgorithm.SHA256)) { digestInfo.Write(Constants.SHA512_DIGEST_INFO_PREFIX); } } } digestInfo.Write(digestValue); //Sharpen.Cipher cipher = Sharpen.Cipher.GetInstance(keyEntry.GetSignatureAlgorithm // ().GetPadding()); IBufferedCipher cipher = CipherUtilities.GetCipher(keyEntry.GetSignatureAlgorithm ().GetPadding()); //cipher.Init(Sharpen.Cipher.ENCRYPT_MODE, ((KSPrivateKeyEntry)keyEntry).GetPrivateKey // ()); cipher.Init(true, ((KSPrivateKeyEntry)keyEntry).PrivateKey); return(cipher.DoFinal(digestInfo.ToByteArray())); } catch (IOException e) { // Writing in a ByteArrayOutputStream. Should never happens. throw new RuntimeException(e); } /*catch (NoSuchPaddingException e) * { * throw new RuntimeException(e); * }*/ catch (InvalidKeyException e) { throw new RuntimeException(e); } /*catch (IllegalBlockSizeException e) * { * throw new RuntimeException(e); * } * catch (BadPaddingException) * { * // More likely the password is not good. * throw new BadPasswordException(BadPasswordException.MSG.PKCS12_BAD_PASSWORD); * }*/ }
/// <summary>The encryption of a digest it the atomic operation done by the SSCD.</summary> /// <remarks> /// The encryption of a digest it the atomic operation done by the SSCD. This encryption (RSA, DSA, ...) create the /// signature value. /// </remarks> /// <param name="digest"></param> /// <param name="keyEntry"></param> /// <returns></returns> /// <exception cref="Sharpen.NoSuchAlgorithmException">Sharpen.NoSuchAlgorithmException /// </exception> public virtual byte[] EncryptDigest(Digest digest, IDssPrivateKeyEntry keyEntry) { return(this.EncryptDigest(digest.GetValue(), digest.GetAlgorithm(), keyEntry)); }
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> public override byte[] EncryptDigest(byte[] digestValue, DigestAlgorithm digestAlgo , IDssPrivateKeyEntry keyEntry) { try { ByteArrayOutputStream digestInfo = new ByteArrayOutputStream(); //jbonilla: cambio de enum a clase. if (digestAlgo.Equals(DigestAlgorithm.SHA1)) { digestInfo.Write(Constants.SHA1_DIGEST_INFO_PREFIX); } else { if (digestAlgo.Equals(DigestAlgorithm.SHA256)) { digestInfo.Write(Constants.SHA256_DIGEST_INFO_PREFIX); } else { if (digestAlgo.Equals(DigestAlgorithm.SHA256)) { digestInfo.Write(Constants.SHA512_DIGEST_INFO_PREFIX); } } } digestInfo.Write(digestValue); //Sharpen.Cipher cipher = Sharpen.Cipher.GetInstance(keyEntry.GetSignatureAlgorithm // ().GetPadding()); IBufferedCipher cipher = CipherUtilities.GetCipher(keyEntry.GetSignatureAlgorithm ().GetPadding()); //cipher.Init(Sharpen.Cipher.ENCRYPT_MODE, ((KSPrivateKeyEntry)keyEntry).GetPrivateKey // ()); cipher.Init(true, ((KSPrivateKeyEntry)keyEntry).PrivateKey); return cipher.DoFinal(digestInfo.ToByteArray()); } catch (IOException e) { // Writing in a ByteArrayOutputStream. Should never happens. throw new RuntimeException(e); } /*catch (NoSuchPaddingException e) { throw new RuntimeException(e); }*/ catch (InvalidKeyException e) { throw new RuntimeException(e); } /*catch (IllegalBlockSizeException e) { throw new RuntimeException(e); } catch (BadPaddingException) { // More likely the password is not good. throw new BadPasswordException(BadPasswordException.MSG.PKCS12_BAD_PASSWORD); }*/ }
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> public override byte[] EncryptDigest(byte[] digestValue, DigestAlgorithm digestAlgo , IDssPrivateKeyEntry keyEntry) { try { DigestInfo digestInfo = new DigestInfo(digestAlgo.GetAlgorithmIdentifier(), digestValue ); //Sharpen.Cipher cipher = Sharpen.Cipher.GetInstance(keyEntry.GetSignatureAlgorithm // ().GetPadding()); IBufferedCipher cipher = CipherUtilities.GetCipher(keyEntry.GetSignatureAlgorithm ().GetPadding()); //cipher.Init(Sharpen.Cipher.ENCRYPT_MODE, ((KSPrivateKeyEntry)keyEntry).GetPrivateKey // ()); cipher.Init(true, ((KSPrivateKeyEntry)keyEntry).PrivateKey); return cipher.DoFinal(digestInfo.GetDerEncoded()); } /*catch (NoSuchPaddingException e) { throw new RuntimeException(e); }*/ catch (InvalidKeyException e) { throw new RuntimeException(e); } /*catch (IllegalBlockSizeException e) { throw new RuntimeException(e); } catch (BadPaddingException) { // More likely the password is not good. throw new BadPasswordException(BadPasswordException.MSG.PKCS12_BAD_PASSWORD); }*/ }
static void Main(string[] args) { string pathToSign = Path.Combine("Resources", "test.pdf"); string pathCertificate = Path.Combine("Resources", "test.p12"); string pathSigned = "test.pdf.p7m"; Document toBeSigned = new FileDocument(pathToSign); Pkcs12SignatureToken token = new Pkcs12SignatureToken("password", pathCertificate); IDssPrivateKeyEntry privateKey = token.GetKeys()[0]; SignatureParameters parameters = new SignatureParameters(); parameters.SignaturePackaging = SignaturePackaging.ENVELOPING; parameters.SigningCertificate = privateKey.GetCertificate(); parameters.CertificateChain = privateKey.GetCertificateChain(); parameters.SigningDate = DateTime.Now; parameters.DigestAlgorithm = DigestAlgorithm.SHA256; CAdESService service = new CAdESService(); parameters.SignatureFormat = EU.Europa.EC.Markt.Dss.Signature.SignatureFormat.CAdES_BES; /* CERTIFIED TIMESTAMP * var ocspSource1 = new OnlineOcspSource(); * var crlSource1 = new FileCacheCrlSource(); * var crlOnline1 = new OnlineCrlSource(); * crlOnline1.IntermediateAcUrl = @"http://www.eci.bce.ec/CRL/cacrl.crl"; * crlSource1.CachedSource = crlOnline1; * var verifier1 = new OCSPAndCRLCertificateVerifier(crlSource1, ocspSource1); * var estado = verifier1.Check(privateKey.GetCertificate(), privateKey.GetCertificateChain()[1], DateTime.Now); */ /* * //parameters.SignatureFormat = SignatureFormat.CAdES_T; //Se añade TSA. * parameters.SignatureFormat = EU.Europa.EC.Markt.Dss.Signature.SignatureFormat.CAdES_C; //Se añade CRL y OCSP. * //parameters.SignatureFormat = SignatureFormat.CAdES_X; //No se añade nada más al código. * //parameters.SignatureFormat = EU.Europa.EC.Markt.Dss.Signature.SignatureFormat.CAdES_XL; //No se añade nada más al código. * * string urlTss = @"http://tsp.iaik.tugraz.at/tsp/TspRequest"; * string username = ""; * string password = ""; * * * OnlineTspSource tspSource = new OnlineTspSource(urlTss, username, password); * service.TspSource = tspSource; * * OnlineOcspSource ocspSource = new OnlineOcspSource(); * TrustedListCertificateVerifier verifier = new TrustedListCertificateVerifier(); * FileCacheCrlSource crlSource = new FileCacheCrlSource(); * OnlineCrlSource crlOnline = new OnlineCrlSource(); * crlOnline.IntermediateAcUrl = @"http://www.eci.bce.ec/CRL/cacrl.crl"; * //@"http://www.eci.bce.ec/CRL/pruebas/cacrl.crl" * * crlSource.CachedSource = crlOnline; * verifier.CrlSource = crlSource; * verifier.OcspSource = ocspSource; * * ValidationContext validationContext = verifier.ValidateCertificate(parameters.SigningCertificate, DateTime.Now, * new EU.Europa.EC.Markt.Dss.Validation.Certificate.CompositeCertificateSource( * new EU.Europa.EC.Markt.Dss.Validation.Certificate.ListCertificateSource(parameters.CertificateChain)), null, null); * * service.Verifier = verifier; */ /* DOUBLE-SIGN * Document contentInCMS = null; * * try * { * CmsSignedData cmsData = new CmsSignedData(toBeSigned.OpenStream()); * if (cmsData != null && cmsData.SignedContent != null * && cmsData.SignedContent.GetContent() != null) * { * Stream buf = new MemoryStream(); * cmsData.SignedContent.Write(buf); * buf.Seek(0, SeekOrigin.Begin); * contentInCMS = new InMemoryDocument(Streams.ReadAll(buf)); * } * } * catch (CmsException) * { * } * * Stream iStream = service.ToBeSigned(contentInCMS ?? toBeSigned, parameters); * byte[] signatureValue = token.Sign(iStream, parameters.DigestAlgorithm, privateKey); * * // We invoke the service to sign the document with the signature value obtained in the previous step. * Document signedDocument = contentInCMS != null * ? service.AddASignatureToDocument(toBeSigned, parameters, signatureValue) * : service.SignDocument(toBeSigned, parameters, signatureValue); * * FileStream fs = new FileStream(pathParaFirmado, FileMode.OpenOrCreate); * Streams.PipeAll(signedDocument.OpenStream(), fs); * fs.Close(); * return; */ Document signedDocument = service.SignDocument(toBeSigned, parameters, (hashbytes) => privateKey.Encrypt(hashbytes)); FileStream fs = new FileStream(pathSigned, FileMode.OpenOrCreate); Streams.PipeAll(signedDocument.OpenStream(), fs); fs.Close(); return; // Already signed document Document document = new FileDocument(pathSigned); SignedDocumentValidator validator; validator = SignedDocumentValidator.FromDocument(document); //validator.CertificateVerifier = verifier; validator.ExternalContent = document; ValidationReport report = validator.ValidateDocument(); SignatureInformation info = report.SignatureInformationList[0]; Console.WriteLine("--> Final_Conclusion: "); Console.WriteLine(info.FinalConclusion); // --> AdES Console.ReadKey(); }
public Document SignDocument(Document document, SignatureParameters parameters, IDssPrivateKeyEntry privateKey) { return(SignDocumentInternal(document, parameters, (bytes) => privateKey.Encrypt(bytes))); }