internal static AsymmetricKeyParameter GetPrivateKeyFromPEM(Org.BouncyCastle.Utilities.IO.Pem.PemObject pem)
{
if (pem == null)
{
throw new ArgumentNullException(nameof(pem));
}
if (pem.Type.EndsWith("EC PRIVATE KEY"))
{
var sequence = Asn1Sequence.GetInstance(pem.Content);
var e = sequence.GetEnumerator();
e.MoveNext();
var version = ((DerInteger)e.Current).Value;
PrivateKeyInfo privateKeyInfo;
if (version.IntValue == 0) //V1
{
privateKeyInfo = PrivateKeyInfo.GetInstance(sequence);
}
else
{
var ec = ECPrivateKeyStructure.GetInstance(sequence);
var algId = new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, ec.GetParameters());
privateKeyInfo = new PrivateKeyInfo(algId, ec.ToAsn1Object());
}
return(PrivateKeyFactory.CreateKey(privateKeyInfo));
}
else if (pem.Type.EndsWith("PRIVATE KEY"))
{
return(PrivateKeyFactory.CreateKey(pem.Content));
}
return(null);
}
internal static AsymmetricKeyParameter GetPrivateKeyFromPEM(Org.BouncyCastle.Utilities.IO.Pem.PemObject pem)
{
AsymmetricKeyParameter result = null;
if (pem.Type.EndsWith("EC PRIVATE KEY"))
{
Asn1Sequence sequence = Asn1Sequence.GetInstance(pem.Content);
IEnumerator e = sequence.GetEnumerator();
e.MoveNext();
BigInteger version = ((DerInteger)e.Current).Value;
PrivateKeyInfo privateKeyInfo;
if (version.IntValue == 0) //V1
{
privateKeyInfo = PrivateKeyInfo.GetInstance(sequence);
}
else
{
Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure ec = Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure.GetInstance(sequence);
AlgorithmIdentifier algId = new AlgorithmIdentifier(Org.BouncyCastle.Asn1.X9.X9ObjectIdentifiers.IdECPublicKey, ec.GetParameters());
privateKeyInfo = new PrivateKeyInfo(algId, ec.ToAsn1Object());
}
result = Org.BouncyCastle.Security.PrivateKeyFactory.CreateKey(privateKeyInfo);
}
else if (pem.Type.EndsWith("PRIVATE KEY"))
{
result = Org.BouncyCastle.Security.PrivateKeyFactory.CreateKey(pem.Content);
}
return(result);
}
/// <summary>
/// get csr
/// </summary>
/// <param name="issuerName"></param>
/// <returns></returns>
public static Tuple <string, AsymmetricKeyParameter> GetCsr(string issuerName)
{
//generate KeyPair
var keyGenerator = new ECKeyPairGenerator();
ECKeyGenerationParameters pa = new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, new SecureRandom());
keyGenerator.Init(pa);
var keypair = keyGenerator.GenerateKeyPair();
//domain name of CSR file
X509Name principal = new X509Name(string.Format("CN={0},OU=client,O=BSN", string.IsNullOrEmpty(issuerName) ? "test02@app0001202004161020152918451" : issuerName));
//load public key
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public);
CertificationRequestInfo info = new CertificationRequestInfo(principal, subjectPublicKeyInfo, new DerSet());
//signature
byte[] bs = ECDSAHelper.CsrSignData(info.GetEncoded(Asn1Encodable.Der), keypair.Private, pa.DomainParameters.N);
//generate csr object
Pkcs10CertificationRequest p10 = new Pkcs10CertificationRequest(new CertificationRequest
(info, new AlgorithmIdentifier(X9ObjectIdentifiers.ECDsaWithSha256),
new DerBitString(bs)).GetEncoded());
//generate csr string
Org.BouncyCastle.Utilities.IO.Pem.PemObject pemCSR = new Org.BouncyCastle.Utilities.IO.Pem.PemObject("CERTIFICATE REQUEST", p10.GetEncoded());
StringWriter str = new StringWriter();
Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemCsr = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(str);
pemCsr.WriteObject(pemCSR);
pemCsr.Writer.Flush();
return(new Tuple <string, AsymmetricKeyParameter>(str.ToString(), keypair.Private));
}
/// <summary>
/// Convert RSA pem files to <see cref="AsymmetricKeyParameter"/>
/// </summary>
/// <param name="pemFile">The content of the file. (NOT THE FILE NAME)</param>
/// <returns>The key to use in bouncy castle</returns>
public static AsymmetricKeyParameter ReadAsymmetricKeyParameter(string pemFile)
{
using (StringReader reader = new StringReader(pemFile))
{
Org.BouncyCastle.OpenSsl.PemReader pr =
new Org.BouncyCastle.OpenSsl.PemReader(reader);
Org.BouncyCastle.Utilities.IO.Pem.PemObject po = pr.ReadPemObject();
return(PublicKeyFactory.CreateKey(po.Content));
}
}
private static string ConvertRSAPemToString(Org.BouncyCastle.Utilities.IO.Pem.PemObject key)
{
TextWriter textWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(key);
pemWriter.Writer.Flush();
string privateKey = textWriter.ToString();
return(privateKey);
}
private static void SaveRSAPrivateKeyToFile(Org.BouncyCastle.Utilities.IO.Pem.PemObject key)
{
TextWriter textWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(textWriter);
pemWriter.WriteObject(key);
pemWriter.Writer.Flush();
string privateKey = textWriter.ToString();
FileHelper.WriteFile(privateKey, FileHelper.RSAKeyPath);
}
public static void SaveKey(AsymmetricKeyParameter key, string url)
{
Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo privateKeyInfo = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(key);
Org.BouncyCastle.Utilities.IO.Pem.PemObject pemObj = new Org.BouncyCastle.Utilities.IO.Pem.PemObject("PRIVATE KEY", privateKeyInfo.ToAsn1Object().GetEncoded());
TextWriter textkey = new StringWriter();
PemWriter pemkey = new PemWriter(textkey);
pemkey.WriteObject(pemObj);
pemkey.Writer.Flush();
string pri = textkey.ToString();
pemkey.WriteObject(key);
pemkey.Writer.Flush();
byte[] priInfoByte = System.Text.Encoding.UTF8.GetBytes(textkey.ToString());
FileStream fs = new FileStream(url, FileMode.Create, FileAccess.Write);
fs.Write(priInfoByte, 0, priInfoByte.Length);
fs.Close();
}
private static string EncryptPrivateKey(AsymmetricKeyParameter privateKey, string password)
{
// Create salts
byte[] aesIv = new byte[16];
byte[] keySalt = new byte[20];
SecureRandom randomGen = new SecureRandom();
randomGen.NextBytes(aesIv);
randomGen.NextBytes(keySalt);
try {
PrivateKeyInfo decryptedPrivateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey);
// Prepare encryption
Pkcs5S2ParametersGenerator pkcs5S2Gen = new Pkcs5S2ParametersGenerator();
pkcs5S2Gen.Init(PKCS5PasswordToBytes(password.ToCharArray()), keySalt, hashIterationCount);
ICipherParameters cipherParams = pkcs5S2Gen.GenerateDerivedParameters(NistObjectIdentifiers.IdAes256Cbc.Id, 256);
IBufferedCipher cipher = CipherUtilities.GetCipher(NistObjectIdentifiers.IdAes256Cbc);
cipher.Init(true, new ParametersWithIV(cipherParams, aesIv));
// Generate encrypted private key info
Asn1OctetString aesIvOctetString = new DerOctetString(aesIv);
KeyDerivationFunc keyFunction = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, new Pbkdf2Params(keySalt, hashIterationCount));
EncryptionScheme encScheme = new EncryptionScheme(NistObjectIdentifiers.IdAes256Cbc, aesIvOctetString);
Asn1EncodableVector encryptionInfo = new Asn1EncodableVector {
keyFunction, encScheme
};
AlgorithmIdentifier algIdentifier = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdPbeS2, new DerSequence(encryptionInfo));
EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = new EncryptedPrivateKeyInfo(algIdentifier, cipher.DoFinal(decryptedPrivateKeyInfo.GetEncoded()));
Org.BouncyCastle.Utilities.IO.Pem.PemObject pkPemObject = new Org.BouncyCastle.Utilities.IO.Pem.PemObject("ENCRYPTED PRIVATE KEY", encryptedPrivateKeyInfo.GetEncoded());
// Write the PEM object to a string
StringWriter txtWriter = new StringWriter();
PemWriter pemWriter = new PemWriter(txtWriter);
pemWriter.WriteObject(pkPemObject);
pemWriter.Writer.Close();
return(txtWriter.ToString());
} catch (Exception e) {
throw new CryptoException("Could not encrypt private key.", e);
}
}
public static CertificateInfo GetCertificateInfo(byte[] certificate, TCertificateFormat certificateFormat)
{
CertificateInfo result = null;
X509CertificateStructure cert = null;
switch (certificateFormat)
{
case TCertificateFormat.NotSet:
break;
case TCertificateFormat.PEM:
Org.BouncyCastle.Utilities.IO.Pem.PemReader reader = new Org.BouncyCastle.Utilities.IO.Pem.PemReader(new StreamReader(new MemoryStream(certificate)));
Org.BouncyCastle.Utilities.IO.Pem.PemObject pem = reader.ReadPemObject();
while (pem != null)
{
if (pem.Type.EndsWith("CERTIFICATE"))
{
cert = X509CertificateStructure.GetInstance(pem.Content);
}
else if (pem.Type.EndsWith("PRIVATE KEY"))
{
if (result == null)
{
result = new CertificateInfo();
}
result.PrivateKey = GetPrivateKeyFromPEM(pem);
}
pem = reader.ReadPemObject();
}
break;
case TCertificateFormat.PFX:
break;
case TCertificateFormat.CER:
cert = X509CertificateStructure.GetInstance(certificate);
break;
default:
break;
}
if (cert != null)
{
if (result == null)
{
result = new CertificateInfo();
}
result.Subject = new CertificateSubject(cert);
X509Certificate certX509 = new X509Certificate(cert);
Asn1OctetString subjectKeyID = certX509.GetExtensionValue(X509Extensions.SubjectKeyIdentifier);
if (subjectKeyID != null)
{
byte[] encodeKeyID = subjectKeyID.GetOctets();
byte[] keyID = new byte[encodeKeyID[1]];
Buffer.BlockCopy(encodeKeyID, 2, keyID, 0, encodeKeyID[1]);
result.SubjectKeyID = keyID;
}
}
return(result);
}
