public bool Verify(byte[] signature, byte[] data, uint160 nonce)
{
byte[] output = new byte[256];
var msg = Utils.Combine(nonce.ToBytes(), data);
Sha512Digest sha512 = new Sha512Digest();
var generator = new Mgf1BytesGenerator(sha512);
generator.Init(new MgfParameters(msg));
generator.GenerateBytes(output, 0, output.Length);
var input = new BigInteger(1, output);
if (input.CompareTo(_Key.Modulus) >= 0)
{
return(false);
}
if (signature.Length > 256)
{
return(false);
}
var signatureInt = new BigInteger(1, signature);
if (signatureInt.CompareTo(_Key.Modulus) >= 0)
{
return(false);
}
var engine = new RsaCoreEngine();
engine.Init(false, _Key);
return(input.Equals(engine.ProcessBlock(signatureInt)));
}
public virtual void Init(bool forEncryption, ICipherParameters parameters)
{
if (core == null)
{
core = new RsaCoreEngine();
}
core.Init(forEncryption, parameters);
}
internal BigInteger Encrypt(BigInteger data)
{
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
if (data.CompareTo(_Key.Modulus) >= 0)
{
throw new ArgumentException("input too large for RSA cipher.");
}
RsaCoreEngine engine = new RsaCoreEngine();
engine.Init(true, _Key);
return(engine.ProcessBlock(data));
}
internal BigInteger Decrypt(BigInteger encrypted)
{
if (encrypted == null)
{
throw new ArgumentNullException(nameof(encrypted));
}
if (encrypted.CompareTo(_Key.Modulus) >= 0)
{
throw new DataLengthException("input too large for RSA cipher.");
}
RsaCoreEngine engine = new RsaCoreEngine();
engine.Init(false, _Key);
return(engine.ProcessBlock(encrypted));
}
public byte[] Sign(byte[] data, out uint160 nonce)
{
while (true)
{
byte[] output = new byte[256];
nonce = new uint160(RandomUtils.GetBytes(20));
Sha512Digest sha512 = new Sha512Digest();
var msg = Utils.Combine(nonce.ToBytes(), data);
var generator = new Mgf1BytesGenerator(sha512);
generator.Init(new MgfParameters(msg));
generator.GenerateBytes(output, 0, output.Length);
var input = new BigInteger(1, output);
if (input.CompareTo(_Key.Modulus) >= 0)
{
continue;
}
var engine = new RsaCoreEngine();
engine.Init(true, _Key);
return(engine.ConvertOutput(engine.ProcessBlock(input)));
}
}
public void GenerateUsingCsr()
{
var root = File.ReadAllBytes(@"root.pfx");
X509KeyUsageExtension var = new X509KeyUsageExtension(
X509KeyUsageFlags.CrlSign | X509KeyUsageFlags.DecipherOnly | X509KeyUsageFlags.KeyCertSign, true);
var x509RootCert = new X509Certificate2(root, "airwatch",
X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var cert = new X509V3CertificateGenerator();
var csr = string.Empty;
var textReader = new StringReader(csr);
var reader = new Org.BouncyCastle.OpenSsl.PemReader(textReader);
var csrRequestObject = reader.ReadObject() as Pkcs10CertificationRequest;
if (csrRequestObject != null)
{
var csrInfo = csrRequestObject.GetCertificationRequestInfo();
csrInfo.SubjectPublicKeyInfo.GetPublicKey();
cert.SetPublicKey(PublicKeyFactory.CreateKey(csrInfo.SubjectPublicKeyInfo));
}
cert.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage((int)0));
var asn1EncodableVector = new Asn1EncodableVector
{
new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.1")
};
var derSeq = new DerSequence(asn1EncodableVector);
cert.AddExtension(X509Extensions.AuthorityInfoAccess, false, derSeq);
cert.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true));
var privatekey = x509RootCert.PrivateKey as RSACryptoServiceProvider;
var ss = privatekey.ExportParameters(true);
IRsa rsa = new RsaCoreEngine();
rsa.Init(true, new RsaKeyParameters(true, new BigInteger(1, ss.Modulus), new BigInteger(1, ss.Exponent)));
//var signer = new RsaDigestSigner(rsa, new Sha512Digest(),
// new AlgorithmIdentifier(new DerObjectIdentifier("1.3.6.1.4.1.311.20.2.1")));
//(signingKeyPair, properties.SignatureAlgorithm);
X509Extension extension = new X509Extension(false, new DerOctetString(new AuthorityKeyIdentifierStructure(new X509Certificate(X509CertificateStructure.GetInstance(root)))));
cert.AddExtension(X509Extensions.CertificateIssuer, true, new AuthorityKeyIdentifierStructure(new X509Certificate(X509CertificateStructure.GetInstance(root))));
var serialNumber =
BigIntegers.CreateRandomInRange(
BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
cert.SetSerialNumber(serialNumber);
var subjectDN = new X509Name("CN=test");
cert.SetIssuerDN(subjectDN);
cert.SetSubjectDN(subjectDN);
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(10);
cert.SetNotBefore(notBefore);
cert.SetNotAfter(notAfter);
const int strength = 2048;
var keyGenerationParameters = new KeyGenerationParameters(random, strength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
cert.SetPublicKey(subjectKeyPair.Public);
cert.SetSignatureAlgorithm("SHA256withRSA");
var certificate = cert.Generate(subjectKeyPair.Private, random);
var certexp = new X509Certificate2(certificate.GetEncoded(), "1234");
certexp.Extensions.Add(var);
var store = new X509Store(StoreName.My, StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
store.Add(certexp);
File.WriteAllBytes(@"C:\cmstest\test.pfx", certexp
.Export(X509ContentType.Pfx, "1234"));
}
