public static AsymmetricCipherKeyPair GetRSAKeyPairFromSeed(string rsaSeed, int rsaKeySize = 4096, CoinType coinType = CoinType.Stratis)
{
byte[] binaryRsaSeed = System.Text.Encoding.ASCII.GetBytes(rsaSeed);
// apply SHAKE-256
var digest = new Org.BouncyCastle.Crypto.Digests.SkeinDigest(256, 4096);
int digestSize = digest.GetDigestSize();
digest.BlockUpdate(binaryRsaSeed, 0, binaryRsaSeed.Length);
byte[] rsaSeedDigest = new byte[4096 / 8];
digest.DoFinal(rsaSeedDigest, 0);
var randomSeedGenerator = System.Security.Cryptography.RandomNumberGenerator.Create();
byte[] seed = new byte[rsaKeySize / 8];
randomSeedGenerator.GetBytes(seed);
VmpcRandomGenerator randomGenerator = new VmpcRandomGenerator();
randomGenerator.AddSeedMaterial(seed);
//CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
var secureRandom = new SecureRandom(randomGenerator);
var keyGenerationParameters = new KeyGenerationParameters(secureRandom, rsaKeySize);
var privateKeyBasedRsaKeyPairGenerator = new SeedBasedDeterministicRsaKeyPairGenerator();
privateKeyBasedRsaKeyPairGenerator.Init(keyGenerationParameters, rsaSeedDigest);
var result = privateKeyBasedRsaKeyPairGenerator.GenerateKeyPair();
return(result);
}
private AsymmetricCipherKeyPair GetKeyPair()
{
var randomGenerator = new VmpcRandomGenerator();
var secureRandom = new SecureRandom(randomGenerator);
var keyGenerationParameters = new KeyGenerationParameters(secureRandom, 2048);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
return(keyPairGenerator.GenerateKeyPair());
}
private static SecureRandom GetSeededSecureRandom()
{
var buffer = new byte[32];
using (var cryptoRandom = RandomNumberGenerator.Create())
{
cryptoRandom.GetBytes(buffer);
}
var randomGenerator = new VmpcRandomGenerator();
randomGenerator.AddSeedMaterial(buffer);
SecureRandom random = new SecureRandom(randomGenerator);
return(random);
}
public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, int keyStrength)
{
try
{
// Generating Random Numbers
var randomGenerator = new VmpcRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigInteger.ProbablePrime(128, new Random());
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
var signatureAlgorithm = "SHA512WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date.AddYears(-1);
var notAfter = notBefore.AddYears(10);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
if (userKeyPair == null)
{
userKeyPair = keyPairGenerator.GenerateKeyPair();
}
certificateGenerator.SetPublicKey(userKeyPair.Public);
//Extented
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
new SubjectKeyIdentifierStructure(userKeyPair.Public));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory
.CreateSubjectPublicKeyInfo(userKeyPair.Public)));
var valueData = Encoding.ASCII.GetBytes("Client");
certificateGenerator.AddExtension("1.3.6.1.5.5.7.13.3", false, valueData);
// Generating the Certificate
var issuerKeyPair = userKeyPair;
// selfsign certificate
var certificate = certificateGenerator.Generate(userKeyPair.Private, random);
// correcponding private key
var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(userKeyPair.Private);
// merge into X509Certificate2
var x509 = new X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
throw new Exception("malformed sequence in RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent,
rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2,
rsa.Coefficient);
#if NETCOREAPP2_0 || NETCOREAPP2_1
x509 = x509.CopyWithPrivateKey(PemUtils.ToRSA(rsaparams));
#endif
return(x509);
}
catch (Exception ex)
{
logger.Error(ex, $"The Method \"{nameof(GenerateSelfSignedCertificate)}\" has failed.");
return(null);
}
}
/// Note: Much of this code comes from https://stackoverflow.com/a/22247129
/// <exception cref="CryptographicException">
/// Sometimes thrown due to issues generating keys.
/// </exception>
private static X509Certificate2 GenerateSelfSignedCertificate(string subject)
{
const int keyStrength = 2048;
// Generating Random Numbers
//
// For some reason the CryptoAPI wrapper doesn't come with the
// .Net Core/Standard version of BouncyCastle, guessing this is most likely due to
// platform compat issues. Use VMPC.
var randomGenerator = new VmpcRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
certificateGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random));
// Subject Public Key
var keyPairGenerator = new RsaKeyPairGenerator();
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Subject DN
certificateGenerator.SetSubjectDN(new X509Name("CN=" + subject));
// Subject Alternative Name
var subjectAlternativeNames = new List <Asn1Encodable>()
{
new GeneralName(GeneralName.DnsName, Environment.MachineName),
new GeneralName(GeneralName.DnsName, "localhost"),
new GeneralName(GeneralName.IPAddress, "127.0.0.1"),
};
if (subject != "localhost" && subject != Environment.MachineName)
{
subjectAlternativeNames.Add(new GeneralName(GeneralName.DnsName, subject));
}
certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, new DerSequence(subjectAlternativeNames.ToArray()));
// Issuer
certificateGenerator.SetIssuerDN(new X509Name("CN=" + subject));
certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public)));
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Add basic constraint
certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false));
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, subjectKeyPair.Private);
// self-signed certificate
var certificate = certificateGenerator.Generate(signatureFactory);
// corresponding private key
var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
// merge into X509Certificate2
var x509 = new X509Certificate2(certificate.GetEncoded());
var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded());
if (seq.Count != 9)
{
// throw new PemException("malformed sequence in RSA private key");
}
var rsa = RsaPrivateKeyStructure.GetInstance(seq);
var rsaParams = new RsaPrivateCrtKeyParameters(
rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient);
// This can throw CryptographicException in some cases. Catch above here and deal with it
// in the application level.
x509.PrivateKey = ToDotNetKey(rsaParams); // x509.PrivateKey = DotNetUtilities.ToRSA(rsaParams);
return(x509);
}
