public static AsymmetricCipherKeyPair GetRSAKeyPairFromSeed(string rsaSeed, int rsaKeySize = 4096, CoinType coinType = CoinType.Stratis) { byte[] binaryRsaSeed = System.Text.Encoding.ASCII.GetBytes(rsaSeed); // apply SHAKE-256 var digest = new Org.BouncyCastle.Crypto.Digests.SkeinDigest(256, 4096); int digestSize = digest.GetDigestSize(); digest.BlockUpdate(binaryRsaSeed, 0, binaryRsaSeed.Length); byte[] rsaSeedDigest = new byte[4096 / 8]; digest.DoFinal(rsaSeedDigest, 0); var randomSeedGenerator = System.Security.Cryptography.RandomNumberGenerator.Create(); byte[] seed = new byte[rsaKeySize / 8]; randomSeedGenerator.GetBytes(seed); VmpcRandomGenerator randomGenerator = new VmpcRandomGenerator(); randomGenerator.AddSeedMaterial(seed); //CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); var secureRandom = new SecureRandom(randomGenerator); var keyGenerationParameters = new KeyGenerationParameters(secureRandom, rsaKeySize); var privateKeyBasedRsaKeyPairGenerator = new SeedBasedDeterministicRsaKeyPairGenerator(); privateKeyBasedRsaKeyPairGenerator.Init(keyGenerationParameters, rsaSeedDigest); var result = privateKeyBasedRsaKeyPairGenerator.GenerateKeyPair(); return(result); }
private AsymmetricCipherKeyPair GetKeyPair() { var randomGenerator = new VmpcRandomGenerator(); var secureRandom = new SecureRandom(randomGenerator); var keyGenerationParameters = new KeyGenerationParameters(secureRandom, 2048); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); return(keyPairGenerator.GenerateKeyPair()); }
private static SecureRandom GetSeededSecureRandom() { var buffer = new byte[32]; using (var cryptoRandom = RandomNumberGenerator.Create()) { cryptoRandom.GetBytes(buffer); } var randomGenerator = new VmpcRandomGenerator(); randomGenerator.AddSeedMaterial(buffer); SecureRandom random = new SecureRandom(randomGenerator); return(random); }
public static X509Certificate2 GenerateSelfSignedCertificate(string subjectName, string issuerName, int keyStrength) { try { // Generating Random Numbers var randomGenerator = new VmpcRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigInteger.ProbablePrime(128, new Random()); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm var signatureAlgorithm = "SHA512WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name var subjectDN = new X509Name(subjectName); var issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For var notBefore = DateTime.UtcNow.Date.AddYears(-1); var notAfter = notBefore.AddYears(10); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); if (userKeyPair == null) { userKeyPair = keyPairGenerator.GenerateKeyPair(); } certificateGenerator.SetPublicKey(userKeyPair.Public); //Extented certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(userKeyPair.Public)); certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory .CreateSubjectPublicKeyInfo(userKeyPair.Public))); var valueData = Encoding.ASCII.GetBytes("Client"); certificateGenerator.AddExtension("1.3.6.1.5.5.7.13.3", false, valueData); // Generating the Certificate var issuerKeyPair = userKeyPair; // selfsign certificate var certificate = certificateGenerator.Generate(userKeyPair.Private, random); // correcponding private key var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(userKeyPair.Private); // merge into X509Certificate2 var x509 = new X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { throw new Exception("malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaparams = new RsaPrivateCrtKeyParameters(rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); #if NETCOREAPP2_0 || NETCOREAPP2_1 x509 = x509.CopyWithPrivateKey(PemUtils.ToRSA(rsaparams)); #endif return(x509); } catch (Exception ex) { logger.Error(ex, $"The Method \"{nameof(GenerateSelfSignedCertificate)}\" has failed."); return(null); } }
/// Note: Much of this code comes from https://stackoverflow.com/a/22247129 /// <exception cref="CryptographicException"> /// Sometimes thrown due to issues generating keys. /// </exception> private static X509Certificate2 GenerateSelfSignedCertificate(string subject) { const int keyStrength = 2048; // Generating Random Numbers // // For some reason the CryptoAPI wrapper doesn't come with the // .Net Core/Standard version of BouncyCastle, guessing this is most likely due to // platform compat issues. Use VMPC. var randomGenerator = new VmpcRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number certificateGenerator.SetSerialNumber(BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random)); // Subject Public Key var keyPairGenerator = new RsaKeyPairGenerator(); var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Subject DN certificateGenerator.SetSubjectDN(new X509Name("CN=" + subject)); // Subject Alternative Name var subjectAlternativeNames = new List <Asn1Encodable>() { new GeneralName(GeneralName.DnsName, Environment.MachineName), new GeneralName(GeneralName.DnsName, "localhost"), new GeneralName(GeneralName.IPAddress, "127.0.0.1"), }; if (subject != "localhost" && subject != Environment.MachineName) { subjectAlternativeNames.Add(new GeneralName(GeneralName.DnsName, subject)); } certificateGenerator.AddExtension(X509Extensions.SubjectAlternativeName.Id, false, new DerSequence(subjectAlternativeNames.ToArray())); // Issuer certificateGenerator.SetIssuerDN(new X509Name("CN=" + subject)); certificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier.Id, false, new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public))); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Add basic constraint certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(false)); certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth)); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; var signatureFactory = new Asn1SignatureFactory(signatureAlgorithm, subjectKeyPair.Private); // self-signed certificate var certificate = certificateGenerator.Generate(signatureFactory); // corresponding private key var info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); // merge into X509Certificate2 var x509 = new X509Certificate2(certificate.GetEncoded()); var seq = (Asn1Sequence)Asn1Object.FromByteArray(info.ParsePrivateKey().GetDerEncoded()); if (seq.Count != 9) { // throw new PemException("malformed sequence in RSA private key"); } var rsa = RsaPrivateKeyStructure.GetInstance(seq); var rsaParams = new RsaPrivateCrtKeyParameters( rsa.Modulus, rsa.PublicExponent, rsa.PrivateExponent, rsa.Prime1, rsa.Prime2, rsa.Exponent1, rsa.Exponent2, rsa.Coefficient); // This can throw CryptographicException in some cases. Catch above here and deal with it // in the application level. x509.PrivateKey = ToDotNetKey(rsaParams); // x509.PrivateKey = DotNetUtilities.ToRSA(rsaParams); return(x509); }