Inheritance: System.Random
        public DsaKeyGenerationParameters(
            SecureRandom	random,
            DsaParameters	parameters)
			: base(random, parameters.P.BitLength - 1)
        {
            this.parameters = parameters;
        }
        internal BigInteger CalculatePrivate(
			BigInteger		p,
			SecureRandom	random,
			int				limit)
        {
            //
            // calculate the private key
            //
            BigInteger pSub2 = p.Subtract(BigInteger.Two);
            BigInteger x;

            if (limit == 0)
            {
                x = createInRange(pSub2, random);
            }
            else
            {
                do
                {
                    // TODO Check this (should the generated numbers always be odd,
                    // and length 'limit'?)
                    x = new BigInteger(limit, 0, random);
                }
                while (x.SignValue == 0);
            }

            return x;
        }
Esempio n. 3
0
		public void Init(
			bool				forSigning,
			ICipherParameters	parameters)
		{
			this.forSigning = forSigning;

			if (forSigning)
			{
				if (parameters is ParametersWithRandom)
				{
					ParametersWithRandom rParam = (ParametersWithRandom) parameters;

					this.random = rParam.Random;
					parameters = rParam.Parameters;
				}
				else
				{
					this.random = new SecureRandom();
				}

				if (!(parameters is ECPrivateKeyParameters))
					throw new InvalidKeyException("EC private key required for signing");

				this.key = (ECPrivateKeyParameters) parameters;
			}
			else
			{
				if (!(parameters is ECPublicKeyParameters))
					throw new InvalidKeyException("EC public key required for verification");

				this.key = (ECPublicKeyParameters) parameters;
			}
		}
        /// <summary>
        /// Generate a new X509Certificate specifying a SecureRandom instance that you would like to use.
        /// </summary>
        /// <param name="privateKey">The private key of the issuer used to sign this certificate.</param>
        /// <param name="random">The Secure Random you want to use.</param>
        /// <returns>An X509Certificate.</returns>
        public X509Certificate Generate(
			IAsymmetricKeyParameter	privateKey,
			SecureRandom			random)
        {
            TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate();
            byte[] signature;

            try
            {
                signature = X509Utilities.GetSignatureForObject(
                    sigOID, signatureAlgorithm, privateKey, random, tbsCert);
            }
            catch (Exception e)
            {
                // TODO
            //				throw new ExtCertificateEncodingException("exception encoding TBS cert", e);
                throw new CertificateEncodingException("exception encoding TBS cert", e);
            }

            try
            {
                return GenerateJcaObject(tbsCert, signature);
            }
            catch (CertificateParsingException e)
            {
                // TODO
                // throw new ExtCertificateEncodingException("exception producing certificate object", e);
                throw new CertificateEncodingException("exception producing certificate object", e);
            }
        }
Esempio n. 5
0
		static TspTestUtil()
		{
			rand = new SecureRandom();

			kpg = GeneratorUtilities.GetKeyPairGenerator("RSA");
			kpg.Init(new RsaKeyGenerationParameters(
				BigInteger.ValueOf(0x10001), rand, 1024, 25));

			desede128kg = GeneratorUtilities.GetKeyGenerator("DESEDE");
			desede128kg.Init(new KeyGenerationParameters(rand, 112));

			desede192kg = GeneratorUtilities.GetKeyGenerator("DESEDE");
			desede192kg.Init(new KeyGenerationParameters(rand, 168));

			rc240kg = GeneratorUtilities.GetKeyGenerator("RC2");
			rc240kg.Init(new KeyGenerationParameters(rand, 40));

			rc264kg = GeneratorUtilities.GetKeyGenerator("RC2");
			rc264kg.Init(new KeyGenerationParameters(rand, 64));

			rc2128kg = GeneratorUtilities.GetKeyGenerator("RC2");
			rc2128kg.Init(new KeyGenerationParameters(rand, 128));

			serialNumber = BigInteger.One;
		}
        private static X509Certificate GenerateCertificate(Org.BouncyCastle.Security.SecureRandom random,
                                                           string subjectName,
                                                           AsymmetricCipherKeyPair subjectKeyPair,
                                                           BigInteger subjectSerialNumber,
                                                           string[] subjectAlternativeNames,
                                                           string issuerName,
                                                           AsymmetricCipherKeyPair issuerKeyPair,
                                                           BigInteger issuerSerialNumber,
                                                           bool isCertificateAuthority,
                                                           KeyPurposeID[] usages,
                                                           int expiresIn)
        {
            var certificateGenerator = new X509V3CertificateGenerator();

            certificateGenerator.SetSerialNumber(subjectSerialNumber);

            // Set the signature algorithm. This is used to generate the thumbprint which is then signed
            // with the issuer's private key. We'll use SHA-256, which is (currently) considered fairly strong.
            const string signatureAlgorithm = "SHA256WithRSA";

            certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);

            var issuerDN = new X509Name(issuerName);

            certificateGenerator.SetIssuerDN(issuerDN);

            // Note: The subject can be omitted if you specify a subject alternative name (SAN).
            var subjectDN = new X509Name(subjectName);

            certificateGenerator.SetSubjectDN(subjectDN);

            // Our certificate needs valid from/to values.
            var notBefore = DateTime.UtcNow.Date;
            var notAfter  = notBefore.AddYears(expiresIn);

            certificateGenerator.SetNotBefore(notBefore);
            certificateGenerator.SetNotAfter(notAfter);

            // The subject's public key goes in the certificate.
            certificateGenerator.SetPublicKey(subjectKeyPair.Public);

            certificateGenerator.AddAuthorityKeyIdentifier(issuerDN, issuerKeyPair, issuerSerialNumber);
            certificateGenerator.AddSubjectKeyIdentifier(subjectKeyPair);
            certificateGenerator.AddBasicConstraints(isCertificateAuthority);

            if (usages != null && usages.Any())
            {
                certificateGenerator.AddExtendedKeyUsage(usages);
            }

            if (subjectAlternativeNames != null && subjectAlternativeNames.Any())
            {
                certificateGenerator.AddSubjectAlternativeNames(subjectAlternativeNames);
            }

            // The certificate is signed with the issuer's private key.
            var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);

            return(certificate);
        }
        /**
        * Return a random BigInteger not less than 'min' and not greater than 'max'
        * 
        * @param min the least value that may be generated
        * @param max the greatest value that may be generated
        * @param random the source of randomness
        * @return a random BigInteger value in the range [min,max]
        */
        public static BigInteger CreateRandomInRange(
            BigInteger		min,
            BigInteger		max,
            // TODO Should have been just Random class
            SecureRandom	random)
        {
            int cmp = min.CompareTo(max);
            if (cmp >= 0)
            {
                if (cmp > 0)
                    throw new ArgumentException("'min' may not be greater than 'max'");

                return min;
            }

            if (min.BitLength > max.BitLength / 2)
            {
                return CreateRandomInRange(BigInteger.Zero, max.Subtract(min), random).Add(min);
            }

            for (int i = 0; i < MaxIterations; ++i)
            {
                BigInteger x = new BigInteger(max.BitLength, random);
                if (x.CompareTo(min) >= 0 && x.CompareTo(max) <= 0)
                {
                    return x;
                }
            }

            // fall back to a faster (restricted) method
            return new BigInteger(max.Subtract(min).BitLength - 1, random).Add(min);
        }
Esempio n. 8
0
		public void Init(
			ICipherParameters parameters)
		{
			AsymmetricKeyParameter kParam;
			if (parameters is ParametersWithRandom)
			{
				ParametersWithRandom rParam = (ParametersWithRandom)parameters;

				this.random = rParam.Random;
				kParam = (AsymmetricKeyParameter)rParam.Parameters;
			}
			else
			{
				this.random = new SecureRandom();
				kParam = (AsymmetricKeyParameter)parameters;
			}

			if (!(kParam is DHPrivateKeyParameters))
			{
				throw new ArgumentException("DHEngine expects DHPrivateKeyParameters");
			}

			this.key = (DHPrivateKeyParameters)kParam;
			this.dhParams = key.Parameters;
		}
Esempio n. 9
0
		private void doWrapTest(
			int				id,
			IBlockCipher	engine,
			byte[]			kek,
			byte[]			iv,
			SecureRandom	rand,
			byte[]			inBytes,
			byte[]			outBytes)
		{
			IWrapper wrapper = new Rfc3211WrapEngine(engine);

			wrapper.Init(true, new ParametersWithRandom(
				new ParametersWithIV(new KeyParameter(kek), iv), rand));

			byte[] cText = wrapper.Wrap(inBytes, 0, inBytes.Length);
			if (!AreEqual(cText, outBytes))
			{
				Fail("failed Wrap test " + id  + " expected "
					+ Hex.ToHexString(outBytes) + " got " + Hex.ToHexString(cText));
			}

			wrapper.Init(false, new ParametersWithIV(new KeyParameter(kek), iv));

			byte[] pText = wrapper.Unwrap(outBytes, 0, outBytes.Length);
			if (!AreEqual(pText, inBytes))
			{
				Fail("rfailed Unwrap test " + id  + " expected "
					+ Hex.ToHexString(inBytes) + " got " + Hex.ToHexString(pText));
			}
		}
Esempio n. 10
0
        public void Init(
			bool				forSigning,
			ICipherParameters	parameters)
        {
            if (forSigning)
            {
                if (parameters is ParametersWithRandom)
                {
                    ParametersWithRandom rParam = (ParametersWithRandom)parameters;

                    this.random = rParam.Random;
            //					this.key = (Gost3410PrivateKeyParameters)rParam.Parameters;
                    parameters = rParam.Parameters;
                }
                else
                {
                    this.random = new SecureRandom();
            //					this.key = (Gost3410PrivateKeyParameters)parameters;
                }

                if (!(parameters is Gost3410PrivateKeyParameters))
                    throw new InvalidKeyException("GOST3410 private key required for signing");

                this.key = (Gost3410PrivateKeyParameters) parameters;
            }
            else
            {
                if (!(parameters is Gost3410PublicKeyParameters))
                    throw new InvalidKeyException("GOST3410 public key required for signing");

                this.key = (Gost3410PublicKeyParameters) parameters;
            }
        }
Esempio n. 11
0
        /// <summary>
        /// Creates ECDSA from imported data
        /// </summary>
        /// <param name="type">0 or 1 (1 faster)</param>
        /// <param name="forSign">if created for signing, otherwise for verifying</param>
        /// <param name="import">Imporeted public or private key</param>
        public ECDSAWrapper(int type, bool forSign, byte[] import)
        {
            this.initCurveandParams(type);

            if (forSign)
            {
                try
                {
                    //import - D (BigInteger)
                    SecureRandom random = new SecureRandom();
                    BigInteger Drec = new BigInteger(import);
                    ECPrivateKeyParameters ecPrivImported = new ECPrivateKeyParameters(Drec, this.parameters);
                    ParametersWithRandom ecPrivImportedpwr = new ParametersWithRandom(ecPrivImported, random);
                    this.ecdsa.Init(true, ecPrivImportedpwr);
                }
                catch (Exception ex)
                {
                    throw new Exception("Error while creating ECDSAWrapper from import for signing", ex);
                }
            }
            else
            {
                try
                {
                    //import - Q (ECPoint)
                    ECPoint Qrec = this.ecCurve.DecodePoint(import);
                    ECPublicKeyParameters recPub = new ECPublicKeyParameters(Qrec, this.parameters);
                    this.ecdsa.Init(false, recPub);
                }
                catch (Exception ex)
                {
                    throw new Exception("Error while creating ECDSAWrapperfom import for verifying", ex);
                }
            }
        }
Esempio n. 12
0
 static EcKey()
 {
     // All clients must agree on the curve to use by agreement. BitCoin uses secp256k1.
     var @params = SecNamedCurves.GetByName("secp256k1");
     _ecParams = new ECDomainParameters(@params.Curve, @params.G, @params.N, @params.H);
     _secureRandom = new SecureRandom();
 }
Esempio n. 13
0
 internal X931SecureRandom(SecureRandom randomSource, X931Rng drbg, bool predictionResistant)
     : base((IRandomGenerator)null)
 {
     this.mRandomSource = randomSource;
     this.mDrbg = drbg;
     this.mPredictionResistant = predictionResistant;
 }
Esempio n. 14
0
		public static byte[] GenerateEncryptedPreMasterSecret(SecureRandom random,
			RsaKeyParameters rsaServerPublicKey, Stream output)
		{
			/*
			 * Choose a PremasterSecret and send it encrypted to the server
			 */
			byte[] premasterSecret = new byte[48];
			random.NextBytes(premasterSecret);
			TlsUtilities.WriteVersion(premasterSecret, 0);

			Pkcs1Encoding encoding = new Pkcs1Encoding(new RsaBlindedEngine());
			encoding.Init(true, new ParametersWithRandom(rsaServerPublicKey, random));

			try
			{
				byte[] keData = encoding.ProcessBlock(premasterSecret, 0, premasterSecret.Length);
                TlsUtilities.WriteOpaque16(keData, output);
			}
			catch (InvalidCipherTextException)
			{
				/*
				* This should never happen, only during decryption.
				*/
				throw new TlsFatalAlert(AlertDescription.internal_error);
			}

			return premasterSecret;
		}
		public DHKeyGenerationParameters(
            SecureRandom	random,
            DHParameters	parameters)
			: base(random, GetStrength(parameters))
        {
            this.parameters = parameters;
        }
		internal BigInteger CalculatePrivate(
			DHParameters	dhParams,
			SecureRandom	random)
		{
			int limit = dhParams.L;

			if (limit != 0)
			{
				return new BigInteger(limit, random).SetBit(limit - 1);
			}

			BigInteger min = BigInteger.Two;
			int m = dhParams.M;
			if (m != 0)
			{
				min = BigInteger.One.ShiftLeft(m - 1);
			}

			BigInteger max = dhParams.P.Subtract(BigInteger.Two);
			BigInteger q = dhParams.Q;
			if (q != null)
			{
				max = q.Subtract(BigInteger.Two);
			}

			return BigIntegers.CreateRandomInRange(min, max, random);
		}
        public virtual byte[] CalculateRawSignature(SecureRandom random,
			IAsymmetricKeyParameter privateKey, byte[] md5andsha1)
        {
            ISigner s = MakeSigner(new NullDigest(), true, new ParametersWithRandom(privateKey, random));
            s.BlockUpdate(md5andsha1, 0, md5andsha1.Length);
            return s.GenerateSignature();
        }
		public ECKeyGenerationParameters(
			DerObjectIdentifier	publicKeyParamSet,
			SecureRandom		random)
			: this(LookupParameters(publicKeyParamSet), random)
		{
			this.publicKeyParamSet = publicKeyParamSet;
		}
		public ECKeyGenerationParameters(
			ECDomainParameters	domainParameters,
			SecureRandom		random)
			: base(random, domainParameters.N.BitLength)
        {
            this.domainParams = domainParameters;
        }
        private static Org.BouncyCastle.Security.SecureRandom GetSecureRandom()
        {
            var randomGenerator = new CryptoApiRandomGenerator();
            var random          = new Org.BouncyCastle.Security.SecureRandom(randomGenerator);

            return(random);
        }
        public virtual void Init(bool forSigning, ICipherParameters	parameters)
        {
            SecureRandom providedRandom = null;

            if (forSigning)
            {
                if (parameters is ParametersWithRandom)
                {
                    ParametersWithRandom rParam = (ParametersWithRandom)parameters;

                    providedRandom = rParam.Random;
                    parameters = rParam.Parameters;
                }

                if (!(parameters is DsaPrivateKeyParameters))
                    throw new InvalidKeyException("DSA private key required for signing");

                this.key = (DsaPrivateKeyParameters)parameters;
            }
            else
            {
                if (!(parameters is DsaPublicKeyParameters))
                    throw new InvalidKeyException("DSA public key required for verification");

                this.key = (DsaPublicKeyParameters)parameters;
            }

            this.random = InitSecureRandom(forSigning && !kCalculator.IsDeterministic, providedRandom);
        }
Esempio n. 22
0
		public virtual void Init(
			bool				forSigning,
			ICipherParameters	parameters)
		{
			if (parameters is ParametersWithRandom)
			{
				ParametersWithRandom p = (ParametersWithRandom) parameters;

				parameters = p.Parameters;
				random = p.Random;
			}
			else
			{
				if (forSigning)
				{
					random = new SecureRandom();
				}
			}

			cipher.Init(forSigning, parameters);

			RsaKeyParameters kParam;
			if (parameters is RsaBlindingParameters)
			{
				kParam = ((RsaBlindingParameters) parameters).PublicKey;
			}
			else
			{
				kParam = (RsaKeyParameters) parameters;
			}

			emBits = kParam.Modulus.BitLength - 1;

			block = new byte[(emBits + 7) / 8];
		}
Esempio n. 23
0
        public static X509Certificate GenCert(CertInfo info)
        {
            RsaKeyPairGenerator _rsa = new RsaKeyPairGenerator();
            SecureRandom _random = new SecureRandom();

            _rsa.Init(new KeyGenerationParameters(_random, info.rsa_strength));
            AsymmetricCipherKeyPair _pair = _rsa.GenerateKeyPair();

            X509Name _cert_name = new X509Name("CN=" + info.name);
            BigInteger _serialnumber = BigInteger.ProbablePrime(120, new Random());

            X509V3CertificateGenerator _cert = new X509V3CertificateGenerator();
            _cert.SetSerialNumber(_serialnumber);
            _cert.SetSubjectDN(_cert_name);
            _cert.SetIssuerDN(_cert_name);
            _cert.SetNotBefore(info.begin_date);
            _cert.SetNotAfter(info.expire_date);
            _cert.SetSignatureAlgorithm("SHA1withRSA");
            _cert.SetPublicKey(_pair.Public);

            _cert.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false,
                new AuthorityKeyIdentifier(
                    SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(_pair.Public),
                    new GeneralNames(new GeneralName(_cert_name)), _serialnumber));
            _cert.AddExtension(X509Extensions.ExtendedKeyUsage.Id, false,
                new ExtendedKeyUsage(new[] { KeyPurposeID.IdKPServerAuth }));

            return _cert.Generate(_pair.Private);
        }
Esempio n. 24
0
        protected DtlsProtocol(SecureRandom secureRandom)
        {
            if (secureRandom == null)
                throw new ArgumentNullException("secureRandom");

            this.mSecureRandom = secureRandom;
        }
Esempio n. 25
0
 public virtual byte[] GenerateRawSignature(SecureRandom random,
     AsymmetricKeyParameter privateKey, byte[] md5AndSha1)
 {
     IAsymmetricBlockCipher engine = CreateRsaImpl();
     engine.Init(true, new ParametersWithRandom(privateKey, random));
     return engine.ProcessBlock(md5AndSha1, 0, md5AndSha1.Length);
 }
		/// <summary>Initialise the generator for signing.</summary>
		public void InitSign(
			int				sigType,
			PgpPrivateKey	key,
			SecureRandom	random)
		{
			this.privKey = key;
			this.signatureType = sigType;

			try
			{
				ICipherParameters cp = key.Key;
				if (random != null)
				{
					cp = new ParametersWithRandom(key.Key, random);
				}

				sig.Init(true, cp);
			}
			catch (InvalidKeyException e)
			{
				throw new PgpException("invalid key.", e);
			}

			dig.Reset();
			lastb = 0;
		}
		public Gost3410KeyGenerationParameters(
			SecureRandom random,
			Gost3410Parameters parameters)
			: base(random, parameters.P.BitLength - 1)
		{
			this.parameters = parameters;
		}
Esempio n. 28
0
	    /**
	     * Initialises the client to begin new authentication attempt
	     * @param N The safe prime associated with the client's verifier
	     * @param g The group parameter associated with the client's verifier
	     * @param digest The digest algorithm associated with the client's verifier
	     * @param random For key generation
	     */
	    public virtual void Init(BigInteger N, BigInteger g, IDigest digest, SecureRandom random)
	    {
	        this.N = N;
	        this.g = g;
	        this.digest = digest;
	        this.random = random;
	    }
		public Gost3410KeyGenerationParameters(
			SecureRandom		random,
			DerObjectIdentifier	publicKeyParamSet)
			: this(random, LookupParameters(publicKeyParamSet))
		{
			this.publicKeyParamSet = publicKeyParamSet;
		}
		public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
		{
			byte[] keyBytes = contentEncryptionKey.GetKey();

			string rfc3211WrapperName = Helper.GetRfc3211WrapperName(keyEncryptionKeyOID);
			IWrapper keyWrapper = Helper.CreateWrapper(rfc3211WrapperName);

			// Note: In Java build, the IV is automatically generated in JCE layer
			int ivLength = Platform.StartsWith(rfc3211WrapperName, "DESEDE") ? 8 : 16;
			byte[] iv = new byte[ivLength];
			random.NextBytes(iv);

			ICipherParameters parameters = new ParametersWithIV(keyEncryptionKey, iv);
			keyWrapper.Init(true, new ParametersWithRandom(parameters, random));
        	Asn1OctetString encryptedKey = new DerOctetString(
				keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));

			DerSequence seq = new DerSequence(
				new DerObjectIdentifier(keyEncryptionKeyOID),
				new DerOctetString(iv));

			AlgorithmIdentifier keyEncryptionAlgorithm = new AlgorithmIdentifier(
				PkcsObjectIdentifiers.IdAlgPwriKek, seq);

			return new RecipientInfo(new PasswordRecipientInfo(
				keyDerivationAlgorithm, keyEncryptionAlgorithm, encryptedKey));
		}
Esempio n. 31
0
		/**
		* initialise the ElGamal engine.
		*
		* @param forEncryption true if we are encrypting, false otherwise.
		* @param param the necessary ElGamal key parameters.
		*/
        public virtual void Init(
			bool				forEncryption,
			ICipherParameters	parameters)
		{
			if (parameters is ParametersWithRandom)
			{
				ParametersWithRandom p = (ParametersWithRandom) parameters;

				this.key = (ElGamalKeyParameters) p.Parameters;
				this.random = p.Random;
			}
			else
			{
				this.key = (ElGamalKeyParameters) parameters;
				this.random = new SecureRandom();
			}

			this.forEncryption = forEncryption;
			this.bitSize = key.Parameters.P.BitLength;

			if (forEncryption)
			{
				if (!(key is ElGamalPublicKeyParameters))
				{
					throw new ArgumentException("ElGamalPublicKeyParameters are required for encryption.");
				}
			}
			else
			{
				if (!(key is ElGamalPrivateKeyParameters))
				{
					throw new ArgumentException("ElGamalPrivateKeyParameters are required for decryption.");
				}
			}
		}
		public ElGamalKeyGenerationParameters(
            SecureRandom		random,
            ElGamalParameters	parameters)
			: base(random, GetStrength(parameters))
        {
            this.parameters = parameters;
        }
Esempio n. 33
0
        public static RsaKeyPair RsaKeysFromPassword(string Password, byte[] Salt)
        {
            byte[] pass = System.Text.Encoding.UTF32.GetBytes(Password);

            if (Salt == null)
            {
                RNGCryptoServiceProvider provider = new RNGCryptoServiceProvider();
                byte[] salt = new byte[24];
                provider.GetBytes(salt);
                Salt = salt;
            }
            else if (Salt.Length < 24) // Pad the salt with 0x00
            {
                byte[] salt = new byte[24];
                Array.Copy(Salt, salt, Salt.Length);
                Salt = salt;
            }
            else if (Salt.Length > 24) // Truncate the salt to 24 bytes
            {
                byte[] salt = new byte[24];
                Array.Copy(Salt, salt, salt.Length);
                Salt = salt;
            }

            // Generate the hash
            Rfc2898DeriveBytes pbkdf2 = new Rfc2898DeriveBytes(pass, Salt, 100000);

            pass = pbkdf2.GetBytes(24);

            RsaKeyPairGenerator rsaGenerator = new RsaKeyPairGenerator();
            var rng = new Org.BouncyCastle.Security.SecureRandom(pass);

            rsaGenerator.Init(new KeyGenerationParameters(rng, 2048));
            var    keyPair    = rsaGenerator.GenerateKeyPair();
            string privatePem = "";
            string publicPem  = "";

            using (TextWriter privateKeyTextWriter = new StringWriter())
            {
                PemWriter pemWriter = new PemWriter(privateKeyTextWriter);
                pemWriter.WriteObject(keyPair.Private);
                pemWriter.Writer.Flush();
                privatePem = privateKeyTextWriter.ToString();
            }

            using (TextWriter publicKeyTextWriter = new StringWriter())
            {
                PemWriter pemWriter = new PemWriter(publicKeyTextWriter);
                pemWriter.WriteObject(keyPair.Public);
                pemWriter.Writer.Flush();
                publicPem = publicKeyTextWriter.ToString();
            }

            return(new RsaKeyPair()
            {
                PublicKey = publicPem,
                PrivateKey = privatePem,
                Timestamp = (int)(DateTime.UtcNow.Subtract(new DateTime(1970, 1, 1))).TotalSeconds
            });
        }
        /// <summary>
        /// The certificate needs a serial number. This is used for revocation,
        /// and usually should be an incrementing index (which makes it easier to revoke a range of certificates).
        /// Since we don't have anywhere to store the incrementing index, we can just use a random number.
        /// </summary>
        /// <param name="random"></param>
        /// <returns></returns>
        private static BigInteger GenerateSerialNumber(Org.BouncyCastle.Security.SecureRandom random)
        {
            var serialNumber =
                BigIntegers.CreateRandomInRange(
                    BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);

            return(serialNumber);
        }
        /// <summary>
        /// Generate a key pair.
        /// </summary>
        /// <param name="random">The random number generator.</param>
        /// <param name="strength">The key length in bits. For RSA, 2048 bits should be considered the minimum acceptable these days.</param>
        /// <returns></returns>
        private static AsymmetricCipherKeyPair GenerateKeyPair(Org.BouncyCastle.Security.SecureRandom random, int strength)
        {
            var keyGenerationParameters = new KeyGenerationParameters(random, strength);

            var keyPairGenerator = new RsaKeyPairGenerator();

            keyPairGenerator.Init(keyGenerationParameters);
            var subjectKeyPair = keyPairGenerator.GenerateKeyPair();

            return(subjectKeyPair);
        }
Esempio n. 36
0
        internal AbstractTlsContext(Org.BouncyCastle.Security.SecureRandom secureRandom, Org.BouncyCastle.Crypto.Tls.SecurityParameters securityParameters)
        {
            IDigest digest = TlsUtilities.CreateHash((byte)4);

            byte[] buffer = new byte[digest.GetDigestSize()];
            secureRandom.NextBytes(buffer);
            this.mNonceRandom = new DigestRandomGenerator(digest);
            this.mNonceRandom.AddSeedMaterial(NextCounterValue());
            this.mNonceRandom.AddSeedMaterial(Times.NanoTime());
            this.mNonceRandom.AddSeedMaterial(buffer);
            this.mSecureRandom       = secureRandom;
            this.mSecurityParameters = securityParameters;
        }
Esempio n. 37
0
 public static Asn1Encodable GenerateParameters(
     DerObjectIdentifier algID,
     SecureRandom random)
 {
     return(GenerateParameters(algID.Id, random));
 }
Esempio n. 38
0
        // http://stackoverflow.com/questions/36942094/how-can-i-generate-a-self-signed-cert-without-using-obsolete-bouncycastle-1-7-0
        public static System.Security.Cryptography.X509Certificates.X509Certificate2 CreateX509Cert2(string certName)
        {
            var keypairgen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator();

            keypairgen.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(
                                new Org.BouncyCastle.Security.SecureRandom(
                                    new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator()
                                    )
                                , 1024
                                //, 512
                                )
                            );

            Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keypair = keypairgen.GenerateKeyPair();

            // --- Until here we generate a keypair



            var random = new Org.BouncyCastle.Security.SecureRandom(
                new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator()
                );


            // SHA1WITHRSA
            // SHA256WITHRSA
            // SHA384WITHRSA
            // SHA512WITHRSA

            // SHA1WITHECDSA
            // SHA224WITHECDSA
            // SHA256WITHECDSA
            // SHA384WITHECDSA
            // SHA512WITHECDSA

            Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory =
                new Org.BouncyCastle.Crypto.Operators.Asn1SignatureFactory("SHA512WITHRSA", keypair.Private, random)
            ;



            var gen = new Org.BouncyCastle.X509.X509V3CertificateGenerator();


            var CN = new Org.BouncyCastle.Asn1.X509.X509Name("CN=" + certName);
            var SN = Org.BouncyCastle.Math.BigInteger.ProbablePrime(120, new Random());

            gen.SetSerialNumber(SN);
            gen.SetSubjectDN(CN);
            gen.SetIssuerDN(CN);
            gen.SetNotAfter(DateTime.Now.AddYears(1));
            gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
            gen.SetPublicKey(keypair.Public);


            // -- Are these necessary ?

            // public static readonly DerObjectIdentifier AuthorityKeyIdentifier = new DerObjectIdentifier("2.5.29.35");
            // OID value: 2.5.29.35
            // OID description: id-ce-authorityKeyIdentifier
            // This extension may be used either as a certificate or CRL extension.
            // It identifies the public key to be used to verify the signature on this certificate or CRL.
            // It enables distinct keys used by the same CA to be distinguished (e.g., as key updating occurs).


            // http://stackoverflow.com/questions/14930381/generating-x509-certificate-using-bouncy-castle-java
            gen.AddExtension(
                Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier.Id,
                false,
                new Org.BouncyCastle.Asn1.X509.AuthorityKeyIdentifier(
                    Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public),
                    new Org.BouncyCastle.Asn1.X509.GeneralNames(new Org.BouncyCastle.Asn1.X509.GeneralName(CN)),
                    SN
                    ));

            // OID value: 1.3.6.1.5.5.7.3.1
            // OID description: Indicates that a certificate can be used as an SSL server certificate.
            gen.AddExtension(
                Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage.Id,
                false,
                new Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage(
                    new System.Collections.Generic.List <object>()
            {
                new Org.BouncyCastle.Asn1.DerObjectIdentifier("1.3.6.1.5.5.7.3.1")
            }
                    )
                );


            gen.AddExtension(
                new Org.BouncyCastle.Asn1.DerObjectIdentifier("2.5.29.19"),
                false,
                new Org.BouncyCastle.Asn1.X509.BasicConstraints(false) // true if it is allowed to sign other certs
                );

            gen.AddExtension(
                new Org.BouncyCastle.Asn1.DerObjectIdentifier("2.5.29.15"),
                true,
                new Org.BouncyCastle.X509.X509KeyUsage(
                    Org.BouncyCastle.X509.X509KeyUsage.DigitalSignature |
                    Org.BouncyCastle.X509.X509KeyUsage.NonRepudiation |
                    Org.BouncyCastle.X509.X509KeyUsage.KeyEncipherment |
                    Org.BouncyCastle.X509.X509KeyUsage.DataEncipherment)
                );


            // -- End are these necessary ?

            Org.BouncyCastle.X509.X509Certificate bouncyCert = gen.Generate(signatureFactory);
            // Org.BouncyCastle.X509.X509Certificate bouncyCert = gen.Generate(keypair.Private);

            bouncyCert.GetPublicKey();

            byte[] ba = bouncyCert.GetEncoded();

            using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
            {
                Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);

                pemWriter.WriteObject(bouncyCert);
                pemWriter.WriteObject(keypair.Private);
                pemWriter.Writer.Flush();

                string privateKey = textWriter.ToString();
                System.Console.WriteLine(privateKey);
            } // End Using textWriter


            string certFile = @"D:\mycert.cert";

            using (System.IO.FileStream fs = System.IO.File.OpenWrite(certFile))
            {
                using (System.IO.TextWriter textWriter = new System.IO.StreamWriter(fs))
                {
                    Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);

                    pemWriter.WriteObject(bouncyCert);
                    pemWriter.WriteObject(keypair.Private);
                    pemWriter.Writer.Flush();

                    string privateKey = textWriter.ToString();
                    System.Console.WriteLine(privateKey);
                } // End Using textWriter
            }     // End Using fs


            // https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate.cs
            // https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs



            // System.Security.Cryptography.X509Certificates.X509Certificate2 msCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(ba);
            System.Security.Cryptography.X509Certificates.X509Certificate2 msCert =
                new System.Security.Cryptography.X509Certificates
                .X509Certificate2(ba, null
                                  , System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable


                                  // System.Security.Cryptography.X509Certificates.X509KeyStorageFlag.PersistKeySet |
                                  // System.Security.Cryptography.X509Certificates.X509KeyStorageFlag.MachineKeySet |
                                  // System.Security.Cryptography.X509Certificates.X509KeyStorageFlag.Exportable
                                  );

            msCert = new X509Certificate2(certFile, null, X509KeyStorageFlags.MachineKeySet);
            object obj = msCert.GetRSAPrivateKey();

            System.Console.WriteLine(obj);

            if (msCert.HasPrivateKey)
            {
                Console.WriteLine(msCert.HasPrivateKey);
            }

            return(msCert);
        }
Esempio n. 39
0
 private static Asn1OctetString CreateIVOctetString(
     SecureRandom random,
     int ivLength)
 {
     return(new DerOctetString(CreateIV(random, ivLength)));
 }
        public static Asn1Encodable GenerateParameters(
            string algorithm,
            SecureRandom random)
        {
            if (algorithm == null)
            {
                throw new ArgumentNullException("algorithm");
            }

            string canonical = GetCanonicalAlgorithmName(algorithm);

            if (canonical == null)
            {
                throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
            }

            switch (canonical)
            {
            // TODO These algorithms support an IV (see GetCipherParameters)
            // but JCE doesn't seem to provide an AlgorithmParametersGenerator for them
//				case "RIJNDAEL":
//				case "SKIPJACK":
//				case "TWOFISH":

            case "AES":
            case "AES128":
            case "AES192":
            case "AES256":
                return(CreateIVOctetString(random, 16));

            case "BLOWFISH":
                return(CreateIVOctetString(random, 8));

            case "CAMELLIA":
            case "CAMELLIA128":
            case "CAMELLIA192":
            case "CAMELLIA256":
                return(CreateIVOctetString(random, 16));

            case "CAST5":
                return(new Cast5CbcParameters(CreateIV(random, 8), 128));

            case "DES":
            case "DESEDE":
            case "DESEDE3":
                return(CreateIVOctetString(random, 8));

#if INCLUDE_IDEA
            case "IDEA":
                return(new IdeaCbcPar(CreateIV(random, 8)));
#endif
            case "NOEKEON":
                return(CreateIVOctetString(random, 16));

            case "RC2":
                return(new RC2CbcParameter(CreateIV(random, 8)));

            case "SEED":
                return(CreateIVOctetString(random, 16));
            }

            throw new SecurityUtilityException("Algorithm " + algorithm + " not recognised.");
        }
Esempio n. 41
0
 public static byte[] GetNextBytes(SecureRandom secureRandom, int length)
 {
     byte[] result = new byte[length];
     secureRandom.NextBytes(result);
     return(result);
 }