public override byte[] ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> password,
PbeParameters pbeParameters)
{
if (pbeParameters == null)
{
throw new ArgumentNullException(nameof(pbeParameters));
}
PasswordBasedEncryption.ValidatePbeParameters(
pbeParameters,
password,
ReadOnlySpan <byte> .Empty);
if (CngPkcs8.IsPlatformScheme(pbeParameters))
{
return(ExportEncryptedPkcs8(password, pbeParameters.IterationCount));
}
return(CngPkcs8.ExportEncryptedPkcs8PrivateKey(
this,
password,
pbeParameters));
}
public override bool TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> password,
PbeParameters pbeParameters,
Span <byte> destination,
out int bytesWritten) =>
_wrapped.TryExportEncryptedPkcs8PrivateKey(password, pbeParameters, destination, out bytesWritten);
public override byte[] ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> passwordBytes,
PbeParameters pbeParameters !!)
{
return(CngPkcs8.ExportEncryptedPkcs8PrivateKey(
public override byte[] ExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <char> password,
PbeParameters pbeParameters) =>
_wrapped.ExportEncryptedPkcs8PrivateKey(password, pbeParameters);
/// <summary>
/// Exports the current key in the PKCS#8 EncryptedPrivateKeyInfo format
/// with a char-based password, PEM encoded.
/// </summary>
/// <param name="password">
/// The password to use when encrypting the key material.
/// </param>
/// <param name="pbeParameters">
/// The password-based encryption (PBE) parameters to use when encrypting the key material.
/// </param>
/// <returns>A string containing the PEM-encoded PKCS#8 EncryptedPrivateKeyInfo.</returns>
/// <exception cref="NotImplementedException">
/// An implementation for <see cref="ExportEncryptedPkcs8PrivateKey(ReadOnlySpan{char}, PbeParameters)" /> or
/// <see cref="TryExportEncryptedPkcs8PrivateKey(ReadOnlySpan{char}, PbeParameters, Span{byte}, out int)" /> has not been provided.
/// </exception>
/// <exception cref="CryptographicException">
/// The key could not be exported.
/// </exception>
/// <remarks>
/// <p>
/// When <paramref name="pbeParameters" /> indicates an algorithm that
/// uses PBKDF2 (Password-Based Key Derivation Function 2), the password
/// is converted to bytes via the UTF-8 encoding.
/// </p>
/// <p>
/// A PEM-encoded PKCS#8 EncryptedPrivateKeyInfo will begin with
/// <c>-----BEGIN ENCRYPTED PRIVATE KEY-----</c> and end with
/// <c>-----END ENCRYPTED PRIVATE KEY-----</c>, with the base64 encoded DER
/// contents of the key between the PEM boundaries.
/// </p>
/// <p>
/// The PEM is encoded according to the IETF RFC 7468 "strict"
/// encoding rules.
/// </p>
/// </remarks>
public unsafe string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan <char> password, PbeParameters pbeParameters)
{
byte[] exported = ExportEncryptedPkcs8PrivateKey(password, pbeParameters);
// Fixed to prevent GC moves.
fixed(byte *pExported = exported)
{
try
{
return(PemKeyHelpers.CreatePemFromData(PemLabels.EncryptedPkcs8PrivateKey, exported));
}
finally
{
CryptographicOperations.ZeroMemory(exported);
}
}
}
/// <summary>
/// Attempts to export the current key in the PKCS#8 EncryptedPrivateKeyInfo
/// format into a provided buffer, using a byte-based password.
/// </summary>
/// <param name="passwordBytes">
/// The bytes to use as a password when encrypting the key material.
/// </param>
/// <param name="pbeParameters">
/// The password-based encryption (PBE) parameters to use when encrypting
/// the key material.
/// </param>
/// <param name="destination">
/// The byte span to receive the PKCS#8 EncryptedPrivateKeyInfo data.
/// </param>
/// <param name="bytesWritten">
/// When this method returns, contains a value that indicates the number
/// of bytes written to <paramref name="destination" />. This parameter
/// is treated as uninitialized.
/// </param>
/// <returns>
/// <see langword="true" /> if <paramref name="destination" /> is big enough
/// to receive the output; otherwise, <see langword="false" />.
/// </returns>
/// <exception cref="ArgumentNullException">
/// <paramref name="pbeParameters" /> is <see langword="null" />.
/// </exception>
/// <exception cref="NotSupportedException">
/// A derived class has not provided an implementation for <see cref="ExportParameters" />.
/// </exception>
/// <exception cref="CryptographicException">
/// <p>
/// The key could not be exported.
/// </p>
/// <p>-or-</p>
/// <p>
/// <paramref name="pbeParameters" /> indicates that <see cref="PbeEncryptionAlgorithm.TripleDes3KeyPkcs12" />
/// should be used, which requires <see langword="char" />-based passwords.
/// </p>
/// </exception>
/// <remarks>
/// The password bytes are passed directly into the Key Derivation Function (KDF)
/// used by the algorithm indicated by <paramref name="pbeParameters" />. This
/// enables compatibility with other systems which use a text encoding other than
/// UTF-8 when processing passwords with PBKDF2 (Password-Based Key Derivation Function 2).
/// </remarks>
public override unsafe bool TryExportEncryptedPkcs8PrivateKey(
ReadOnlySpan <byte> passwordBytes,
PbeParameters pbeParameters !!,
internal static byte[] ExportEncryptedPkcs8PrivateKey(
AsymmetricAlgorithm key,
ReadOnlySpan <byte> passwordBytes,
PbeParameters pbeParameters !!)
{
