public static void ImportExport() { using (RSA rsa = new RSACng()) { rsa.ImportParameters(TestData.TestRsaKeyPair); RSAParameters reExported; // This is the current 4.6 behavior. Assert.Throws<CryptographicException>(() => reExported = rsa.ExportParameters(includePrivateParameters: true)); //AssertRSAParametersEquals(TestData.TestRsaKeyPair, reExported); } }
public static void ImportExportPublicOnly() { using (RSA rsa = new RSACng()) { rsa.ImportParameters(TestData.TestRsaKeyPair); RSAParameters reExported = rsa.ExportParameters(includePrivateParameters: false); Assert.Null(reExported.D); Assert.Null(reExported.DP); Assert.Null(reExported.DQ); Assert.Null(reExported.InverseQ); Assert.Null(reExported.P); Assert.Null(reExported.Q); Assert.Equal<byte>(TestData.TestRsaKeyPair.Exponent, reExported.Exponent); Assert.Equal<byte>(TestData.TestRsaKeyPair.Modulus, reExported.Modulus); } }
public async Task<bool> SubmitResponse(SignatureMessage message) { bool retval = false; try { string challenge; JsonWebKey publicKey = _credentialService.GetPublicKeyForUser(message.UserId, message.PublicKeyHint, out challenge); var decodedClientData = message.ClientData.Rfc4648Base64UrlDecode(); var decodedAuthnrData = message.AuthnrData.Rfc4648Base64UrlDecode(); var clientDataJson = Encoding.UTF8.GetString(decodedClientData); var clientData = JsonConvert.DeserializeObject<ClientData>(clientDataJson); if (clientData.Challenge != challenge) return false; var sha256 = SHA256.Create(); var hashedClientData = sha256.ComputeHash(decodedClientData); var buffer = new byte[decodedAuthnrData.Length + hashedClientData.Length]; decodedAuthnrData.CopyTo(buffer, 0); hashedClientData.CopyTo(buffer, decodedAuthnrData.Length); var publicKeyInfo = new RSAParameters(); publicKeyInfo.Modulus = publicKey.N.Rfc4648Base64UrlDecode(); publicKeyInfo.Exponent = publicKey.E.Rfc4648Base64UrlDecode(); var rsa = new RSACng(); rsa.ImportParameters(publicKeyInfo); byte[] signature = message.Signature.Rfc4648Base64UrlDecode(); retval = rsa.VerifyData(buffer, signature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1); if (retval) { var user = _signInService.FindBySubject(message.UserId); await IssueCookie(user, "idsvr", "fido"); } } catch (Exception) { } return retval; }