public byte[] computeSharedSecret(byte[] pri, byte[] pub) { const string Algorithm = "ECDH"; //const int KeyBitSize = 128; X9ECParameters ecPars = NistNamedCurves.GetByName("P-256"); ECDomainParameters ecDomPars = new ECDomainParameters(ecPars.Curve, ecPars.G, ecPars.N, ecPars.H, ecPars.GetSeed()); var curve = ecDomPars.Curve; var pubQ = curve.DecodePoint(pub); //ECPoint pubQ = ecPars.Curve.DecodePoint(pub); //ECPoint priQ = curve.DecodePoint(pri); IBasicAgreement _aliceKeyAgree = AgreementUtilities.GetBasicAgreement(Algorithm); //csPri = ((ECPrivateKeyParameters)aliceKeyPair.Private).D.ToByteArray(); var priKeyPara = new ECPrivateKeyParameters(new BigInteger(pri), ecDomPars); //priQ.Curve. _aliceKeyAgree.Init(priKeyPara); AsymmetricKeyParameter pubKeyPara = new ECPublicKeyParameters(pubQ, ecDomPars); //SubjectPublicKeyInfo _key = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKeyPara); //var pubPara = new ECPublicKeyParameters(priQ, ecDomPars); BigInteger aliceAgree = _aliceKeyAgree.CalculateAgreement(pubKeyPara); KeyParameter sharedKey = new KeyParameter(aliceAgree.ToByteArrayUnsigned()); //return sharedKey.; return(sharedKey.GetKey()); }
public void SimpleTest() { var generator = new DHParametersGenerator(); generator.Init(1024, 7, new SecureRandom()); var dhParameters = generator.GenerateParameters(); KeyGenerationParameters kgp = new DHKeyGenerationParameters(new SecureRandom(), dhParameters); var keyGen = GeneratorUtilities.GetKeyPairGenerator("DH"); keyGen.Init(kgp); var serverKeyPair = keyGen.GenerateKeyPair(); var serverKeyAgree = AgreementUtilities.GetBasicAgreement("DH"); serverKeyAgree.Init(serverKeyPair.Private); var clientKeyPair = keyGen.GenerateKeyPair(); var clientKeyAgree = AgreementUtilities.GetBasicAgreement("DH"); clientKeyAgree.Init(clientKeyPair.Private); var serverAgree = serverKeyAgree.CalculateAgreement(clientKeyPair.Public); var clientAgree = clientKeyAgree.CalculateAgreement(serverKeyPair.Public); Assert.Equal(serverAgree, clientAgree); }
public ECPrivateKeyParameters GenerateKeyPair(string password = null) { AsymmetricCipherKeyPair pair; if (password == null) { pair = generator.GenerateKeyPair(); } else { var bytes = Scp03Context.Pkcs5Pbkdf2Hmac(password).GetKey(); var sk = new ECPrivateKeyParameters(new BigInteger(1, bytes), domain); var pk = new ECPublicKeyParameters(domain.G.Multiply(sk.D), domain); pair = new AsymmetricCipherKeyPair(pk, sk); } pk_oce = (ECPublicKeyParameters)pair.Public; sk_oce = AgreementUtilities.GetBasicAgreement("ECDH"); sk_oce.Init(pair.Private); shsss = sk_oce.CalculateAgreement(pk_sd).ToByteArrayFixed(); return((ECPrivateKeyParameters)pair.Private); }
public static EncryptionResult Encrypt(byte[] userKey, byte[] userSecret, byte[] payload) { var salt = GenerateSalt(16); var serverKeyPair = ECKeyHelper.GenerateKeys(); var ecdhAgreement = AgreementUtilities.GetBasicAgreement("ECDH"); ecdhAgreement.Init(serverKeyPair.Private); var userPublicKey = ECKeyHelper.GetPublicKey(userKey); var key = ecdhAgreement.CalculateAgreement(userPublicKey).ToByteArrayUnsigned(); var serverPublicKey = ((ECPublicKeyParameters)serverKeyPair.Public).Q.GetEncoded(false); var prk = HKDF(userSecret, key, Encoding.UTF8.GetBytes("Content-Encoding: auth\0"), 32); var cek = HKDF(salt, prk, CreateInfoChunk("aesgcm", userKey, serverPublicKey), 16); var nonce = HKDF(salt, prk, CreateInfoChunk("nonce", userKey, serverPublicKey), 12); var input = AddPaddingToInput(payload); var encryptedMessage = EncryptAes(nonce, cek, input); return(new EncryptionResult { Salt = salt, Payload = encryptedMessage, PublicKey = serverPublicKey }); }
public static void TestMethod() { //BEGIN SETUP ALICE var aliceKeyGen = GeneratorUtilities.GetKeyPairGenerator(Algorithm); var aliceGenerator = new DHParametersGenerator(); aliceGenerator.Init(KeyBitSize, DefaultPrimeProbability, new SecureRandom()); DHParameters aliceParameters = aliceGenerator.GenerateParameters(); var aliceKGP = new DHKeyGenerationParameters(new SecureRandom(), aliceParameters); aliceKeyGen.Init(aliceKGP); AsymmetricCipherKeyPair aliceKeyPair = aliceKeyGen.GenerateKeyPair(); var aliceKeyAgree = AgreementUtilities.GetBasicAgreement(Algorithm); aliceKeyAgree.Init(aliceKeyPair.Private); //END SETUP ALICE /////AT THIS POINT, Alice's Public Key, Alice's Parameter P and Alice's Parameter G are sent unsecure to BOB //BEGIN SETUP BOB var bobKeyGen = GeneratorUtilities.GetKeyPairGenerator(Algorithm); DHParameters bobParameters = new DHParameters(aliceParameters.P, aliceParameters.G); KeyGenerationParameters bobKGP = new DHKeyGenerationParameters(new SecureRandom(), bobParameters); bobKeyGen.Init(bobKGP); AsymmetricCipherKeyPair bobKeyPair = bobKeyGen.GenerateKeyPair(); IBasicAgreement bobKeyAgree = AgreementUtilities.GetBasicAgreement(Algorithm); bobKeyAgree.Init(bobKeyPair.Private); //END SETUP BOB BigInteger aliceAgree = aliceKeyAgree.CalculateAgreement(bobKeyPair.Public); BigInteger bobAgree = bobKeyAgree.CalculateAgreement(aliceKeyPair.Public); if (!aliceAgree.Equals(bobAgree)) { throw new Exception("Keys do not match."); } byte[] nonSecretMessage = GetBytes("HeaderMessageForASDF"); byte[] secretMessage = GetBytes("Secret message contents"); byte[] decNonSecretBytes; KeyParameter sharedKey = new KeyParameter(aliceAgree.ToByteArrayUnsigned()); var encMessage = EncryptMessage(sharedKey, nonSecretMessage, secretMessage); var decMessage = DecryptMessage(sharedKey, encMessage, out decNonSecretBytes); var decNonSecretMessage = GetString(decNonSecretBytes); var decSecretMessage = GetString(decMessage); Debug.WriteLine(decNonSecretMessage + " - " + decSecretMessage); return; }
public static void ECDHKeyExchangeExample() { /*NOTE: this should represent an example of ECDH. As there are no mechanisms used in order to ensure if Alice is Alice and Bob is Bob as now * certificate is used in this example. */ /* Define used key exchange algorithm. In our case this is elliptic curve diffie hellmann. */ const string Algorithm = "ECDH"; /* ALICE starts the key exchange. She sends the the X and Y coordinates of her public key as well as the used curve to BOB */ const string Alicebase16strpubX = "0x14CC3B7FBEF441E21DE27CA72F5E2BB60EFEA474A5973028589016D36DB11E267A1F49FD2DC1F42553E0A6BB4E66CA9E8C2667074A7EABAD1A10545626B53F4ECC9"; const string Alicebase16strY = "0x190E33894B32DD6FDFDF8E560630B2419CC45A7FF770530CD564354A5D4D7E76DB1F4A1C0DC9E7D5720F257C5A8D2D908C342217300ACD78D258D00EEDDB2C441F5"; const string curve = "P-521";//"SECP521R1"; /****************************************************************************/ /* BOB starts the actions. Bob uses the public public key coordinates as well as the curve to generate an ephemeral key * pair on his side. */ X9ECParameters ecP = NistNamedCurves.GetByName(curve); FpCurve c = (FpCurve)ecP.Curve; ECFieldElement x = c.FromBigInteger(new BigInteger(System.Numerics.BigInteger.Parse(Alicebase16strpubX, NumberStyles.HexNumber).ToString())); ECFieldElement y = c.FromBigInteger(new BigInteger(System.Numerics.BigInteger.Parse(Alicebase16strY, NumberStyles.HexNumber).ToString())); Org.BouncyCastle.Math.EC.ECPoint q = new FpPoint(c, x, y); ECPublicKeyParameters xxpk = new ECPublicKeyParameters("ECDH", q, SecObjectIdentifiers.SecP521r1); IAsymmetricCipherKeyPairGenerator KeyGen = GeneratorUtilities.GetKeyPairGenerator(Algorithm); KeyGenerationParameters keygenParams = new ECKeyGenerationParameters(new ECDomainParameters(ecP.Curve, ecP.G, ecP.N), new SecureRandom()); KeyGen.Init(keygenParams); AsymmetricCipherKeyPair KeyPair = KeyGen.GenerateKeyPair(); IBasicAgreement KeyAgree = AgreementUtilities.GetBasicAgreement(Algorithm); /*****************************************************************************/ /* BOB calculates the SHARED SECRET */ KeyAgree.Init(KeyPair.Private); BigInteger Agree = KeyAgree.CalculateAgreement(xxpk); /*****************************************************************************/ /*BOB encrypts his secret message. Using the Encryption helper method with AES 256 CBC. The helper method is using the last * 16 bytes of the generated secret and a generated initial vector of 16 byte to encrypt*/ string ciphertext = Encryption.EncryptString("Hallo Alice, this is an important message to you.", Agree.ToByteArray()); ECPublicKeyParameters params2 = (ECPublicKeyParameters)KeyPair.Public; /*****************************************************************************/ /*BOB is sending the x and y coordinates of his public key and the encrypted message to Alice on a public (not secured) channel*/ Console.WriteLine("PublicKeyX Base(16): " + params2.Q.XCoord.ToBigInteger().ToString(16).ToUpper()); Console.WriteLine("PublicKeyY Base(16): " + params2.Q.YCoord.ToBigInteger().ToString(16).ToUpper()); Console.WriteLine("Ciphertext: " + ciphertext); /*****************************************************************************/ }
private void ExchangeSessionKey(string remoteIp, int port) { Console.WriteLine("start exchanging key"); //ECDH鍵共有のための鍵ペアを生成 var ecKeyGen = new ECKeyPairGenerator(); var keyGenParam = new KeyGenerationParameters(new SecureRandom(), 256); ecKeyGen.Init(keyGenParam); var keyPair = ecKeyGen.GenerateKeyPair(); using (var tcpClient = new TcpClient(remoteIp, port)) using (var netStream = tcpClient.GetStream()) using (var reader = new StreamReader(netStream)) using (var writer = new StreamWriter(netStream)) { //公開情報を送信 writer.WriteLine(Convert.ToBase64String(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public).GetEncoded(), Base64FormattingOptions.None)); writer.Flush(); //公開情報を受信 var kotlinPubKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(Convert.FromBase64String(reader.ReadLine())); //共通鍵を生成 var keyAgree = AgreementUtilities.GetBasicAgreement("ECDH"); keyAgree.Init(keyPair.Private); var sharedSecret = keyAgree.CalculateAgreement(kotlinPubKey); var dhSecKey = sharedSecret.ToByteArrayUnsigned(); var gen = new Pkcs5S2ParametersGenerator(new Sha256Digest()); gen.Init(Encoding.UTF8.GetBytes(pw), dhSecKey, 4096); byte[] secretKey = ((KeyParameter)gen.GenerateDerivedParameters(256)).GetKey(); var splitted = reader.ReadLine().Split(new string[] { "?" }, StringSplitOptions.None); var iv = Convert.FromBase64String(splitted[0]); var encrypted = Convert.FromBase64String(splitted[1]); try { sessionKey = Decrypt(iv, encrypted, secretKey); writer.WriteLine(Encrypt("ok")); Console.WriteLine("succeeded in exchanging key"); } catch (CryptographicException) { writer.WriteLine("e1"); mainThreadForm.Invoke(mainThreadForm.writeLogDelegate, "パスワードが一致していません"); Stop(); } writer.Flush(); splitted = reader.ReadLine().Split(new string[] { "?" }, StringSplitOptions.None); iv = Convert.FromBase64String(splitted[0]); encrypted = Convert.FromBase64String(splitted[1]); var clientName = Encoding.UTF8.GetString(Decrypt(iv, encrypted)); mainThreadForm.Invoke(mainThreadForm.writeLogDelegate, clientName + "が接続しました"); } }
public BigInteger GetSharedSecret(ECPublicKeyParameters pub) { var aKeyAgree = AgreementUtilities.GetBasicAgreement("ECDH"); aKeyAgree.Init(_privateKey); var sharedSecret = aKeyAgree.CalculateAgreement(pub); return(sharedSecret); }
/// <summary> /// Create a shared secret between this key and another. /// </summary> /// <param name="other"></param> /// <returns></returns> public byte[] GenerateSharedSecret(EphermalKey other) { var agreement = AgreementUtilities.GetBasicAgreement("ECDH"); agreement.Init(privateKey); return(agreement .CalculateAgreement(other.publicKey) .ToByteArrayUnsigned()); }
public string ComputeSharedSecret(string publicKey) { DHParameters param = Parameters; var importedKey = new DHPublicKeyParameters(new BigInteger(publicKey, 16), param); var internalKeyAgree = AgreementUtilities.GetBasicAgreement("DH"); internalKeyAgree.Init(PrivateKeyParameter); return(internalKeyAgree.CalculateAgreement(importedKey).ToString(16)); }
/// <summary> /// Create a shared secret between this key and another. /// </summary> /// <param name="other"> /// Another ephermal key. /// </param> /// <returns> /// The shared secret as a byte array. /// </returns> /// <remarks> /// Uses the ECDH agreement algorithm to generate the shared secet. /// </remarks> public byte[] GenerateSharedSecret(EphermalKey other) { var agreement = AgreementUtilities.GetBasicAgreement("ECDH"); agreement.Init(_privateKey); var secret = agreement.CalculateAgreement(other._publicKey); return(BigIntegers.AsUnsignedByteArray(agreement.GetFieldSize(), secret)); }
private static string DoECDH(byte[] dataPrv, byte[] dataPub) { IBasicAgreement agreement = AgreementUtilities.GetBasicAgreement("ECDH"); agreement.Init(LoadPrivateKey(dataPrv)); Org.BouncyCastle.Math.BigInteger sharedSecret = agreement.CalculateAgreement(LoadPublicKey(dataPub)); byte[] secret = sharedSecret.ToByteArray(); return(BytesToHex(secret)); }
/// <summary> /// Generates the shared secret. /// </summary> /// <returns>The shared secret.</returns> /// <param name="clientPrivateKey">Client private key.</param> /// <param name="serverPublicKey">Server public key.</param> private static BigInteger GenerateSharedSecret( ICipherParameters clientPrivateKey, ICipherParameters serverPublicKey) { var agreement = AgreementUtilities.GetBasicAgreement("ECDH"); agreement.Init(clientPrivateKey); return(agreement.CalculateAgreement(serverPublicKey)); }
public byte [] Agree() { IBasicAgreement iba; iba = AgreementUtilities.GetBasicAgreement("DH"); iba.Init(_kp.Private); _agreement = iba.CalculateAgreement(RemotePublicKey); return(_agreement.ToByteArray()); }
private byte[] GenerateSharedSecret(ECPrivateKeyParameters privateKey, ECPublicKeyParameters publicKeys) { var keyParams = privateKey; var agree = AgreementUtilities.GetBasicAgreement("ECDH"); agree.Init(keyParams); var sharedSecret = agree.CalculateAgreement(publicKeys); return(sharedSecret.ToByteArrayUnsigned()); }
public static byte[] GenerateSharedSecret(ICipherParameters clientPrivateKey, ICipherParameters foreignPublicKey) { var agreement = AgreementUtilities.GetBasicAgreement(KeyExchangeAlgorithm); agreement.Init(clientPrivateKey); var bytes = agreement.CalculateAgreement(foreignPublicKey).ToByteArrayUnsigned(); return(bytes); }
private void doTestDesAndDesEde( IBigInteger g, IBigInteger p) { DHParameters dhParams = new DHParameters(p, g, null, 256); IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("DH"); keyGen.Init(new DHKeyGenerationParameters(new SecureRandom(), dhParams)); IAsymmetricCipherKeyPair kp = keyGen.GenerateKeyPair(); IBasicAgreement keyAgreement = AgreementUtilities.GetBasicAgreement("DH"); keyAgreement.Init(kp.Private); IBigInteger agreed = keyAgreement.CalculateAgreement(kp.Public); byte[] agreedBytes = agreed.ToByteArrayUnsigned(); // TODO Figure out where the magic happens of choosing the right // bytes from 'agreedBytes' for each key type - need C# equivalent? // (see JCEDHKeyAgreement.engineGenerateSecret) // SecretKey key = keyAgreement.generateSecret("DES"); // // if (key.getEncoded().length != 8) // { // Fail("DES length wrong"); // } // // if (!DESKeySpec.isParityAdjusted(key.getEncoded(), 0)) // { // Fail("DES parity wrong"); // } // // key = keyAgreement.generateSecret("DESEDE"); // // if (key.getEncoded().length != 24) // { // Fail("DESEDE length wrong"); // } // // if (!DESedeKeySpec.isParityAdjusted(key.getEncoded(), 0)) // { // Fail("DESEDE parity wrong"); // } // // key = keyAgreement.generateSecret("Blowfish"); // // if (key.getEncoded().length != 16) // { // Fail("Blowfish length wrong"); // } }
/// <summary> /// Decrypts data wit EC cryptography. /// </summary> /// <param name="data">Encrypted data.</param> /// <param name="privateKey">Private key.</param> /// <returns>Plain data.</returns> public static byte[] DecryptEc(byte[] data, ECPrivateKeyParameters privateKey) { var ePublicKey = LoadPublicEcKey(data.Take(65).ToArray()); var agreement = AgreementUtilities.GetBasicAgreement("ECDHC"); agreement.Init(privateKey); var key = agreement.CalculateAgreement(ePublicKey).ToByteArrayUnsigned(); key = SHA256.Create().ComputeHash(key); return(DecryptAesV2(data.Skip(65).ToArray(), key)); }
public void run() { AsymmetricCipherKeyPair aKeyPair = _keyGen.GenerateKeyPair(); IBasicAgreement aKeyAgreeBasic = AgreementUtilities.GetBasicAgreement("ECDH"); aKeyAgreeBasic.Init(aKeyPair.Private); byte[] pubEnc = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(aKeyPair.Public).GetDerEncoded(); IPAddress ip = IPAddress.Parse("192.168.1.117"); IPEndPoint ipe = new IPEndPoint(ip, 8899); Socket socket = new Socket(AddressFamily.InterNetwork, SocketType.Stream, ProtocolType.Tcp); socket.Connect(ipe); //byte[] bs = Encoding.ASCII.GetBytes("Windows Test"); socket.Send(pubEnc, pubEnc.Length, 0); byte[] recvBytes = new byte[1024]; int bytes = socket.Receive(recvBytes, recvBytes.Length, 0); socket.Close(); byte[] bPub = new byte[bytes]; for (int i = 0; i < bytes; i++) { bPub[i] = recvBytes[i]; } ECPublicKeyParameters pubKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(bPub); BigInteger k = aKeyAgreeBasic.CalculateAgreement(pubKey); byte[] keyBytes = k.ToByteArray(); //Console.WriteLine(keybytes.Length); if (keyBytes.Length > 24) { byte[] fixedKeybytes = new byte[24]; for (int i = 0; i < 24; i++) { fixedKeybytes[i] = keyBytes[i + keyBytes.Length - 24]; } keyBytes = fixedKeybytes; } Console.WriteLine(Hex.ToHexString(keyBytes)); IDigest digest = new MD5Digest(); digest.BlockUpdate(keyBytes, 0, keyBytes.Length); byte[] idBytes = new byte[digest.GetDigestSize()]; digest.DoFinal(idBytes, 0); _id = Hex.ToHexString(idBytes); Console.WriteLine(_id); _trivium = new Trivium(); _trivium.setKIV(keyBytes); _trivium.initProcess(); }
public ServerAuthority(DHParameters parameters) { this.parameters = parameters; IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("DH"); KeyGenerationParameters kgp = new DHKeyGenerationParameters(new SecureRandom(), parameters); keyGen.Init(kgp); kp = keyGen.GenerateKeyPair(); agreement = AgreementUtilities.GetBasicAgreement("DH"); agreement.Init(kp.Private); }
private void doTestExplicitWrapping( int size, int privateValueSize, IBigInteger g, IBigInteger p) { DHParameters dhParams = new DHParameters(p, g, null, privateValueSize); IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("DH"); keyGen.Init(new DHKeyGenerationParameters(new SecureRandom(), dhParams)); // // a side // IAsymmetricCipherKeyPair aKeyPair = keyGen.GenerateKeyPair(); IBasicAgreement aKeyAgree = AgreementUtilities.GetBasicAgreement("DH"); checkKeySize(privateValueSize, aKeyPair); aKeyAgree.Init(aKeyPair.Private); // // b side // IAsymmetricCipherKeyPair bKeyPair = keyGen.GenerateKeyPair(); IBasicAgreement bKeyAgree = AgreementUtilities.GetBasicAgreement("DH"); checkKeySize(privateValueSize, bKeyPair); bKeyAgree.Init(bKeyPair.Private); // // agreement // // aKeyAgree.doPhase(bKeyPair.Public, true); // bKeyAgree.doPhase(aKeyPair.Public, true); // // SecretKey k1 = aKeyAgree.generateSecret(PkcsObjectIdentifiers.IdAlgCms3DesWrap.Id); // SecretKey k2 = bKeyAgree.generateSecret(PkcsObjectIdentifiers.IdAlgCms3DesWrap.Id); // TODO Does this really test the same thing as the above code? IBigInteger b1 = aKeyAgree.CalculateAgreement(bKeyPair.Public); IBigInteger b2 = bKeyAgree.CalculateAgreement(aKeyPair.Public); if (!b1.Equals(b2)) { Fail("Explicit wrapping test failed"); } }
public byte[] FinalizeKeyExchange(byte[] peer_pk) { PemReader pem = new PemReader(new StringReader(Encoding.UTF8.GetString(peer_pk))); ECPublicKeyParameters peer_ecdh_pk = (ECPublicKeyParameters)pem.ReadObject(); ECPrivateKeyParameters self_priv = ECDHEPair.Private as ECPrivateKeyParameters; IBasicAgreement agreement = AgreementUtilities.GetBasicAgreement("ECDH"); agreement.Init(self_priv); return(agreement.CalculateAgreement(peer_ecdh_pk).ToByteArray()); }
private string GeneratePassword() { DHPublicKeyParameters publicKey = new DHPublicKeyParameters( ((DHPublicKeyParameters)PublicKeyFactory.CreateKey(encodedPublicKey)).Y, sharedParameters); IBasicAgreement agreement = AgreementUtilities.GetBasicAgreement("DH"); agreement.Init(keyPair.Private); BigInteger agreementValue = agreement.CalculateAgreement(publicKey); return(agreementValue.ToString(16)); }
public static IEnumerable <byte> GetDeriveKey(byte[] key1, AsymmetricCipherKeyPair senderKeyPair, string curveName, string algorithm) { var ecP = CustomNamedCurves.GetByName(curveName); var ecSpec = new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()); var publicKey = new ECPublicKeyParameters(ecSpec.Curve.DecodePoint(key1), ecSpec); var agreement = AgreementUtilities.GetBasicAgreement(algorithm); agreement.Init(senderKeyPair.Private); var result = agreement.CalculateAgreement(publicKey); return(result.ToByteArrayUnsigned()); }
/// <summary> /// Encrypts data with EC cryptography. /// </summary> /// <param name="data">Plain text</param> /// <param name="publicKey">Public key.</param> /// <returns>Encrypted data</returns> /// <remarks>[EPHEMERAL PUBLIC KEY][AES GCM ENCRYPTED DATA]</remarks> public static byte[] EncryptEc(byte[] data, ECPublicKeyParameters publicKey) { GenerateEcKey(out var ePrivateKey, out var ePublicKey); var agreement = AgreementUtilities.GetBasicAgreement("ECDHC"); agreement.Init(ePrivateKey); var key = agreement.CalculateAgreement(publicKey).ToByteArrayUnsigned(); key = SHA256.Create().ComputeHash(key); var encryptedData = EncryptAesV2(data, key); return(UnloadEcPublicKey(ePublicKey).Concat(encryptedData).ToArray()); }
public static string ViettelEncryption(string inputText, string viettelPublicKey, string customerPrivateKey) { string encryptedSMSText = ""; try { //string privateKeyConek = @"MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQg1OGD/UuZ3FO9u6e60TmOJne47RWWYGqH7FIzRvxxhruhRANCAAQKJjarvVgOWJz6eg5ncv5WucbRBR2/qJqXpe5Yo9a9NQ7gzOgRBvejgj2q2NFNo9lgZgeFXl4fuoqOiLCGawaO"; //string publicKeyViettel = @"MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEe9YVVfiuEbTC8MLFcmettM9z6i1bh49kM97NZJ0yLCZcDQtWhuQ230W/nackSySWO8tErAzDWiMdvEACaHevaA=="; //PublicKey Viettel var base64PubKeyStr = viettelPublicKey; // "MFYwEAYHKoZIzj0CAQYFK4EEAAoDQgAEe9YVVfiuEbTC8MLFcmettM9z6i1bh49kM97NZJ0yLCZcDQtWhuQ230W/nackSySWO8tErAzDWiMdvEACaHevaA=="; var publicKeyBytes = Convert.FromBase64String(base64PubKeyStr); ECPublicKeyParameters otherPartyPublicKey = (ECPublicKeyParameters)PublicKeyFactory.CreateKey(publicKeyBytes); Console.WriteLine(otherPartyPublicKey.ToString()); //PrivateKey var base64PrivateKeyStr = customerPrivateKey; // "MIGEAgEAMBAGByqGSM49AgEGBSuBBAAKBG0wawIBAQQgnFkCkg26s2pwWa1oV0cYFUUqU0sCDeYP2wRpUQcu74WhRANCAASDBA7GheF0EFqZY8xhQSXhYog6pEEtOBIo64eFBT2JZsPZysxk5i+PQXfVhkvib/tTLag6MuNiL451+u9qPbg5"; var privateKeyBytes = Convert.FromBase64String(base64PrivateKeyStr); ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters)PrivateKeyFactory.CreateKey(privateKeyBytes); Console.WriteLine(privateKey.ToString()); //Make share key IBasicAgreement aKeyAgree = AgreementUtilities.GetBasicAgreement("ECDH"); aKeyAgree.Init(privateKey); BigInteger sharedSecret = aKeyAgree.CalculateAgreement(otherPartyPublicKey); byte[] sharedSecretBytes = sharedSecret.ToByteArrayUnsigned(); var keyparam = ParameterUtilities.CreateKeyParameter("AES", sharedSecretBytes); var plainText = inputText; // "Hello! This is an banksms message!"; byte[] plainTextByte = Encoding.UTF8.GetBytes(plainText); var bankSmsIv = "Banksms@Viettel!"; byte[] iv = Encoding.UTF8.GetBytes(bankSmsIv); var parametersWithIV = new ParametersWithIV(keyparam, iv); Console.WriteLine(Encoding.ASCII.GetString(parametersWithIV.GetIV())); Console.WriteLine(parametersWithIV.ToString()); var cipher = CipherUtilities.GetCipher("AES/CBC/PKCS5Padding"); cipher.Init(true, parametersWithIV); byte[] output = cipher.DoFinal(plainTextByte); Console.WriteLine(string.Concat(output.Select(b => b.ToString("X2")))); encryptedSMSText = string.Concat(output.Select(b => b.ToString("X2"))); // Nội dung sau khi được mã hóa } catch (Exception ex) { Console.WriteLine("Exception ex = " + ex.Message); } return(encryptedSMSText); }
public void TestECMqv() { IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("ECMQV"); X9ECParameters x9 = ECNamedCurveTable.GetByName("prime239v1"); ECDomainParameters ecSpec = new ECDomainParameters(x9.Curve, x9.G, x9.N, x9.H); g.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom())); // // U side // AsymmetricCipherKeyPair U1 = g.GenerateKeyPair(); AsymmetricCipherKeyPair U2 = g.GenerateKeyPair(); IBasicAgreement uAgree = AgreementUtilities.GetBasicAgreement("ECMQV"); uAgree.Init(new MqvPrivateParameters( (ECPrivateKeyParameters)U1.Private, (ECPrivateKeyParameters)U2.Private, (ECPublicKeyParameters)U2.Public)); // // V side // AsymmetricCipherKeyPair V1 = g.GenerateKeyPair(); AsymmetricCipherKeyPair V2 = g.GenerateKeyPair(); IBasicAgreement vAgree = AgreementUtilities.GetBasicAgreement("ECMQV"); vAgree.Init(new MqvPrivateParameters( (ECPrivateKeyParameters)V1.Private, (ECPrivateKeyParameters)V2.Private, (ECPublicKeyParameters)V2.Public)); // // agreement // BigInteger ux = uAgree.CalculateAgreement(new MqvPublicParameters( (ECPublicKeyParameters)V1.Public, (ECPublicKeyParameters)V2.Public)); BigInteger vx = vAgree.CalculateAgreement(new MqvPublicParameters( (ECPublicKeyParameters)U1.Public, (ECPublicKeyParameters)U2.Public)); if (!ux.Equals(vx)) { Fail("Agreement failed"); } }
private static byte[] GetKeyingMaterial(PushSubscription subscription, AsymmetricKeyParameter applicationServerPrivateKey, byte[] applicationServerPublicKey) { IBasicAgreement ecdhAgreement = AgreementUtilities.GetBasicAgreement("ECDH"); ecdhAgreement.Init(applicationServerPrivateKey); byte[] userAgentPublicKey = UrlBase64Converter.FromUrlBase64String(subscription.GetKey(PushEncryptionKeyName.P256DH)); byte[] authenticationSecret = UrlBase64Converter.FromUrlBase64String(subscription.GetKey(PushEncryptionKeyName.Auth)); byte[] sharedSecret = ecdhAgreement.CalculateAgreement(ECKeyHelper.GetECPublicKeyParameters(userAgentPublicKey)).ToByteArrayUnsigned(); byte[] sharedSecretHash = HmacSha256(authenticationSecret, sharedSecret); byte[] infoParameter = GetKeyingMaterialInfoParameter(userAgentPublicKey, applicationServerPublicKey); byte[] keyingMaterial = HmacSha256(sharedSecretHash, infoParameter); return(keyingMaterial); }
/** * Add a key agreement based recipient. * * @param agreementAlgorithm key agreement algorithm to use. * @param senderPrivateKey private key to initialise sender side of agreement with. * @param senderPublicKey sender public key to include with message. * @param recipientCert recipient's public key certificate. * @param cekWrapAlgorithm OID for key wrapping algorithm to use. * @exception SecurityUtilityException if the algorithm requested cannot be found * @exception InvalidKeyException if the keys are inappropriate for the algorithm specified */ public void AddKeyAgreementRecipient( string agreementAlgorithm, AsymmetricKeyParameter senderPrivateKey, AsymmetricKeyParameter senderPublicKey, X509Certificate recipientCert, string cekWrapAlgorithm) { if (!senderPrivateKey.IsPrivate) { throw new ArgumentException("Expected private key", "senderPrivateKey"); } if (senderPublicKey.IsPrivate) { throw new ArgumentException("Expected public key", "senderPublicKey"); } IBasicAgreement agreement = AgreementUtilities.GetBasicAgreementWithKdf( agreementAlgorithm, cekWrapAlgorithm); agreement.Init(new ParametersWithRandom(senderPrivateKey, rand)); BigInteger secretNum = agreement.CalculateAgreement(recipientCert.GetPublicKey()); try { SubjectPublicKeyInfo oPubKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(senderPublicKey); OriginatorIdentifierOrKey originator = new OriginatorIdentifierOrKey( new OriginatorPublicKey( new AlgorithmIdentifier(oPubKeyInfo.AlgorithmID.ObjectID, DerNull.Instance), oPubKeyInfo.PublicKeyData.GetBytes())); // TODO Fix the way bytes are derived from the secret byte[] secretBytes = secretNum.ToByteArrayUnsigned(); KeyParameter secret = ParameterUtilities.CreateKeyParameter( cekWrapAlgorithm, secretBytes); recipientInfs.Add( new RecipientInf(cekWrapAlgorithm, secret, agreementAlgorithm, cekWrapAlgorithm, originator, recipientCert)); } catch (IOException e) { throw new InvalidKeyException("cannot extract originator public key: " + e); } }
private byte[] GenerateAESKey(ECPublicKeyParameters bobPublicKey, AsymmetricKeyParameter alicePrivateKey) { IBasicAgreement aKeyAgree = AgreementUtilities.GetBasicAgreement("ECDH"); aKeyAgree.Init(alicePrivateKey); BigInteger sharedSecret = aKeyAgree.CalculateAgreement(bobPublicKey); byte[] sharedSecretBytes = sharedSecret.ToByteArray(); IDigest digest = new Sha256Digest(); byte[] symmetricKey = new byte[digest.GetDigestSize()]; digest.BlockUpdate(sharedSecretBytes, 0, sharedSecretBytes.Length); digest.DoFinal(symmetricKey, 0); return(symmetricKey); }