public void WriteTo(Stream s)
{
s.Write(Encoding.ASCII.GetBytes("AK"), 0, 2);
s.WriteByte((byte)1); //version
s.WriteByte((byte)_cryptoAlgo);
byte[] key = Encoding.ASCII.GetBytes(_asymAlgo.ToXmlString(true));
s.Write(BitConverter.GetBytes(Convert.ToUInt16(key.Length)), 0, 2);
s.Write(key, 0, key.Length);
}
/// <summary>
/// Creates a new set of keys
/// </summary>
/// <param name="PrivatePublic">True if private key should be included, false otherwise</param>
/// <returns>XML representation of the key information</returns>
public string CreateKey(bool PrivatePublic)
{
using (AsymmetricAlgorithm Provider = GetProvider())
{
return Provider == null ? "" : Provider.ToXmlString(PrivatePublic);
}
}
static void WSEx509()
{
//Load the certificate from the DER Encoded Certficate file.
FCLX509.X509Certificate FCLcer = WSEX509.X509Certificate.CreateFromCertFile(@"c:\w2k-as-1224.PGVIJAY.com_Pgvijay.cer");
//Construst the WSE 1.0 X509Certificate class
WSEX509.X509Certificate cer = new WSEX509.X509Certificate(FCLcer.GetRawCertData());
//Dump the Version 1 Fields of X509 Certificates
System.Console.Out.WriteLine("Serial Number : " + cer.GetSerialNumberString());
System.Console.Out.WriteLine("Effective Date : " + cer.GetEffectiveDateString());
System.Console.Out.WriteLine("Expiration Date : " + cer.GetExpirationDateString());
System.Console.Out.WriteLine("Entity Name : " + cer.GetName());
System.Console.Out.WriteLine("Entities Public Key : " + cer.GetPublicKeyString());
System.Console.Out.WriteLine("Entities Public Key Algorithm : " + cer.GetKeyAlgorithm());
System.Console.Out.WriteLine("Issuers Name: " + cer.GetIssuerName());
//Dump the Version 3 Key usage extenstions of X509 Certificates
System.Console.Out.WriteLine("SupportsDataEncryption : " + cer.SupportsDataEncryption);
System.Console.Out.WriteLine("SupportsDigitalSignature : " + cer.SupportsDigitalSignature);
//Extract the private key from the certificate.
AsymmetricAlgorithm private_key = cer.Key;
System.Console.Out.WriteLine("Private Key : " + private_key.ToXmlString(true));
}
public static string GetPublicKey(this AsymmetricAlgorithm algorithm)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
return(algorithm.ToXmlString(includePrivateParameters: false));
}
internal SimpleRSAPubKey(X509Certificate2 cert)
{
AsymmetricAlgorithm key = cert.PublicKey.Key;
string keyAsXml = key.ToXmlString(false);
this.modulus = GetModulus(keyAsXml);
this.exponent = GetExponent(keyAsXml);
}
/// <summary>鍵の取得</summary>
private void button40_Click(object sender, EventArgs e)
{
try
{
// 公開鍵・暗号化サービスプロバイダ
AsymmetricAlgorithm aa = this.CreateAsymmetricAlgorithmServiceProvider();
// 公開鍵をXML形式で取得
this.textBox41b.Text = aa.ToXmlString(false);
// 秘密鍵をXML形式で取得
this.textBox41c.Text = aa.ToXmlString(true);
}
catch (Exception ex)
{
// 結果を表示
this.textBox1.Text = "エラーです。\r\n"
+ ex.ToString();
}
}
public static byte[] GetSecretKey(EncryptedKey encryptedKey, AsymmetricAlgorithm privateKey)
{
var keyAlgorithm = encryptedKey.EncryptionMethod.KeyAlgorithm;
var asymmetricAlgorithm = GetAsymmetricKeyTransportAlgorithm(keyAlgorithm);
asymmetricAlgorithm.FromXmlString(privateKey.ToXmlString(true));
var useOaep = keyAlgorithm == EncryptedXml.XmlEncRSAOAEPUrl;
return(asymmetricAlgorithm.Decrypt(encryptedKey.CipherData.CipherValue, useOaep));
}
static void GetKeys()
{
string subjectname = "CN=Administrator";
//Don't use X509CertificateStore.MyStore. It incorrectly defines the personal certficate store as "My" and not "MY"
string storename = "MY";
//Local Machine HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates
WSEX509.X509CertificateStore.StoreLocation location = WSEX509.X509CertificateStore.StoreLocation.LocalMachine;
//We are opening the System Store
WSEX509.X509CertificateStore.StoreProvider provider = WSEX509.X509CertificateStore.StoreProvider.System;
//Construct the store
WSEX509.X509CertificateStore store = new WSEX509.X509CertificateStore(provider, location, storename);
//Open for read only.
bool fopen = store.OpenRead();
//Display the number of certificates in the store
System.Console.Out.WriteLine("Store Location : " + store.Location);
System.Console.Out.WriteLine("Store Name : " + storename);
System.Console.Out.WriteLine("Store Provider : " + provider);
System.Console.Out.WriteLine("Total Certficates : " + store.Certificates.Count);
//Search for the certificate in the store based on the subject name (exact match)
WSEX509.X509CertificateCollection cers = store.FindCertificateBySubjectName(subjectname);
System.Console.Out.WriteLine("Certficates with '{0}' subjectname : {1}", subjectname, cers.Count);
foreach (FCLX509.X509Certificate FCLcer in cers)
{
//Construst the WSE 1.0 X509Certificate class
WSEX509.X509Certificate cer = new WSEX509.X509Certificate(FCLcer.GetRawCertData());
//Dump the Version 1 Fields of X509 Certificates
System.Console.Out.WriteLine("Serial Number : " + cer.GetSerialNumberString());
//Extract the public key from the certificate.
AsymmetricAlgorithm public_key = cer.PublicKey;
System.Console.Out.WriteLine("Public Key : " + public_key.ToXmlString(false));
//Extract the private key from the certificate.
AsymmetricAlgorithm private_key = cer.Key;
System.Console.Out.WriteLine("Private Key : " + private_key.ToXmlString(true));
}
}
private void ValiderSignaturOgSertifikat(SignedXmlWithAgnosticId signed, XmlElement signatureNode, string path)
{
var certificate = new X509Certificate2(Convert.FromBase64String(signatureNode.SelectSingleNode(path, nsMgr).InnerText));
ErKvalifisertMellomliggendeSertifikat(certificate);
signed.LoadXml(signatureNode);
AsymmetricAlgorithm key = null;
if (!signed.CheckSignatureReturningKey(out key))
{
throw new Exception("Signaturen i motatt svar er ikke gyldig.");
}
if (key.ToXmlString(false) != certificate.PublicKey.Key.ToXmlString(false))
{
throw new Exception(string.Format("Sertifikatet som er benyttet for å validere signaturen er ikke det samme som er spesifisert i {0} elementet.", path));
}
}
public string ExportKey()
{
// Export key parameters to XML string.
return(_algorithm.ToXmlString(true));
}
/// <summary>
/// Creates the key.
/// </summary>
/// <param name="asymmetricAlgorithm">The asymmetric algorithm.</param>
/// <param name="isPrivateKey">if set to <c>true</c> [is private key].</param>
/// <returns></returns>
protected string CreateKey(AsymmetricAlgorithm asymmetricAlgorithm, bool isPrivateKey)
{
return(asymmetricAlgorithm.ToXmlString(isPrivateKey));
}
public static string GeneratePublicKeyFromPrivateKeyAsXML(AsymmetricAlgorithm PrivateKey)
{
return(PrivateKey.ToXmlString(false));
}
private static void VerifySignerMatchesCertificate(AsymmetricAlgorithm signer, X509Certificate2 certificate)
{
if (!signer.KeyExchangeAlgorithm.StartsWith(certificate.PublicKey.Key.KeyExchangeAlgorithm, System.StringComparison.Ordinal))
{
throw new ArgumentException($"Signer key algorithm {signer.SignatureAlgorithm} does not match certificate key algorithm {certificate.PublicKey.Key.SignatureAlgorithm}");
}
// Try to match the public key in the certificate and the signer. If the platform
// supports the ToXmlString API, then use that since it the simplest solution and is relatively fast.
try
{
string signerKey = signer.ToXmlString(false);
string certificateKey = certificate.PublicKey.Key.ToXmlString(false);
if (signerKey != certificateKey)
{
throw new ArgumentException($"Signer key {signerKey} does not match certificate key {certificateKey}");
}
}
catch (System.PlatformNotSupportedException)
{
// Unfortunately, the platform doesn't support ToXmlString.
// Try signing a document with the signer and verifying it with the key in the certificate.
byte[] testDataToSign = { 1, 2, 3, 4, 5, 6, 7 };
byte[] signature;
if (signer is RSA rsaKey)
{
signature = rsaKey.SignData(testDataToSign, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1);
}
else if (signer is ECDsa ecdh)
{
signature = ecdh.SignData(testDataToSign, HashAlgorithmName.SHA256);
}
else
{
throw new ArgumentException("Signing Key must be either RSA or ECDsa. Unknown signing key found");
}
AsymmetricAlgorithm verifyingAlgorithm = certificate.PublicKey.Key;
if (verifyingAlgorithm is RSA verifyingRsa)
{
if (!verifyingRsa.VerifyData(
testDataToSign,
signature,
HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1))
{
throw new ArgumentException("Provided certificate cannot verify buffer signed with signing key.");
}
}
else if (verifyingAlgorithm is ECDsa verifyingEcdsa)
{
if (!verifyingEcdsa.VerifyData(
testDataToSign,
signature,
HashAlgorithmName.SHA256))
{
throw new ArgumentException("Provided certificate cannot verify buffer signed with signing key.");
}
}
}
}
public string GetKey(bool includePrivateKey)
{
return(algorithm.ToXmlString(includePrivateKey));
}
public override string ToXmlString(bool includePrivateKey) => _algorithm.ToXmlString(includePrivateKey);
static void WSEStore()
{
//Don't use X509CertificateStore.MyStore. It incorrectly defines the personal certficate store as "My" and not "MY"
string storename = "MY"; // @"C:\Program Files\Microsoft Visual Studio\MyProjects\test\TestStor.sto";//"MY";
//Local Machine HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates
WSEX509.X509CertificateStore.StoreLocation location = WSEX509.X509CertificateStore.StoreLocation.LocalMachine;
//We are opening the System Store
WSEX509.X509CertificateStore.StoreProvider provider = WSEX509.X509CertificateStore.StoreProvider.System;
//Construct the store
WSEX509.X509CertificateStore store = new WSEX509.X509CertificateStore(provider, location, storename);
//Open for read only.
bool fopen = store.OpenRead();
//Display the number of certificates in the store
System.Console.Out.WriteLine("Store Location : " + location);
System.Console.Out.WriteLine("Store Name : " + storename);
System.Console.Out.WriteLine("Store Provider : " + provider);
System.Console.Out.WriteLine("Certficates : " + store.Certificates.Count);
//Search for the certificate in the store based on the subject name (exact match)
WSEX509.X509CertificateCollection cers = store.FindCertificateBySubjectName("CN=Administrator");
System.Console.Out.WriteLine("Certficates : " + cers.Count);
//Search for the certificate in the store based on the subject name (substring match)
cers = store.FindCertificateBySubjectString("Administrator");
System.Console.Out.WriteLine("Certficates : " + cers.Count);
foreach (FCLX509.X509Certificate FCLcer in store.Certificates)
{
//Construst the WSE 1.0 X509Certificate class
WSEX509.X509Certificate cer = new WSEX509.X509Certificate(FCLcer.GetRawCertData());
//Dump the Version 1 Fields of X509 Certificates
System.Console.Out.WriteLine("Serial Number : " + cer.GetSerialNumberString());
System.Console.Out.WriteLine("Effective Date : " + cer.GetEffectiveDateString());
System.Console.Out.WriteLine("Expiration Date : " + cer.GetExpirationDateString());
System.Console.Out.WriteLine("Entity Name : " + cer.GetName());
System.Console.Out.WriteLine("Entities Public Key : " + cer.GetPublicKeyString());
System.Console.Out.WriteLine("Entities Public Key Algorithm : " + cer.GetKeyAlgorithm());
System.Console.Out.WriteLine("Issuers Name: " + cer.GetIssuerName());
//Dump the Version 3 Key usage extenstions of X509 Certificates
System.Console.Out.WriteLine("SupportsDataEncryption : " + cer.SupportsDataEncryption);
System.Console.Out.WriteLine("SupportsDigitalSignature : " + cer.SupportsDigitalSignature);
//Extract the private key from the certificate.
try
{
AsymmetricAlgorithm private_key = cer.Key;
System.Console.Out.WriteLine("Private Key : " + private_key.ToXmlString(true));
}
catch (Exception es)
{
System.Console.Out.WriteLine("Private Key : Non-Exportable");
}
}
}