/// <summary>署名</summary>
private void btnCCSign_Click(object sender, EventArgs e)
{
DigitalSignXML csXML = null;
DigitalSignX509 csX509 = null;
byte[] data = CustomEncode.StringToByte(this.txtCCData.Text, CustomEncode.UTF_8);
byte[] sign = null;
//bool ret = false;
if (rbnCCXML.Checked)
{
// XMLKey
csXML = new DigitalSignXML((EnumDigitalSignAlgorithm)this.cbxCCXMLPV.SelectedValue);
sign = csXML.Sign(data);
//ret = csXML.Verify(data, sign);
txtCCPrivateKey.Text = csXML.XMLPrivateKey;
txtCCPublicKey.Text = csXML.XMLPublicKey;
}
else
{
// X509Cer
csX509 = new DigitalSignX509(this.CertificateFilePath_pfx, this.CertificateFilePassword, this.txtCCHash.Text);
sign = csX509.Sign(data);
//ret = csX509.Verify(data, sign);
txtCCPrivateKey.Text = csX509.X509PrivateKey;
txtCCPublicKey.Text = csX509.X509PublicKey;
}
txtCCSign.Text = CustomEncode.ToBase64String(sign);
}
/// <summary>Constructor</summary>
/// <param name="certificateFilePath">DigitalSignX509に渡すcertificateFilePathパラメタ</param>
/// <param name="password">DigitalSignX509に渡すpasswordパラメタ</param>
/// <param name="flag">X509KeyStorageFlags</param>
public JWS_RS512_X509(string certificateFilePath, string password,
X509KeyStorageFlags flag = X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet)
{
this.CertificateFilePath = certificateFilePath;
this.CertificatePassword = password;
this.DigitalSignX509 = new DigitalSignX509(certificateFilePath, password, HashNameConst.SHA512, flag);
}
/// <summary>検証</summary>
private void btnDSVerify_Click(object sender, EventArgs e)
{
DigitalSignXML dsXML = null;
DigitalSignParam dsParam = null;
DigitalSignX509 dsX509 = null;
byte[] data = CustomEncode.StringToByte(this.txtDSData.Text, CustomEncode.UTF_8);
byte[] sign = CustomEncode.FromBase64String(this.txtDSSign.Text);
bool ret = false;
if (rbnDSXML.Checked)
{
// XMLKey
dsXML = new DigitalSignXML(
(EnumDigitalSignAlgorithm)this.cbxDSPV.SelectedValue, this.txtDSPublicKey.Text);
ret = dsXML.Verify(data, sign);
}
else if (rbnDSParam.Checked)
{
// XMLKey
dsXML = new DigitalSignXML(
(EnumDigitalSignAlgorithm)this.cbxDSPV.SelectedValue, this.txtDSPublicKey.Text);
if (((EnumDigitalSignAlgorithm)this.cbxDSPV.SelectedValue) ==
EnumDigitalSignAlgorithm.DSACryptoServiceProvider_SHA1)
{
DSAParameters dsaparam = ((DSACryptoServiceProvider)dsXML.AsymmetricAlgorithm).ExportParameters(false);
dsParam = new DigitalSignParam(dsaparam, dsXML.HashAlgorithm);
}
else
{
RSAParameters rsaparam = ((RSACryptoServiceProvider)dsXML.AsymmetricAlgorithm).ExportParameters(false);
dsParam = new DigitalSignParam(rsaparam, dsXML.HashAlgorithm);
}
ret = dsXML.Verify(data, sign);
}
else
{
// X509
//// *.pfxを使用して、検証することもできるが、
//dsX509 = new DigitalSignX509(this.CertificateFilePath_pfx, this.CertificateFilePassword, this.txtCCHash.Text,
// X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet);
// 通常は、*.cerを使用して検証する。
dsX509 = new DigitalSignX509(CertificateFilePath_cer, "", this.txtDSHash.Text);
ret = dsX509.Verify(data, sign);
}
if (ret)
{
MessageBox.Show("検証成功");
}
else
{
MessageBox.Show("検証失敗");
}
}
/// <summary>署名</summary>
private void btnDSSign_Click(object sender, EventArgs e)
{
DigitalSignXML dsXML = null;
DigitalSignParam dsParam = null;
DigitalSignX509 dsX509 = null;
byte[] data = CustomEncode.StringToByte(this.txtDSData.Text, CustomEncode.UTF_8);
byte[] sign = null;
if (rbnDSXML.Checked)
{
// XMLKey
dsXML = new DigitalSignXML((EnumDigitalSignAlgorithm)this.cbxDSPV.SelectedValue);
sign = dsXML.Sign(data);
//bool ret = csXML.Verify(data, sign);
this.txtDSPrivateKey.Text = dsXML.XMLPrivateKey;
this.txtDSPublicKey.Text = dsXML.XMLPublicKey;
}
else if (rbnDSParam.Checked)
{
// XMLKey
dsXML = new DigitalSignXML((EnumDigitalSignAlgorithm)this.cbxDSPV.SelectedValue);
if (((EnumDigitalSignAlgorithm)this.cbxDSPV.SelectedValue) ==
EnumDigitalSignAlgorithm.DSACryptoServiceProvider_SHA1)
{
DSAParameters dsaparam = ((DSACryptoServiceProvider)dsXML.AsymmetricAlgorithm).ExportParameters(true);
dsParam = new DigitalSignParam(dsaparam, dsXML.HashAlgorithm);
}
else
{
RSAParameters rsaparam = ((RSACryptoServiceProvider)dsXML.AsymmetricAlgorithm).ExportParameters(true);
dsParam = new DigitalSignParam(rsaparam, dsXML.HashAlgorithm);
}
sign = dsParam.Sign(data);
//bool ret = dsParam.Verify(data, sign);
this.txtDSPrivateKey.Text = dsXML.XMLPrivateKey;
this.txtDSPublicKey.Text = dsXML.XMLPublicKey;
}
else
{
// X509
dsX509 = new DigitalSignX509(this.CertificateFilePath_pfx, this.CertificateFilePassword, this.txtDSHash.Text,
X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet);
sign = dsX509.Sign(data);
//bool ret = dsX509.Verify(data, sign);
this.txtDSPrivateKey.Text = dsX509.X509PrivateKey;
this.txtDSPublicKey.Text = dsX509.X509PublicKey;
}
txtDSSign.Text = CustomEncode.ToBase64String(sign);
}
/// <summary>X509PfxToProvider</summary>
/// <param name="certificateFilePath">X.509鍵(*.pfx)</param>
/// <param name="password">string</param>
/// <param name="flg">X509KeyStorageFlags</param>
/// <returns>RSA(公開鍵)</returns>
public RSA X509PfxToProvider(
string certificateFilePath, string password,
X509KeyStorageFlags flg = X509KeyStorageFlags.DefaultKeySet)
{
DigitalSignX509 dsX509 = new DigitalSignX509(
certificateFilePath, password, this.HashName, flg);
AsymmetricAlgorithm aa = dsX509.PublicKey; // Public
if (aa is RSA)
{
return((RSA)aa);
}
return(null);
}
/// <summary>X509CerToProvider</summary>
/// <param name="certificateFilePath">X.509鍵(*.cer)</param>
/// <param name="flg">X509KeyStorageFlags</param>
/// <returns>RSA(公開鍵)</returns>
public static RSA X509CerToProvider(
string certificateFilePath,
X509KeyStorageFlags flg = X509KeyStorageFlags.DefaultKeySet)
{
DigitalSignX509 dsX509 = new DigitalSignX509(
certificateFilePath, "", HashNameConst.SHA256, flg);
AsymmetricAlgorithm aa = dsX509.PublicKey; // Public
if (aa is RSA)
{
return((RSA)aa);
}
return(null);
}
/// <summary>検証</summary>
private void btnCCVerify_Click(object sender, EventArgs e)
{
DigitalSignXML csXML = null;
DigitalSignX509 csX509 = null;
byte[] data = CustomEncode.StringToByte(this.txtCCData.Text, CustomEncode.UTF_8);
byte[] sign = CustomEncode.FromBase64String(this.txtCCSign.Text);
bool ret = false;
if (rbnCCXML.Checked)
{
// XMLKey
csXML = new DigitalSignXML((EnumDigitalSignAlgorithm)this.cbxCCXMLPV.SelectedValue);
csXML.XMLPublicKey = txtCCPublicKey.Text;
ret = csXML.Verify(data, sign);
}
else
{
// X509Cer
// *.pfxを使用して、検証することもできるが、
//csX509 = new CodeSigningX509(this.CertificateFilePath_pfx, this.CertificateFilePassword, this.txtCCHash.Text);
// 通常は、*.cerを使用して検証する。
csX509 = new DigitalSignX509(CertificateFilePath_cer, "", this.txtCCHash.Text);
ret = csX509.Verify(data, sign);
}
if (ret)
{
MessageBox.Show("検証成功");
}
else
{
MessageBox.Show("検証失敗");
}
}
/// <summary>Constructor</summary>
/// <param name="certificateFilePath">DigitalSignX509に渡すcertificateFilePathパラメタ</param>
/// <param name="password">DigitalSignX509に渡すpasswordパラメタ</param>
/// <param name="flag">X509KeyStorageFlags</param>
public JWS_RS256_X509(string certificateFilePath, string password, X509KeyStorageFlags flag)
{
this.CertificateFilePath = certificateFilePath;
this.CertificatePassword = password;
this.DigitalSignX509 = new DigitalSignX509(certificateFilePath, password, HashNameConst.SHA256, flag);
}
/// <summary>FAPI2CCスターターを組み立てて返す</summary>
/// <param name="response_type">string</param>
/// <returns>組み立てたFAPI2CCスターター</returns>
private async Task <string> AssembleFAPI2CCStarterAsync(string response_type)
{
// 秘密鍵
DigitalSignX509 dsX509 = new DigitalSignX509(
CmnClientParams.RsaPfxFilePath,
CmnClientParams.RsaPfxPassword,
HashAlgorithmName.SHA256);
if (this.ClarifyRedirectUri)
{
this.RedirectUri = Helper.GetInstance().GetClientsRedirectUri(this.ClientId, response_type);
}
// テストコードで、clientを識別するために、Stateに細工する。
// TestCase(max_age, auth_time): 無し, 不要、有り, 不要、無し, 必要
string requestObject = RequestObject.Create(this.ClientId,
Config.OAuth2AuthorizationServerEndpointsRootURI + OAuth2AndOIDCParams.RequestObjectRegUri,
response_type, this.ResponseMode, this.RedirectUri, Const.OidcScopes,
OAuth2AndOIDCEnum.ClientMode.fapi2.ToStringByEmit() + ":" + this.State, this.Nonce,
"600", "", "",
new ClaimsInRO(
// userinfo > claims
new Dictionary <string, object>()
{
{
"picture",
new
{
essential = true
}
}
},
// id_token > claims
new Dictionary <string, object>()
{
{
"hoge",
new
{
essential = true
}
}
},
// id_token > arc
new
{
essential = true,
values = new string[]
{
OAuth2AndOIDCConst.UrnLoA1,
OAuth2AndOIDCConst.UrnLoA2
}
}),
((RSA)dsX509.AsymmetricAlgorithm).ExportParameters(true));
// 検証テスト
if (RequestObject.Verify(requestObject, out string iss,
((RSA)dsX509.AsymmetricAlgorithm).ExportParameters(false)))
{
// 検証できた。
// RequestObjectを登録する。
string response = await Helper.GetInstance().RegisterRequestObjectAsync(
new Uri(Config.OAuth2AuthorizationServerEndpointsRootURI
+ OAuth2AndOIDCParams.RequestObjectRegUri), requestObject);
// レスポンスを確認し、request_uriを抽出。
string request_uri = (string)((JObject)JsonConvert
.DeserializeObject(response))[OAuth2AndOIDCConst.request_uri];
// request_uriの認可リクエストを投げる。
return(this.OAuth2AuthorizeEndpoint + string.Format("?request_uri={0}", request_uri));
}
public static void hogehoge(string[] args)
{
try
{
#region Variables
#region Env
// https://github.com/dotnet/corefx/issues/29404#issuecomment-385287947
// *.pfxから証明書を開く場合、X509KeyStorageFlags.Exportableの指定が必要な場合がある。
// Linuxのキーは常にエクスポート可能だが、WindowsやMacOSでは必ずしもそうではない。
X509KeyStorageFlags x509KSF = 0;
x509KSF = X509KeyStorageFlags.DefaultKeySet;
#endregion
#region Token
string token = "";
IDictionary <string, object> headers = null;
IDictionary <string, object> payload = null;
payload = new Dictionary <string, object>()
{
{ "sub", "*****@*****.**" },
{ "exp", 1300819380 }
};
#endregion
#region Keys
string jwk = "";
byte[] secretKey = null;
byte[] x = null;
byte[] y = null;
byte[] d = null;
string privateX509Path = "";
string publicX509Path = "";
X509Certificate2 publicX509Key = null;
X509Certificate2 privateX509Key = null;
RSA rsa = null;
//DSA dsa = null;
CngKey publicKeyOfCng = null;
//CngKey privateKeyOfCng = null;
ECParameters eCParameters = new ECParameters();
#endregion
#region DigitalSign
byte[] data = CustomEncode.StringToByte("hogehoge", CustomEncode.UTF_8);
byte[] sign = null;
#endregion
#endregion
#region Test of the X.509 Certificates
#region RSA
privateX509Path = @"SHA256RSA.pfx";
publicX509Path = @"SHA256RSA.cer";
privateX509Key = new X509Certificate2(privateX509Path, "test", x509KSF);
publicX509Key = new X509Certificate2(publicX509Path, "", x509KSF);
WriteLine.InspectPrivateX509Key("RSA", privateX509Key);
WriteLine.InspectPublicX509Key("RSA", publicX509Key);
#endregion
#region DSA
// https://github.com/dotnet/corefx/issues/18733#issuecomment-296723615
privateX509Path = @"SHA256DSA.pfx";
publicX509Path = @"SHA256DSA.cer";
privateX509Key = new X509Certificate2(privateX509Path, "test");
publicX509Key = new X509Certificate2(publicX509Path, "");
WriteLine.InspectPrivateX509Key("DSA", privateX509Key);
WriteLine.InspectPublicX509Key("DSA", publicX509Key);
DSA privateDSA = privateX509Key.GetDSAPrivateKey();
WriteLine.OutPutDebugAndConsole("privateDSA",
(privateDSA == null ? "is null" : "is not null"));
//DSA publicDSA = null; // publicX509Key.GetDSAPublicKey(); // Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException
#endregion
#region ECDsa
// https://github.com/dotnet/corefx/issues/18733#issuecomment-296723615
privateX509Path = @"SHA256ECDSA.pfx";
publicX509Path = @"SHA256ECDSA.cer";
privateX509Key = new X509Certificate2(privateX509Path, "test");
publicX509Key = new X509Certificate2(publicX509Path, "");
WriteLine.InspectPrivateX509Key("ECDsa", privateX509Key);
WriteLine.InspectPublicX509Key("ECDsa", publicX509Key);
ECDsa privateECDsa = privateX509Key.GetECDsaPrivateKey();
WriteLine.OutPutDebugAndConsole("privateECDsa",
(privateECDsa == null ? "is null" : "is not null"));
ECDsa publicECDsa = publicX509Key.GetECDsaPublicKey();
WriteLine.OutPutDebugAndConsole("publicECDsa",
(publicECDsa == null ? "is null" : "is not null"));
#endregion
#endregion
WriteLine.OutPutDebugAndConsole("----------------------------------------------------------------------------------------------------");
#region Test of the OpenTouryo.Public.Security.
DigitalSignParam dsParam = null;
DigitalSignXML dsXML = null;
DigitalSignX509 dsX509 = null;
#region RSA
dsParam = new DigitalSignParam(EnumDigitalSignAlgorithm.RsaOpenSsl_SHA256);
sign = dsParam.Sign(data);
WriteLine.OutPutDebugAndConsole("DigitalSignParam.Verify(RS256)",
dsParam.Verify(data, sign).ToString());
dsXML = new DigitalSignXML(EnumDigitalSignAlgorithm.RsaOpenSsl_SHA256);
sign = dsXML.Sign(data);
WriteLine.OutPutDebugAndConsole("DigitalSignXML.Verify(RS256)",
dsXML.Verify(data, sign).ToString());
dsX509 = new DigitalSignX509(@"SHA256RSA.pfx", "test", "SHA256");
sign = dsX509.Sign(data);
WriteLine.OutPutDebugAndConsole("DigitalSignX509.Verify(RSA)",
dsX509.Verify(data, sign).ToString());
// 鍵の相互変換
jwk = RsaPublicKeyConverter.ParamToJwk(
((RSA)dsX509.AsymmetricAlgorithm).ExportParameters(false));
WriteLine.OutPutDebugAndConsole("RSA JWK", jwk);
dsParam = new DigitalSignParam(
RsaPublicKeyConverter.JwkToParam(jwk),
EnumDigitalSignAlgorithm.RsaCSP_SHA256);
WriteLine.OutPutDebugAndConsole("DigitalSignX509.Verify(RSA JWK)",
dsParam.Verify(data, sign).ToString());
#endregion
#region DSA
dsParam = new DigitalSignParam(EnumDigitalSignAlgorithm.DsaOpenSsl_SHA1);
sign = dsParam.Sign(data);
WriteLine.OutPutDebugAndConsole(
"DigitalSignParam.Verify(DS1)",
dsParam.Verify(data, sign).ToString());
dsXML = new DigitalSignXML(EnumDigitalSignAlgorithm.DsaOpenSsl_SHA1);
sign = dsXML.Sign(data);
WriteLine.OutPutDebugAndConsole(
"DigitalSignXML.Verify(DS1)",
dsXML.Verify(data, sign).ToString());
dsX509 = new DigitalSignX509(@"SHA256DSA.pfx", "test", "SHA256");
sign = dsX509.Sign(data);
WriteLine.OutPutDebugAndConsole(
"DigitalSignX509.Verify(DSA)",
dsX509.Verify(data, sign).ToString());
#endregion
#region ECDSA
// .NET Core on Linux
DigitalSignECDsaX509 ecDsX509 = new DigitalSignECDsaX509(
@"SHA256ECDSA.pfx", "test", HashAlgorithmName.SHA256);
sign = ecDsX509.Sign(data);
WriteLine.OutPutDebugAndConsole(
"DigitalSignX509.Verify(ECDSA)",
ecDsX509.Verify(data, sign).ToString());
token = "";
token = JWT.Encode(payload, ((ECDsa)ecDsX509.AsymmetricAlgorithm), JwsAlgorithm.ES256);
// 鍵の相互変換
jwk = EccPublicKeyConverter.ParamToJwk(
((ECDsa)ecDsX509.AsymmetricAlgorithm).ExportParameters(false));
WriteLine.OutPutDebugAndConsole("ECDSA JWK", jwk);
DigitalSignECDsaOpenSsl ecDsParam =
new DigitalSignECDsaOpenSsl(
EccPublicKeyConverter.JwkToParam(jwk),
HashAlgorithmCmnFunc.GetHashAlgorithmFromNameString(HashNameConst.SHA256));
WriteLine.OutPutDebugAndConsole(
"DigitalSignX509.Verify(ECDSA JWK)",
ecDsParam.Verify(data, sign).ToString());
Program.VerifyResult("JwsAlgorithm.ES256", token, ecDsParam.AsymmetricAlgorithm);
#endregion
#endregion
WriteLine.OutPutDebugAndConsole("----------------------------------------------------------------------------------------------------");
#region Test of the jose-jwt
#region JWT
#region Unsecured JWT
// Creating Plaintext (unprotected) Tokens
// https://github.com/dvsekhvalnov/jose-jwt#creating-plaintext-unprotected-tokens
token = "";
token = JWT.Encode(payload, null, JwsAlgorithm.none);
WriteLine.OutPutDebugAndConsole("JwsAlgorithm.none", token);
#endregion
#region JWS (Creating signed Tokens)
// https://github.com/dvsekhvalnov/jose-jwt#creating-signed-tokens
#region HS-* family
// HS256, HS384, HS512
// https://github.com/dvsekhvalnov/jose-jwt#hs--family
secretKey = new byte[] { 164, 60, 194, 0, 161, 189, 41, 38, 130, 89, 141, 164, 45, 170, 159, 209, 69, 137, 243, 216, 191, 131, 47, 250, 32, 107, 231, 117, 37, 158, 225, 234 };
token = "";
token = JWT.Encode(payload, secretKey, JwsAlgorithm.HS256);
Program.VerifyResult("JwsAlgorithm.HS256", token, secretKey);
#endregion
#region RS-* and PS-* family
// RS256, RS384, RS512 and PS256, PS384, PS512
// https://github.com/dvsekhvalnov/jose-jwt#rs--and-ps--family
// X509Certificate2 x509Certificate2 = new X509Certificate2();
privateX509Path = @"SHA256RSA.pfx";
publicX509Path = @"SHA256RSA.cer";
privateX509Key = new X509Certificate2(privateX509Path, "test", x509KSF);
publicX509Key = new X509Certificate2(publicX509Path, "", x509KSF);
token = "";
rsa = (RSA)privateX509Key.PrivateKey;
token = JWT.Encode(payload, rsa, JwsAlgorithm.RS256);
Program.VerifyResult("JwsAlgorithm.RS256", token, rsa);
#endregion
#region ES- * family
// ES256, ES384, ES512 ECDSA signatures
// https://github.com/dvsekhvalnov/jose-jwt#es---family
x = new byte[] { 4, 114, 29, 223, 58, 3, 191, 170, 67, 128, 229, 33, 242, 178, 157, 150, 133, 25, 209, 139, 166, 69, 55, 26, 84, 48, 169, 165, 67, 232, 98, 9 };
y = new byte[] { 131, 116, 8, 14, 22, 150, 18, 75, 24, 181, 159, 78, 90, 51, 71, 159, 214, 186, 250, 47, 207, 246, 142, 127, 54, 183, 72, 72, 253, 21, 88, 53 };
d = new byte[] { 42, 148, 231, 48, 225, 196, 166, 201, 23, 190, 229, 199, 20, 39, 226, 70, 209, 148, 29, 70, 125, 14, 174, 66, 9, 198, 80, 251, 95, 107, 98, 206 };
eCParameters = new ECParameters();
// Curve
eCParameters.Curve =
EccPublicKeyConverter.GetECCurveFromCrvString(
EccPublicKeyConverter.GetCrvStringFromXCoordinate(x));
// x, y, d
eCParameters.Q.X = x;
eCParameters.Q.Y = y;
eCParameters.D = d;
ECDsaOpenSsl eCDsaOpenSsl = new ECDsaOpenSsl(eCParameters.Curve);
eCDsaOpenSsl.ImportParameters(eCParameters);
token = "";
token = JWT.Encode(payload, eCDsaOpenSsl, JwsAlgorithm.ES256);
Program.VerifyResult("JwsAlgorithm.ES256", token, eCDsaOpenSsl);
try
{
privateX509Path = @"SHA256ECDSA.pfx";
publicX509Path = @"SHA256ECDSA.cer";
privateX509Key = new X509Certificate2(privateX509Path, "test");
publicX509Key = new X509Certificate2(publicX509Path, "");
// ECCurveを分析してみる。
ECCurve eCCurve = ((ECDsaOpenSsl)privateX509Key.GetECDsaPrivateKey()).ExportExplicitParameters(true).Curve;
WriteLine.OutPutDebugAndConsole("Inspect ECCurve", ObjectInspector.Inspect(eCCurve));
token = "";
token = JWT.Encode(payload, privateX509Key.GetECDsaPrivateKey(), JwsAlgorithm.ES256);
Program.VerifyResult("JwsAlgorithm.ES256", token, publicX509Key.GetECDsaPublicKey());
}
catch (Exception ex)
{
WriteLine.OutPutDebugAndConsole("JwsAlgorithm.ES256", ex.GetType().ToString() + ", " + ex.Message);
}
#endregion
#endregion
#region JWE (Creating encrypted Tokens)
// https://github.com/dvsekhvalnov/jose-jwt#creating-encrypted-tokens
#region RSA-* key management family of algorithms
// RSA-OAEP-256, RSA-OAEP and RSA1_5 key
// https://github.com/dvsekhvalnov/jose-jwt#rsa--key-management-family-of-algorithms
privateX509Path = @"SHA256RSA.pfx";
publicX509Path = @"SHA256RSA.cer";
privateX509Key = new X509Certificate2(privateX509Path, "test", x509KSF);
publicX509Key = new X509Certificate2(publicX509Path, "", x509KSF);
// RSAES-PKCS1-v1_5 and AES_128_CBC_HMAC_SHA_256
token = "";
token = JWT.Encode(payload, publicX509Key.PublicKey.Key, JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256);
Program.VerifyResult("JweAlgorithm.RSA1_5, JweEncryption.A128CBC_HS256", token, privateX509Key.PrivateKey);
// RSAES-OAEP and AES GCM
try
{
token = "";
token = JWT.Encode(payload, publicX509Key.PublicKey.Key, JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM);
Program.VerifyResult("JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM", token, privateX509Key.PrivateKey);
}
catch (Exception ex)
{
// Unhandled Exception: System.DllNotFoundException: Unable to load DLL 'bcrypt.dll' at ubunntu
WriteLine.OutPutDebugAndConsole("JweAlgorithm.RSA_OAEP, JweEncryption.A256GCM", ex.GetType().ToString() + ", " + ex.Message);
}
#endregion
#region Other key management family of algorithms
secretKey = new byte[] { 164, 60, 194, 0, 161, 189, 41, 38, 130, 89, 141, 164, 45, 170, 159, 209, 69, 137, 243, 216, 191, 131, 47, 250, 32, 107, 231, 117, 37, 158, 225, 234 };
#region DIR direct pre-shared symmetric key family of algorithms
// https://github.com/dvsekhvalnov/jose-jwt#dir-direct-pre-shared-symmetric-key-family-of-algorithms
token = "";
token = JWT.Encode(payload, secretKey, JweAlgorithm.DIR, JweEncryption.A128CBC_HS256);
Program.VerifyResult("JweAlgorithm.DIR, JweEncryption.A128CBC_HS256", token, secretKey);
#endregion
#region AES Key Wrap key management family of algorithms
// AES128KW, AES192KW and AES256KW key management
// https://github.com/dvsekhvalnov/jose-jwt#aes-key-wrap-key-management-family-of-algorithms
token = "";
token = JWT.Encode(payload, secretKey, JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512);
Program.VerifyResult("JweAlgorithm.A256KW, JweEncryption.A256CBC_HS512", token, secretKey);
#endregion
#region AES GCM Key Wrap key management family of algorithms
// AES128GCMKW, AES192GCMKW and AES256GCMKW key management
// https://github.com/dvsekhvalnov/jose-jwt#aes-gcm-key-wrap-key-management-family-of-algorithms
try
{
token = "";
token = JWT.Encode(payload, secretKey, JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512);
Program.VerifyResult("JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512", token, secretKey);
}
catch (Exception ex)
{
// Unhandled Exception: System.DllNotFoundException: Unable to load DLL 'bcrypt.dll' at ubunntu
WriteLine.OutPutDebugAndConsole("JweAlgorithm.A256GCMKW, JweEncryption.A256CBC_HS512", ex.GetType().ToString() + ", " + ex.Message);
}
#endregion
#region ECDH-ES and ECDH-ES with AES Key Wrap key management family of algorithms
// ECDH-ES and ECDH-ES+A128KW, ECDH-ES+A192KW, ECDH-ES+A256KW key management
// https://github.com/dvsekhvalnov/jose-jwt#ecdh-es-and-ecdh-es-with-aes-key-wrap-key-management-family-of-algorithms
try
{
x = new byte[] { 4, 114, 29, 223, 58, 3, 191, 170, 67, 128, 229, 33, 242, 178, 157, 150, 133, 25, 209, 139, 166, 69, 55, 26, 84, 48, 169, 165, 67, 232, 98, 9 };
y = new byte[] { 131, 116, 8, 14, 22, 150, 18, 75, 24, 181, 159, 78, 90, 51, 71, 159, 214, 186, 250, 47, 207, 246, 142, 127, 54, 183, 72, 72, 253, 21, 88, 53 };
publicKeyOfCng = EccKey.New(x, y, usage: CngKeyUsages.KeyAgreement);
token = "";
token = JWT.Encode(payload, publicKeyOfCng, JweAlgorithm.ECDH_ES, JweEncryption.A256GCM);
Program.VerifyResult("JweAlgorithm.ECDH_ES, JweEncryption.A256GCM", token, publicKeyOfCng);
}
catch (Exception ex)
{
// System.NotImplementedException: 'not yet'
WriteLine.OutPutDebugAndConsole("JweAlgorithm.ECDH_ES, JweEncryption.A256GCM", ex.GetType().ToString() + ", " + ex.Message);
}
#endregion
#region PBES2 using HMAC SHA with AES Key Wrap key management family of algorithms
token = "";
token = JWT.Encode(payload, "top secret", JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512);
Program.VerifyResult("JweAlgorithm.PBES2_HS256_A128KW, JweEncryption.A256CBC_HS512", token, "top secret");
#endregion
#endregion
#endregion
#endregion
#endregion
}
catch (Exception ex)
{
WriteLine.OutPutDebugAndConsole(ex.ToString());
}
}
/// <summary>PublicKeyCryptography</summary>
private static void PublicKeyCryptography()
{
#region Variables
#region Env
OperatingSystem os = Environment.OSVersion;
// https://github.com/dotnet/corefx/issues/29404#issuecomment-385287947
// *.pfxから証明書を開く場合、X509KeyStorageFlags.Exportableの指定が必要な場合がある。
// Linuxのキーは常にエクスポート可能だが、WindowsやMacOSでは必ずしもそうではない。
X509KeyStorageFlags x509KSF = 0;
if (os.Platform == PlatformID.Win32NT)
{
x509KSF = X509KeyStorageFlags.MachineKeySet | X509KeyStorageFlags.Exportable;
}
else //if (os.Platform == PlatformID.Unix)
{
x509KSF = X509KeyStorageFlags.DefaultKeySet;
}
#endregion
#region Keys
X509Certificate2 publicX509Key = null;
X509Certificate2 privateX509Key = null;
#endregion
#region DigitalSign
string moji = "hogehoge";
byte[] data = CustomEncode.StringToByte(moji, CustomEncode.UTF_8);
byte[] sign = null;
#endregion
#endregion
#region Test of the X.509 Certificates
#region RSA
privateX509Key = new X509Certificate2(Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF);
publicX509Key = new X509Certificate2(Program.PublicRsaX509Path, "", x509KSF);
MyDebug.InspectPrivateX509Key("RSA", privateX509Key);
MyDebug.InspectPublicX509Key("RSA", publicX509Key);
#endregion
#if NETCORE || NET47
#region DSA
// https://github.com/dotnet/corefx/issues/18733#issuecomment-296723615
privateX509Key = new X509Certificate2(Program.PrivateDsaX509Path, Program.PfxPassword);
publicX509Key = new X509Certificate2(Program.PublicDsaX509Path, "");
MyDebug.InspectPrivateX509Key("DSA", privateX509Key);
MyDebug.InspectPublicX509Key("DSA", publicX509Key);
DSA privateDSA = privateX509Key.GetDSAPrivateKey();
MyDebug.OutputDebugAndConsole("privateDSA", (privateDSA == null ? "is null" : "is not null"));
//DSA publicDSA = null; // publicX509Key.GetDSAPublicKey(); // Internal.Cryptography.CryptoThrowHelper.WindowsCryptographicException
#endregion
#region ECDsa
// https://github.com/dotnet/corefx/issues/18733#issuecomment-296723615
privateX509Key = new X509Certificate2(Program.PrivateECDsaX509Path, Program.PfxPassword);
publicX509Key = new X509Certificate2(Program.PublicECDsaX509Path, "");
MyDebug.InspectPrivateX509Key("ECDsa", privateX509Key);
MyDebug.InspectPublicX509Key("ECDsa", publicX509Key);
ECDsa privateECDsa = privateX509Key.GetECDsaPrivateKey();
MyDebug.OutputDebugAndConsole("privateECDsa", (privateECDsa == null ? "is null" : "is not null"));
ECDsa publicECDsa = publicX509Key.GetECDsaPublicKey();
MyDebug.OutputDebugAndConsole("publicECDsa", (publicECDsa == null ? "is null" : "is not null"));
#endregion
#endif
#endregion
#region Test of the OpenTouryo.Public.Security.ASymCrypt
ASymmetricCryptography ascPublic = new ASymmetricCryptography(
EnumASymmetricAlgorithm.X509, Program.PublicRsaX509Path, "", x509KSF);
string temp = ascPublic.EncryptString(moji);
ASymmetricCryptography ascPrivate = new ASymmetricCryptography(
EnumASymmetricAlgorithm.X509, Program.PrivateRsaX509Path, Program.PfxPassword, x509KSF);
temp = ascPrivate.DecryptString(temp);
MyDebug.OutputDebugAndConsole("ASymCrypt(X509).Enc&Dec", (temp == moji).ToString());
#endregion
#region Test of the OpenTouryo.Public.Security.DigitalSign
// RSA, DSA
DigitalSignX509 dsX509 = null;
DigitalSignParam dsParam = null;
DigitalSignXML dsXML = null;
// ECDsa
#if NETCORE || NET47
DigitalSignECDsaX509 dsECDsaX509 = null;
DigitalSignECDsaCng dsECDsaCng = null;
#endif
#if NETCORE
DigitalSignECDsaOpenSsl dsECDsaOpenSsl = null;
#endif
if (os.Platform == PlatformID.Win32NT)
{
#region RSA
// X509
dsX509 = new DigitalSignX509(Program.PrivateRsaX509Path, Program.PfxPassword, "SHA256", x509KSF);
sign = dsX509.Sign(data);
dsX509 = new DigitalSignX509(Program.PublicRsaX509Path, "", "SHA256", x509KSF);
MyDebug.OutputDebugAndConsole("DigitalSignX509.Verify(RS256)", dsX509.Verify(data, sign).ToString());
// Param
dsParam = new DigitalSignParam(EnumDigitalSignAlgorithm.RsaCSP_SHA256);
sign = dsParam.Sign(data);
dsParam = new DigitalSignParam((RSAParameters)dsParam.PublicKey, EnumDigitalSignAlgorithm.RsaCSP_SHA256);
MyDebug.OutputDebugAndConsole("DigitalSignParam.Verify(RS256)", dsParam.Verify(data, sign).ToString());
// XML
dsXML = new DigitalSignXML(EnumDigitalSignAlgorithm.RsaCSP_SHA256);
sign = dsXML.Sign(data);
#if !NETCORE
// NETCOREでは、XML鍵のExportが動かない。
dsXML = new DigitalSignXML(dsXML.PublicKey, EnumDigitalSignAlgorithm.RsaCSP_SHA256);
#endif
MyDebug.OutputDebugAndConsole("DigitalSignXML.Verify(RS256)", dsXML.Verify(data, sign).ToString());
#endregion
#region DSA
// DSAはFormatterバージョンしか動かない。
// また、WinではDSAのX509が処理できない(Linux上では動作することを確認済み)。
//dsX509 = new DigitalSignX509(Program.PrivateDsaX509Path, Program.PfxPassword , "SHA256", x509KSF);
//sign = dsX509.Sign(data);
//MyDebug.OutputDebugAndConsole("DigitalSignX509.Verify(DSA-SHA256)", dsX509.Verify(data, sign).ToString());
// Param
dsParam = new DigitalSignParam(EnumDigitalSignAlgorithm.DsaCSP_SHA1);
sign = dsParam.SignByFormatter(data);
dsParam = new DigitalSignParam((DSAParameters)dsParam.PublicKey, EnumDigitalSignAlgorithm.DsaCSP_SHA1);
MyDebug.OutputDebugAndConsole("DigitalSignParam.Verify(DSA-SHA1)", dsParam.VerifyByDeformatter(data, sign).ToString());
// XML
dsXML = new DigitalSignXML(EnumDigitalSignAlgorithm.DsaCSP_SHA1);
sign = dsXML.SignByFormatter(data);
#if !NETCORE
// NETCOREでは、XML鍵のExportが動かない。
dsXML = new DigitalSignXML(dsXML.PublicKey, EnumDigitalSignAlgorithm.DsaCSP_SHA1);
#endif
MyDebug.OutputDebugAndConsole("DigitalSignXML.Verify(DSA-SHA1)", dsXML.VerifyByDeformatter(data, sign).ToString());
#endregion
#if NETCORE || NET47
#region ECDsa
// X509
dsECDsaX509 = new DigitalSignECDsaX509(Program.PrivateECDsaX509Path, Program.PfxPassword, HashAlgorithmName.SHA256);
sign = dsECDsaX509.Sign(data);
dsECDsaX509 = new DigitalSignECDsaX509(Program.PublicECDsaX509Path, "", HashAlgorithmName.SHA256);
MyDebug.OutputDebugAndConsole("DigitalSignECDsaX509.Verify(ECDSA-SHA256)", dsECDsaX509.Verify(data, sign).ToString());
#if NET47 || NETCOREAPP3_0
// Param
dsECDsaCng = new DigitalSignECDsaCng(EnumDigitalSignAlgorithm.ECDsaCng_P256);
sign = dsECDsaCng.Sign(data);
dsECDsaCng = new DigitalSignECDsaCng(dsECDsaCng.PublicKey);
MyDebug.OutputDebugAndConsole("DigitalSignParam.Verify(ECDSA-P256)", dsECDsaCng.Verify(data, sign).ToString());
#endif
#endregion
#endif
}
else //if (os.Platform == PlatformID.Unix)
{
#if NETCORE
#region RSA
// X509
dsX509 = new DigitalSignX509(Program.PrivateRsaX509Path, Program.PfxPassword, "SHA256");
sign = dsX509.Sign(data);
dsX509 = new DigitalSignX509(Program.PublicRsaX509Path, "", "SHA256");
MyDebug.OutputDebugAndConsole("DigitalSignX509.Verify(RS256)", dsX509.Verify(data, sign).ToString());
// Param
dsParam = new DigitalSignParam(EnumDigitalSignAlgorithm.RsaOpenSsl_SHA256);
sign = dsParam.Sign(data);
dsParam = new DigitalSignParam((RSAParameters)dsParam.PublicKey, EnumDigitalSignAlgorithm.RsaOpenSsl_SHA256);
MyDebug.OutputDebugAndConsole("DigitalSignParam.Verify(RS256)", dsParam.Verify(data, sign).ToString());
// XML
dsXML = new DigitalSignXML(EnumDigitalSignAlgorithm.RsaOpenSsl_SHA256);
sign = dsXML.Sign(data);
//dsXML = new DigitalSignXML(dsXML.PublicKey, EnumDigitalSignAlgorithm.RsaOpenSsl_SHA256); // 動かない
MyDebug.OutputDebugAndConsole("DigitalSignXML.Verify(RS256)", dsXML.Verify(data, sign).ToString());
#endregion
#region DSA
// X509
dsX509 = new DigitalSignX509(Program.PrivateDsaX509Path, Program.PfxPassword, "SHA256");
sign = dsX509.Sign(data);
dsX509 = new DigitalSignX509(Program.PublicDsaX509Path, "", "SHA256");
MyDebug.OutputDebugAndConsole("DigitalSignX509.Verify(DSA-SHA256)", dsX509.Verify(data, sign).ToString());
// Param
dsParam = new DigitalSignParam(EnumDigitalSignAlgorithm.DsaOpenSsl_SHA1);
sign = dsParam.Sign(data);
dsParam = new DigitalSignParam((DSAParameters)dsParam.PublicKey, EnumDigitalSignAlgorithm.DsaOpenSsl_SHA1);
MyDebug.OutputDebugAndConsole("DigitalSignParam.Verify(DSA-SHA1)", dsParam.Verify(data, sign).ToString());
// XML
dsXML = new DigitalSignXML(EnumDigitalSignAlgorithm.DsaOpenSsl_SHA1);
sign = dsXML.Sign(data);
//dsXML = new DigitalSignXML(dsXML.PublicKey, EnumDigitalSignAlgorithm.DsaOpenSsl_SHA1); // 動かない
MyDebug.OutputDebugAndConsole("DigitalSignXML.Verify(DSA-SHA1)", dsXML.Verify(data, sign).ToString());
#endregion
#region ECDsa (.NET Core on Linux)
// X509
dsECDsaX509 = new DigitalSignECDsaX509(Program.PrivateECDsaX509Path, Program.PfxPassword, HashAlgorithmName.SHA256);
sign = dsECDsaX509.Sign(data);
dsECDsaX509 = new DigitalSignECDsaX509(Program.PublicECDsaX509Path, "", HashAlgorithmName.SHA256);
MyDebug.OutputDebugAndConsole("DigitalSignECDsaX509.Verify(ECDSA)", dsECDsaX509.Verify(data, sign).ToString());
// Param
dsECDsaOpenSsl = new DigitalSignECDsaOpenSsl(
EnumDigitalSignAlgorithm.ECDsaOpenSsl_P256, SHA256CryptoServiceProvider.Create());
sign = dsECDsaOpenSsl.Sign(data);
dsECDsaOpenSsl = new DigitalSignECDsaOpenSsl(
dsECDsaOpenSsl.PublicKey.Value, SHA256CryptoServiceProvider.Create());
MyDebug.OutputDebugAndConsole("DigitalSignParam.Verify(ECDSA-P256)", dsParam.Verify(data, sign).ToString());
#endregion
#endif
}
#endregion
}
