public static void ExportKey(string Path, ECDiffieHellmanPublicKey Key) { using (BinaryWriter Writer = new BinaryWriter(File.Create(Path))) { Writer.Write((byte)Key.ToByteArray().Length); Writer.Write(Key.ToByteArray()); } }
private ECPublicKeyParameters GetPublicKeyParameters(ECDiffieHellmanPublicKey publicKey) { byte[] ecdhBlob = publicKey.ToByteArray(); int keySize; string magic = Encoding.ASCII.GetString(ecdhBlob, 0, 4); if (magic.Equals("ECK1")) { keySize = 256; } else if (magic.Equals("ECK3")) { keySize = 384; } else if (magic.Equals("ECK5")) { keySize = 521; } else { throw new Exception("Unknown public key type"); } if (keySize != _keySize) { throw new Exception("Public key size doesn't match our key size"); } byte[] encoded = new byte[1 + ecdhBlob.Length - 8]; encoded[0] = 0x04; Buffer.BlockCopy(ecdhBlob, 8, encoded, 1, ecdhBlob.Length - 8); Org.BouncyCastle.Math.EC.ECPoint ecPoint = _domainParameters.Curve.DecodePoint(encoded); return(new ECPublicKeyParameters(ecPoint, _domainParameters)); }
public static byte[] ToDerEncoded([NotNull] this ECDiffieHellmanPublicKey key) { byte[] asn = new byte[24] { 0x30, 0x76, 0x30, 0x10, 0x6, 0x7, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x2, 0x1, 0x6, 0x5, 0x2b, 0x81, 0x4, 0x0, 0x22, 0x3, 0x62, 0x0, 0x4 }; return(asn.Concat(key.ToByteArray().Skip(8)).ToArray()); }
/// <summary> /// Generates a shared verified key. /// </summary> /// <param name="publicKey"></param> /// <param name="signedPublicKey"></param> /// <param name="parameters"></param> public void GenerateVerifiedSharedKey(ECDiffieHellmanPublicKey publicKey, byte[] signedPublicKey, RSAParameters parameters) { if (VerifySignedData(publicKey.ToByteArray(), signedPublicKey, parameters)) { GenerateSharedKey(publicKey); } else { Console.WriteLine("Could not create end-to-end encryption key. RSA signing does not match."); } }
public virtual void SetAccountLogKey( TAccount userAccount, ECDiffieHellmanCng ecAccountLogKey, byte[] phase1HashOfCorrectPassword) { userAccount.EcPrivateAccountLogKeyEncryptedWithPasswordHashPhase1 = Encryption.EncryptEcPrivateKeyWithAesCbc(ecAccountLogKey, phase1HashOfCorrectPassword); using (ECDiffieHellmanPublicKey publicKey = ecAccountLogKey.PublicKey) { userAccount.EcPublicAccountLogKey = publicKey.ToByteArray(); } }
public override byte[] DeriveKeyMaterial(ECDiffieHellmanPublicKey otherPartyPublicKey) { var d = privateKey.D; // read the other side's public key. var opp = otherPartyPublicKey.ToByteArray(); ECPoint Qs = ECPoint.FromBlob(opp); // multiply their public key with our private d to get the shared secret. var p = Qs * d; var z = p.X.ToByteArray().Reverse().ToArray(); return(z); }
public bool InitaliseSymmettricKey(ECDiffieHellmanPublicKey otherPartyPublicKey, byte[] signedPublicKey, RSAParameters otherPartyRSAPublicKey) { RSACryptoServiceProvider csp = new RSACryptoServiceProvider(); csp.ImportParameters(otherPartyRSAPublicKey); if (csp.VerifyData(otherPartyPublicKey.ToByteArray(), SHA2, signedPublicKey)) { symmettricKey = ECDH.DeriveKeyMaterial(otherPartyPublicKey); return(true); } else { return(false); } }
public void TestCertMangling() { string certString = @"MIICSjCCAdECCQDje/no7mXkVzAKBggqhkjOPQQDAjCBjjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS BgNVBAoMC0dvb2dsZSwgSW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEG CSqGSIb3DQEJARYUZ29sYW5nLWRldkBnbWFpbC5jb20wHhcNMTIwNTIxMDYxMDM0 WhcNMjIwNTE5MDYxMDM0WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm b3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDASBgNVBAoMC0dvb2dsZSwg SW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEGCSqGSIb3DQEJARYUZ29s YW5nLWRldkBnbWFpbC5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARRuzRNIKRK jIktEmXanNmrTR/q/FaHXLhWRZ6nHWe26Fw7Rsrbk+VjGy4vfWtNn7xSFKrOu5ze qxKnmE0h5E480MNgrUiRkaGO2GMJJVmxx20aqkXOk59U8yGA4CghE6MwCgYIKoZI zj0EAwIDZwAwZAIwBZEN8gvmRmfeP/9C1PRLzODIY4JqWub2PLRT4mv9GU+yw3Gr PU9A3CHMdEcdw/MEAjBBO1lId8KOCh9UZunsSMfqXiVurpzmhWd6VYZ/32G+M+Mh 3yILeYQzllt/g0rKVRk="; X509Certificate2 c = new X509Certificate2(); c.Import(Convert.FromBase64String(certString)); Assert.AreEqual("[email protected], CN=www.google.com, O=\"Google, Inc\", L=Mountain View, S=California, C=US", c.Issuer); //Assert.AreEqual("CN=Microsoft Corporate Root CA, O=Microsoft Corporation", c.Subject); Assert.AreEqual("X509", c.GetFormat()); Assert.AreEqual("1.2.840.10045.2.1", c.GetKeyAlgorithm()); Assert.AreEqual("06052B81040022", c.GetKeyAlgorithmParametersString()); Assert.AreEqual("ECC", c.PublicKey.Oid.FriendlyName); ECDiffieHellmanPublicKey certKey = CryptoUtils.ImportEccPublicKeyFromCertificate(c); //Console.WriteLine(certKey.ToXmlString()); // https://blogs.msdn.microsoft.com/shawnfa/2007/01/22/elliptic-curve-diffie-hellman/ // http://stackoverflow.com/questions/11266711/using-cngkey-to-generate-rsa-key-pair-in-pem-dkim-compatible-using-c-simi { string input = "eyJhbGciOiJFUzM4NCIsIng1dSI6Ik1IWXdFQVlIS29aSXpqMENBUVlGSzRFRUFDSURZZ0FFN25uWnBDZnhtQ3JTd0RkQnY3ZUJYWE10S2hyb3hPcmlFcjNobU1PSkF1dy9acFFYajFLNUdHdEhTNENwRk50dGQxSllBS1lvSnhZZ2F5a3BpZTBFeUF2M3FpSzZ1dElIMnFuT0F0M1ZOclFZWGZJWkpTL1ZSZTNJbDhQZ3U5Q0IifQo.eyJleHAiOjE0NjQ5ODM4NDUsImV4dHJhRGF0YSI6eyJkaXNwbGF5TmFtZSI6Imd1cnVueCIsImlkZW50aXR5IjoiYWY2ZjdjNWUtZmNlYS0zZTQzLWJmM2EtZTAwNWU0MDBlNTc4In0sImlkZW50aXR5UHVibGljS2V5IjoiTUhZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUNJRFlnQUU3bm5acENmeG1DclN3RGRCdjdlQlhYTXRLaHJveE9yaUVyM2htTU9KQXV3L1pwUVhqMUs1R0d0SFM0Q3BGTnR0ZDFKWUFLWW9KeFlnYXlrcGllMEV5QXYzcWlLNnV0SUgycW5PQXQzVk5yUVlYZklaSlMvVlJlM0lsOFBndTlDQiIsIm5iZiI6MTQ2NDk4Mzg0NH0K.4OrvYYbX09iwOkz-7_N_5yEejuATcUogEbe69fB-kr7r6sH_qSu6bxp9L64SEgABb0rU7tyYCLVnaCSQjd9Dvb34WI9EducgOPJ92qHspcpXr7j716LDfhZE31ksMtWQ"; ECDiffieHellmanPublicKey rootKey = CryptoUtils.CreateEcDiffieHellmanPublicKey("MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8ELkixyLcwlZryUQcu1TvPOmI2B7vX83ndnWRUaXm74wFfa5f/lwQNTfrLVHa2PmenpGI6JhIMUJaWZrjmMj90NoKNFSNBuKdm8rYiXsfaz3K36x/1U26HpG0ZxK/V1V"); Console.WriteLine($"Root Public Key:\n{rootKey.ToXmlString()}"); CngKey key = CngKey.Import(rootKey.ToByteArray(), CngKeyBlobFormat.EccPublicBlob); Console.WriteLine("Key family: " + key.AlgorithmGroup); // "identityPublicKey": "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7nnZpCfxmCrSwDdBv7eBXXMtKhroxOriEr3hmMOJAuw/ZpQXj1K5GGtHS4CpFNttd1JYAKYoJxYgaykpie0EyAv3qiK6utIH2qnOAt3VNrQYXfIZJS/VRe3Il8Pgu9CB", var newKey = CryptoUtils.ImportECDsaCngKeyFromString("MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7nnZpCfxmCrSwDdBv7eBXXMtKhroxOriEr3hmMOJAuw/ZpQXj1K5GGtHS4CpFNttd1JYAKYoJxYgaykpie0EyAv3qiK6utIH2qnOAt3VNrQYXfIZJS/VRe3Il8Pgu9CB"); string decoded = JWT.Decode(input, newKey); //Assert.AreEqual("", decoded); //ECDsaCng t = new ECDsaCng(); //t.HashAlgorithm = CngAlgorithm.ECDiffieHellmanP384; //t.KeySize = 384; //byte[] test = t.Key.Export(CngKeyBlobFormat.EccPublicBlob); //Assert.AreEqual(test, newKey); //string decoded = JWT.Decode(input, t.Key); } // Private key (in reality this is not necessary since we will generate it) AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(Base64Url.Decode("MB8CAQAwEAYHKoZIzj0CAQYFK4EEACIECDAGAgEBBAEB")); PrivateKeyInfo privKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey); byte[] derKey = privKeyInfo.GetDerEncoded(); CngKey privCngKey = CngKey.Import(derKey, CngKeyBlobFormat.Pkcs8PrivateBlob); Console.WriteLine(privKeyInfo.PrivateKeyAlgorithm.Algorithm); Console.WriteLine(privCngKey.Algorithm.Algorithm); // Public key ECDiffieHellmanPublicKey clientKey = CryptoUtils.CreateEcDiffieHellmanPublicKey("MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyodFH+wO0dEr4GM1WoaWog8xsYQ6mQJAC0eVpBM96spUB1eMN56+BwlJ4H3Qx4TAvAs"); // EC key to generate shared secret ECDiffieHellmanCng ecKey = new ECDiffieHellmanCng(privCngKey); ecKey.HashAlgorithm = CngAlgorithm.Sha256; ecKey.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash; ecKey.SecretPrepend = new byte[128]; // Server token //ecKey.SecretPrepend = new byte[0]; // Server token Console.WriteLine(ecKey.HashAlgorithm); Console.WriteLine(ecKey.KeyExchangeAlgorithm); byte[] secret = ecKey.DeriveKeyMaterial(clientKey); Console.WriteLine(Package.HexDump(secret)); Console.WriteLine(Package.HexDump(Base64Url.Decode("ZOBpyzki/M8UZv5tiBih048eYOBVPkQE3r5Fl0gmUP4="))); Console.WriteLine(Package.HexDump(Base64Url.Decode("DEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyod"))); //Console.WriteLine(Package.HexDump(Base64Url.Decode("DEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyod"))); }
public override byte[] ToByteArray() => _wrapped.ToByteArray();
public static void Write(this BinaryWriter writer, ECDiffieHellmanPublicKey publicKey) { writer.Write(publicKey.ToByteArray()); }