protected virtual AsymmetricCipherKeyPair GenerateECKeyPair(ECDomainParameters ecParams)
{
ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
ECKeyGenerationParameters keyGenerationParameters = new ECKeyGenerationParameters(ecParams,
context.SecureRandom);
keyPairGenerator.Init(keyGenerationParameters);
return(keyPairGenerator.GenerateKeyPair());
}
public void TestECBasicAgreementTest()
{
var random = new SecureRandom();
var curve = new FPCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
var parameters = new ECDomainParameters(
curve,
curve.DecodePoint(Hex.Decode("020ffa963cdca8816ccc33b8642bedf905c3d358573d3f27fbbd3b3cb9aaaf")), // G
new BigInteger("883423532389192164791648750360308884807550341691627752275345424702807307")); // n
var pGen = new ECKeyPairGenerator();
var genParam = new ECKeyGenerationParameters(parameters, random);
pGen.Init(genParam);
IAsymmetricCipherKeyPair p1 = pGen.GenerateKeyPair();
IAsymmetricCipherKeyPair p2 = pGen.GenerateKeyPair();
//
// two way
//
IBasicAgreement e1 = new ECDHBasicAgreement();
IBasicAgreement e2 = new ECDHBasicAgreement();
e1.Init(p1.Private);
e2.Init(p2.Private);
IBigInteger k1 = e1.CalculateAgreement(p2.Public);
IBigInteger k2 = e2.CalculateAgreement(p1.Public);
if (!k1.Equals(k2))
{
Fail("calculated agreement test failed");
}
//
// two way
//
e1 = new ECDHCBasicAgreement();
e2 = new ECDHCBasicAgreement();
e1.Init(p1.Private);
e2.Init(p2.Private);
k1 = e1.CalculateAgreement(p2.Public);
k2 = e2.CalculateAgreement(p1.Public);
if (!k1.Equals(k2))
{
Fail("calculated agreement test failed");
}
}
public void Init(
KeyGenerationParameters parameters)
{
if (parameters is ECKeyGenerationParameters)
{
ECKeyGenerationParameters ecP = (ECKeyGenerationParameters)parameters;
this.publicKeyParamSet = ecP.PublicKeyParamSet;
this.parameters = ecP.DomainParameters;
}
else
{
DerObjectIdentifier oid;
switch (parameters.Strength)
{
case 192:
oid = X9ObjectIdentifiers.Prime192v1;
break;
case 224:
oid = SecObjectIdentifiers.SecP224r1;
break;
case 239:
oid = X9ObjectIdentifiers.Prime239v1;
break;
case 256:
oid = X9ObjectIdentifiers.Prime256v1;
break;
case 384:
oid = SecObjectIdentifiers.SecP384r1;
break;
case 521:
oid = SecObjectIdentifiers.SecP521r1;
break;
default:
throw new InvalidParameterException("unknown key size.");
}
X9ECParameters ecps = FindECCurveByOid(oid);
this.publicKeyParamSet = oid;
this.parameters = new ECDomainParameters(
ecps.Curve, ecps.G, ecps.N, ecps.H, ecps.GetSeed());
}
this.random = parameters.Random;
if (this.random == null)
{
this.random = new SecureRandom();
}
}
private static AsymmetricCipherKeyPair GenerateKeyPairEcc()
{
var oid = X962NamedCurves.GetOid("prime256v1");
var generator = new ECKeyPairGenerator();
var genParam = new ECKeyGenerationParameters(oid, RandomUtil.SecureRandomBc);
generator.Init(genParam);
return(generator.GenerateKeyPair());
}
/// <summary>
/// 生成国密公私钥对
/// </summary>
public static AsymmetricCipherKeyPair GenerateKeyPair()
{
var keyGenerator = new ECKeyPairGenerator();
ECKeyGenerationParameters pa = new ECKeyGenerationParameters(GMObjectIdentifiers.sm2p256v1, new SecureRandom());
keyGenerator.Init(pa);
return(keyGenerator.GenerateKeyPair());
}
/// <summary>
/// Generate key pair.
/// </summary>
/// <returns></returns>
public override AsymmetricCipherKeyPair GenerateKeyPair()
{
X9ECParameters parameters2 = GMNamedCurves.GetByOid(GMObjectIdentifiers.sm2p256v1);
ECDomainParameters parameters3 = new ECDomainParameters(parameters2);
KeyGenerationParameters parameters = new ECKeyGenerationParameters(parameters3, Common.ThreadSecureRandom.Value);
IAsymmetricCipherKeyPairGenerator generator = new ECKeyPairGenerator();
generator.Init(parameters);
return(generator.GenerateKeyPair());
}
/// <summary>
/// Generate key pair.
/// </summary>
/// <returns></returns>
public override AsymmetricCipherKeyPair GenerateKeyPair()
{
X9ECParameters parameters2 = GenerateEllipticCurve(_ellipticCurve);
ECDomainParameters parameters3 = new ECDomainParameters(parameters2);
KeyGenerationParameters parameters = new ECKeyGenerationParameters(parameters3, Common.ThreadSecureRandom.Value);
IAsymmetricCipherKeyPairGenerator generator = new ECKeyPairGenerator();
generator.Init(parameters);
return(generator.GenerateKeyPair());
}
static AsymmetricCipherKeyPair GenerateKeyPair()
{
var rng = new SecureRandom();
var keyParams = new ECKeyGenerationParameters(DomainParams, rng);
var generator = new ECKeyPairGenerator("ECDSA");
generator.Init(keyParams);
return(generator.GenerateKeyPair());
}
public AsymmetricCipherKeyPair GenerateKeys()
{
var gen = new ECKeyPairGenerator("ECDSA");
var keyGenParam = new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, SecureRandom.GetInstance("SHA256PRNG"));
gen.Init(keyGenParam);
return(gen.GenerateKeyPair());
}
public ECKeyPair GenerateKeyPair(byte[] applicationSha256, byte[] challengeSha256)
{
var conf = new ECKeyGenerationParameters(SecObjectIdentifiers.SecP256r1, new SecureRandom());
var keyGen = new ECKeyPairGenerator("ECDSA");
keyGen.Init(conf);
var pair = keyGen.GenerateKeyPair();
return(new ECKeyPair((ECPublicKeyParameters)pair.Public, (ECPrivateKeyParameters)pair.Private));
}
static ECPrivateKeyParameters GeneratePrivateKey(ECDomainParameters domainParams)
{
var keyParams = new ECKeyGenerationParameters(domainParams, new SecureRandom());
var generator = new ECKeyPairGenerator("ECDSA");
generator.Init(keyParams);
var keyPair = generator.GenerateKeyPair();
return (keyPair.Private as ECPrivateKeyParameters);
}
public IKey GenerateKey(int?keySize = null)
{
var generator = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
var generatorParams = new ECKeyGenerationParameters(
CustomNamedCurves.GetOid(curveName), new SecureRandom());
generator.Init(generatorParams);
var keyPair = generator.GenerateKeyPair();
return(new AsymmetricCipherKey(Algorithm, keyPair));
}
public void Init(DerObjectIdentifier publicKeyParamSetOid, DerObjectIdentifier digestParamSetOid)
{
var curve = ECGost3410NamedCurves.GetByOid(publicKeyParamSetOid);
var ecp = new ECNamedDomainParameters(publicKeyParamSetOid, curve);
var gostParams = new ECGost3410Parameters(ecp, publicKeyParamSetOid, digestParamSetOid, null);
var param = new ECKeyGenerationParameters(gostParams, new SecureRandom());
var generator = new ECKeyPairGenerator();
generator.Init(param);
_keyPair = generator.GenerateKeyPair();
}
/// <summary>
/// Generate EC key pair.
/// </summary>
/// <param name="privateKey"><c>out</c> Private Key</param>
/// <param name="publicKey"><c>out</c> Public Key.</param>
public static void GenerateEcKey(out ECPrivateKeyParameters privateKey, out ECPublicKeyParameters publicKey)
{
var keyGeneratorParams = new ECKeyGenerationParameters(EcParameters, RngCsp);
var keyGenerator = new ECKeyPairGenerator("ECDH");
keyGenerator.Init(keyGeneratorParams);
var keyPair = keyGenerator.GenerateKeyPair();
privateKey = keyPair.Private as ECPrivateKeyParameters;
publicKey = keyPair.Public as ECPublicKeyParameters;
}
static BouncyCrypto()
{
X9ECParameters curveParameters = SecNamedCurves.GetByName("secp256k1");
DomainParameters = new ECDomainParameters(curveParameters.Curve, curveParameters.G, curveParameters.N, curveParameters.H);
ECKeyPairGenerator generator = new ECKeyPairGenerator();
ECKeyGenerationParameters keyGeneratorParameters = new ECKeyGenerationParameters(DomainParameters, SecureRandom);
generator.Init(keyGeneratorParameters);
}
public static AsymmetricCipherKeyPair GenerateEcKeyPair(string curveName)
{
var ecParam = SecNamedCurves.GetByName(curveName);
var ecDomain = new ECDomainParameters(ecParam.Curve, ecParam.G, ecParam.N);
var keygenParam = new ECKeyGenerationParameters(ecDomain, secureRandom);
var keyGenerator = new ECKeyPairGenerator();
keyGenerator.Init(keygenParam);
return(keyGenerator.GenerateKeyPair());
}
public static byte[] CreateNewPrivateKey()
{
ECKeyPairGenerator generator = new ECKeyPairGenerator();
ECKeyGenerationParameters keygenParams = new ECKeyGenerationParameters(domain, secureRandom);
generator.Init(keygenParams);
AsymmetricCipherKeyPair keypair = generator.GenerateKeyPair();
ECPrivateKeyParameters privParams = (ECPrivateKeyParameters)keypair.Private;
return(privParams.D.ToByteArray());
}
internal override AsymmetricCipherKeyPair GenerateNewKeyPair()
{
var generator = new ECKeyPairGenerator();
var curve = GetEcCurve();
var genParam = new ECKeyGenerationParameters(
SecNamedCurves.GetOid(curve),
new SecureRandom());
generator.Init(genParam);
return(generator.GenerateKeyPair());
}
public static PrivateKey Generate()
{
var gen = new ECKeyPairGenerator();
var secureRandom = new SecureRandom();
var ecParams = GetECParameters();
var keyGenParam = new ECKeyGenerationParameters(ecParams, secureRandom);
gen.Init(keyGenParam);
return(new PrivateKey(gen.GenerateKeyPair().Private as ECPrivateKeyParameters));
}
// This will get you the keys...
public static AsymmetricCipherKeyPair GenerateKeys()
{
var gen = new ECKeyPairGenerator();
var secureRandom = new SecureRandom();
var ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
var ecParams = new ECDomainParameters(ps.Curve, ps.G, ps.N, ps.H);
var keyGenParam = new ECKeyGenerationParameters(ecParams, secureRandom);
gen.Init(keyGenParam);
return(gen.GenerateKeyPair());
}
public AsymmetricCipherKeyPair generateKeypair()
{
var eckeygen = new ECKeyGenerationParameters(spec, securerng);
var keygen = new ECKeyPairGenerator();
keygen.Init(eckeygen);
var kp = keygen.GenerateKeyPair();
return(kp);
}
public static PkiKeyPair GenerateEcdsaKeyPair(int bits, int hashBits = -1)
{
// Based on:
// https://github.com/bcgit/bc-csharp/blob/master/crypto/test/src/crypto/test/ECTest.cs#L331
// https://www.codeproject.com/Tips/1150485/Csharp-Elliptical-Curve-Cryptography-with-Bouncy-C
// This produced the following error against Let's Encrypt CA:
// ACMESharp.Protocol.AcmeProtocolException : Error parsing certificate request: asn1: structure error: tags don't match (6 vs {class:0 tag:16 length:247 isCompound:true}) {optional:false explicit:false application:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} ObjectIdentifier @3
// var ecNistParams = NistNamedCurves.GetByName("P-" + bits);
// var ecDomainParams = new ECDomainParameters(ecNistParams.Curve,
// ecNistParams.G, ecNistParams.N, ecNistParams.H, ecNistParams.GetSeed());
// var ecParams = new ECKeyGenerationParameters(ecDomainParams, new SecureRandom());
// So according to [this](https://github.com/golang/go/issues/18634#issuecomment-272527314)
// it seems we were passing in arbitrary curve details instead of a named curve OID as we do here:
var ecCurveOid = NistNamedCurves.GetOid("P-" + bits);;
var ecParams = new ECKeyGenerationParameters(ecCurveOid, new SecureRandom());
var ecKpGen = GeneratorUtilities.GetKeyPairGenerator("ECDSA");
ecKpGen.Init(ecParams);
var nativeKeyPair = ecKpGen.GenerateKeyPair();
var kpg = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator();
kpg.Init(ecParams);
// SHA + ECDSA algor selection based on:
// https://github.com/bcgit/bc-csharp/blob/master/crypto/src/security/SignerUtilities.cs
// Transcode Length:
// * lengths are specified as in:
// https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-24#section-3.4
// * see explanation in the docs for "TranscodeSignatureToConcat" for what this is all about
var transcodeLength = 0;
if (hashBits == -1)
{
switch (bits)
{
case 521: hashBits = 512; transcodeLength = 132; break;
case 384: hashBits = 384; transcodeLength = 96; break;
default: hashBits = 256; transcodeLength = 64; break;
}
}
var sigAlgor = $"SHA{hashBits}WITHECDSA";
return(new PkiKeyPair(nativeKeyPair, PkiAsymmetricAlgorithm.Ecdsa,
(prv, data) => Sign(sigAlgor, prv, data, transcodeLength),
(pub, data, sig) => Verify(sigAlgor, pub, data, sig),
(keys, prv) => ExportEcJwk(bits, keys, prv)));
}
public static AsymmetricCipherKeyPair GenerateECKeyPair()
{
var curve = ECNamedCurveTable.GetByName("secp256k1");
var domainParams = new ECDomainParameters(curve.Curve, curve.G, curve.N, curve.H, curve.GetSeed());
var sr = new SecureRandom();
var keyParams = new ECKeyGenerationParameters(domainParams, sr);
var generator = new ECKeyPairGenerator("ECDSA");
generator.Init(keyParams);
return(generator.GenerateKeyPair());
}
public static AsymmetricCipherKeyPair GenerateGostKeyPair(DerObjectIdentifier publicKeyParamSetOid, DerObjectIdentifier digestParamSetOid)
{
var curve = ECGost3410NamedCurves.GetByOid(publicKeyParamSetOid);
var ecp = new ECNamedDomainParameters(publicKeyParamSetOid, curve);
var gostParams = new ECGost3410Parameters(ecp, publicKeyParamSetOid, digestParamSetOid, null);
var param = new ECKeyGenerationParameters(gostParams, _random);
var generator = new ECKeyPairGenerator();
generator.Init(param);
return(generator.GenerateKeyPair());
}
/// <summary>
/// Generates a key pair
/// </summary>
void GenerateKeyPair()
{
ECKeyPairGenerator keyGen = new ECKeyPairGenerator("ECDSA");
SecureRandom secureRandom = SecureRandom.GetInstance("SHA1PRNG");
Org.BouncyCastle.Asn1.X9.X9ECParameters ecp = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp192k1");//("prime192v1");//("secp224k1");
ECDomainParameters ecSpec = new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H, ecp.GetSeed());
ECKeyGenerationParameters ecKeyGenParams = new ECKeyGenerationParameters(ecSpec, secureRandom);
keyGen.Init(ecKeyGenParams);
AsymmetricCipherKeyPair keyPair = keyGen.GenerateKeyPair();
PrivateKey = keyPair.Private as ECPrivateKeyParameters;
PublicKey = keyPair.Public as ECPublicKeyParameters;
}
public static ECKeyPair GenerateKeyPair()
{
var secureRandom = new SecureRandom();
var keyParams = new ECKeyGenerationParameters(DomainParams, secureRandom);
var generator = new ECKeyPairGenerator("ECDSA");
generator.Init(keyParams);
var keyPair = generator.GenerateKeyPair();
var privateKey = keyPair.Private as ECPrivateKeyParameters;
return(new ECKeyPair(privateKey.D.ToByteArrayUnsigned(), true));
}
/// <summary>
/// Generates random private key
/// </summary>
/// <returns>The private key.</returns>
public static byte[] GeneratePrivateKey()
{
var keyParams = new ECKeyGenerationParameters(DomainParams, new SecureRandom());
var generator = new ECKeyPairGenerator("ECDSA");
generator.Init(keyParams);
var keyPair = generator.GenerateKeyPair();
return((keyPair.Private as ECPrivateKeyParameters).D.ToByteArray());
}
private static ECPrivateKeyParameters GenerateKeyParam()
{
var gen = new ECKeyPairGenerator();
var secureRandom = new SecureRandom();
ECDomainParameters ecParams = GetECParameters();
var keyGenParam =
new ECKeyGenerationParameters(ecParams, secureRandom);
gen.Init(keyGenParam);
return(gen.GenerateKeyPair().Private as ECPrivateKeyParameters);
}
private void CheckPrivateKey(ECKeyGenerationParameters param, BigInteger privateKey)
{
var point = param.DomainParameters.G.Multiply(privateKey).Normalize();
var x = point.AffineXCoord.GetEncoded().Reverse();
var y = point.AffineYCoord.GetEncoded().Reverse();
var pub = PublicKey.GetOctets();
if (!x.SequenceEqual(pub.Take(pub.Length / 2)) || !y.SequenceEqual(pub.Skip(pub.Length / 2)))
{
throw new CryptographicException("Закрытый ключ не соответствует открытому ключу.");
}
}
/**
* Test Sign and Verify with test parameters
* see: http://www.ietf.org/internet-drafts/draft-popov-cryptopro-cpalgs-01.txt
* gostR3410-2001-TestParamSet P.46
*/
private void ecGOST3410_TestParam()
{
SecureRandom random = new SecureRandom();
BigInteger mod_p = new BigInteger("57896044618658097711785492504343953926634992332820282019728792003956564821041"); //p
BigInteger mod_q = new BigInteger("57896044618658097711785492504343953927082934583725450622380973592137631069619");
FpCurve curve = new FpCurve(
mod_p, // p
new BigInteger("7"), // a
new BigInteger("43308876546767276905765904595650931995942111794451039583252968842033849580414"), // b
mod_q, BigInteger.One);
ECDomainParameters parameters = new ECDomainParameters(
curve,
curve.CreatePoint(
new BigInteger("2"), // x
new BigInteger("4018974056539037503335449422937059775635739389905545080690979365213431566280")), // y
mod_q);
ECKeyPairGenerator pGen = new ECKeyPairGenerator();
ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(
parameters,
random);
pGen.Init(genParam);
AsymmetricCipherKeyPair pair = pGen.GenerateKeyPair();
ParametersWithRandom param = new ParametersWithRandom(pair.Private, random);
ECGost3410Signer ecgost3410 = new ECGost3410Signer();
ecgost3410.Init(true, param);
//get hash message using the digest GOST3411.
byte[] message = Encoding.ASCII.GetBytes("Message for sign");
Gost3411Digest gost3411 = new Gost3411Digest();
gost3411.BlockUpdate(message, 0, message.Length);
byte[] hashmessage = new byte[gost3411.GetDigestSize()];
gost3411.DoFinal(hashmessage, 0);
BigInteger[] sig = ecgost3410.GenerateSignature(hashmessage);
ecgost3410.Init(false, pair.Public);
if (!ecgost3410.VerifySignature(hashmessage, sig[0], sig[1]))
{
Fail("signature fails");
}
}
