KeyPair GetAsymmetricKeyPair()
{
var asymmetricAlias = $"{alias}.asymmetric";
var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>();
var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey;
// Return the existing key if found
if (privateKey != null && publicKey != null)
{
return(new KeyPair(publicKey, privateKey));
}
// Otherwise we create a new key
var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore);
var end = DateTime.UtcNow.AddYears(20);
var startDate = new Java.Util.Date();
var endDate = new Java.Util.Date(end.Year, end.Month, end.Day);
#pragma warning disable CS0618
var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext)
.SetAlias(asymmetricAlias)
.SetSerialNumber(Java.Math.BigInteger.One)
.SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate"))
.SetStartDate(startDate)
.SetEndDate(endDate);
generator.Initialize(builder.Build());
#pragma warning restore CS0618
return(generator.GenerateKeyPair());
}
public void CreateKeyPair()
{
DeleteKey();
KeyPairGenerator keyGenerator =
KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME);
if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 &&
Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1)
{
var calendar = Calendar.GetInstance(_context.Resources.Configuration.Locale);
var endDate = Calendar.GetInstance(_context.Resources.Configuration.Locale);
endDate.Add(CalendarField.Year, 20);
//this API is obsolete after Android M, but I am supporting Android L
#pragma warning disable 618
var builder = new KeyPairGeneratorSpec.Builder(_context)
#pragma warning restore 618
.SetAlias(_keyName).SetSerialNumber(BigInteger.One)
.SetSubject(new X500Principal($"CN={_keyName} CA Certificate"))
.SetStartDate(calendar.Time)
.SetEndDate(endDate.Time).SetKeySize(KeySize);
keyGenerator.Initialize(builder.Build());
}
else if (Build.VERSION.SdkInt >= BuildVersionCodes.M)
{
var builder =
new KeyGenParameterSpec.Builder(_keyName, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetBlockModes(KeyProperties.BlockModeEcb)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.SetRandomizedEncryptionRequired(false).SetKeySize(KeySize);
keyGenerator.Initialize(builder.Build());
}
keyGenerator.GenerateKeyPair();
}
//BELOW API 23
public KeyPair GetAsymmetricKey()
{
var asymmetricAlias = $"{alias}.asymmetric";
var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>();
var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey;
if (privateKey != null && publicKey != null)
{
return(new KeyPair(publicKey, privateKey));
}
// var originalLocale = Platform.
var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, CONST_ANDROIDKEY);
var end = DateTime.UtcNow.AddYears(20);
var startDate = new Java.Util.Date();
var endDate = new Java.Util.Date(end.Year, end.Month, end.Day);
var builder = new KeyPairGeneratorSpec.Builder(appContext)
.SetAlias(asymmetricAlias)
.SetSerialNumber(Java.Math.BigInteger.One)
.SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate"))
.SetStartDate(startDate)
.SetEndDate(endDate);
generator.Initialize(builder.Build());
return(generator.GenerateKeyPair());
}
KeyPair GetAsymmetricKeyPair()
{
// set that we generated keys on pre-m device.
Preferences.Set(useSymmetricPreferenceKey, false, SecureStorage.Alias);
var asymmetricAlias = $"{alias}.asymmetric";
var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>();
var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey;
// Return the existing key if found
if (privateKey != null && publicKey != null)
{
return(new KeyPair(publicKey, privateKey));
}
var originalLocale = Platform.GetLocale();
try
{
// Force to english for known bug in date parsing:
// https://issuetracker.google.com/issues/37095309
Platform.SetLocale(Java.Util.Locale.English);
// Otherwise we create a new key
var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore);
var end = DateTime.UtcNow.AddYears(20);
var startDate = new Java.Util.Date();
#pragma warning disable CS0618 // Type or member is obsolete
var endDate = new Java.Util.Date(end.Year, end.Month, end.Day);
#pragma warning restore CS0618 // Type or member is obsolete
#pragma warning disable CS0618
var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext)
.SetAlias(asymmetricAlias)
.SetSerialNumber(Java.Math.BigInteger.One)
.SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate"))
.SetStartDate(startDate)
.SetEndDate(endDate);
generator.Initialize(builder.Build());
#pragma warning restore CS0618
return(generator.GenerateKeyPair());
}
finally
{
Platform.SetLocale(originalLocale);
}
}
private void GenerateStoreKey(bool withDate)
{
if (_keyStore.ContainsAlias(KeyAlias))
{
return;
}
ClearSettings();
var end = Calendar.Instance;
end.Add(CalendarField.Year, 99);
if (_oldAndroid)
{
var subject = new X500Principal($"CN={KeyAlias}");
var builder = new KeyPairGeneratorSpec.Builder(Application.Context)
.SetAlias(KeyAlias)
.SetSubject(subject)
.SetSerialNumber(BigInteger.Ten);
if (withDate)
{
builder.SetStartDate(new Date(0)).SetEndDate(end.Time);
}
var spec = builder.Build();
var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore);
gen.Initialize(spec);
gen.GenerateKeyPair();
}
else
{
var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt)
.SetBlockModes(KeyProperties.BlockModeGcm)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone);
if (withDate)
{
builder.SetKeyValidityStart(new Date(0)).SetKeyValidityEnd(end.Time);
}
var spec = builder.Build();
var gen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, AndroidKeyStore);
gen.Init(spec);
gen.GenerateKey();
}
}
private void PrepareKeyStore()
{
_keyStore = KeyStore.GetInstance(AndroidKeyStoreKey);
_keyStore.Load(null);
if (_keyStore.ContainsAlias(ProtectedDataKey))
{
_keyStore.GetKey(ProtectedDataKey, null);
}
else
{
var context = global::Android.App.Application.Context;
// thanks to https://dzone.com/articles/xamarin-android-asymmetric-encryption-without-any
var keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStoreKey);
if (_sdkLessThan23)
{
var calendar = Calendar.GetInstance(context.Resources.Configuration.Locale);
var endDate = Calendar.GetInstance(context.Resources.Configuration.Locale);
endDate.Add(CalendarField.Year, 20);
#pragma warning disable 618
var builder = new KeyPairGeneratorSpec.Builder(context)
#pragma warning restore 618
.SetAlias(ProtectedDataKey)
.SetSerialNumber(BigInteger.One)
.SetSubject(new X500Principal($"CN={ProtectedDataKey} CA Certificate"))
.SetStartDate(calendar.Time)
.SetEndDate(endDate.Time)
.SetKeySize(2048);
keyGenerator.Initialize(builder.Build());
}
else
{
var builder = new KeyGenParameterSpec.Builder(ProtectedDataKey, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetBlockModes(KeyProperties.BlockModeEcb)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.SetRandomizedEncryptionRequired(false)
.SetKeySize(2048);
keyGenerator.Initialize(builder.Build());
}
keyGenerator.GenerateKeyPair();
}
}
private static void GenerateKeyPair(Context context, String alias)
{
Calendar start = new GregorianCalendar();
Calendar end = new GregorianCalendar();
end.Add(CalendarField.Year, 100);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.SetAlias(alias)
.SetSubject(new X500Principal("CN=" + alias))
.SetSerialNumber(BigInteger.One)
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
KeyPairGenerator gen = KeyPairGenerator.GetInstance("RSA", "AndroidKeyStore");
gen.Initialize(spec);
gen.GenerateKeyPair();
}
/// <summary>
/// Creates a new public-private key pair. An already existing key will be deleted, so
/// make sure to call <see cref="KeysExistInKeyStore"/> before.
/// </summary>
private void CreateKeyPairInKeyStore()
{
RemoveKeyFromKeyStore();
KeyPairGenerator keyGenerator =
KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KeyStoreName);
if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 &&
Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1)
{
Calendar startDateCalendar = Calendar.GetInstance(Locale.Default);
startDateCalendar.Add(CalendarField.Year, -1);
Calendar endDateCalendar = Calendar.GetInstance(Locale.Default);
endDateCalendar.Add(CalendarField.Year, 100);
string certificateName = string.Format("CN={0} CA Certificate", KeyAlias);
// this API is obsolete after Android M, but we are supporting Android L
#pragma warning disable 618
var builder = new KeyPairGeneratorSpec.Builder(_applicationContext)
.SetAlias(KeyAlias)
.SetSerialNumber(BigInteger.One)
.SetSubject(new X500Principal(certificateName))
.SetStartDate(startDateCalendar.Time)
.SetEndDate(endDateCalendar.Time)
.SetKeySize(KeySize);
#pragma warning restore 618
keyGenerator.Initialize(builder.Build());
}
else if (Build.VERSION.SdkInt >= BuildVersionCodes.M)
{
Calendar endDateCalendar = Calendar.GetInstance(Locale.Default);
endDateCalendar.Add(CalendarField.Year, 100);
var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt)
.SetBlockModes(KeyProperties.BlockModeEcb)
.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1)
.SetCertificateNotAfter(endDateCalendar.Time)
.SetKeySize(KeySize);
keyGenerator.Initialize(builder.Build());
}
// Key generator is initialized, generate the key
keyGenerator.GenerateKeyPair();
}
private void GenerateRSAKeyPairs(string alias)
{
// Generate the RSA key pairs
if (!_keyStore.ContainsAlias(alias))
{
// Generate a key pair for encryption
var start = Calendar.GetInstance(Locale.English);
var end = Calendar.GetInstance(Locale.English);
end.Add(CalendarField.Year, 30);
var spec = new KeyPairGeneratorSpec.Builder(_context)
.SetAlias(alias)
.SetSubject(new X500Principal("CN=" + alias))
.SetSerialNumber(BigInteger.Ten)
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
var kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore);
kpg.Initialize(spec);
kpg.GenerateKeyPair();
}
}
private void GenerateRSAKey()
{
// Generate a key pair for encryption
Calendar start = Calendar.GetInstance(Locale.Default);
Calendar end = Calendar.GetInstance(Locale.Default);
#pragma warning disable CS0618 // Type or member is obsolete
end.Add(Calendar.Year, 30);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(Android.App.Application.Context)
#pragma warning restore CS0618 // Type or member is obsolete
.SetAlias(_secureStoredKeyAlias)
.SetSubject(new X500Principal("CN=" + _secureStoredKeyAlias))
.SetSerialNumber(BigInteger.Ten)
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
KeyPairGenerator kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, _droidKeyStore);
kpg.Initialize(spec);
kpg.GenerateKeyPair();
}
/// <summary>
/// Create new RSA key pair for KeyStore instance
/// </summary>
/// <param name="alias">KeyStore instance alias</param>
/// <param name="context">Root context</param>
/// <returns>True/False = Created or not</returns>
private static bool CreateNewRSAKeyPair(string alias, Context context)
{
try
{
Calendar start = Calendar.GetInstance(Java.Util.TimeZone.Default);
Calendar end = Calendar.GetInstance(Java.Util.TimeZone.Default);
end.Add(CalendarField.Year, 100);
KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context)
.SetAlias(alias)
.SetSubject(new Javax.Security.Auth.X500.X500Principal("CN=CryptoTouch, O=Android Authority"))
.SetSerialNumber(Java.Math.BigInteger.One)
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
KeyPairGenerator generator = KeyPairGenerator.GetInstance("RSA", STORE_NAME);
generator.Initialize(spec);
_keyPair = generator.GenerateKeyPair();
return(true);
}
catch (Exception ex) { Toast.MakeText(context, ex.Message, ToastLength.Long).Show(); return(false); }
}
private void InitializePrivateKey()
{
if (!_HasKeyStore)
{
return;
}
try {
var keystore = KeyStore.GetInstance("AndroidKeyStore");
keystore.Load(null);
if (keystore.ContainsAlias(Alias))
{
return;
}
} catch (Exception e) {
Log.To.NoDomain.E(Tag, "Unable to open Android keystore", e);
return;
}
try {
var start = Calendar.GetInstance(Locale.Default);
var end = Calendar.GetInstance(Locale.Default);
end.Add(CalendarField.Year, 1);
var spec = new KeyPairGeneratorSpec.Builder(Application.Context)
.SetAlias(Alias)
.SetSubject(new X500Principal($"CN={Alias}"))
.SetSerialNumber(BigInteger.ValueOf(1337))
.SetStartDate(start.Time)
.SetEndDate(end.Time)
.Build();
var generator = KeyPairGenerator.GetInstance(KeyPairGenAlgorithm, "AndroidKeyStore");
generator.Initialize(spec);
var keyPair = generator.GenerateKeyPair();
} catch (Exception e) {
Log.To.NoDomain.E(Tag, "Unable to create new key", e);
}
}
private void CreateKey_Credentials()
{
var generator = KeyPairGenerator.GetInstance("RSA", AndroidKeyStore);
if (Build.VERSION.SdkInt < BuildVersionCodes.M)
{
Java.Util.Calendar calendar = Java.Util.Calendar.Instance;
calendar.Add(Java.Util.CalendarField.Year, 20);
Date startDate = Java.Util.Calendar.Instance.Time;
Date endDate = calendar.Time;
#pragma warning disable 0618
var builder = new KeyPairGeneratorSpec.Builder(_context);
#pragma warning restore 0618
builder.SetAlias(KEYALIAS_CREDENTIALS);
builder.SetSerialNumber(Java.Math.BigInteger.One);
builder.SetSubject(new Javax.Security.Auth.X500.X500Principal("CN=${alias} CA Certificate"));
builder.SetStartDate(startDate);
builder.SetEndDate(endDate);
generator.Initialize(builder.Build());
}
else
{
var builder = new KeyGenParameterSpec.Builder(KEYALIAS_CREDENTIALS, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt);
builder.SetBlockModes(KeyProperties.BlockModeEcb);
builder.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1);
generator.Initialize(builder.Build());
}
generator.GenerateKeyPair();
}
