public SigningOutput SignContent(string serializedRequest) { var hashManager = new HashManager(); var privateKey = KeyStoreAdapter.GetPrivateKeyForUser(SignatoryReference); var envolope = SigningEnvelope <string> .Create(serializedRequest, SignatoryReference, SignatoryEmail, SignatoryIpAddress); var hashSigningContent = hashManager.HashContent(envolope.Body); var rsaEncryptor = new Chilkat.Rsa { EncodingMode = EncodingMode }; rsaEncryptor.ImportPrivateKey(privateKey); var encryptedSignContentHash = rsaEncryptor.EncryptStringENC(hashSigningContent, true); envolope.AddEncryptedHashForBody(encryptedSignContentHash); var symmetricKey = KeyStoreAdapter.GetSymmetricKeyForUser(SignatoryReference); var serializedSignedContent = JsonConvert.SerializeObject(envolope); var encryptedSignedString = Encrypt(serializedSignedContent, symmetricKey); return(SigningOutput.Create(encryptedSignedString, SignatoryReference)); }
public void WhenKeyNotFoundAndCreateNewIsFalse_ThenGetRsaKeyAsyncReturnsNull() { var adapter = new KeyStoreAdapter(); Assert.IsNull(adapter.CreateRsaKey( KeyName, CngKeyUsages.Signing, false, null)); }
public SigningEnvelope <T> DecryptSignedContent <T>(string encryptedSignedContent, string signatory) { var symmetricKey = KeyStoreAdapter.GetSymmetricKeyForUser(signatory); var decryptedEnvolope = Decrypt(encryptedSignedContent, symmetricKey); var decryptedContent = JsonConvert.DeserializeObject <SigningEnvelope <T> >(decryptedEnvolope); return(decryptedContent); }
public async Task WhenKeyNotFoundAndCreateNewIsFalse_ThenGetRsaKeyAsyncReturnsNull() { var adapter = new KeyStoreAdapter( CngProvider.MicrosoftSoftwareKeyStorageProvider, KeySize); Assert.IsNull(await adapter.CreateRsaKeyAsync( KeyName, CngKeyUsages.Signing, false, null)); }
public void WhenKeyNotFoundAndCreateNewIsTrue_ThenGetRsaKeyAsyncReturnsNewKey() { var adapter = new KeyStoreAdapter(); var key = adapter.CreateRsaKey( KeyName, CngKeyUsages.Signing, true, null); Assert.IsNotNull(key); Assert.AreEqual("RSA", key.SignatureAlgorithm); }
public async Task WhenKeyNotFoundAndCreateNewIsTrue_ThenGetRsaKeyAsyncReturnsNewKey() { var adapter = new KeyStoreAdapter( CngProvider.MicrosoftSoftwareKeyStorageProvider, KeySize); var key = await adapter.CreateRsaKeyAsync( KeyName, CngKeyUsages.Signing, true, null); Assert.IsNotNull(key); Assert.AreEqual("RSA", key.SignatureAlgorithm); }
public void WhenKeyExistsButUsageDoesNotMatch_ThenGetRsaKeyAsyncReturnsKey() { var adapter = new KeyStoreAdapter(); var key1 = adapter.CreateRsaKey( KeyName, CngKeyUsages.Signing, true, null); Assert.Throws <CryptographicException>( () => adapter.CreateRsaKey( KeyName, CngKeyUsages.Decryption, false, null)); }
public async Task WhenKeyExistsButUsageDoesNotMatch_ThenGetRsaKeyAsyncReturnsKey() { var adapter = new KeyStoreAdapter( CngProvider.MicrosoftSoftwareKeyStorageProvider, KeySize); var key1 = await adapter.CreateRsaKeyAsync( KeyName, CngKeyUsages.Signing, true, null); AssertEx.ThrowsAggregateException <CryptographicException>( () => adapter.CreateRsaKeyAsync( KeyName, CngKeyUsages.Decryption, false, null).Wait()); }
public void WhenKeyExists_ThenGetRsaKeyAsyncReturnsKey() { var adapter = new KeyStoreAdapter(); var key1 = adapter.CreateRsaKey( KeyName, CngKeyUsages.Signing, true, null); var key2 = adapter.CreateRsaKey( KeyName, CngKeyUsages.Signing, false, null); Assert.IsNotNull(key2); Assert.AreEqual(key1.ExportParameters(false).Modulus, key2.ExportParameters(false).Modulus); Assert.AreEqual(key1.ExportParameters(false).Exponent, key2.ExportParameters(false).Exponent); }
public async Task WhenKeyExists_ThenGetRsaKeyAsyncReturnsKey() { var adapter = new KeyStoreAdapter( CngProvider.MicrosoftSoftwareKeyStorageProvider, KeySize); var key1 = await adapter.CreateRsaKeyAsync( KeyName, CngKeyUsages.Signing, true, null); var key2 = await adapter.CreateRsaKeyAsync( KeyName, CngKeyUsages.Signing, false, null); Assert.IsNotNull(key2); Assert.AreEqual(key1.ExportParameters(false).Modulus, key2.ExportParameters(false).Modulus); Assert.AreEqual(key1.ExportParameters(false).Exponent, key2.ExportParameters(false).Exponent); }
public VerificationResult <string> VerifySignature(DigitalSignature <string> signature) { var verificationResults = new VerificationResult <string>(); var hashManager = new HashManager(); var envelope = DecryptSignedContent <string>(signature.SignedContent, signature.SignatoryReference); if (envelope == null) { verificationResults.SignatoryMatchedToSignature = false; return(verificationResults); } var hashCurrentBody = hashManager.HashContent(envelope.Body); var publicKey = KeyStoreAdapter.GetPublicKeyForUser(signature.SignatoryReference); // Decrypt hash with public key to ensure there is no tampering and content is still the same var rsaDecryptor = new Chilkat.Rsa { EncodingMode = EncodingMode }; rsaDecryptor.ImportPublicKey(publicKey); var decryptedoriginalHash = rsaDecryptor.DecryptStringENC(envelope.Header.EncryptedBodyHashSignature, false); var signitureMatch = hashCurrentBody == decryptedoriginalHash; verificationResults.IpAddress = envelope.Body?.IpAddress; verificationResults.SignatoryEmailAddress = envelope.Body?.EmailAddress; verificationResults.SignatoryMatchedToSignature = true; verificationResults.SignedContentMatchesToSignature = signitureMatch; verificationResults.ExpectedContent = signature.OriginalContent; verificationResults.SignedContent = envelope?.Body?.Content; return(verificationResults); }