/// <summary> /// Constructor to be used to factor a new RSA key pair. /// <param name="passphrase">Client secret password used to encrypt the /// private key.</param> /// <param name="overwriteExisting">Flag allowing or denying to replace /// an existing PEM file.</param> /// </summary> public RsaKeyPair(string passphrase, bool overwriteExisting) { if (!IsConfigured) { Configure(); } _overwriteExisting = overwriteExisting; AsymmetricCipherKeyPair keyPair = FactorKeyPair(); PrivateKeyInfo pkInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); _privateKey = new EncryptionKey(KeyType.RSAPrivate, Convert.ToBase64String(pkInfo.GetDerEncoded()).ToSecureString(), EncryptionParameters.KEY_GENERATION_START); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); _publicKey = new EncryptionKey(KeyType.RSAPublic, Convert.ToBase64String(info.GetDerEncoded()).ToSecureString(), EncryptionParameters.KEY_GENERATION_START); //// Encrypt private key info for later to be stored with the SavePrivateKeyAsPemFile method _pwd = passphrase.ToSecureString(); _privateKeyInfo = PrivateKeyFactory.CreateKey(pkInfo); keyPair = null; pkInfo = null; info = null; GC.Collect(); }
public GenerateKeysCommand() { Name = "generate-key"; Description = "Generate an RSA private and public key for usage as Licence generator"; this.HelpOption(); UsePagerForHelpText = false; OnExecute(() => { var keyGen = new RsaKeyPairGenerator(); keyGen.Init(new KeyGenerationParameters(new SecureRandom(), 4096)); var keyPair = keyGen.GenerateKeyPair(); PrivateKeyInfo pkInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); String privateKey = Convert.ToBase64String(pkInfo.GetDerEncoded()); var textWriter = new StreamWriter(new FileStream("./keys/private.pem", FileMode.Create)); var pemWriter = new PemWriter(textWriter); pemWriter.WriteObject(keyPair.Private); pemWriter.Writer.Flush(); textWriter.Close(); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); String publicKey = Convert.ToBase64String(info.GetDerEncoded()); var text2Writer = new StreamWriter(new FileStream("./keys/public.pub", FileMode.Create)); var pubWriter = new PemWriter(text2Writer); pubWriter.WriteObject(keyPair.Public); pubWriter.Writer.Flush(); text2Writer.Close(); Console.WriteLine("Public and private key generated successfully."); return(1); }); }
public void Generate() { var keyPair = GenerateKeyPair(); PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); PrivateKey = privateKeyInfo.GetDerEncoded(); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); PublicKey = publicKeyInfo.GetDerEncoded(); }
public KriptalKeyPair CreateKeyPair() { var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(new SecureRandom(), 2048)); var keyPair = kpgen.GenerateKeyPair(); PrivateKeyInfo pkInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); var privateKey = Convert.ToBase64String(pkInfo.GetDerEncoded()); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); var publicKey = Convert.ToBase64String(info.GetDerEncoded()); return(new KriptalKeyPair { PrivateKey = privateKey, PublicKey = publicKey }); }
public IEcKey GetSec1PrivateKeyAsPkcs8(byte[] sec1KeyContent) { var keySequence = (DerSequence)Asn1Object.FromByteArray(sec1KeyContent); var privateKeyPrimitive = (DerOctetString)keySequence[1]; var encodedOid = (DerTaggedObject)keySequence[2]; var d = new BigInteger(privateKeyPrimitive.GetOctets()); DerObjectIdentifier oid = DerObjectIdentifier.GetInstance(encodedOid.GetObject()); var key = new ECPrivateKeyParameters("EC", d, oid); int keyLength = GetKeyLength(key); ECCurve curve = key.Parameters.Curve; string curveName = curveNameMapper.MapCurveToName(curve); PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(key); return(new EcKey(privateKeyInfo.GetDerEncoded(), AsymmetricKeyType.Private, keyLength, curveName)); }
/// <summary> /// Constructor to be used to recover the existing RSA key pair and server /// signed certificate found on the local file system. /// </summary> /// <param name="passphrase">Passphrase for private key.</param> public RsaKeyPair(string passphrase) { if (!IsConfigured) { Configure(); } if (File.Exists(_clientPrivateKeyPemFile) && File.Exists(_clientCertPemFile)) { byte[] pkData = File.ReadAllBytes(_clientPrivateKeyPemFile); _pwd = passphrase.ToSecureString(); AsymmetricCipherKeyPair keyPair = PemDecodeKeyPair(pkData); // Generate key info's PrivateKeyInfo pkInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); _privateKey = new EncryptionKey(KeyType.RSAPrivate, Convert.ToBase64String(pkInfo.GetDerEncoded()).ToSecureString(), EncryptionParameters.KEY_GENERATION_START); _publicKey = new EncryptionKey(KeyType.RSAPublic, Convert.ToBase64String(info.GetDerEncoded()).ToSecureString(), EncryptionParameters.KEY_GENERATION_START); byte[] certData = File.ReadAllBytes(_clientCertPemFile); X509CertificateParser certParser = new X509CertificateParser(); _certificate = certParser.ReadCertificate(certData); pkData = null; certData = null; keyPair = null; pkInfo = null; info = null; _pwd = null; GC.Collect(); } else { throw new Exception("Cannot find the PEM formatted certificate or private key file"); } }
public async Task <RsaKeyPair> CreateKeyPair() { var kpgen = new RsaKeyPairGenerator(); var privateKey = string.Empty; var publicKey = string.Empty; kpgen.Init(new KeyGenerationParameters(new SecureRandom(), 2048)); await Task.Run(() => { var keyPair = kpgen.GenerateKeyPair(); PrivateKeyInfo pkInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); privateKey = Convert.ToBase64String(pkInfo.GetDerEncoded()); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); publicKey = Convert.ToBase64String(info.GetDerEncoded()); }); return(new RsaKeyPair { PrivateKey = privateKey, PublicKey = publicKey }); }
public byte[] GetBlob() { // get private key as byte array, and length of private key as byte array. PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(_keyPair.Private); byte[] priv = info.GetDerEncoded(); byte[] privLen = BitConverter.GetBytes((Int32)priv.Length); // get public key as byte array. AsymmetricKeyParameter pubKey = _keyPair.Public; SubjectPublicKeyInfo spki = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey); byte[] pub = spki.GetDerEncoded(); // output byte array uses first 4 bytes for the length of the base64 private key, // followed by the base64 private key, then the base64 public key. // this is a completely homegrown non-standard format; for testing only. byte[] result = new byte[privLen.Length + priv.Length + pub.Length]; privLen.CopyTo(result, 0); priv.CopyTo(result, privLen.Length); pub.CopyTo(result, privLen.Length + priv.Length); return(result); }
public IActionResult Index() { var id = _userManager.GetUserId(User); var user = _aadeDbIntegration.GetUser(id); // first time there is no public/private key pair for encryption // so generate now // generated keypair using RSA that is unique to this aade user // https://cryptobook.nakov.com/asymmetric-key-ciphers/the-rsa-cryptosystem-concepts if (string.IsNullOrEmpty(user.PrivateKey)) { var keyGenerator = new RsaKeyPairGenerator(); var param = new KeyGenerationParameters( new SecureRandom(), 4096); keyGenerator.Init(param); var keyPair = keyGenerator.GenerateKeyPair(); // need to save these keys in the db so must serialize into strings // https://stackoverflow.com/questions/22008337/generating-keypair-using-bouncy-castle PrivateKeyInfo pkInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); var aadeprivateKey = Convert.ToBase64String(pkInfo.GetDerEncoded()); var aadepublicKey = Convert.ToBase64String(info.GetDerEncoded()); user.PrivateKey = aadeprivateKey; user.PublicKey = aadepublicKey; _aadeDbIntegration.UpdateUser(user); } var model = new HomeViewModel(); var m = _messageDbIntegration.GetMessageForAadeUser(id); model.MyMessages = m; return(View(model)); }
/// <summary> /// Create random EC private key based on secp256r1 /// </summary> public static string CreatePrivateKey() { // creating private key SecureRandom secureRandom = new SecureRandom(); X9ECParameters ecParams = SecNamedCurves.GetByName("secp256r1"); ECDomainParameters ccdParams = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N, ecParams.H, ecParams.GetSeed()); ECKeyGenerationParameters keyGenParams = new ECKeyGenerationParameters(ccdParams, secureRandom); ECKeyPairGenerator generator = new ECKeyPairGenerator("ECDH"); generator.Init(keyGenParams); // getting public key AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair(); ECPrivateKeyParameters privParams = keyPair.Private as ECPrivateKeyParameters; PrivateKeyInfo privInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privParams); ECPoint q = privParams.Parameters.G.Multiply(privParams.D); ECPublicKeyParameters pubParams = new ECPublicKeyParameters(privParams.AlgorithmName, q, privParams.Parameters); SubjectPublicKeyInfo pubInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubParams); // ugly hack byte[] der = privInfo.GetDerEncoded(); byte[] privateKey = der.Skip(der.Length - 32).ToArray(); der = pubInfo.GetDerEncoded(); byte[] publicKey = der.Skip(der.Length - 65).ToArray(); // repack DER DerSequence seq = new DerSequence( new DerInteger(1), new DerOctetString(privateKey), new DerTaggedObject(0, new DerObjectIdentifier("1.2.840.10045.3.1.7")), new DerTaggedObject(1, new DerBitString(publicKey)) ); der = seq.GetDerEncoded(); return(Hex.ToHexString(der)); }
public void TestCertMangling() { string certString = @"MIICSjCCAdECCQDje/no7mXkVzAKBggqhkjOPQQDAjCBjjELMAkGA1UEBhMCVVMx EzARBgNVBAgMCkNhbGlmb3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDAS BgNVBAoMC0dvb2dsZSwgSW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEG CSqGSIb3DQEJARYUZ29sYW5nLWRldkBnbWFpbC5jb20wHhcNMTIwNTIxMDYxMDM0 WhcNMjIwNTE5MDYxMDM0WjCBjjELMAkGA1UEBhMCVVMxEzARBgNVBAgMCkNhbGlm b3JuaWExFjAUBgNVBAcMDU1vdW50YWluIFZpZXcxFDASBgNVBAoMC0dvb2dsZSwg SW5jMRcwFQYDVQQDDA53d3cuZ29vZ2xlLmNvbTEjMCEGCSqGSIb3DQEJARYUZ29s YW5nLWRldkBnbWFpbC5jb20wdjAQBgcqhkjOPQIBBgUrgQQAIgNiAARRuzRNIKRK jIktEmXanNmrTR/q/FaHXLhWRZ6nHWe26Fw7Rsrbk+VjGy4vfWtNn7xSFKrOu5ze qxKnmE0h5E480MNgrUiRkaGO2GMJJVmxx20aqkXOk59U8yGA4CghE6MwCgYIKoZI zj0EAwIDZwAwZAIwBZEN8gvmRmfeP/9C1PRLzODIY4JqWub2PLRT4mv9GU+yw3Gr PU9A3CHMdEcdw/MEAjBBO1lId8KOCh9UZunsSMfqXiVurpzmhWd6VYZ/32G+M+Mh 3yILeYQzllt/g0rKVRk="; X509Certificate2 c = new X509Certificate2(); c.Import(Convert.FromBase64String(certString)); Assert.AreEqual("[email protected], CN=www.google.com, O=\"Google, Inc\", L=Mountain View, S=California, C=US", c.Issuer); //Assert.AreEqual("CN=Microsoft Corporate Root CA, O=Microsoft Corporation", c.Subject); Assert.AreEqual("X509", c.GetFormat()); Assert.AreEqual("1.2.840.10045.2.1", c.GetKeyAlgorithm()); Assert.AreEqual("06052B81040022", c.GetKeyAlgorithmParametersString()); Assert.AreEqual("ECC", c.PublicKey.Oid.FriendlyName); ECDiffieHellmanPublicKey certKey = CryptoUtils.ImportEccPublicKeyFromCertificate(c); //Console.WriteLine(certKey.ToXmlString()); // https://blogs.msdn.microsoft.com/shawnfa/2007/01/22/elliptic-curve-diffie-hellman/ // http://stackoverflow.com/questions/11266711/using-cngkey-to-generate-rsa-key-pair-in-pem-dkim-compatible-using-c-simi { string input = "eyJhbGciOiJFUzM4NCIsIng1dSI6Ik1IWXdFQVlIS29aSXpqMENBUVlGSzRFRUFDSURZZ0FFN25uWnBDZnhtQ3JTd0RkQnY3ZUJYWE10S2hyb3hPcmlFcjNobU1PSkF1dy9acFFYajFLNUdHdEhTNENwRk50dGQxSllBS1lvSnhZZ2F5a3BpZTBFeUF2M3FpSzZ1dElIMnFuT0F0M1ZOclFZWGZJWkpTL1ZSZTNJbDhQZ3U5Q0IifQo.eyJleHAiOjE0NjQ5ODM4NDUsImV4dHJhRGF0YSI6eyJkaXNwbGF5TmFtZSI6Imd1cnVueCIsImlkZW50aXR5IjoiYWY2ZjdjNWUtZmNlYS0zZTQzLWJmM2EtZTAwNWU0MDBlNTc4In0sImlkZW50aXR5UHVibGljS2V5IjoiTUhZd0VBWUhLb1pJemowQ0FRWUZLNEVFQUNJRFlnQUU3bm5acENmeG1DclN3RGRCdjdlQlhYTXRLaHJveE9yaUVyM2htTU9KQXV3L1pwUVhqMUs1R0d0SFM0Q3BGTnR0ZDFKWUFLWW9KeFlnYXlrcGllMEV5QXYzcWlLNnV0SUgycW5PQXQzVk5yUVlYZklaSlMvVlJlM0lsOFBndTlDQiIsIm5iZiI6MTQ2NDk4Mzg0NH0K.4OrvYYbX09iwOkz-7_N_5yEejuATcUogEbe69fB-kr7r6sH_qSu6bxp9L64SEgABb0rU7tyYCLVnaCSQjd9Dvb34WI9EducgOPJ92qHspcpXr7j716LDfhZE31ksMtWQ"; ECDiffieHellmanPublicKey rootKey = CryptoUtils.CreateEcDiffieHellmanPublicKey("MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE8ELkixyLcwlZryUQcu1TvPOmI2B7vX83ndnWRUaXm74wFfa5f/lwQNTfrLVHa2PmenpGI6JhIMUJaWZrjmMj90NoKNFSNBuKdm8rYiXsfaz3K36x/1U26HpG0ZxK/V1V"); Console.WriteLine($"Root Public Key:\n{rootKey.ToXmlString()}"); CngKey key = CngKey.Import(rootKey.ToByteArray(), CngKeyBlobFormat.EccPublicBlob); Console.WriteLine("Key family: " + key.AlgorithmGroup); // "identityPublicKey": "MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7nnZpCfxmCrSwDdBv7eBXXMtKhroxOriEr3hmMOJAuw/ZpQXj1K5GGtHS4CpFNttd1JYAKYoJxYgaykpie0EyAv3qiK6utIH2qnOAt3VNrQYXfIZJS/VRe3Il8Pgu9CB", var newKey = CryptoUtils.ImportECDsaCngKeyFromString("MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7nnZpCfxmCrSwDdBv7eBXXMtKhroxOriEr3hmMOJAuw/ZpQXj1K5GGtHS4CpFNttd1JYAKYoJxYgaykpie0EyAv3qiK6utIH2qnOAt3VNrQYXfIZJS/VRe3Il8Pgu9CB"); string decoded = JWT.Decode(input, newKey); //Assert.AreEqual("", decoded); //ECDsaCng t = new ECDsaCng(); //t.HashAlgorithm = CngAlgorithm.ECDiffieHellmanP384; //t.KeySize = 384; //byte[] test = t.Key.Export(CngKeyBlobFormat.EccPublicBlob); //Assert.AreEqual(test, newKey); //string decoded = JWT.Decode(input, t.Key); } // Private key (in reality this is not necessary since we will generate it) AsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(Base64Url.Decode("MB8CAQAwEAYHKoZIzj0CAQYFK4EEACIECDAGAgEBBAEB")); PrivateKeyInfo privKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey); byte[] derKey = privKeyInfo.GetDerEncoded(); CngKey privCngKey = CngKey.Import(derKey, CngKeyBlobFormat.Pkcs8PrivateBlob); Console.WriteLine(privKeyInfo.PrivateKeyAlgorithm.Algorithm); Console.WriteLine(privCngKey.Algorithm.Algorithm); // Public key ECDiffieHellmanPublicKey clientKey = CryptoUtils.CreateEcDiffieHellmanPublicKey("MHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEDEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyodFH+wO0dEr4GM1WoaWog8xsYQ6mQJAC0eVpBM96spUB1eMN56+BwlJ4H3Qx4TAvAs"); // EC key to generate shared secret ECDiffieHellmanCng ecKey = new ECDiffieHellmanCng(privCngKey); ecKey.HashAlgorithm = CngAlgorithm.Sha256; ecKey.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash; ecKey.SecretPrepend = new byte[128]; // Server token //ecKey.SecretPrepend = new byte[0]; // Server token Console.WriteLine(ecKey.HashAlgorithm); Console.WriteLine(ecKey.KeyExchangeAlgorithm); byte[] secret = ecKey.DeriveKeyMaterial(clientKey); Console.WriteLine(Package.HexDump(secret)); Console.WriteLine(Package.HexDump(Base64Url.Decode("ZOBpyzki/M8UZv5tiBih048eYOBVPkQE3r5Fl0gmUP4="))); Console.WriteLine(Package.HexDump(Base64Url.Decode("DEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyod"))); //Console.WriteLine(Package.HexDump(Base64Url.Decode("DEKneqEvcqUqqFMM1HM1A4zWjJC+I8Y+aKzG5dl+6wNOHHQ4NmG2PEXRJYhujyod"))); }
public FirstTimeSetup() { InitializeComponent(); //create the password entry view PasswordEntryView pep = new PasswordEntryView(); pep.OnSave += new EventHandler((o, e) => { //get the public key ASN1 SubjectPublicKeyInfo pubki = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(m_keypair.Public); //get the private key ASN1 PrivateKeyInfo privki = PrivateKeyInfoFactory.CreatePrivateKeyInfo(m_keypair.Private); //encrypt the private key byte[] encPrivKey = Crypto.EncryptKey(privki.GetDerEncoded(), pep.Text); m_keypair = null; //delete the old notebooks if (Directory.Exists(NoteManager.GetNotebookDir())) { Directory.Delete(NoteManager.GetNotebookDir(), true); } //save the keys to file KeyManager.SaveKeys(encPrivKey, pubki.GetDerEncoded()); //erase the data Eraser.SecureErase(encPrivKey); //ask if the user wants to use a fingerprint IFingerprint fp = FingerprintFactory.GetInstance(); fp.InitReader(); if (fp.IsReady()) { Application.Current.MainPage = new FingerprintPage(new EventHandler((oo, ee) => { byte[] data = (byte[])oo; //page returns the encrypted password if (data != null) { //only if was not skipped //encrypt the password and save it ConfigFactory.GetInstance().EncryptedPassword = data; ConfigFactory.GetInstance().UseFingerprint = true; } else { ConfigFactory.GetInstance().EncryptedPassword = new byte[] { 0 }; ConfigFactory.GetInstance().UseFingerprint = false; } //trigger the setup complete event if (OnSetupComplete != null) { OnSetupComplete(this, new EventArgs()); } }), fp, pep.Text); } else { //trigger the setup complete event if (OnSetupComplete != null) { OnSetupComplete(this, new EventArgs()); } } }); //create the activity indicator layout StackLayout actLayout = new StackLayout() { VerticalOptions = LayoutOptions.CenterAndExpand }; ActivityIndicator actInd = new ActivityIndicator();; actLayout.Children.Add(actInd); actLayout.Children.Add(new Label() { Text = "Generating key pair", TextColor = Color.DarkGray, HorizontalTextAlignment = TextAlignment.Center }); TapRandomizer tapRnd = new TapRandomizer(); tapRnd.OnRandomized += new EventHandler((o, e) => { m_seed = tapRnd.Seed; //show wait animation actInd.IsRunning = true; this.Content = actLayout; //generate the key pair Crypto.StartGenerateKeypair(m_seed, new Crypto.GenCompleteEventHandler((keypair) => { m_keypair = keypair; //hide wait animation actInd.IsRunning = false; //show the password entry page this.Content = pep; })); }); this.Content = tapRnd; }