static void RsaDecrypt(string data, string keyContainerName, string keyFilePath, CspProviderFlags flags, bool showHelp) { if (showHelp) { List <Parameter> parms = new List <Parameter> { new Parameter { Key = "data", Type = typeof(string), HelpText = "Text to decrypt" }, new Parameter { Key = "[kcn]", Type = typeof(string), HelpText = "Key container name" }, new Parameter { Key = "[keyFile]", Type = typeof(string), HelpText = "Path to key file" } }; ConsoleColor defaultColor = Console.ForegroundColor; Console_WriteLine($"Parameter options for Rsa decrypt:\r\n", ConsoleColor.Green); WriteMethodParametersHelp(parms); Console.WriteLine("\r\nNote:"); Console.WriteLine("Specify either key container name or path to key file."); Console.ForegroundColor = defaultColor; } else { Console.WriteLine("Decrypting data using Rsa algorithm.\r\n"); Console.WriteLine(RsaHelpers.Decrypt(keyContainerName: keyContainerName, filePath: keyFilePath, flags: flags, value: data)); } }
public void EncryptDecrypt_FromFile() { RsaHelpers.GenerateRsaKeys(pubPrivFilePath: _pubPrivFilePath, pubOnlyFilePath: _pubOnlyFilePath); string _cipherText = RsaHelpers.Encrypt(filePath: _pubOnlyFilePath, value: _plainText); Assert.AreEqual(_plainText, RsaHelpers.Decrypt(filePath: _pubPrivFilePath, value: _cipherText)); }
public static void CheckCertAuthority(string caPath = "") { if (string.IsNullOrWhiteSpace(caPath)) { caPath = CertManager.caPath; } if (_certAuthority == null) { if (string.IsNullOrWhiteSpace(caPath)) { caPath = $"{Environment.MachineName}.ca"; } else if (!caPath.ToLower().Contains(".ca")) { caPath = Path.Combine(caPath, $"{Environment.MachineName}.ca"); } var privCaKeyPath = caPath.ToLower().Replace(".ca", ".privkey"); if (String.IsNullOrWhiteSpace(_certificateAuthorityPrivateKey)) { _certificateAuthorityPrivateKey = File.ReadAllText($"{privCaKeyPath}"); } string caPrivKey = _certificateAuthorityPrivateKey; _certAuthority = (AsymmetricCipherKeyPair)RsaHelpers.PemDeserialize(caPrivKey); } if (String.IsNullOrWhiteSpace(_certificateAuthorityPublicKey)) { _certificateAuthorityPublicKey = RsaHelpers.PemSerialize(_certAuthority.Public); } }
public static (string certAuthority, string clientPrivateKey, byte[] clientSignKey) GenerateKeys(string caPath = "") { CheckCertAuthority(caPath); logger.Trace("Generating new keys.."); var key = new RSACryptoServiceProvider(2048); var parameters = key.ExportParameters(true); var pair = DotNetUtilities.GetRsaKeyPair(parameters); string pub = RsaHelpers.PemSerialize(pair.Public); string priv = RsaHelpers.PemSerialize(pair); if (_certAuthority != null) { logger.Trace("Signing keys.."); var signature = RsaHelpers.SignData(Encoding.UTF8.GetBytes(pub), _certAuthority); logger.Trace("Verifying key signature..."); if (RsaHelpers.VerifyData(Encoding.UTF8.GetBytes(pub), signature, _certAuthority)) { logger.Trace("Signature validated!"); return(_certificateAuthorityPublicKey, priv, signature); } logger.Error("Signature validation failed!"); } return(null, null, null); }
public void Encrypt_NullAndEmptyInputs() { Assert.Throws <ArgumentException>(() => RsaHelpers.Encrypt()); Assert.Throws <ArgumentException>(() => RsaHelpers.Encrypt(filePath: _pubOnlyFilePath)); Assert.Throws <ArgumentException>(() => RsaHelpers.Encrypt(keyContainerName: _kcn)); Assert.Throws <ArgumentException>(() => RsaHelpers.Encrypt(value: _plainText)); Assert.Throws <ArgumentException>(() => RsaHelpers.Encrypt(filePath: _pubOnlyFilePath, value: string.Empty)); }
public void EncryptDecrypt_FromContainer() { RsaHelpers.GenerateRsaKeys(keyContainerName: _kcn); string _encryptedText = RsaHelpers.Encrypt(keyContainerName: _kcn, value: _plainText); Assert.AreEqual(_plainText, RsaHelpers.Decrypt(keyContainerName: _kcn, value: _encryptedText)); Assert.Throws <FormatException>(() => RsaHelpers.Decrypt(keyContainerName: _kcn, value: _encryptedText + "x")); }
public void EncryptDecrypt_FromFile_LongKey() { RsaHelpers.GenerateRsaKeys(pubPrivFilePath: _pubPrivFilePath, pubOnlyFilePath: _pubOnlyFilePath, keySize: 16384); _plainText = "password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__password__"; string _cipherText = RsaHelpers.Encrypt(filePath: _pubOnlyFilePath, value: _plainText); Assert.AreEqual(_plainText, RsaHelpers.Decrypt(filePath: _pubPrivFilePath, value: _cipherText)); }
static void RsaGenKey(string keyContainerName, string keyFile, int keySize, bool showHelp) { if (showHelp) { List <Parameter> parms = new List <Parameter> { new Parameter { Key = "[kcn]", Type = typeof(string), HelpText = "Key container name" }, new Parameter { Key = "[keyFile]", Type = typeof(string), HelpText = "Path to key files" }, new Parameter { Key = "[keySize]", Type = typeof(int), HelpText = "Key size" } }; ConsoleColor defaultColor = Console.ForegroundColor; Console_WriteLine($"Parameter options for Rsa genkey:\r\n", ConsoleColor.Green); WriteMethodParametersHelp(parms); Console.WriteLine("\r\nNote:"); Console.WriteLine("Specify either key container name or path to key files.\r\n"); Console.WriteLine("If keyFile is specified, action will create the following 2 files:"); Console.WriteLine("1. {keyFile}.pubPriv (public and private key)"); Console.WriteLine("2. {keyFile}.pubOnly (public key only)"); Console.ForegroundColor = defaultColor; } else { Console.WriteLine("Generating Rsa key pair.\r\n"); if (string.IsNullOrWhiteSpace(keyFile)) { RsaHelpers.GenerateRsaKeys(keyContainerName: keyContainerName, keySize: keySize); } else { RsaHelpers.GenerateRsaKeys(keyContainerName: keyContainerName, pubPrivFilePath: $"{keyFile}.pubPriv", pubOnlyFilePath: $"{keyFile}.pubOnly", keySize: keySize); } if (!string.IsNullOrWhiteSpace(keyContainerName)) { Console.WriteLine($"Created public/private keypair in user profile key store."); } if (!string.IsNullOrWhiteSpace(keyFile)) { Console.WriteLine($"Created public/private keypair in [{keyFile}.pubPriv]."); Console.WriteLine($"Created public key (only) in [{keyFile}.pubOnly]."); } } }
public void GenerateRsaKeys_FileOnly() { if (File.Exists(_pubPrivFilePath)) { File.Delete(_pubPrivFilePath); } if (File.Exists(_pubOnlyFilePath)) { File.Delete(_pubOnlyFilePath); } RsaHelpers.GenerateRsaKeys((string)null, _pubPrivFilePath, _pubOnlyFilePath); Assert.IsTrue(File.Exists(_pubPrivFilePath)); Assert.IsTrue(File.Exists(_pubOnlyFilePath)); }
public void GenerateRsaKeys_ContainerAndFile() { if (File.Exists(_pubPrivFilePath)) { File.Delete(_pubPrivFilePath); } if (File.Exists(_pubOnlyFilePath)) { File.Delete(_pubOnlyFilePath); } RsaHelpers.GenerateRsaKeys(_kcn, _pubPrivFilePath, _pubOnlyFilePath); Assert.IsTrue(RsaHelpers.KeyContainerExists(_kcn)); Assert.IsTrue(File.Exists(_pubPrivFilePath)); Assert.IsTrue(File.Exists(_pubOnlyFilePath)); }
public static void GenerateCertificateAuthority(string caPath = "") { string privCaKeyPath; if (string.IsNullOrWhiteSpace(caPath)) { caPath = CertManager.caPath; } if (string.IsNullOrWhiteSpace(caPath)) { caPath = $"{Environment.MachineName}.ca"; } else if (!caPath.ToLower().Contains(".ca")) { caPath = Path.Combine(caPath, $"{Environment.MachineName}.ca"); } privCaKeyPath = caPath.ToLower().Replace(".ca", ".privkey"); // This is the CA pub/priv key. If they don't exist for this machine, create new ones.. if (!File.Exists($"{caPath}") || !File.Exists($"{privCaKeyPath}")) { logger.Info("CA files don't exist, generating.."); var CertificateAuthority = new RSACryptoServiceProvider(2048); var parameters = CertificateAuthority.ExportParameters(true); var pair = DotNetUtilities.GetRsaKeyPair(parameters); //write the CA pub/priv keys WriteFile($"{caPath}", RsaHelpers.PemSerialize(pair.Public)); WriteFile($"{privCaKeyPath}", RsaHelpers.PemSerialize(pair)); _certificateAuthorityPrivateKey = RsaHelpers.PemSerialize(pair); _certificateAuthorityPublicKey = RsaHelpers.PemSerialize(pair.Public); } CheckCertAuthority(caPath); return; }
public static RsaKeyParameters RetrievePublicCertificateByHash(string hash) { if (_knownCertificates == null) { LoadKnownCertificates(); } lock (_knownCertificateLock) { var item = _knownCertificates.FirstOrDefault(x => x.hash == hash); if (item != null) { return((RsaKeyParameters)RsaHelpers.PemDeserialize(item.publicKey)); } else { return(null); } } }
private static void Main(string[] args) { string action = ""; string ca_path = ""; string key_name = ""; BifrostNext.BifrostLSF.Utilities.LogVersion(); OptionSet set = new OptionSet(); set = new OptionSet() { { "action=", "Sets the action.", a => action = a.ToLower() }, { "ca|ca-path=", "Sets the certificate authority file name.", c => ca_path = c }, { "k|key|key-name=", "Sets the key file name(also used for signature file paths).", k => key_name = k }, { "?|h|help", "Shows help.", h => ShowHelp(set) } }; set.Parse(args); if (string.IsNullOrWhiteSpace(ca_path) && (action == "generate-ca" || action == "sign-key")) { Console.WriteLine("You have to specify a valid filename using --ca when using {0}!", action); Console.WriteLine("Try certmanager --help for more info."); return; } if (string.IsNullOrWhiteSpace(key_name) && (action == "generate-key" || action == "sign-key")) { Console.WriteLine("You have to specify a valid key name using --key-name when using {0}!", action); Console.WriteLine("Try certmanager --help for more info."); return; } AsymmetricCipherKeyPair Pair = null; if (action == "sign-key" || action == "generate-key") { if (!File.Exists(ca_path)) { ca_path += ".privkey"; if (!File.Exists(ca_path)) { Console.WriteLine("Invalid file path \"{0}\".", ca_path); return; } } Console.Write("Importing certificate authority from \"{0}\"...", ca_path); string pubkey = File.ReadAllText(ca_path); var pair = RsaHelpers.PemDeserialize(pubkey); Console.WriteLine("done."); if (pair is AsymmetricKeyParameter) { Console.WriteLine("The certificate authority file you have specified only contains the public key. When using sign-key, you have to use the .privkey file, not the .ca file."); Console.WriteLine("Exiting."); return; } Pair = (AsymmetricCipherKeyPair)pair; } switch (action) { case "generate-ca": { Console.WriteLine("Generating new RSA-2048 keypair..."); var CertificateAuthority = new RSACryptoServiceProvider(2048); var parameters = CertificateAuthority.ExportParameters(true); var pair = DotNetUtilities.GetRsaKeyPair(parameters); WriteFile(string.Format("{0}.ca", ca_path), RsaHelpers.PemSerialize(pair.Public)); WriteFile(string.Format("{0}.privkey", ca_path), RsaHelpers.PemSerialize(pair)); break; } case "generate-key": { Console.WriteLine("Generating new RSA-2048 keypair..."); var key = new RSACryptoServiceProvider(2048); var parameters = key.ExportParameters(true); var pair = DotNetUtilities.GetRsaKeyPair(parameters); string pub = RsaHelpers.PemSerialize(pair.Public); string priv = RsaHelpers.PemSerialize(pair); Console.WriteLine("Saving keypair..."); WriteFile(string.Format("{0}.privkey", key_name), priv); WriteFile(string.Format("{0}.pub", key_name), pub); if (Pair != null) { Console.WriteLine("Signing keypair..."); var signature = RsaHelpers.SignData(Encoding.UTF8.GetBytes(pub), Pair); WriteFile(string.Format("{0}.sign", key_name), signature); Console.WriteLine("Verifying signature..."); if (!RsaHelpers.VerifyData(Encoding.UTF8.GetBytes(pub), signature, Pair)) { Console.WriteLine("Failed!"); } } break; } case "sign-key": { if (!File.Exists(key_name)) { key_name += ".pub"; if (!File.Exists(key_name)) { Console.WriteLine("Invalid file path \"{0}\".", key_name); return; } } Console.WriteLine("Reading public key from \"{0}\"...", key_name); string pub = File.ReadAllText(key_name); Console.WriteLine("Signing key..."); var signature = RsaHelpers.SignData(Encoding.UTF8.GetBytes(pub), Pair); Console.WriteLine("Saving signature..."); if (key_name.Split('/', '\\').Last().Contains(".")) { key_name = string.Join(".", key_name.Split('.').Where(str => !key_name.EndsWith(str))); } key_name += ".sign"; WriteFile(key_name, signature); break; } default: ShowHelp(set); break; } Console.WriteLine("CertManager done. Exiting..."); }
public void Decrypt_withPubOnlyKey() { RsaHelpers.GenerateRsaKeys(pubOnlyFilePath: _pubOnlyFilePath); Assert.Throws <CryptographicException>(() => RsaHelpers.Decrypt(filePath: _pubOnlyFilePath, value: _encryptedText)); }
public void Encrypt_UsingCspFlagsUseExistingKey_InvalidKey() { Assert.Throws <CryptographicException>(() => RsaHelpers.Encrypt(keyContainerName: "nosuchkeycontainername", flags: CspProviderFlags.UseExistingKey, value: _plainText)); Assert.Throws <CryptographicException>(() => RsaHelpers.Decrypt(keyContainerName: "nosuchkeycontainername", flags: CspProviderFlags.UseExistingKey, value: _encryptedText)); }
public void Decrypt_BadValue() { RsaHelpers.GenerateRsaKeys(pubPrivFilePath: _pubPrivFilePath); Assert.Throws <FormatException>(() => RsaHelpers.Decrypt(filePath: _pubPrivFilePath, value: _encryptedText + "x")); }
public void Decrypt_FromContainer_InvalidContainerName() { Assert.Throws <CryptographicException>(() => RsaHelpers.Decrypt(keyContainerName: "nosuchcontainer", value: _encryptedText)); }
public void Encrypt_FromFile_BadFile() { Assert.Throws <DirectoryNotFoundException>(() => RsaHelpers.Encrypt(filePath: _badFilePath, value: _plainText)); }
public void GenerateRsaKeys_NullAndEmptyInputs() { Assert.Throws <ArgumentException>(() => RsaHelpers.GenerateRsaKeys((string)null, null, null)); Assert.Throws <ArgumentException>(() => RsaHelpers.GenerateRsaKeys(string.Empty, string.Empty, string.Empty)); }
public void GenerateRsaKeys_FileOnly_BadPath() { Assert.Throws <DirectoryNotFoundException>(() => RsaHelpers.GenerateRsaKeys((string)null, _badFilePath, null)); Assert.Throws <DirectoryNotFoundException>(() => RsaHelpers.GenerateRsaKeys((string)null, null, _badFilePath)); }