/// <summary> /// Adds an elliptic-curve private key on the NIST P-256 curve. Multiple private keys can be added to support /// graceful key rotations. /// </summary> /// <param name="privateKey">Elliptic-curve private key</param> public void AddPrivateKey(ECPrivateKeyParameters privateKey) { if (!KeyParser.ValidateCurve(privateKey)) { throw new ArgumentException("Invalid private key format or not on NIST P-256 curve", "privateKey"); } _privateKeys.Add(privateKey); }
public DerivedKeys Derive(ECPrivateKeyParameters privateKey, string ephemeralPublicKey) { byte[] publicKeyBytes = Base64.Decode(ephemeralPublicKey); ECPublicKeyParameters publicKey = KeyParser.ParsePublicKey(publicKeyBytes); byte[] sharedSecret = ComputeSharedSecret(privateKey, publicKey); byte[] ikm = publicKeyBytes.Concat(sharedSecret).ToArray(); return(new DerivedKeys(ComputeHkdf(ikm), _symmetricKeySize, _macKeySize)); }
internal static byte[] ComputeSharedSecret(ECPrivateKeyParameters privateKey, ECPublicKeyParameters publicKey) { if (!KeyParser.ValidateCurve(privateKey)) { throw new ArgumentException("Private key not on NIST P-256 curve", "privateKey"); } if (!KeyParser.ValidateCurve(publicKey)) { throw new ArgumentException("Public key not on NIST P-256 curve", "publicKey"); } var ecdhAgreement = new ECDHBasicAgreement(); ecdhAgreement.Init(privateKey); BigInteger secret = ecdhAgreement.CalculateAgreement(publicKey); return(BigIntegers.AsUnsignedByteArray(SharedSecretSize, secret)); }
/// <summary> /// Adds an Elliptic Curve private key on the NIST P-256 curve. Multiple private keys can be added to support /// graceful key rotations. /// </summary> /// <param name="privateKeyBytes">Elliptic-curve private key encoded in the ASN.1 byte format</param> public void AddPrivateKey(byte[] privateKeyBytes) => _privateKeys.Add(KeyParser.ParsePrivateKeyDer(privateKeyBytes));