/** * add a signer - no attributes other than the default ones will be * provided here. * * @param key signing key to use * @param cert certificate containing corresponding public key * @param digestOID digest algorithm OID */ public void AddSigner( AsymmetricKeyParameter privateKey, X509Certificate cert, string digestOID) { AddSigner(privateKey, cert, GetEncOid(privateKey, digestOID), digestOID); }
public virtual void ProcessServerCertificate(Certificate serverCertificate) { if (tlsSigner == null) { throw new TlsFatalAlert(AlertDescription.unexpected_message); } X509CertificateStructure x509Cert = serverCertificate.certs[0]; SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo); } // catch (RuntimeException) catch (Exception) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } if (!tlsSigner.IsValidPublicKey(this.serverPublicKey)) { throw new TlsFatalAlert(AlertDescription.certificate_unknown); } TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); // TODO /* * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the * signing algorithm for the certificate must be the same as the algorithm for the * certificate key." */ }
/// <summary> /// Generate a new X509Certificate specifying a SecureRandom instance that you would like to use. /// </summary> /// <param name="privateKey">The private key of the issuer used to sign this certificate.</param> /// <param name="random">The Secure Random you want to use.</param> /// <returns>An X509Certificate.</returns> public X509Certificate Generate( AsymmetricKeyParameter privateKey, SecureRandom random) { TbsCertificateStructure tbsCert = tbsGen.GenerateTbsCertificate(); byte[] signature; try { signature = X509Utilities.GetSignatureForObject( sigOID, signatureAlgorithm, privateKey, random, tbsCert); } catch (Exception e) { // TODO // throw new ExtCertificateEncodingException("exception encoding TBS cert", e); throw new CertificateEncodingException("exception encoding TBS cert", e); } try { return GenerateJcaObject(tbsCert, signature); } catch (CertificateParsingException e) { // TODO // throw new ExtCertificateEncodingException("exception producing certificate object", e); throw new CertificateEncodingException("exception producing certificate object", e); } }
private X509Certificate Create(CertificateRequest request, AsymmetricKeyParameter key) { try { var certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.ProbablePrime(128, new SecureRandom())); certGen.SetIssuerDN(new X509Name(_issuer)); certGen.SetNotBefore(request.NotBefore); certGen.SetNotAfter(request.NotAfter); certGen.SetSubjectDN(new X509Name(_subject)); certGen.SetPublicKey(_subjectPublicKey.PublicAsymmetricKey); certGen.SetSignatureAlgorithm("SHA1WITHRSA"); certGen.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(true)); return certGen.Generate(key); } catch (Exception e) { throw new SecularException("Error generating certificate: " + e.Message, e); } }
public byte[] CalculateRawSignature(AsymmetricKeyParameter privateKey, byte[] md5andsha1) { ISigner sig = new GenericSigner(new Pkcs1Encoding(new RsaBlindedEngine()), new NullDigest()); sig.Init(true, privateKey); sig.BlockUpdate(md5andsha1, 0, md5andsha1.Length); return sig.GenerateSignature(); }
public virtual void ProcessServerCertificate(Certificate serverCertificate) { X509CertificateStructure x509Cert = serverCertificate.certs[0]; SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo); } // catch (RuntimeException) catch (Exception) { throw new TlsFatalAlert(AlertDescription.unsupported_certificate); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.IsPrivate) { throw new TlsFatalAlert(AlertDescription.internal_error); } this.rsaServerPublicKey = ValidateRsaPublicKey((RsaKeyParameters)this.serverPublicKey); TlsUtilities.ValidateKeyUsage(x509Cert, KeyUsage.KeyEncipherment); // TODO /* * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the * signing algorithm for the certificate must be the same as the algorithm for the * certificate key." */ }
private AsymmetricKeyParameter GetSenderPublicKey( AsymmetricKeyParameter receiverPrivateKey, OriginatorIdentifierOrKey originator) { OriginatorPublicKey opk = originator.OriginatorPublicKey; if (opk != null) { return GetPublicKeyFromOriginatorPublicKey(receiverPrivateKey, opk); } OriginatorID origID = new OriginatorID(); Asn1.Cms.IssuerAndSerialNumber iAndSN = originator.IssuerAndSerialNumber; if (iAndSN != null) { origID.Issuer = iAndSN.Name; origID.SerialNumber = iAndSN.SerialNumber.Value; } else { SubjectKeyIdentifier ski = originator.SubjectKeyIdentifier; origID.SubjectKeyIdentifier = ski.GetKeyIdentifier(); } return GetPublicKeyFromOriginatorID(origID); }
internal SignerInfoGeneratorImpl( CmsSignedDataStreamGenerator outer, AsymmetricKeyParameter key, SignerIdentifier signerIdentifier, string digestOID, string encOID, CmsAttributeTableGenerator sAttr, CmsAttributeTableGenerator unsAttr) { this.outer = outer; _signerIdentifier = signerIdentifier; _digestOID = digestOID; _encOID = encOID; _sAttr = sAttr; _unsAttr = unsAttr; _encName = Helper.GetEncryptionAlgName(_encOID); string digestName = Helper.GetDigestAlgName(_digestOID); string signatureName = digestName + "with" + _encName; if (_sAttr != null) { _sig = Helper.GetSignatureInstance(signatureName); } else { // Note: Need to use raw signatures here since we have already calculated the digest if (_encName.Equals("RSA")) { _sig = Helper.GetSignatureInstance("RSA"); } else if (_encName.Equals("DSA")) { _sig = Helper.GetSignatureInstance("NONEwithDSA"); } // TODO Add support for raw PSS // else if (_encName.equals("RSAandMGF1")) // { // _sig = CMSSignedHelper.INSTANCE.getSignatureInstance("NONEWITHRSAPSS", _sigProvider); // try // { // // Init the params this way to avoid having a 'raw' version of each PSS algorithm // Signature sig2 = CMSSignedHelper.INSTANCE.getSignatureInstance(signatureName, _sigProvider); // PSSParameterSpec spec = (PSSParameterSpec)sig2.getParameters().getParameterSpec(PSSParameterSpec.class); // _sig.setParameter(spec); // } // catch (Exception e) // { // throw new SignatureException("algorithm: " + _encName + " could not be configured."); // } // } else { throw new SignatureException("algorithm: " + _encName + " not supported in base signatures."); } } _sig.Init(true, new ParametersWithRandom(key, outer.rand)); }
//Generates and returns a new transaction from this wallet. public Transaction sendFunds(Org.BouncyCastle.Crypto.AsymmetricKeyParameter _recipient, float value) { if (getBalance() < value) { //gather balance and check funds. Console.WriteLine("#Not Enough funds to send transaction. Transaction Discarded."); return(null); } //create array list of inputs List <TransactionInput> inputs = new List <TransactionInput>(); float total = 0; foreach (KeyValuePair <string, TransactionOutput> item in UTXOs) { TransactionOutput UTXO = item.Value; total += UTXO.value; inputs.Add(new TransactionInput(UTXO.id)); if (total > value) { break; } } Transaction newTransaction = new Transaction(publicKey, _recipient, value, inputs); newTransaction.generateSignature(privateKey); foreach (TransactionInput input in inputs) { UTXOs.Remove(input.transactionOutputId); } return(newTransaction); }
public AsymmetricKeyEntry( AsymmetricKeyParameter key, Hashtable attributes) : base(attributes) { this.key = key; }
/// <summary> /// Initializes a new instance of the <see cref="MimeKit.Cryptography.CmsSigner"/> class. /// </summary> /// <remarks> /// <para>The initial value of the <see cref="DigestAlgorithm"/> will be set to /// <see cref="MimeKit.Cryptography.DigestAlgorithm.Sha1"/> and both the /// <see cref="SignedAttributes"/> and <see cref="UnsignedAttributes"/> properties /// will be initialized to empty tables.</para> /// </remarks> /// <param name="chain">The chain of certificates starting with the signer's certificate back to the root.</param> /// <param name="key">The signer's private key.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="chain"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="key"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentException"> /// <para><paramref name="chain"/> did not contain any certificates.</para> /// <para>-or-</para> /// <para>The certificate cannot be used for signing.</para> /// <para>-or-</para> /// <para><paramref name="key"/> is not a private key.</para> /// </exception> public CmsSigner (IEnumerable<X509CertificateEntry> chain, AsymmetricKeyParameter key) : this () { if (chain == null) throw new ArgumentNullException ("chain"); if (key == null) throw new ArgumentNullException ("key"); CertificateChain = new X509CertificateChain (); foreach (var entry in chain) { CertificateChain.Add (entry.Certificate); if (Certificate == null) Certificate = entry.Certificate; } if (CertificateChain.Count == 0) throw new ArgumentException ("The certificate chain was empty.", "chain"); var flags = Certificate.GetKeyUsageFlags (); if (flags != X509KeyUsageFlags.None && (flags & X509KeyUsageFlags.DigitalSignature) == 0) throw new ArgumentException ("The certificate cannot be used for signing."); if (!key.IsPrivate) throw new ArgumentException ("The key must be a private key.", "key"); PrivateKey = key; }
/** * Constructor for an encrypted private key PEM object. * * @param key private key to be encoded * @param algorithm encryption algorithm to use * @param provider provider to use * @throws NoSuchAlgorithmException if algorithm/mode cannot be found */ public Pkcs8Generator(AsymmetricKeyParameter privKey, string algorithm) { // TODO Check privKey.IsPrivate this.privKey = privKey; this.algorithm = algorithm; this.iterationCount = 2048; }
public AsymmetricKeyEntry( AsymmetricKeyParameter key, IDictionary attributes) : base(attributes) { this.key = key; }
private static int sequence = 0; // a rough count of how many transactions have been generated. // Constructor: public Transaction(Org.BouncyCastle.Crypto.AsymmetricKeyParameter from, Org.BouncyCastle.Crypto.AsymmetricKeyParameter to, float value, List <TransactionInput> inputs) { this.sender = from; this.reciepient = to; this.value = value; this.inputs = inputs; }
private Connection GetConnectionHttpsPrivate(Uri uri, Uri proxy, AsymmetricKeyParameter asymmetricKeyParameter, Certificate clientCertificates, Action<Certificate> serverCertificateValidator) { Connection conn = new HttpsConnection(this, uri, proxy, clientCertificates, asymmetricKeyParameter, serverCertificateValidator); return InitiateConnection(conn); }
public static Org.BouncyCastle.X509.X509Certificate CreateCert(String cn, AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey) { Hashtable attrs = new Hashtable(); attrs.Add(X509Name.CN, cn); ArrayList ord = new ArrayList(attrs.Keys); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, attrs)); certGen.SetNotBefore(DateTime.UtcNow.AddDays(-30)); certGen.SetNotAfter(DateTime.UtcNow.AddDays(30)); certGen.SetSubjectDN(new X509Name(ord, attrs)); certGen.SetPublicKey(pubKey); certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); Org.BouncyCastle.X509.X509Certificate cert = certGen.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); return cert; }
public void ProcessServerCertificate(Certificate serverCertificate) { if (tlsSigner == null) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_unexpected_message); } X509CertificateStructure x509Cert = serverCertificate.certs[0]; SubjectPublicKeyInfo keyInfo = x509Cert.SubjectPublicKeyInfo; try { this.serverPublicKey = PublicKeyFactory.CreateKey(keyInfo); } // catch (RuntimeException) catch (Exception) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_unsupported_certificate); } // Sanity check the PublicKeyFactory if (this.serverPublicKey.IsPrivate) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_internal_error); } // TODO /* * Perform various checks per RFC2246 7.4.2: "Unless otherwise specified, the * signing algorithm for the certificate must be the same as the algorithm for the * certificate key." */ switch (this.keyExchange) { case TlsKeyExchangeAlgorithm.KE_SRP_RSA: if (!(this.serverPublicKey is RsaKeyParameters)) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_certificate_unknown); } ValidateKeyUsage(x509Cert, KeyUsage.DigitalSignature); break; case TlsKeyExchangeAlgorithm.KE_SRP_DSS: if (!(this.serverPublicKey is DsaPublicKeyParameters)) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_certificate_unknown); } break; default: handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_unsupported_certificate); break; } /* * Verify them. */ if (!this.verifyer.IsValid(serverCertificate.GetCerts())) { handler.FailWithError(TlsProtocolHandler.AL_fatal, TlsProtocolHandler.AP_user_canceled); } }
/// <summary> /// Retorna el sello digital para el certificado y firmando con la llave. /// </summary> /// <param name="rutaLlave"></param> /// <param name="clavePrivada"></param> /// <param name="cadenaOriginal"></param> /// <returns></returns> public string GetSelloDigital(ref string error, string rutaLlave, string clavePrivada, string cadenaOriginal) { try { byte[] ArrayKey = File.ReadAllBytes(rutaLlave); // Convertimos el archivo anterior a byte //1) Desencriptar la llave privada, el primer parámetro es la contraseña de llave privada y el segundo es la llave privada en formato binario. Org.BouncyCastle.Crypto.AsymmetricKeyParameter asp = Org.BouncyCastle.Security.PrivateKeyFactory.DecryptKey(clavePrivada.ToCharArray(), ArrayKey); //2) Convertir a parámetros de RSA Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters key = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)asp; //3) Crear el firmador con SHA1 Org.BouncyCastle.Crypto.ISigner sig = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withRSA"); //La siguiente linea es para generar el sello para la nueva versión de CFDI 3.3 // Org.BouncyCastle.Crypto.ISigner sig = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withRSA"); //4) Inicializar el firmador con la llave privada sig.Init(true, key); // 5) Pasar la cadena original a formato binario byte[] bytes = Encoding.UTF8.GetBytes(cadenaOriginal); // 6) Encriptar sig.BlockUpdate(bytes, 0, bytes.Length); byte[] bytesFirmados = sig.GenerateSignature(); // 7) Finalmente obtenemos el sello String sello = Convert.ToBase64String(bytesFirmados); return(sello); } catch (Exception e) { _logger.EscribirError(e.ToString()); error = "Problemas al generar xml para el timbrado, favor revisar clave o certificados."; return(""); } }
public static BigInteger ComputeSharedSecret(string A, AsymmetricKeyParameter bPrivateKey, DHParameters internalParameters) { var importedKey = new DHPublicKeyParameters(new BigInteger(A), internalParameters); var internalKeyAgree = AgreementUtilities.GetBasicAgreement("DH"); internalKeyAgree.Init(bPrivateKey); return internalKeyAgree.CalculateAgreement(importedKey); }
public static void CreateSignature(System.Security.Cryptography.X509Certificates.X509Certificate2 mycert) { // https://www.programcreek.com/java-api-examples/?api=org.bouncycastle.x509.X509V3CertificateGenerator // https://forums.asp.net/t/2154987.aspx?Create+Self+Signed+Certificate+programatically+uisng+C+ // System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromCertFile() // https://overcoder.net/q/429916/bouncycastle-privatekey-to-x509%D1%81%D0%B5%D1%80%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%822-privatekey // https://www.csharpcodi.com/csharp-examples/Org.BouncyCastle.X509.X509Certificate.GetPublicKey()/ AsymmetricKeyParameter Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(mycert.PrivateKey).Private; // if(mycert.HasPrivateKey) AsymmetricKeyParameter bouncyCastlePrivateKey = TransformRSAPrivateKey(mycert.PrivateKey); X509CertificateParser certParser = new X509CertificateParser(); X509Certificate bouncyCertificate = certParser.ReadCertificate(mycert.GetRawCertData()); Org.BouncyCastle.Crypto.AsymmetricKeyParameter pubKey = bouncyCertificate.GetPublicKey(); var algorithm = Org.BouncyCastle.Security.DigestUtilities.GetDigest(bouncyCertificate.SigAlgOid); // var signature = new X509Certificate2Signature(mycert, algorithm); // https://github.com/kusl/itextsharp/blob/master/tags/iTextSharp_5_4_5/src/core/iTextSharp/text/pdf/security/X509Certificate2Signature.cs // Sign // PemReader pem = new PemReader(); // pem.ReadPemObject().Headers // RSACryptoServiceProvider rsa = pem.ReadPrivateKeyFromFile("PrivateKey.pem"); }
/** * create with a signer with extra signed/unsigned attributes. */ public TimeStampTokenGenerator( AsymmetricKeyParameter key, X509Certificate cert, string digestOID, string tsaPolicyOID, Asn1.Cms.AttributeTable signedAttr, Asn1.Cms.AttributeTable unsignedAttr) { this.key = key; this.cert = cert; this.digestOID = digestOID; this.tsaPolicyOID = tsaPolicyOID; this.unsignedAttr = unsignedAttr; TspUtil.ValidateCertificate(cert); // // add the essCertid // Hashtable signedAttrs; if (signedAttr != null) { signedAttrs = signedAttr.ToHashtable(); } else { signedAttrs = new Hashtable(); } IDigest digest; try { digest = DigestUtilities.GetDigest("SHA-1"); } catch (Exception e) { throw new TspException("Can't find a SHA-1 implementation.", e); } try { byte[] certEncoded = cert.GetEncoded(); digest.BlockUpdate(certEncoded, 0, certEncoded.Length); byte[] hash = DigestUtilities.DoFinal(digest); EssCertID essCertid = new EssCertID(hash); Asn1.Cms.Attribute attr = new Asn1.Cms.Attribute( PkcsObjectIdentifiers.IdAASigningCertificate, new DerSet(new SigningCertificate(essCertid))); signedAttrs[attr.AttrType] = attr; } catch (CertificateEncodingException e) { throw new TspException("Exception processing certificate.", e); } this.signedAttr = new Asn1.Cms.AttributeTable(signedAttrs); }
/** * basic creation - only the default attributes will be included here. */ public TimeStampTokenGenerator( AsymmetricKeyParameter key, X509Certificate cert, string digestOID, string tsaPolicyOID) : this(key, cert, digestOID, tsaPolicyOID, null, null) { }
/// <summary> /// Encodes the public key into DER encoding. /// </summary> /// <param name="key">The public key.</param> /// <returns>The encoded public key.</returns> public static string ToPublicKeyString(AsymmetricKeyParameter key) { return Convert.ToBase64String( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(key) .ToAsn1Object() .GetDerEncoded()); }
/// <summary> /// Generates a user certificate /// </summary> /// <param name="subject">X509Name subject name </param> /// <param name="issuer">X509Name issuer name</param> /// <param name="iValidity">validity in days</param> /// <param name="publicKey">publickey</param> /// <param name="privateKey">private key of the issuer</param> /// <param name="signatureType">signature type</param> /// <param name="keyusages">keyusages, <see>Org.BouncyCastle.Asn1.X509.KeyUsage</see></param> /// <param name="extendedKeyUsages">extendedKeyUsages <see>Org.BouncyCastle.Asn1.X509.KeyPurposeID</see></param> /// <returns>brand new generated X509Certificate</returns> public static X509Certificate GenerateUserCertificate(X509Name subject, X509Name issuer, int iValidity, AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey, String signatureType, int keyusages, ExtendedKeyUsage extendedKeyUsages) { return GenerateCertificate(subject, issuer, iValidity, publicKey, privateKey, signatureType, keyusages, extendedKeyUsages, false, 0); }
public void Sign(AsymmetricKeyParameter privateKey) { var signer = new ECDsaSigner(); signer.Init(true, privateKey); var signature = signer.GenerateSignature(t.getBytes); r = signature[0].ToByteArray(); s = signature[1].ToByteArray(); }
public static byte[] EncodeKeyParameter(AsymmetricKeyParameter key) { SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory .CreateSubjectPublicKeyInfo(key); return publicKeyInfo.ToAsn1Object().GetDerEncoded(); }
/** * add a signer - no attributes other than the default ones will be * provided here. * @throws NoSuchAlgorithmException * @throws InvalidKeyException */ public void AddSigner( AsymmetricKeyParameter privateKey, X509Certificate cert, string digestOID) { AddSigner(privateKey, cert, digestOID, new DefaultSignedAttributeTableGenerator(), null); }
public string RsaEncrypt(string clearText, AsymmetricKeyParameter prywatny) { AsymmetricKeyParameter key = prywatny; var bytesToEncrypt = Encoding.UTF8.GetBytes(clearText); var encryptEngine = new Pkcs1Encoding(new RsaEngine()); encryptEngine.Init(true, key); var encrypted = Convert.ToBase64String(encryptEngine.ProcessBlock(bytesToEncrypt, 0, bytesToEncrypt.Length)); return encrypted; }
public Pkcs10CertificationRequestDelaySigned( string signatureAlgorithm, X509Name subject, AsymmetricKeyParameter publicKey, Asn1Set attributes, AsymmetricKeyParameter signingKey) : base(signatureAlgorithm, subject, publicKey, attributes, signingKey) { }
/// <summary> /// Generates a CA certificate. /// </summary> /// <param name="subject">X509Name subject name </param> /// <param name="iValidity">validity in days</param> /// <param name="publicKey">publickey</param> /// <param name="privateKey">private key of the issuer</param> /// <param name="signatureType">signature type</param> /// <param name="keyusages">keyusages, <see>Org.BouncyCastle.Asn1.X509.KeyUsage</see></param> /// <param name="extendedKeyUsages">extendedKeyUsages <see>Org.BouncyCastle.Asn1.X509.KeyPurposeID</see></param> /// <param name="pathLenConstraint"> </param> /// <returns>brand new generated X509Certificate</returns> public static X509Certificate GenerateCACertificate(X509Name subject, int iValidity, AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey, String signatureType, int keyusages, ExtendedKeyUsage extendedKeyUsages, int pathLenConstraint) { return GenerateCertificate(subject, subject, iValidity, publicKey, privateKey, signatureType, keyusages, extendedKeyUsages, true, pathLenConstraint); }
private static string GimmeKey(AsymmetricKeyParameter key) { var sb = new StringBuilder(); using (var prvSw = new StringWriter(sb)) { var pmw = new Org.BouncyCastle.OpenSsl.PemWriter(prvSw); pmw.WriteObject(key); } return sb.ToString(); }
internal CustomTlsClient( Certificate clientCertificates, AsymmetricKeyParameter asymmetricKeyParameter, Action<Certificate> serverCertificateValidator) { _clientCertificates = clientCertificates; _asymmetricKeyParameter = asymmetricKeyParameter; _serverCertificateValidator = serverCertificateValidator; }
public PgpKeyPair( PublicKeyAlgorithmTag algorithm, AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey, DateTime time) { this.pub = new PgpPublicKey(algorithm, pubKey, time); this.priv = new PgpPrivateKey(privKey, pub.KeyId); }
public string RsaDecrypt(string base64Input, AsymmetricKeyParameter publiczny) { AsymmetricKeyParameter key = publiczny; var bytesToDecrypt = Convert.FromBase64String(base64Input); var decryptEngine = new Pkcs1Encoding(new RsaEngine()); decryptEngine.Init(false, key); string decrypted = Encoding.UTF8.GetString(decryptEngine.ProcessBlock(bytesToDecrypt, 0, bytesToDecrypt.Length)); return decrypted; }
public static TlsSignerCredentials LoadSignerCredentials(TlsContext context, string[] certResources, string keyResource, SignatureAndHashAlgorithm signatureAndHashAlgorithm) { Certificate certificate = LoadCertificateChain(certResources); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = LoadPrivateKeyResource(keyResource); return(LoadSignerCredentials(context, certificate, privateKey, signatureAndHashAlgorithm)); }
//Verifies a String signature public static bool verifyECDSASig(Org.BouncyCastle.Crypto.AsymmetricKeyParameter publicKey, string data, byte[] signature) { try { byte[] msgBytes = Encoding.UTF8.GetBytes(data); byte[] sigBytes = signature; ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA"); signer.Init(false, publicKey); signer.BlockUpdate(msgBytes, 0, msgBytes.Length); return(signer.VerifySignature(sigBytes)); } catch (Exception e) { throw new Exception("", e); } }
public void generateKeyPair() { try { ECKeyPairGenerator gen = new ECKeyPairGenerator("ECDSA"); SecureRandom secureRandom = new SecureRandom(); Org.BouncyCastle.Asn1.X9.X9ECParameters ecp = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp224k1"); ECDomainParameters ecSpec = new ECDomainParameters(ecp.Curve, ecp.G, ecp.N, ecp.H, ecp.GetSeed()); ECKeyGenerationParameters ecgp = new ECKeyGenerationParameters(ecSpec, secureRandom); gen.Init(ecgp); AsymmetricCipherKeyPair eckp = gen.GenerateKeyPair(); this.privateKey = eckp.Private; this.publicKey = eckp.Public; } catch (Exception e) { throw new Exception("", e); } }
//Applies ECDSA Signature and returns the result ( as bytes ). public static byte[] applyECDSASig(Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, string input) { byte[] output = new byte[0]; try { byte[] msgBytes = Encoding.UTF8.GetBytes(input); ISigner signer = SignerUtilities.GetSigner("SHA-256withECDSA"); signer.Init(true, privateKey); signer.BlockUpdate(msgBytes, 0, msgBytes.Length); byte[] sigBytes = signer.GenerateSignature(); output = sigBytes; } catch (Exception e) { throw new Exception("", e); } return(output); }
public void LoadCertificateFromPem(Stream stream) { List <byte[]> chain = new List <byte[]>(); PemReader reader = new PemReader(new StreamReader(stream)); PemObject pem = reader.ReadPemObject(); while (pem != null) { if (pem.Type.EndsWith("CERTIFICATE")) { chain.Add(pem.Content); } else if (pem.Type.EndsWith("PRIVATE KEY")) { _PrivateKey = Certificates.GetPrivateKeyFromPEM(pem); } pem = reader.ReadPemObject(); } _Certificate = new Certificate(); _Certificate.CertChain = chain; _Certificate.CertificateType = TCertificateType.X509; }
public void ExportRSAPublicKey(AsnFormat format) { using RSA rsa = RSA.Create(2048); byte[] exported = rsa.ExportRSAPublicKey(format); if (format == AsnFormat.Der) { SubjectPublicKeyInfo pski = new SubjectPublicKeyInfo(new AlgorithmIdentifier("1.2.840.113549.1.1.1"), exported); Org.BouncyCastle.Crypto.AsymmetricKeyParameter info = PublicKeyFactory.CreateKey(pski); Assert.IsNotNull(info); } if (format == AsnFormat.Pem) { using MemoryStream ms = new MemoryStream(exported); using TextReader tr = new StreamReader(ms, Encoding.ASCII); PemReader pemReader = new PemReader(tr); object obj = pemReader.ReadObject(); Assert.IsNotNull(obj); } this.CheckFormat(format, exported); }
public static string getStringFromKey(Org.BouncyCastle.Crypto.AsymmetricKeyParameter key) { return(System.Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(Convert.ToString(key.GetHashCode())))); }
//Signs all the data we dont wish to be tampered with. public void generateSignature(Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey) { String data = StringUtil.getStringFromKey(sender) + StringUtil.getStringFromKey(reciepient) + Convert.ToString(value); signature = StringUtil.applyECDSASig(privateKey, data); }