/// <inheritdoc/>
public ICryptographicKey ImportPublicKey(byte[] keyBlob, CryptographicPublicKeyBlobType blobType = CryptographicPublicKeyBlobType.X509SubjectPublicKeyInfo)
{
Requires.NotNull(keyBlob, "keyBlob");
RSAParameters parameters = KeyFormatter.GetFormatter(blobType).Read(keyBlob);
// Inject the PKCS#1 public key into the KeyChain.
string keyIdentifier = Guid.NewGuid().ToString();
string publicKeyIdentifier = RsaCryptographicKey.GetPublicKeyIdentifierWithTag(keyIdentifier);
var keyQueryDictionary = RsaCryptographicKey.CreateKeyQueryDictionary(publicKeyIdentifier);
keyQueryDictionary[KSec.ValueData] = NSData.FromArray(KeyFormatter.Pkcs1.Write(parameters, includePrivateKey: false));
keyQueryDictionary[KSec.AttrKeyClass] = KSec.AttrKeyClassPublic;
keyQueryDictionary[KSec.ReturnRef] = NSNumber.FromBoolean(true);
IntPtr resultHandle;
int status = RsaCryptographicKey.SecItemAdd(keyQueryDictionary.Handle, out resultHandle);
if (resultHandle != IntPtr.Zero)
{
var key = new SecKey(resultHandle, true);
return(new RsaCryptographicKey(key, keyIdentifier, this.Algorithm));
}
else
{
throw new InvalidOperationException("SecItemAdd return " + status);
}
}
/// <inheritdoc/>
public ICryptographicKey ImportKeyPair(byte[] keyBlob, CryptographicPrivateKeyBlobType blobType = CryptographicPrivateKeyBlobType.Pkcs8RawPrivateKeyInfo)
{
Requires.NotNull(keyBlob, "keyBlob");
RSAParameters parameters = KeyFormatter.GetFormatter(blobType).Read(keyBlob);
string keyIdentifier = Guid.NewGuid().ToString();
SecKey privateKey = ImportKey(parameters, RsaCryptographicKey.GetPrivateKeyIdentifierWithTag(keyIdentifier));
SecKey publicKey = ImportKey(KeyFormatter.PublicKeyFilter(parameters), RsaCryptographicKey.GetPublicKeyIdentifierWithTag(keyIdentifier));
return(new RsaCryptographicKey(publicKey, privateKey, keyIdentifier, this.Algorithm));
}
/// <summary>
/// Imports an RSA key into the iOS keychain.
/// </summary>
/// <param name="parameters">The RSA parameters.</param>
/// <param name="tag">The tag by which this key will be known.</param>
/// <returns>The security key.</returns>
private static SecKey ImportKey(RSAParameters parameters, string tag)
{
using (var keyQueryDictionary = RsaCryptographicKey.CreateKeyQueryDictionary(tag))
{
byte[] pkcs1Key = KeyFormatter.Pkcs1.Write(parameters, parameters.D != null);
keyQueryDictionary[KSec.ValueData] = NSData.FromArray(pkcs1Key);
keyQueryDictionary[KSec.AttrKeyClass] = parameters.D != null ? KSec.AttrKeyClassPrivate : KSec.AttrKeyClassPublic;
keyQueryDictionary[KSec.ReturnRef] = NSNumber.FromBoolean(true);
IntPtr handle;
int status = RsaCryptographicKey.SecItemAdd(keyQueryDictionary.Handle, out handle);
Verify.Operation(status == 0, "SecItemAdd returned {0}", status);
return(new SecKey(handle, true));
}
}
/// <inheritdoc/>
public ICryptographicKey CreateKeyPair(int keySize)
{
Requires.Range(keySize > 0, "keySize");
string keyIdentifier = Guid.NewGuid().ToString();
string publicKeyIdentifier = RsaCryptographicKey.GetPublicKeyIdentifierWithTag(keyIdentifier);
string privateKeyIdentifier = RsaCryptographicKey.GetPrivateKeyIdentifierWithTag(keyIdentifier);
// Configure parameters for the joint keypair.
using var keyPairAttr = new NSMutableDictionary();
keyPairAttr[KSec.AttrKeyType] = KSec.AttrKeyTypeRSA;
keyPairAttr[KSec.AttrKeySizeInBits] = NSNumber.FromInt32(keySize);
// Configure parameters for the private key
using var privateKeyAttr = new NSMutableDictionary();
privateKeyAttr[KSec.AttrIsPermanent] = NSNumber.FromBoolean(true);
privateKeyAttr[KSec.AttrApplicationTag] = NSData.FromString(privateKeyIdentifier, NSStringEncoding.UTF8);
// Configure parameters for the public key
using var publicKeyAttr = new NSMutableDictionary();
publicKeyAttr[KSec.AttrIsPermanent] = NSNumber.FromBoolean(true);
publicKeyAttr[KSec.AttrApplicationTag] = NSData.FromString(publicKeyIdentifier, NSStringEncoding.UTF8);
// Parent the individual key parameters to the keypair one.
keyPairAttr[KSec.PublicKeyAttrs] = publicKeyAttr;
keyPairAttr[KSec.PrivateKeyAttrs] = privateKeyAttr;
// Generate the RSA key.
SecKey?publicKey = null, privateKey = null;
try
{
SecStatusCode code = SecKey.GenerateKeyPair(keyPairAttr, out publicKey, out privateKey);
Verify.Operation(code == SecStatusCode.Success, "status was " + code);
}
catch (InvalidOperationException ex)
{
publicKey?.Dispose();
privateKey?.Dispose();
throw new ArgumentException(ex.Message, ex);
}
catch
{
publicKey?.Dispose();
privateKey?.Dispose();
throw;
}
return(new RsaCryptographicKey(publicKey, privateKey, keyIdentifier, this.algorithm));
}
