private static void ExtractPublicKeyFromPrivateKey(ref ECParameters ecParameters)
{
using (SafeSecKeyRefHandle secPrivateKey = ImportLegacyPrivateKey(ref ecParameters))
{
const string ExportPassword = "******";
byte[] keyBlob = Interop.AppleCrypto.SecKeyExport(secPrivateKey, exportPrivate: true, password: ExportPassword);
EccKeyFormatHelper.ReadEncryptedPkcs8(keyBlob, ExportPassword, out _, out ecParameters);
CryptographicOperations.ZeroMemory(keyBlob);
}
}
internal static ECParameters ExportPublicParametersFromPrivateKey(SafeSecKeyRefHandle handle)
{
const string ExportPassword = "******";
byte[] keyBlob = Interop.AppleCrypto.SecKeyExport(handle, exportPrivate: true, password: ExportPassword);
EccKeyFormatHelper.ReadEncryptedPkcs8(keyBlob, ExportPassword, out _, out ECParameters key);
CryptographicOperations.ZeroMemory(key.D);
CryptographicOperations.ZeroMemory(keyBlob);
key.D = null;
return(key);
}
internal ECParameters ExportParameters(bool includePrivateParameters, int keySizeInBits)
{
// Apple requires all private keys to be exported encrypted, but since we're trying to export
// as parsed structures we will need to decrypt it for the user.
const string ExportPassword = "******";
SecKeyPair keys = GetOrGenerateKeys(keySizeInBits);
if (keys.PublicKey == null ||
(includePrivateParameters && keys.PrivateKey == null))
{
throw new CryptographicException(SR.Cryptography_OpenInvalidHandle);
}
byte[] keyBlob = Interop.AppleCrypto.SecKeyExport(
includePrivateParameters ? keys.PrivateKey : keys.PublicKey,
exportPrivate: includePrivateParameters,
password: ExportPassword);
try
{
if (!includePrivateParameters)
{
EccKeyFormatHelper.ReadSubjectPublicKeyInfo(
keyBlob,
out int localRead,
out ECParameters key);
return(key);
}
else
{
EccKeyFormatHelper.ReadEncryptedPkcs8(
keyBlob,
ExportPassword,
out int localRead,
out ECParameters key);
return(key);
}
}
finally
{
CryptographicOperations.ZeroMemory(keyBlob);
}
}
private static ECParameters ExportParametersFromLegacyKey(SecKeyPair keys, bool includePrivateParameters)
{
// Apple requires all private keys to be exported encrypted, but since we're trying to export
// as parsed structures we will need to decrypt it for the user.
const string ExportPassword = "******";
byte[] keyBlob = Interop.AppleCrypto.SecKeyExport(
includePrivateParameters ? keys.PrivateKey : keys.PublicKey,
exportPrivate: includePrivateParameters,
password: ExportPassword);
try
{
if (!includePrivateParameters)
{
EccKeyFormatHelper.ReadSubjectPublicKeyInfo(
keyBlob,
out int localRead,
out ECParameters key);
return(key);
}
else
{
EccKeyFormatHelper.ReadEncryptedPkcs8(
keyBlob,
ExportPassword,
out int localRead,
out ECParameters key);
return(key);
}
}
finally
{
CryptographicOperations.ZeroMemory(keyBlob);
}
}