private byte[] DerEncode(
byte[] hash)
{
DigestInfo dInfo = new DigestInfo(algId, hash);
return(dInfo.GetDerEncoded());
}
public static byte[] CreateDigestInfo(byte[] hash, string hashOid)
{
DerObjectIdentifier derObjectIdentifier = new DerObjectIdentifier(hashOid);
AlgorithmIdentifier algorithmIdentifier = new AlgorithmIdentifier(derObjectIdentifier, null);
DigestInfo digestInfo = new DigestInfo(algorithmIdentifier, hash);
return(digestInfo.GetDerEncoded());
}
/// <summary>
/// Creates PKCS#1 DigestInfo
/// </summary>
/// <param name="digest">Hash value</param>
/// <param name="digestOid">Hash algorithm OID</param>
/// <returns>DER encoded PKCS#1 DigestInfo</returns>
private static byte[] CreateDigestInfo(byte[] digest, string digestOid)
{
var derObjectIdentifier = new DerObjectIdentifier(digestOid);
var algorithmIdentifier = new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(derObjectIdentifier, null);
DigestInfo digestInfo = new DigestInfo(algorithmIdentifier, digest);
return(digestInfo.GetDerEncoded());
}
private byte[] DerEncode(byte[] hash)
{
if (algId == null)
{
return(hash);
}
DigestInfo digestInfo = new DigestInfo(algId, hash);
return(digestInfo.GetDerEncoded());
}
private byte[] DerEncode(byte[] hash)
{
if (algId == null)
{
// For raw RSA, the DigestInfo must be prepared externally
return(hash);
}
DigestInfo dInfo = new DigestInfo(algId, hash);
return(dInfo.GetDerEncoded());
}
/// <summary>
/// Creates PKCS#1 DigestInfo
/// </summary>
/// <param name="hash">Hash value</param>
/// <param name="hashOid">Hash algorithm OID</param>
/// <returns>DER encoded PKCS#1 DigestInfo</returns>
private static byte[] CreateDigestInfo(byte[] hash, string hashOid)
{
DigestInfo digestInfo = new DigestInfo(
algID: new AlgorithmIdentifier(
algorithm: new DerObjectIdentifier(hashOid),
parameters: DerNull.Instance
),
digest: hash
);
return(digestInfo.GetDerEncoded());
}
/// <summary>
/// Calculate signature using signer algorithm for the defined has algorithm
/// </summary>
/// <param name="hash"></param>
/// <param name="signerAlgorithm"></param>
/// <param name="hashAlgorithmOid">
/// hash Algorithm Oid, for example:
/// "2.16.840.1.101.3.4.2.1"
/// </param>
/// <param name="privateSigningKey">private key for signing</param>
/// <returns></returns>
public static byte[] Sign(byte[] hash, string signerAlgorithm, string hashAlgorithmOid, AsymmetricKeyParameter privateSigningKey)
{
var digestAlgorithm = new AlgorithmIdentifier(new DerObjectIdentifier(hashAlgorithmOid), DerNull.Instance);
var dInfo = new DigestInfo(digestAlgorithm, hash);
byte[] digest = dInfo.GetDerEncoded();
ISigner signer = SignerUtilities.GetSigner(signerAlgorithm);
signer.Init(true, privateSigningKey);
signer.BlockUpdate(digest, 0, digest.Length);
byte[] signature = signer.GenerateSignature();
return(signature);
/* // Another way of signing
* if (signerAlgorithm == "RSA")
* {
* // convert private key from BouncyCastle to System.Security :
* RSA key = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)privateSigningKey);
* using (var cryptoServiceProvider = new RSACryptoServiceProvider())
* {
* cryptoServiceProvider.ImportParameters(key.ExportParameters(true));
*
* //
* // Hash and sign the data. Pass a new instance of SHA1CryptoServiceProvider
* // to specify the use of SHA1 for hashing.
* byte[] signedData = cryptoServiceProvider.SignHash(hash, hashAlgorithmOid);
* return signedData;
* }
* }
*
* if (signerAlgorithm == "ECDSA")
* {
* // convert private key from BouncyCastle to System.Security :
* var bcKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateSigningKey);
* var pkcs8Blob = bcKeyInfo.GetDerEncoded();
* var key = CngKey.Import(pkcs8Blob, CngKeyBlobFormat.Pkcs8PrivateBlob);
*
* using (ECDsaCng cryptoServiceProvider = new ECDsaCng(key))
* {
* cryptoServiceProvider.HashAlgorithm = CngAlgorithm.Sha256; //, hashAlgorithmOid);
*
* byte[] signature = cryptoServiceProvider.SignHash(hash);
* return signature;
* }
* }
*
* throw new NotImplementedException(signerAlgorithm);
*/
}
// Returns the signed digest
byte[] IBlockResult.Collect()
{
// The collected array contains the document digest and parameters
// to be signed but it needs to be further digested by the indended
// hashing algorithm
byte[] toDigest = m_stream.ToArray();
IDigest digester = DigestUtilities.GetDigest(m_digestAlgorithm.GetName());
digester.BlockUpdate(toDigest, 0, toDigest.Length);
byte[] digestValue = DigestUtilities.DoFinal(digester);
// Wrap digest value in DER encoding (should be RFC3770 compliant)
DigestInfo digestInfo = new DigestInfo(m_digestAlgorithm.GetAlgorithmIdentifier(), digestValue);
byte[] wrapped = digestInfo.GetDerEncoded();
return(signer(wrapped));
}
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception>
public override byte[] EncryptDigest(byte[] digestValue, DigestAlgorithm digestAlgo
, IDssPrivateKeyEntry keyEntry)
{
try
{
DigestInfo digestInfo = new DigestInfo(digestAlgo.GetAlgorithmIdentifier(), digestValue
);
//Sharpen.Cipher cipher = Sharpen.Cipher.GetInstance(keyEntry.GetSignatureAlgorithm
// ().GetPadding());
IBufferedCipher cipher = CipherUtilities.GetCipher(keyEntry.GetSignatureAlgorithm
().GetPadding());
//cipher.Init(Sharpen.Cipher.ENCRYPT_MODE, ((KSPrivateKeyEntry)keyEntry).GetPrivateKey
// ());
cipher.Init(true, ((KSPrivateKeyEntry)keyEntry).PrivateKey);
return(cipher.DoFinal(digestInfo.GetDerEncoded()));
}
/*catch (NoSuchPaddingException e)
* {
* throw new RuntimeException(e);
* }*/
catch (InvalidKeyException e)
{
throw new RuntimeException(e);
}
/*catch (IllegalBlockSizeException e)
* {
* throw new RuntimeException(e);
* }
* catch (BadPaddingException)
* {
* // More likely the password is not good.
* throw new BadPasswordException(BadPasswordException.MSG.PKCS12_BAD_PASSWORD);
* }*/
}