public void CanValidateSignature() { Ed25519KeyPairGenerator kpg = new Ed25519KeyPairGenerator(); kpg.Init(new Ed25519KeyGenerationParameters(Random)); AsymmetricCipherKeyPair kp = kpg.GenerateKeyPair(); Ed25519PrivateKeyParameters privateKey = (Ed25519PrivateKeyParameters)kp.Private; Ed25519PublicKeyParameters publicKey = (Ed25519PublicKeyParameters)kp.Public; var pubKeyBase64 = Convert.ToBase64String(publicKey.GetEncoded()); // create signature for item byte[] msg = new byte[Random.NextInt() & 255]; Random.NextBytes(msg); var signer = new Ed25519Signer(); signer.Init(true, privateKey); signer.BlockUpdate(msg, 0, msg.Length); byte[] signature = signer.GenerateSignature(); var signatureForAppCast = Convert.ToBase64String(signature); // verify signature var checker = new Ed25519Checker(NetSparkleUpdater.Enums.SecurityMode.Strict, pubKeyBase64); Assert.True(checker.VerifySignature(signatureForAppCast, msg) == NetSparkleUpdater.Enums.ValidationResult.Valid); }
/// <summary> /// Signs the passed in data with a private key /// </summary> /// <param name="privateKey">the private key used to create the signature</param> /// <param name="data">The data to sign</param> /// <returns>the signature as a byte array</returns> public byte[] Sign(byte[] privateKey, byte[] data) { Ed25519PrivateKeyParameters privKey = null; try { privKey = (Ed25519PrivateKeyParameters)CreateAsymmetricKeyParameterFromPrivateKeyInfo(privateKey); } catch (InvalidCastException exception) { string message = "Private Key Import Failed!\n" + $"{exception.Message}.\n" + "The contents of the source do not represent a valid Ed25519 key parameter\n" + "Verify that the key is not corrupted.\n" + "- or - Verify that the correct key is selected."; throw new CryptoException(message, exception); } var signer = new Ed25519Signer(); signer.Init(true, privKey); signer.BlockUpdate(data, 0, data.Length); var signature = signer.GenerateSignature(); return(signature); }
public byte[] sign(byte[] msg) { var signer = new Ed25519Signer(); signer.Init(true, privateKey); signer.BlockUpdate(msg, 0, msg.Length); return(signer.GenerateSignature()); }
byte[] ICryptoLibrary.SignEd25519(byte[] plainText, byte[] privateKey) { var signer = new Ed25519Signer(); signer.Init(true, new Ed25519PrivateKeyParameters(privateKey, 0)); signer.BlockUpdate(plainText, 0, plainText.Length); return(signer.GenerateSignature()); }
public static byte[] Sign(byte[] data, string privateKey) { Ed25519Signer signer = new Ed25519Signer(); signer.Init(true, privateKey.ToPrivateKeyCipherParamsFromHex()); signer.BlockUpdate(data, 0, data.Length); return(signer.GenerateSignature()); }
// Sings data with signer’s private key using Bouncy Castle public static string Sign(string data, string privateKey) { var signer = new Ed25519Signer(); signer.Init(true, new Ed25519PrivateKeyParameters(Hex.Decode(privateKey), 0)); signer.BlockUpdate(Encoding.UTF8.GetBytes(data), 0, Encoding.UTF8.GetBytes(data).Length); return(Hex.ToHexString(signer.GenerateSignature())); }
/// <summary> /// Sign the given bytes, and wrap in Signature. /// </summary> /// <param name="bytes">bytes the data to sign</param> /// <returns>a signature</returns> private Signature RawSignBytes(byte[] bytes) { var signer = new Ed25519Signer(); signer.Init(true, privateKeyPair.Private); signer.BlockUpdate(bytes, 0, bytes.Length); byte[] signature = signer.GenerateSignature(); return(new Signature(signature)); }
public override byte[] Sign(byte[] input) { var signer = new Ed25519Signer(); signer.Init(true, edDsaKey.KeyParameters); signer.BlockUpdate(input, 0, input.Length); return(signer.GenerateSignature()); }
public Signature Sign(byte[] msg, byte[] prvKey) { var digest = Blake2b.GetDigest(msg); var privateKey = new Ed25519PrivateKeyParameters(prvKey, 0); var signer = new Ed25519Signer(); signer.Init(true, privateKey); signer.BlockUpdate(digest, 0, digest.Length); return(new Signature(signer.GenerateSignature(), _SignaturePrefix)); }
public override string Sign(string payload, string footer, SigningCredentials signingCredentials) { if (payload == null) { throw new ArgumentNullException(nameof(payload)); } if (signingCredentials == null) { throw new ArgumentNullException(nameof(signingCredentials)); } if (signingCredentials.Key.GetType() != typeof(EdDsaSecurityKey)) { throw new SecurityTokenInvalidSigningKeyException($"PASETO v2 requires a key of type {typeof(EdDsaSecurityKey)}"); } if (signingCredentials.Algorithm != ExtendedSecurityAlgorithms.EdDsa) { throw new SecurityTokenInvalidSigningKeyException($"PASETO v2 requires a key for configured for the '{ExtendedSecurityAlgorithms.EdDsa}' algorithm"); } var privateKey = (EdDsaSecurityKey)signingCredentials.Key; if (privateKey.PrivateKeyStatus != PrivateKeyStatus.Exists) { throw new SecurityTokenInvalidSigningKeyException($"Missing private key"); } var payloadBytes = Encoding.UTF8.GetBytes(payload); var messageToSign = PreAuthEncode(new[] { Encoding.UTF8.GetBytes(PublicHeader), payloadBytes, Encoding.UTF8.GetBytes(footer ?? string.Empty) }); var signer = new Ed25519Signer(); signer.Init(true, privateKey.KeyParameters); signer.BlockUpdate(messageToSign, 0, messageToSign.Length); var signature = signer.GenerateSignature(); var token = $"{PublicHeader}{Base64UrlEncoder.Encode(payloadBytes.Combine(signature))}"; if (!string.IsNullOrWhiteSpace(footer)) { token += $".{Base64UrlEncoder.Encode(footer)}"; } return(token); }
internal static void Sign(IInvoice invoice, Ed25519PrivateKeyParameters privateKey) { var ed25519Signer = new Ed25519Signer(); ed25519Signer.Init(true, privateKey); ed25519Signer.BlockUpdate(invoice.TxBytes.ToArray(), 0, invoice.TxBytes.Length); var signature = ed25519Signer.GenerateSignature(); ed25519Signer.Reset(); var publicKey = privateKey.GeneratePublicKey().GetEncoded(); var prefix = new ReadOnlyMemory <byte>(publicKey, 0, Math.Min(Math.Max(6, invoice.MinimumDesiredPrefixSize), publicKey.Length)); invoice.AddSignature(KeyType.Ed25519, prefix, signature); }
byte[] ICryptoLibrary.SignEd25519(byte[] plainText, byte[] privateKey) { if (privateKey == null) { throw new ArgumentException(nameof(privateKey)); } if (plainText == null) { throw new ArgumentException(nameof(plainText)); } var signer = new Ed25519Signer(); signer.Init(true, new Ed25519PrivateKeyParameters(privateKey, 0)); signer.BlockUpdate(plainText, 0, plainText.Length); return(signer.GenerateSignature()); }
private void BasicSigTest() { Ed25519PrivateKeyParameters privateKey = new Ed25519PrivateKeyParameters( Hex.DecodeStrict("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"), 0); Ed25519PublicKeyParameters publicKey = new Ed25519PublicKeyParameters( Hex.DecodeStrict("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"), 0); byte[] sig = Hex.Decode("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b"); ISigner signer = new Ed25519Signer(); signer.Init(true, privateKey); IsTrue(AreEqual(sig, signer.GenerateSignature())); signer.Init(false, publicKey); IsTrue(signer.VerifySignature(sig)); }
/// <inheritdoc/> public override byte[] Sign(byte[] input) { if (input == null || input.Length == 0) { throw new ArgumentNullException(nameof(input)); } if (EdDsaKey.Curve.Equals("Ed25519")) { var privateKey = (Ed25519PrivateKeyParameters)EdDsaKey.KeyParameter; var signer = new Ed25519Signer(); signer.Init(forSigning: true, privateKey); signer.BlockUpdate(input, off: 0, len: input.Length); return(signer.GenerateSignature()); } throw new ArgumentException($"Unsupported EdDSA curve: \"{EdDsaKey.Curve}\"."); }
private static void EdDsaWithBouncyCastle() { // message to sign & verify var message = Encoding.UTF8.GetBytes("Bob Loblaw"); // private/public key generation var keyPairGenerator = new Ed25519KeyPairGenerator(); keyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom())); var keyPair = keyPairGenerator.GenerateKeyPair(); var privateKey = (Ed25519PrivateKeyParameters)keyPair.Private; var publicKey = (Ed25519PublicKeyParameters)keyPair.Public; // keys are 32-bytes each var privateKeyBytes = privateKey.GetEncoded(); var publicKeyBytes = publicKey.GetEncoded(); Console.WriteLine("Private key = " + Convert.ToBase64String(privateKeyBytes)); Console.WriteLine("Public key = " + Convert.ToBase64String(publicKeyBytes)); // signature generation var signer = new Ed25519Signer(); signer.Init(true, privateKey); signer.BlockUpdate(message, 0, message.Length); byte[] signature = signer.GenerateSignature(); Console.WriteLine("Signature = " + Convert.ToBase64String(signature)); // signature validation var validator = new Ed25519Signer(); validator.Init(false, publicKey); validator.BlockUpdate(message, 0, message.Length); bool isValidSignature = validator.VerifySignature(signature); Console.WriteLine("Signature is valid: " + isValidSignature); }
/// <summary> /// Gets the signature for file. /// </summary> /// <param name="file">The file.</param> /// <returns>System.String.</returns> public string GetSignatureForFile(FileInfo file) { if (!KeysExist()) { Console.WriteLine("Keys do not exist"); return(null); } if (!file.Exists) { Console.Error.WriteLine("Target binary " + file.FullName + " does not exists"); return(null); } var data = File.ReadAllBytes(file.FullName); var signer = new Ed25519Signer(); signer.Init(true, new Ed25519PrivateKeyParameters(GetPrivateKey(), 0)); signer.BlockUpdate(data, 0, data.Length); return(Convert.ToBase64String(signer.GenerateSignature())); }
private byte[] Sign(byte[] bytesToBeSigned) { string alg = null; // Get the set algorithm or infer one try { alg = FindAttribute("alg").AsString(); } catch (Exception) { ; } if (alg == null) { switch (keyToSign.AsString("kty")) { case "RSA": alg = "PS256"; break; case "EC": switch (keyToSign.AsString("crv")) { case "P-256": alg = "ES256"; break; case "P-384": alg = "ES384"; break; case "P-521": alg = "ES512"; break; default: throw new JOSE_Exception("Unknown curve"); } break; default: throw new JOSE_Exception("Unknown or unsupported key type " + keyToSign.AsString("kty")); } objUnprotected.Add("alg", alg); } IDigest digest; IDigest digest2; switch (alg) { case "RS256": case "ES256": case "PS256": case "HS256": digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case "RS384": case "ES384": case "PS384": case "HS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "RS512": case "ES512": case "PS512": case "HS512": digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case "EdDSA": digest = null; digest2 = null; break; default: throw new JOSE_Exception("Unknown signature algorithm"); } switch (alg) { case "RS256": case "RS384": case "RS512": { RsaDigestSigner signer = new RsaDigestSigner(digest); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")), ConvertBigNum(keyToSign.AsBytes("e")), ConvertBigNum(keyToSign.AsBytes("d")), ConvertBigNum(keyToSign.AsBytes("p")), ConvertBigNum(keyToSign.AsBytes("q")), ConvertBigNum(keyToSign.AsBytes("dp")), ConvertBigNum(keyToSign.AsBytes("dq")), ConvertBigNum(keyToSign.AsBytes("qi"))); signer.Init(true, prv); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "PS256": case "PS384": case "PS512": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")), ConvertBigNum(keyToSign.AsBytes("e")), ConvertBigNum(keyToSign.AsBytes("d")), ConvertBigNum(keyToSign.AsBytes("p")), ConvertBigNum(keyToSign.AsBytes("q")), ConvertBigNum(keyToSign.AsBytes("dp")), ConvertBigNum(keyToSign.AsBytes("dq")), ConvertBigNum(keyToSign.AsBytes("qi"))); ParametersWithRandom rnd = new ParametersWithRandom(prv, Message.s_PRNG); signer.Init(true, rnd); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "ES256": case "ES384": case "ES512": { X9ECParameters p = NistNamedCurves.GetByName(keyToSign.AsString("crv")); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(keyToSign.AsBytes("d")), parameters); ParametersWithRandom param = new ParametersWithRandom(privKey, Message.s_PRNG); ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); ecdsa.Init(true, param); BigInteger[] sig = ecdsa.GenerateSignature(bytesToBeSigned); byte[] r = sig[0].ToByteArrayUnsigned(); byte[] s = sig[1].ToByteArrayUnsigned(); byte[] sigs = new byte[r.Length + s.Length]; Array.Copy(r, sigs, r.Length); Array.Copy(s, 0, sigs, r.Length, s.Length); return(sigs); } case "HS256": case "HS384": case "HS512": { HMac hmac = new HMac(digest); KeyParameter key = new KeyParameter(keyToSign.AsBytes("k")); byte[] resBuf = new byte[hmac.GetMacSize()]; hmac.Init(key); hmac.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); hmac.DoFinal(resBuf, 0); return(resBuf); } case "EdDSA": switch (keyToSign.AsString("crv")) { case "Ed25519": { ISigner eddsa; Ed25519PrivateKeyParameters privKey = new Ed25519PrivateKeyParameters(keyToSign.AsBytes("d"), 0); eddsa = new Ed25519Signer(); eddsa.Init(true, privKey); eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(eddsa.GenerateSignature()); } } break; } return(null); }
internal byte[] ComputeMac(byte[] bytesToBeSigned, string alg) { IDigest digest; IDigest digest2; byte[] signature; switch (alg) { case "RS256": case "ES256": case "PS256": case "HS256": digest = new Sha256Digest(); digest2 = new Sha256Digest(); break; case "RS384": case "ES384": case "PS384": case "HS384": digest = new Sha384Digest(); digest2 = new Sha384Digest(); break; case "RS512": case "ES512": case "PS512": case "HS512": digest = new Sha512Digest(); digest2 = new Sha512Digest(); break; case "EdDSA": digest = null; digest2 = null; break; default: throw new JoseException("Unknown signature algorithm"); } switch (alg) { case "RS256": case "RS384": case "RS512": { RsaDigestSigner signer = new RsaDigestSigner(digest); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(this.AsString("n")), ConvertBigNum(this.AsString("e")), ConvertBigNum(this.AsString("d")), ConvertBigNum(this.AsString("p")), ConvertBigNum(this.AsString("q")), ConvertBigNum(this.AsString("dp")), ConvertBigNum(this.AsString("dq")), ConvertBigNum(this.AsString("qi"))); signer.Init(true, prv); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "PS256": case "PS384": case "PS512": { PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize()); RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(this.AsString("n")), ConvertBigNum(this.AsString("e")), ConvertBigNum(this.AsString("d")), ConvertBigNum(this.AsString("p")), ConvertBigNum(this.AsString("q")), ConvertBigNum(this.AsString("dp")), ConvertBigNum(this.AsString("dq")), ConvertBigNum(this.AsString("qi"))); ParametersWithRandom rnd = new ParametersWithRandom(prv, Message.s_PRNG); signer.Init(true, rnd); signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); return(signer.GenerateSignature()); } case "ES256": case "ES384": case "ES512": { digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); byte[] o1 = new byte[digest.GetDigestSize()]; digest.DoFinal(o1, 0); X9ECParameters p = NistNamedCurves.GetByName(this.AsString("crv")); ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H); ECPrivateKeyParameters privKey = new ECPrivateKeyParameters("ECDSA", ConvertBigNum(this.AsString("d")), parameters); ParametersWithRandom param = new ParametersWithRandom(privKey, Message.s_PRNG); ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest())); ecdsa.Init(true, param); BigInteger[] sig = ecdsa.GenerateSignature(o1); byte[] r = sig[0].ToByteArrayUnsigned(); byte[] s = sig[1].ToByteArrayUnsigned(); int cbR = (p.Curve.FieldSize + 7) / 8; byte[] sigs = new byte[cbR * 2]; Array.Copy(r, 0, sigs, cbR - r.Length, r.Length); Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length); signature = sigs; return(sigs); } case "HS256": case "HS384": case "HS512": { HMac hmac = new HMac(digest); KeyParameter key = new KeyParameter(this.AsBytes("k")); byte[] resBuf = new byte[hmac.GetMacSize()]; hmac.Init(key); hmac.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); hmac.DoFinal(resBuf, 0); signature = resBuf; return(resBuf); } case "EdDSA": switch (this.AsString("crv")) { case "Ed25519": { ISigner eddsa; Ed25519PrivateKeyParameters privKey = new Ed25519PrivateKeyParameters(this.AsBytes("d"), 0); eddsa = new Ed25519Signer(); eddsa.Init(true, privKey); eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length); signature = eddsa.GenerateSignature(); return(signature); } } break; } return(null); }