internal static RSA DecryptPrivateKey(EncryptedPrivateKeyInfo encryptedPrivateKeyInfo, string password)
{
var parameters = (DerSequence)encryptedPrivateKeyInfo.EncryptionAlgorithm.Parameters;
var salt = ((DerOctetString)parameters[0]).GetOctets();
var iterations = ((DerInteger)parameters[1]).Value.IntValue;
var pbkdf1 = new PasswordDeriveBytes(password, salt, "SHA1", iterations);
var keyBytes = pbkdf1.GetBytes(16);
var ivBytes = SHA1.Create().ComputeHash(pbkdf1.GetBytes(4));
var engine = new SeedEngine();
var blockCipher = new CbcBlockCipher(engine);
var cipher = new PaddedBufferedBlockCipher(blockCipher);
var cipherParams = new ParametersWithIV(new KeyParameter(keyBytes), ivBytes, 0, 16);
try
{
cipher.Init(false, cipherParams);
var decoded = cipher.DoFinal(encryptedPrivateKeyInfo.GetEncryptedData());
var rsaParams = (RsaPrivateCrtKeyParameters)PrivateKeyFactory.CreateKey(decoded);
return(DotNetUtilities.ToRSA(rsaParams));
}
catch (InvalidCipherTextException)
{
return(null);
}
}
public static PrivateKeyInfo CreatePrivateKeyInfo(char[] passPhrase, bool wrongPkcs12Zero, EncryptedPrivateKeyInfo encInfo)
{
AlgorithmIdentifier encryptionAlgorithm = encInfo.EncryptionAlgorithm;
IBufferedCipher bufferedCipher = PbeUtilities.CreateEngine(encryptionAlgorithm) as IBufferedCipher;
if (bufferedCipher == null)
{
throw new global::System.Exception(string.Concat((object)"Unknown encryption algorithm: ", (object)encryptionAlgorithm.Algorithm));
}
ICipherParameters parameters = PbeUtilities.GenerateCipherParameters(encryptionAlgorithm, passPhrase, wrongPkcs12Zero);
bufferedCipher.Init(forEncryption: false, parameters);
byte[] obj = bufferedCipher.DoFinal(encInfo.GetEncryptedData());
return(PrivateKeyInfo.GetInstance(obj));
}
/// <summary>
/// Get a decryptor from the passed in provider and decrypt the encrypted private key info, returning the result.
/// </summary>
/// <param name="inputDecryptorProvider">A provider to query for decryptors for the object.</param>
/// <returns>The decrypted private key info structure.</returns>
public PrivateKeyInfo DecryptPrivateKeyInfo(IDecryptorBuilderProvider <AlgorithmIdentifier> inputDecryptorProvider)
{
try
{
ICipherBuilder <AlgorithmIdentifier> decryptorBuilder = inputDecryptorProvider.CreateDecryptorBuilder(encryptedPrivateKeyInfo.EncryptionAlgorithm);
ICipher encIn = decryptorBuilder.BuildCipher(new MemoryInputStream(encryptedPrivateKeyInfo.GetEncryptedData()));
using (Stream strm = encIn.Stream)
{
byte[] data = Streams.ReadAll(encIn.Stream);
return(PrivateKeyInfo.GetInstance(data));
}
}
catch (Exception e)
{
throw new PkcsException("unable to read encrypted data: " + e.Message, e);
}
}
public static PrivateKeyInfo CreatePrivateKeyInfo(
char[] passPhrase,
bool wrongPkcs12Zero,
EncryptedPrivateKeyInfo encInfo)
{
AlgorithmIdentifier algID = encInfo.EncryptionAlgorithm;
IBufferedCipher cipher = PbeUtilities.CreateEngine(algID) as IBufferedCipher;
if (cipher == null)
{
throw new Exception("Unknown encryption algorithm: " + algID.Algorithm);
}
ICipherParameters cipherParameters = PbeUtilities.GenerateCipherParameters(
algID, passPhrase, wrongPkcs12Zero);
cipher.Init(false, cipherParameters);
byte[] keyBytes = cipher.DoFinal(encInfo.GetEncryptedData());
return(PrivateKeyInfo.GetInstance(keyBytes));
}
public static PrivateKeyInfo CreatePrivateKeyInfo(
char[] passPhrase,
bool wrongPkcs12Zero,
EncryptedPrivateKeyInfo encInfo)
{
AlgorithmIdentifier algID = encInfo.EncryptionAlgorithm;
IBufferedCipher cipher = PbeUtilities.CreateEngine(algID) as IBufferedCipher;
if (cipher == null)
{
// TODO Throw exception?
}
ICipherParameters keyParameters = PbeUtilities.GenerateCipherParameters(
algID, passPhrase, wrongPkcs12Zero);
cipher.Init(false, keyParameters);
byte[] keyBytes = encInfo.GetEncryptedData();
byte[] encoding = cipher.DoFinal(keyBytes);
Asn1Object asn1Data = Asn1Object.FromByteArray(encoding);
return(PrivateKeyInfo.GetInstance(asn1Data));
}
public override void PerformTest()
{
Pfx bag = Pfx.GetInstance(pkcs12);
ContentInfo info = bag.AuthSafe;
MacData mData = bag.MacData;
DigestInfo dInfo = mData.Mac;
AlgorithmIdentifier algId = dInfo.AlgorithmID;
byte[] salt = mData.GetSalt();
int itCount = mData.IterationCount.IntValue;
Asn1OctetString content = Asn1OctetString.GetInstance(info.Content);
AuthenticatedSafe authSafe = AuthenticatedSafe.GetInstance(content.GetOctets());
ContentInfo[] c = authSafe.GetContentInfo();
//
// private key section
//
if (!c[0].ContentType.Equals(PkcsObjectIdentifiers.Data))
{
Fail("Failed comparison data test");
}
Asn1OctetString authSafeContent = Asn1OctetString.GetInstance(c[0].Content);
Asn1Sequence seq = Asn1Sequence.GetInstance(authSafeContent.GetOctets());
SafeBag b = SafeBag.GetInstance(seq[0]);
if (!b.BagID.Equals(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag))
{
Fail("Failed comparison shroudedKeyBag test");
}
EncryptedPrivateKeyInfo encInfo = EncryptedPrivateKeyInfo.GetInstance(b.BagValue);
encInfo = new EncryptedPrivateKeyInfo(encInfo.EncryptionAlgorithm, encInfo.GetEncryptedData());
b = new SafeBag(PkcsObjectIdentifiers.Pkcs8ShroudedKeyBag, encInfo.ToAsn1Object(), b.BagAttributes);
byte[] contentOctets = new DerSequence(b).GetEncoded();
c[0] = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(contentOctets));
//
// certificates
//
if (!c[1].ContentType.Equals(PkcsObjectIdentifiers.EncryptedData))
{
Fail("Failed comparison encryptedData test");
}
EncryptedData eData = EncryptedData.GetInstance(c[1].Content);
c[1] = new ContentInfo(PkcsObjectIdentifiers.EncryptedData, eData);
//
// create an octet stream to represent the BER encoding of authSafe
//
authSafe = new AuthenticatedSafe(c);
contentOctets = authSafe.GetEncoded();
info = new ContentInfo(PkcsObjectIdentifiers.Data, new BerOctetString(contentOctets));
mData = new MacData(new DigestInfo(algId, dInfo.GetDigest()), salt, itCount);
bag = new Pfx(info, mData);
//
// comparison test
//
byte[] pfxEncoding = bag.GetEncoded();
if (!Arrays.AreEqual(pfxEncoding, pkcs12))
{
Fail("Failed comparison test");
}
}
public override void PerformTest()
{
char[] password = "******".ToCharArray();
PbeParametersGenerator generator = new Pkcs5S2ParametersGenerator();
EncryptedPrivateKeyInfo info = null;
try
{
info = EncryptedPrivateKeyInfo.GetInstance(Asn1Object.FromByteArray(sample));
}
catch (System.Exception e)
{
Fail("failed construction - exception " + e.ToString(), e);
}
PbeS2Parameters alg = PbeS2Parameters.GetInstance(info.EncryptionAlgorithm.Parameters);
Pbkdf2Params func = Pbkdf2Params.GetInstance(alg.KeyDerivationFunc.Parameters);
EncryptionScheme scheme = alg.EncryptionScheme;
if (func.KeyLength != null)
{
keySize = func.KeyLength.IntValue * 8;
}
int iterationCount = func.IterationCount.IntValue;
byte[] salt = func.GetSalt();
generator.Init(PbeParametersGenerator.Pkcs5PasswordToBytes(password), salt, iterationCount);
DerObjectIdentifier algOid = scheme.ObjectID;
byte[] iv;
if (algOid.Equals(PkcsObjectIdentifiers.RC2Cbc))
{
RC2CbcParameter rc2Params = RC2CbcParameter.GetInstance(scheme.Asn1Object);
iv = rc2Params.GetIV();
}
else
{
iv = ((Asn1OctetString)scheme.Asn1Object).GetOctets();
}
ICipherParameters param = new ParametersWithIV(
generator.GenerateDerivedParameters(algOid.Id, keySize), iv);
cipher.Init(false, param);
byte[] data = info.GetEncryptedData();
byte[] outBytes = new byte[cipher.GetOutputSize(data.Length)];
int len = cipher.ProcessBytes(data, 0, data.Length, outBytes, 0);
try
{
len += cipher.DoFinal(outBytes, len);
}
catch (Exception e)
{
Fail("failed DoFinal - exception " + e.ToString());
}
if (result.Length != len)
{
Fail("failed length");
}
for (int i = 0; i != len; i++)
{
if (outBytes[i] != result[i])
{
Fail("failed comparison");
}
}
}
/// <summary>
/// Returns a copy of the encrypted data in this structure.
/// </summary>
/// <returns>Return a copy of the encrypted data in this object.</returns>
public byte[] GetEncryptedData()
{
return(encryptedPrivateKeyInfo.GetEncryptedData());
}