/// <inheritdoc /> public ICryptoTransform CreateEncryptor(ICryptographicKey key, byte[] iv) { Requires.NotNull(key, "key"); var ownKey = (CryptographicKey)key; return GetTransformForBlockMode(ownKey, iv, true); }
/// <inheritdoc /> public byte[] SignHashedData(ICryptographicKey key, byte[] data) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); return ((CryptographicKey)key).SignHash(data); }
public void KeyPairRoundTrip() { foreach (var algorithm in KeyAlgorithmsToTest) { Debug.WriteLine("** Algorithm: {0} **", algorithm.Key); var keyAlgorithm = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(algorithm.Key); using (ICryptographicKey key = keyAlgorithm.CreateKeyPair(algorithm.Value)) { int supportedFormats = 0; foreach (CryptographicPrivateKeyBlobType format in Enum.GetValues(typeof(CryptographicPrivateKeyBlobType))) { try { byte[] keyBlob = key.Export(format); using (var key2 = keyAlgorithm.ImportKeyPair(keyBlob, format)) { byte[] key2Blob = key2.Export(format); Assert.AreEqual(Convert.ToBase64String(keyBlob), Convert.ToBase64String(key2Blob)); Debug.WriteLine("Format {0} supported.", format); Debug.WriteLine(Convert.ToBase64String(keyBlob)); supportedFormats++; } } catch (NotSupportedException) { Debug.WriteLine("Format {0} NOT supported.", format); } } Assert.IsTrue(supportedFormats > 0, "No supported formats."); } } }
private async Task PlayAliceRoleAsync(ICryptographicKey ownSigningKey, ICryptographicKey othersSigningPublicKey, Stream channel, CancellationToken cancellationToken) { // Create ephemeral ECDH key pair, to prepare for the symmetric encryption key exchange. using (var ecdhKeyPair = NetFxCrypto.ECDiffieHellman.Create()) { // Alice receives Bob's ECDH public key and signature. byte[] bobPublicDH = await ReadAsync(channel, cancellationToken); byte[] bobSignedDH = await ReadAsync(channel, cancellationToken); // Alice verifies Bob's signature to be sure it's his key. Assert.IsTrue(WinRTCrypto.CryptographicEngine.VerifySignature(othersSigningPublicKey, bobPublicDH, bobSignedDH)); // Alice replies to Bob's public key by transmitting her own public key and signature. var ecdhPublicKey = ecdhKeyPair.PublicKey.ToByteArray(); await WriteAsync(channel, ecdhPublicKey, cancellationToken); byte[] ecdhPublicKeySignature = WinRTCrypto.CryptographicEngine.Sign(ownSigningKey, ecdhPublicKey); await WriteAsync(channel, ecdhPublicKeySignature, cancellationToken); // Derive a shared secret with Bob by combining Alice's private key with Bob's public key. var bobDHPK = NetFxCrypto.ECDiffieHellmanCngPublicKey.FromByteArray(bobPublicDH); byte[] encryptionKeyMaterial = ecdhKeyPair.DeriveKeyMaterial(bobDHPK); var symmetricEncryptionKey = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7) .CreateSymmetricKey(encryptionKeyMaterial); // Alice also adds a secret message. using (var aes = CryptoStream.WriteTo(channel, WinRTCrypto.CryptographicEngine.CreateEncryptor(symmetricEncryptionKey))) { await aes.WriteAsync(SecretMessage, 0, SecretMessage.Length, cancellationToken); } channel.Dispose(); } }
/// <inheritdoc /> public byte[] SignHashedData(ICryptographicKey key, byte[] data) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); return(((CryptographicKey)key).SignHash(data)); }
/// <summary> /// Extracts the platform-specific key from the PCL version. /// </summary> /// <param name="key">The PCL key.</param> /// <returns>The platform-specific key.</returns> private static Platform.Core.CryptographicKey ExtractPlatformKey(ICryptographicKey key) { Requires.NotNull(key, "key"); var platformKey = ((CryptographicKey)key).Key; return(platformKey); }
/// <inheritdoc /> public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize) { var platformKey = ((CryptographicKey)key).Key; var platformParameters = ((KeyDerivationParameters)parameters).Parameters; return(Platform.Core.CryptographicEngine.DeriveKeyMaterial(platformKey, platformParameters, (uint)desiredKeySize).ToArray()); }
public void VerifySignatureWithHashInput_NullData(ICryptographicKey key) { var signature = new byte[23]; Assert.Throws <ArgumentNullException>( () => WinRTCrypto.CryptographicEngine.VerifySignatureWithHashInput(key, null, signature)); }
/// <inheritdoc /> public byte[] Encrypt(ICryptographicKey key, byte[] data, byte[] iv) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); var keyClass = (CryptographicKey)key; if (keyClass.SymmetricAlgorithmProvider != null) { bool paddingInUse = keyClass.SymmetricAlgorithmProvider.Algorithm.GetPadding() != SymmetricAlgorithmPadding.None; Requires.Argument(paddingInUse || this.IsValidInputSize(keyClass, data.Length), "data", "Length does not a multiple of block size and no padding is selected."); } try { return(Platform.Core.CryptographicEngine.Encrypt( keyClass.Key, data.ToBuffer(), iv.ToBuffer()).ToArray()); } catch (NotImplementedException ex) { throw new NotSupportedException(ex.Message, ex); } }
public static string DecryptAes(byte[] data, byte[] key, byte[] rgbKey, byte[] rgbIV) { ISymmetricKeyAlgorithmProvider aes = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbc); ICryptographicKey symetricKey = aes.CreateSymmetricKey(rgbKey); string returnValue = ""; using (var ms = new MemoryStream(data)) { // Read the first 16 bytes which is the IV. byte[] iv = new byte[16]; ms.Read(iv, 0, 16); using (var decryptor = WinRTCrypto.CryptographicEngine.CreateDecryptor(symetricKey, iv)) { using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read)) { using (var sr = new StreamReader(cs)) { returnValue = sr.ReadToEnd(); } } } } return(returnValue); }
/// <inheritdoc /> public ICryptoTransform CreateDecryptor(ICryptographicKey key, byte[] iv) { Requires.NotNull(key, "key"); var keyClass = (CryptographicKey)key; return keyClass.CreateDecryptor(iv); }
public void PrivateKeyDataComputation() { var algorithmName = AsymmetricAlgorithm.RsaOaepSha1; string base64BCrypt = Helper.PrivateKeyFormatsAndBlobs[Tuple.Create(algorithmName, CryptographicPrivateKeyBlobType.BCryptPrivateKey)]; string base64Pkcs1 = Helper.PrivateKeyFormatsAndBlobs[Tuple.Create(algorithmName, CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey)]; var algorithm = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(algorithmName); ICryptographicKey bcryptKey = algorithm.ImportKeyPair(Convert.FromBase64String(base64BCrypt), CryptographicPrivateKeyBlobType.BCryptPrivateKey); ICryptographicKey pkcs1Key = algorithm.ImportKeyPair(Convert.FromBase64String(base64Pkcs1), CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey); var bcryptParameters = bcryptKey.ExportParameters(true); var pkcs1Parameters = pkcs1Key.ExportParameters(true); this.logger.WriteLine("PKCS1 P: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(pkcs1Parameters.P)); this.logger.WriteLine("BCrypt P: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(bcryptParameters.P)); this.logger.WriteLine("PKCS1 Q: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(pkcs1Parameters.Q)); this.logger.WriteLine("BCrypt Q: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(bcryptParameters.Q)); this.logger.WriteLine("PKCS1 D: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(pkcs1Parameters.D)); this.logger.WriteLine("BCrypt D: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(bcryptParameters.D)); this.logger.WriteLine("PKCS1 DP: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(pkcs1Parameters.DP)); this.logger.WriteLine("BCrypt DP: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(bcryptParameters.DP)); this.logger.WriteLine("PKCS1 DQ: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(pkcs1Parameters.DQ)); this.logger.WriteLine("BCrypt DQ: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(bcryptParameters.DQ)); this.logger.WriteLine("PKCS1 InverseQ: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(pkcs1Parameters.InverseQ)); this.logger.WriteLine("BCrypt InverseQ: {0}", WinRTCrypto.CryptographicBuffer.EncodeToHexString(bcryptParameters.InverseQ)); Assert.Equal <byte>(pkcs1Parameters.P, bcryptParameters.P); Assert.Equal <byte>(pkcs1Parameters.Q, bcryptParameters.Q); ////Assert.Equal<byte>(pkcs1Parameters.D, bcryptParameters.D); // not equal when computed ourselves, but equivalent Assert.Equal <byte>(pkcs1Parameters.DP, bcryptParameters.DP); Assert.Equal <byte>(pkcs1Parameters.DQ, bcryptParameters.DQ); Assert.Equal <byte>(pkcs1Parameters.InverseQ, bcryptParameters.InverseQ); }
public void CreateKey() { foreach (var algorithmAndExpectedResult in this.stretchedKeyBase64) { this.logger.WriteLine("Testing algorithm: {0}", algorithmAndExpectedResult.Key); var algorithm = WinRTCrypto.KeyDerivationAlgorithmProvider.OpenAlgorithm(algorithmAndExpectedResult.Key); ICryptographicKey key = algorithm.CreateKey(this.originalKey); Assert.NotNull(key); Assert.Equal(this.originalKey.Length * 8, key.KeySize); IKeyDerivationParameters parameters = WinRTCrypto.KeyDerivationParameters.BuildForPbkdf2(this.salt, this.iterations); Assert.Equal(this.iterations, parameters.IterationCount); CollectionAssertEx.AreEqual(this.salt, parameters.KdfGenericBinary); try { byte[] keyMaterial = WinRTCrypto.CryptographicEngine.DeriveKeyMaterial(key, parameters, 20); Assert.Equal(algorithmAndExpectedResult.Value, Convert.ToBase64String(keyMaterial)); } catch (NotSupportedException) { this.logger.WriteLine(" - Not supported on this platform"); } } }
private const AsymmetricAlgorithm RsaType = AsymmetricAlgorithm.RsaPkcs1; //or OeapSha1 and OaepSha256 public void GenerateKeys() { ICryptographicKey key = GetAsymmetricKeyAlgorithm().CreateKeyPair(RsaKeySize); PrivateKey = key.Export(CryptographicPrivateKeyBlobType.Pkcs1RsaPrivateKey); PublicKey = key.ExportPublicKey(CryptographicPublicKeyBlobType.Pkcs1RsaPublicKey); }
/// <inheritdoc /> public byte[] Sign(ICryptographicKey key, byte[] data) { Requires.NotNull(key, nameof(key)); Requires.NotNull(data, nameof(data)); return(((CryptographicKey)key).Sign(data)); }
public static string Encrypt(string originalPayload, byte[] privateKey) { string encryptedPayload = ""; ISymmetricKeyAlgorithmProvider aes = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7); ICryptographicKey symetricKey = aes.CreateSymmetricKey(privateKey); var iv = WinRTCrypto.CryptographicBuffer.GenerateRandom(aes.BlockLength); var input = Encoding.UTF8.GetBytes(originalPayload); using (var encrypter = WinRTCrypto.CryptographicEngine.CreateEncryptor(symetricKey, iv)) { using (var cipherStream = new MemoryStream()) { using (var tCryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write)) using (var tBinaryWriter = new BinaryWriter(tCryptoStream)) { //Prepend IV to data cipherStream.Write(iv, 0, iv.Length); //Write iv to the plain stream (not tested though) tBinaryWriter.Write(input); tCryptoStream.FlushFinalBlock(); } encryptedPayload = Convert.ToBase64String(cipherStream.ToArray()); } } return(encryptedPayload); }
public async Task <string> Encrypt(string dataToBeEncrypted, ICryptographicKey key) { var plain = Encoding.UTF8.GetBytes(dataToBeEncrypted); var encrypted = WinRTCrypto.CryptographicEngine.Encrypt(key, plain); var encryptedString = Convert.ToBase64String(encrypted); return(await Task.FromResult(encryptedString)); }
public async Task <string> Decrypt(string dataToBeDecrypted, ICryptographicKey key) { var encrypted = Convert.FromBase64String(dataToBeDecrypted); var decrypted = WinRTCrypto.CryptographicEngine.Decrypt(key, encrypted); var decryptedString = Encoding.UTF8.GetString(decrypted, 0, decrypted.Length); return(await Task.FromResult(decryptedString)); }
/// <inheritdoc /> public bool VerifySignatureWithHashInput(ICryptographicKey key, byte[] data, byte[] signature) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); Requires.NotNull(signature, "paramName"); return ((CryptographicKey)key).VerifyHash(data, signature); }
/// <inheritdoc /> public bool VerifySignatureWithHashInput(ICryptographicKey key, byte[] data, byte[] signature) { Requires.NotNull(key, nameof(key)); Requires.NotNull(data, nameof(data)); Requires.NotNull(signature, nameof(signature)); return(((CryptographicKey)key).VerifyHash(data, signature)); }
public void Sign_VerifySignatureWithHashInput(ICryptographicKey key, HashAlgorithm hashAlgorithm) { byte[] hash = WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(hashAlgorithm) .HashData(this.data); byte[] signature = WinRTCrypto.CryptographicEngine.Sign(key, this.data); Assert.True(WinRTCrypto.CryptographicEngine.VerifySignatureWithHashInput(key, hash, signature)); }
/// <inheritdoc /> public bool VerifySignatureWithHashInput(ICryptographicKey key, byte[] data, byte[] signature) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); Requires.NotNull(signature, "paramName"); return(((CryptographicKey)key).VerifyHash(data, signature)); }
/// <inheritdoc /> public ICryptoTransform CreateDecryptor(ICryptographicKey key, byte[] iv) { Requires.NotNull(key, "key"); var ownKey = (CryptographicKey)key; return(GetTransformForBlockMode(ownKey, iv, false)); }
/// <inheritdoc /> public ICryptoTransform CreateDecryptor(ICryptographicKey key, byte[] iv) { Requires.NotNull(key, "key"); var keyClass = (CryptographicKey)key; return(keyClass.CreateDecryptor(iv)); }
/// <inheritdoc /> public bool VerifySignature(ICryptographicKey key, byte[] data, byte[] signature) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); Requires.NotNull(signature, "signature"); return ((CryptographicKey)key).VerifySignature(data, signature); }
public static bool Verify(byte[] key, byte[] message, byte[] signature) { IMacAlgorithmProvider provider = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha256); ICryptographicKey hmacKey = provider.CreateKey(key); return(CryptographicEngine.VerifySignature(hmacKey, message, signature)); }
public static byte[] sha256sum(byte[] key, byte[] message) { IMacAlgorithmProvider provider = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithm.HmacSha256); ICryptographicKey hmacKey = provider.CreateKey(key); byte [] hmac = CryptographicEngine.Sign(hmacKey, message); return(hmac); }
/// <summary> /// Computes PKCS5 for the message /// </summary> /// <param name="message">plaintext</param> /// <returns>PKCS5 of the message</returns> public static byte[] aesCbcPkcs5(byte[] message, byte[] key, byte[] iv) { ISymmetricKeyAlgorithmProvider objAlg = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7); // PKCS5 ICryptographicKey ckey = objAlg.CreateSymmetricKey(key); byte [] result = CryptographicEngine.Encrypt(ckey, message, iv); return(result); }
/// <inheritdoc /> public byte[] Decrypt(ICryptographicKey key, byte[] data, byte[] iv) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); var keyClass = (CryptographicKey)key; return keyClass.Decrypt(data, iv); }
public void CreateSymmetricKey_ExportPublicKey() { var provider = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7); ICryptographicKey key = provider.CreateSymmetricKey(this.keyMaterial); Assert.Throws <NotSupportedException>( () => key.ExportPublicKey()); }
private void CreateSymmetricKeyHelper(SymmetricAlgorithm algorithm) { var provider = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(algorithm); ICryptographicKey key = provider.CreateSymmetricKey(this.keyMaterial); Assert.NotNull(key); Assert.Equal(this.keyMaterial.Length * 8, key.KeySize); }
/// <inheritdoc /> public bool VerifySignature(ICryptographicKey key, byte[] data, byte[] signature) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); Requires.NotNull(signature, "signature"); return(((CryptographicKey)key).VerifySignature(data, signature)); }
/// <inheritdoc /> public ICryptoTransform CreateEncryptor(ICryptographicKey key, byte[]?iv) { Requires.NotNull(key, nameof(key)); var keyClass = (CryptographicKey)key; return(keyClass.CreateEncryptor(iv)); }
/// <inheritdoc /> public byte[] Sign(ICryptographicKey key, byte[] data) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); return(Platform.Core.CryptographicEngine.Sign( ExtractPlatformKey(key), data.ToBuffer()).ToArray()); }
internal static string Decrypt(byte[] encryptedText) //Seridonio,2016 { ISymmetricKeyAlgorithmProvider aesCrypto = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7); ICryptographicKey symmtricKey = aesCrypto.CreateSymmetricKey(_derivedKey); ICryptoTransform decryptor = WinRTCrypto.CryptographicEngine.CreateDecryptor(symmtricKey); byte[] decryptedText = decryptor.TransformFinalBlock(encryptedText, 0, encryptedText.Length); return(Encoding.UTF8.GetString(decryptedText, 0, decryptedText.Length)); }
public void SignHashedData_VerifySignatureWithHashInput(ICryptographicKey key, HashAlgorithm hashAlgorithm) { byte[] hash = WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(hashAlgorithm) .HashData(this.data); byte[] signature = WinRTCrypto.CryptographicEngine.SignHashedData(key, hash); Assert.True(WinRTCrypto.CryptographicEngine.VerifySignatureWithHashInput(key, hash, signature)); Assert.False(WinRTCrypto.CryptographicEngine.VerifySignatureWithHashInput(key, hash, PclTestUtilities.Tamper(signature))); Assert.False(WinRTCrypto.CryptographicEngine.VerifySignatureWithHashInput(key, PclTestUtilities.Tamper(this.data), signature)); }
static CryptographicEngineAsymmetricTests() { try { EcdsaSigningKey = WinRTCrypto.AsymmetricKeyAlgorithmProvider .OpenAlgorithm(AsymmetricAlgorithm.EcdsaP256Sha256) .CreateKeyPair(256); } catch (NotSupportedException) { // ECDSA is not supported on this platform. } }
public CryptographicEngineTests(ITestOutputHelper logger) { this.logger = logger; try { this.aesKeyZerosPadding = WinRTCrypto.SymmetricKeyAlgorithmProvider .OpenAlgorithm(SymmetricAlgorithmName.Aes, SymmetricAlgorithmMode.Cbc, SymmetricAlgorithmPadding.Zeros) .CreateSymmetricKey(Convert.FromBase64String(AesKeyMaterial)); } catch (NotSupportedException) { } }
/// <inheritdoc /> public byte[] Decrypt(ICryptographicKey key, byte[] data, byte[] iv) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); var keyClass = (CryptographicKey)key; if (keyClass.SymmetricAlgorithmProvider != null) { Requires.Argument(this.IsValidInputSize(keyClass, data.Length), "data", "Length does not a multiple of block size and no padding is selected."); } return Platform.Core.CryptographicEngine.Decrypt( keyClass.Key, data.ToBuffer(), iv.ToBuffer()).ToArray(); }
public Rsa(byte[] key, bool intermediateConvertToBase64BeforeEncryption = false, bool isPrivateKey = false) { try { var rsa = WinRTCrypto.AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaPkcs1); IntermediateConvertToBase64BeforeEncryption = intermediateConvertToBase64BeforeEncryption; CanDecrypt = isPrivateKey; if (isPrivateKey) { _key = rsa.ImportKeyPair(key); } else { _key = rsa.ImportPublicKey(key); } } catch (Exception ex) { string exception = ex.Message; } }
/// <inheritdoc /> public byte[] Encrypt(ICryptographicKey key, byte[] data, byte[] iv) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); var keyClass = (CryptographicKey)key; if (keyClass.SymmetricAlgorithmProvider != null) { bool paddingInUse = keyClass.SymmetricAlgorithmProvider.Algorithm.GetPadding() != SymmetricAlgorithmPadding.None; Requires.Argument(paddingInUse || this.IsValidInputSize(keyClass, data.Length), "data", "Length does not a multiple of block size and no padding is selected."); } try { return Platform.Core.CryptographicEngine.Encrypt( keyClass.Key, data.ToBuffer(), iv.ToBuffer()).ToArray(); } catch (NotImplementedException ex) { throw new NotSupportedException(ex.Message, ex); } }
/// <summary> /// Initializes a new instance of the <see cref="OwnEndpoint" /> class. /// </summary> /// <param name="signingKey">The signing key.</param> /// <param name="encryptionKey">The encryption key.</param> /// <param name="inboxOwnerCode">The secret that proves ownership of the inbox at the <see cref="Endpoint.MessageReceivingEndpoint" />.</param> public OwnEndpoint(ICryptographicKey signingKey, ICryptographicKey encryptionKey, string inboxOwnerCode = null) : this() { Requires.NotNull(signingKey, "signingKey"); Requires.NotNull(encryptionKey, "encryptionKey"); this.PublicEndpoint = new Endpoint { SigningKeyPublicMaterial = signingKey.ExportPublicKey(CryptoSettings.PublicKeyFormat), EncryptionKeyPublicMaterial = encryptionKey.ExportPublicKey(CryptoSettings.PublicKeyFormat), }; // We could preserve the key instances, but that could make // our behavior a little less repeatable if we had problems // with key serialization. ////this.signingKey = signingKey; ////this.encryptionKey = encryptionKey; // Since this is a new endpoint we can choose a more modern format for the private keys. this.PrivateKeyFormat = CryptographicPrivateKeyBlobType.Pkcs8RawPrivateKeyInfo; this.SigningKeyPrivateMaterial = signingKey.Export(this.PrivateKeyFormat); this.EncryptionKeyPrivateMaterial = encryptionKey.Export(this.PrivateKeyFormat); this.InboxOwnerCode = inboxOwnerCode; }
/// <inheritdoc /> public byte[] SignHashedData(ICryptographicKey key, byte[] data) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); var keyClass = (CryptographicKey)key; return Platform.Core.CryptographicEngine.SignHashedData( keyClass.Key, data.ToBuffer()).ToArray(); }
/// <inheritdoc /> public bool VerifySignature(ICryptographicKey key, byte[] data, byte[] signature) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); Requires.NotNull(signature, "signature"); return Platform.Core.CryptographicEngine.VerifySignature( ExtractPlatformKey(key), data.ToBuffer(), signature.ToBuffer()); }
/// <inheritdoc /> public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize) { // Right now we're assuming that KdfGenericBinary is directly usable as a salt // in RFC2898. When our KeyDerivationParametersFactory class supports // more parameter types than just BuildForPbkdf2, we might need to adjust this code // to handle each type of parameter. var keyDerivation = (KeyDerivationCryptographicKey)key; byte[] salt = parameters.KdfGenericBinary; switch (keyDerivation.Algorithm) { case KeyDerivationAlgorithm.Pbkdf2Sha1: var deriveBytes = new Platform.Rfc2898DeriveBytes(keyDerivation.Key, salt, parameters.IterationCount); return deriveBytes.GetBytes(desiredKeySize); default: // TODO: consider using Platform.PasswordDeriveBytes if it can // support some more of these algorithms. throw new NotSupportedException("Only KeyDerivationAlgorithm.Pbkdf2Sha1 is supported for this platform."); } }
/// <inheritdoc /> public byte[] Sign(ICryptographicKey key, byte[] data) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); return Platform.Core.CryptographicEngine.Sign( ExtractPlatformKey(key), data.ToBuffer()).ToArray(); }
public App() { // create the key we are going to use var asym = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(AsymmetricAlgorithm.RsaPkcs1); var hash = HashAlgorithmProvider.OpenAlgorithm(HashAlgorithm.Sha1); // The root page of your application MainPage = new ContentPage { Content = new StackLayout { VerticalOptions = LayoutOptions.Center, Children = { // create a key (createKeyButton = new Button { Text = "Create Key", Command = new Command(() => { key = asym.CreateKeyPair(512); var publicKey = key.ExportPublicKey(); var publicKeyString = Convert.ToBase64String(publicKey); publicKeyLabel.Text = publicKeyString; }) }), (publicKeyLabel = new Label { Text = "..." }), // enter plain text (valueText = new Entry { Text = "Hello World!" }), // start encryption (encryptButton = new Button { Text = "Encrypt", Command = new Command(() => { try { var plainString = valueText.Text; var plain = Encoding.UTF8.GetBytes(plainString); var encrypted = CryptographicEngine.Encrypt(key, plain); var encryptedString = Convert.ToBase64String(encrypted); encryptLabel.Text = encryptedString; } catch (Exception ex) { encryptLabel.Text = "Error encrypting: " + ex.Message; } }) }), (encryptLabel = new Label { Text = "..." }), // and now decrypt (decryptButton = new Button { Text = "Decrypt", Command = new Command(() => { try { var encryptedString = encryptLabel.Text; var encrypted = Convert.FromBase64String(encryptedString); var decrypted = CryptographicEngine.Decrypt(key, encrypted); var decryptedString = Encoding.UTF8.GetString(decrypted, 0, decrypted.Length); decryptLabel.Text = decryptedString; } catch (Exception ex) { decryptLabel.Text = "Error decrypting: " + ex.Message; } }) }), (decryptLabel = new Label { Text = "..." }), // and hash (hashButton = new Button { Text = "hash", Command = new Command(() => { try { var plainString = valueText.Text; var plain = Encoding.UTF8.GetBytes(plainString); var hashed = hash.HashData(plain); var hashedString = Convert.ToBase64String(hashed); hashLabel.Text = hashedString; } catch (Exception ex) { hashLabel.Text = "Error hashing: " + ex.Message; } }) }), (hashLabel = new Label { Text = "..." }) } } }; // set initial data createKeyButton.Command.Execute(null); encryptButton.Command.Execute(null); decryptButton.Command.Execute(null); hashButton.Command.Execute(null); }
/// <summary> /// Extracts the platform-specific key from the PCL version. /// </summary> /// <param name="key">The PCL key.</param> /// <returns>The platform-specific key.</returns> private static Platform.Core.CryptographicKey ExtractPlatformKey(ICryptographicKey key) { Requires.NotNull(key, "key"); var platformKey = ((CryptographicKey)key).Key; return platformKey; }
public void SignHashedData_NullHash(ICryptographicKey key) { Assert.Throws<ArgumentNullException>( () => WinRTCrypto.CryptographicEngine.SignHashedData(key, null)); }
public void SignAndVerifySignature(ICryptographicKey key) { try { byte[] signature = WinRTCrypto.CryptographicEngine.Sign(key, this.data); Assert.True(WinRTCrypto.CryptographicEngine.VerifySignature(key, this.data, signature)); Assert.False(WinRTCrypto.CryptographicEngine.VerifySignature(key, PclTestUtilities.Tamper(this.data), signature)); Assert.False(WinRTCrypto.CryptographicEngine.VerifySignature(key, this.data, PclTestUtilities.Tamper(signature))); } catch (NotSupportedException) { this.logger.WriteLine("Not supported by the platform."); } }
public void VerifySignature_NullData(ICryptographicKey key) { Assert.Throws<ArgumentNullException>( () => WinRTCrypto.CryptographicEngine.VerifySignature(key, null, new byte[2])); }
public void VerifySignatureWithHashInput_NullSignature(ICryptographicKey key) { Assert.Throws<ArgumentNullException>( () => WinRTCrypto.CryptographicEngine.VerifySignatureWithHashInput(key, this.data, null)); }
private async Task PlayAliceRoleAsync(ICryptographicKey ownSigningKey, ICryptographicKey othersSigningPublicKey, Stream channel, CancellationToken cancellationToken) { // Create ephemeral ECDH key pair, to prepare for the symmetric encryption key exchange. using (var ecdhKeyPair = NetFxCrypto.ECDiffieHellman.Create()) { // Alice receives Bob's ECDH public key and signature. byte[] bobPublicDH = await ReadAsync(channel, cancellationToken); byte[] bobSignedDH = await ReadAsync(channel, cancellationToken); // Alice verifies Bob's signature to be sure it's his key. Assert.True(WinRTCrypto.CryptographicEngine.VerifySignature(othersSigningPublicKey, bobPublicDH, bobSignedDH)); // Alice replies to Bob's public key by transmitting her own public key and signature. var ecdhPublicKey = ecdhKeyPair.PublicKey.ToByteArray(); await WriteAsync(channel, ecdhPublicKey, cancellationToken); byte[] ecdhPublicKeySignature = WinRTCrypto.CryptographicEngine.Sign(ownSigningKey, ecdhPublicKey); await WriteAsync(channel, ecdhPublicKeySignature, cancellationToken); // Derive a shared secret with Bob by combining Alice's private key with Bob's public key. var bobDHPK = NetFxCrypto.ECDiffieHellmanCngPublicKey.FromByteArray(bobPublicDH); byte[] encryptionKeyMaterial = ecdhKeyPair.DeriveKeyMaterial(bobDHPK); var symmetricEncryptionKey = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7) .CreateSymmetricKey(encryptionKeyMaterial); // Alice also adds a secret message. using (var aes = CryptoStream.WriteTo(channel, WinRTCrypto.CryptographicEngine.CreateEncryptor(symmetricEncryptionKey))) { await aes.WriteAsync(SecretMessage, 0, SecretMessage.Length, cancellationToken); } channel.Dispose(); } }
private async Task PlayBobRoleAsync(ICryptographicKey ownSigningKey, ICryptographicKey othersSigningPublicKey, Stream channel, CancellationToken cancellationToken) { // Create ephemeral ECDH key pair, to prepare for the symmetric encryption key exchange. using (var ecdhKeyPair = NetFxCrypto.ECDiffieHellman.Create()) { // Send the ephemeral ECDH public key to Alice. var ecdhPublicKey = ecdhKeyPair.PublicKey.ToByteArray(); await WriteAsync(channel, ecdhPublicKey, cancellationToken); // Authenticate to Alice that this is really Bob's ephemeral public key. byte[] ecdhPublicKeySignature = WinRTCrypto.CryptographicEngine.Sign(ownSigningKey, ecdhPublicKey); await WriteAsync(channel, ecdhPublicKeySignature, cancellationToken); // Read Alice's reply. It consists of her own ephemeral public key and signature. byte[] alicePublicDH = await ReadAsync(channel, cancellationToken); byte[] aliceSignedDH = await ReadAsync(channel, cancellationToken); // Authenticate Alice's public key. Assert.True(WinRTCrypto.CryptographicEngine.VerifySignature(othersSigningPublicKey, alicePublicDH, aliceSignedDH)); // Deserialize Alice's public key and derive the shared secret from it. var aliceDHPK = NetFxCrypto.ECDiffieHellmanCngPublicKey.FromByteArray(alicePublicDH); byte[] encryptionKeyMaterial = ecdhKeyPair.DeriveKeyMaterial(aliceDHPK); var encryptionKey = WinRTCrypto.SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithm.AesCbcPkcs7) .CreateSymmetricKey(encryptionKeyMaterial); // Bob reads Alice's secret message using the shared secret that both parties derived, // but never transmitted. using (var aes = CryptoStream.ReadFrom(channel, WinRTCrypto.CryptographicEngine.CreateDecryptor(encryptionKey))) { byte[] plaintext = await ReadAsync(aes, cancellationToken); // Assert that the plaintext is as it was expected to be. CollectionAssertEx.AreEqual(SecretMessage, plaintext); } channel.Dispose(); } }
/// <inheritdoc /> public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize) { return ((CryptographicKey)key).DeriveKeyMaterial(parameters, desiredKeySize); }
public void Sign_VerifySignatureWithHashInput(ICryptographicKey key, HashAlgorithm hashAlgorithm) { try { byte[] hash = WinRTCrypto.HashAlgorithmProvider.OpenAlgorithm(hashAlgorithm) .HashData(this.data); byte[] signature = WinRTCrypto.CryptographicEngine.Sign(key, this.data); Assert.True(WinRTCrypto.CryptographicEngine.VerifySignatureWithHashInput(key, hash, signature)); } catch (NotSupportedException) { // Not all platforms support this. this.logger.WriteLine("Skipped test for unsupported functionality on this platform."); } }
/// <inheritdoc /> public bool VerifySignatureWithHashInput(ICryptographicKey key, byte[] data, byte[] signature) { Requires.NotNull(key, "key"); Requires.NotNull(data, "data"); Requires.NotNull(signature, "signature"); var keyClass = (CryptographicKey)key; return Platform.Core.CryptographicEngine.VerifySignatureWithHashInput( keyClass.Key, data.ToBuffer(), signature.ToBuffer()); }
public void VerifySignatureWithHashInput_NullData(ICryptographicKey key) { var signature = new byte[23]; Assert.Throws<ArgumentNullException>( () => WinRTCrypto.CryptographicEngine.VerifySignatureWithHashInput(key, null, signature)); }
/// <inheritdoc /> public byte[] DeriveKeyMaterial(ICryptographicKey key, IKeyDerivationParameters parameters, int desiredKeySize) { var platformKey = ((CryptographicKey)key).Key; var platformParameters = ((KeyDerivationParameters)parameters).Parameters; return Platform.Core.CryptographicEngine.DeriveKeyMaterial(platformKey, platformParameters, (uint)desiredKeySize).ToArray(); }