public static AsymmetricCipherKeyPair GenerateKeyPair(int keyStrength, SecureRandom random)
{
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair();
return(subjectKeyPair);
}
public static AsymmetricCipherKeyPair GenerateKeyPair(int publicKeyLength)
{
var random = new SecureRandom();
var keyPairGenerator = new RsaKeyPairGenerator();
var parameters = new KeyGenerationParameters(random, publicKeyLength);
keyPairGenerator.Init(parameters);
return(keyPairGenerator.GenerateKeyPair());
}
public static AsymmetricCipherKeyPair GetKeyPair()
{
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom secureRandom = new SecureRandom(randomGenerator);
var keyGenerationParameters = new KeyGenerationParameters(secureRandom, RsaKeySize);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
return(keyPairGenerator.GenerateKeyPair());
}
private static AsymmetricCipherKeyPair GenerateKeyPair(int bits)
{
KeyGenerationParameters keyParameters = new KeyGenerationParameters(BouncyCastleRandomGenerator.CreateSecureRandom(), bits);
RsaKeyPairGenerator rsaGenerator = new RsaKeyPairGenerator();
rsaGenerator.Init(keyParameters);
AsymmetricCipherKeyPair keyPair = rsaGenerator.GenerateKeyPair();
return(keyPair);
}
// ReSharper disable once UnusedParameter.Local
private static KeyPair CreateKeyPair(string _)
{
//TODO
//Currently only EC supported
var gen = new ECKeyPairGenerator();
var keyGenParam = new KeyGenerationParameters(new SecureRandom(), 256);
gen.Init(keyGenParam);
return(KeyPair.Create(gen.GenerateKeyPair()));
}
// TODO: We are not using key containers properly, this code is not secure.
public static AsymmetricCipherKeyPair GenerateThaliAcceptablePublicPrivateKeyPair()
{
var keyGenerationParameters = new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), KeySizeInBits);
var rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(keyGenerationParameters);
var keyPair = rsaKeyPairGenerator.GenerateKeyPair();
return(keyPair);
}
public static AsymmetricCipherKeyPair GenerateRandomKeys(int keySize = 256)
{
ECKeyPairGenerator gen = new ECKeyPairGenerator();
SecureRandom secureRandom = new SecureRandom();
KeyGenerationParameters keyGenParam =
new KeyGenerationParameters(secureRandom, keySize);
gen.Init(keyGenParam);
return(gen.GenerateKeyPair());
}
private AsymmetricCipherKeyPair GetKeyPair()
{
var randomGenerator = new VmpcRandomGenerator();
var secureRandom = new SecureRandom(randomGenerator);
var keyGenerationParameters = new KeyGenerationParameters(secureRandom, 2048);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
return(keyPairGenerator.GenerateKeyPair());
}
private static AsymmetricCipherKeyPair GenerateRsaKeyPair(SecureRandom random, int strength)
{
var keyGenerationParameters = new KeyGenerationParameters(random, strength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
return(subjectKeyPair);
}
public static X509Certificate2 CreateSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey)
{
const int keyStrength = 2048;
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA512WITHRSA", issuerPrivKey, random);
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage.Id, true, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
X509Name subjectDN = new X509Name("CN=" + subjectName);
X509Name issuerDN = new X509Name("CN=" + issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
AsymmetricCipherKeyPair subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(signatureFactory);
//var dotNetPrivateKey = ToDotNetKey((RsaPrivateCrtKeyParameters)subjectKeyPair.Private);
// merge into X509Certificate2
X509Certificate2 x509 = new X509Certificate2(DotNetUtilities.ToX509Certificate(certificate))
{
PrivateKey = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)subjectKeyPair.Private),
FriendlyName = subjectName
};
return(x509);
}
/// <summary>
/// gen ca cert
/// </summary>
/// <param name="subjectName"></param>
/// <param name="keyStrength"></param>
/// <returns>bouncy private, dotnet public</returns>
/// <remarks>
/// Many thanks to this stackoverflow post:
/// https://stackoverflow.com/a/22237794
/// </remarks>
private (AsymmetricKeyParameter, X509Certificate2) GenerateCACertificate(string subjectName, int keyStrength, TimeSpan lifespan)
{
// Generating Random Numbers
var random = _rand;
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
certificateGenerator.SetSerialNumber(GenerateSerial());
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
//for good measure let's include key usage
certificateGenerator.AddExtension("2.5.29.15",
false,
new X509KeyUsage(X509KeyUsage.KeyCertSign | X509KeyUsage.DigitalSignature | X509KeyUsage.CrlSign));
//set validity
AssignLife(certificateGenerator, lifespan);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
var signatureFactory = new Asn1SignatureFactory(SignatureAlg, issuerKeyPair.Private, random);
var certificate = certificateGenerator.Generate(signatureFactory);
//var x509 = new X509Certificate2(certificate.GetEncoded(), (string)null);
var cerr = DotNetUtilities.ToX509Certificate(certificate);
var buf = cerr.Export(X509ContentType.Cert); //<-- .Cert is the magic option for Public Only export
var pubonly = new X509Certificate2(buf);
if (pubonly.HasPrivateKey)
{
throw new InvalidOperationException("wasn't expecting a privkey"); //never happens.
}
return(issuerKeyPair.Private, pubonly);
}
public static byte[] toto(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA1WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddDays(5);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
var certificate = certificateGenerator.Generate(subjectKeyPair.Private, random);
// correcponding private key
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
return(certificate.GetEncoded());
}
public static AsymmetricKeyParameter GenerateCACertificate(string subjectName, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
// Add CA certificate to Root store
addCertToStore(cert, StoreName.Root, StoreLocation.CurrentUser);
return(issuerKeyPair.Private);
}
private static X509Certificate2 GenerateCACertificate(string subjectName, ref AsymmetricKeyParameter asymmetricKeyParameter)
{
const int keyStrength = 2048;
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(int.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var asymmetricCipherKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(asymmetricCipherKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = asymmetricCipherKeyPair;
// self-sign certificate
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
var x509 = new X509Certificate2(certificate.GetEncoded());
asymmetricKeyParameter = issuerKeyPair.Private;
return(x509);
}
public X509Certificate GenerateCACertificate(string subjectName, ref AsymmetricKeyParameter CaPrivateKey)
{
const int keyStrength = 2048;
// Generating Random Numbers
SecureRandom random = new SecureRandom();
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
X509Name subjectDN = new X509Name(subjectName);
X509Name issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;
// Selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded());
CaPrivateKey = issuerKeyPair.Private;
return(certificate);
}
public static AsymmetricCipherKeyPair GenerateKeyPair()
{
var keypairgen = new RsaKeyPairGenerator();
var parameters = new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024);
keypairgen.Init(parameters);
var keypair = keypairgen.GenerateKeyPair();
return(keypair);
}
public virtual void Init(KeyGenerationParameters parameters)
{
if (parameters is RsaKeyGenerationParameters)
{
this.parameters = (RsaKeyGenerationParameters)parameters;
}
else
{
this.parameters = new RsaKeyGenerationParameters(DefaultPublicExponent, parameters.Random, parameters.Strength, 100);
}
}
public static AsymmetricCipherKeyPair GenerateKeyPair()
{
SecureRandom secureRandom = new SecureRandom(new CryptoApiRandomGenerator());
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(secureRandom, 2048);
RsaKeyPairGenerator rsaKeyPairGenerator = new RsaKeyPairGenerator();
rsaKeyPairGenerator.Init(keyGenerationParameters);
return(rsaKeyPairGenerator.GenerateKeyPair());
}
public X509Certificate2 BuildX509()
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
certificateGenerator.SetSignatureAlgorithm("SHA512WithRSA");
// Issuer and Subject Name
certificateGenerator.SetIssuerDN(new X509Name(_issuerName ?? _subjectName));
certificateGenerator.SetSubjectDN(new X509Name(_subjectName));
// Authority Key Identifier
if (_issuer != null)
{
var authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(DotNetUtilities.FromX509Certificate(_issuer));
certificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier.Id, false, authorityKeyIdentifier);
}
// Basic Constraints - certificate is allowed to be used as intermediate.
certificateGenerator.AddExtension(X509Extensions.BasicConstraints.Id, true, new BasicConstraints(_intermediate));
// Valid For
certificateGenerator.SetNotBefore(_notBefore ?? DateTime.UtcNow.Date);
certificateGenerator.SetNotAfter(_notAfter ?? DateTime.UtcNow.Date.AddYears(2));
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, _keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
var issuerKeyPair = _issuerPrivateKey == null
? subjectKeyPair
: DotNetUtilities.GetKeyPair(_issuerPrivateKey);
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// selfsign certificate
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
//return new X509Certificate2(DotNetUtilities.ToX509Certificate(certificate));
return(ConvertBouncyCert(certificate, subjectKeyPair));
}
/// <summary>
/// Used a deterministic key generation algorithm to create an ECC key from the seed provided
/// </summary>
/// <param name="seed">The seed</param>
/// <returns>The ECC key pair</returns>
private static AsymmetricCipherKeyPair DeriveEccKey(byte[] seed)
{
SecureRandom random = GetDrbg(seed, SeedUsage.KeyGeneration);
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, rKeyStrength);
var keyPairGenerator = new ECKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var keyPair = keyPairGenerator.GenerateKeyPair();
return(keyPair);
}
public static void GenerateEcdsaKeyPair(int bits, out PrivKey privateKey, out PubKey publicKey)
{
KeyGenerationParameters param = new KeyGenerationParameters(NewSecureRandom(), bits);
ECKeyPairGenerator gen = new ECKeyPairGenerator("ECDSA");
gen.Init(param);
AsymmetricCipherKeyPair pair = gen.GenerateKeyPair();
privateKey = new PrivKey(pair);
publicKey = new PubKey(pair.Public);
}
public static void GenerateSymKey(int keyLength)
{
var sec = new SecureRandom();
sec.SetSeed(DateTime.Now.ToBinary());
var keyParam = new KeyGenerationParameters(sec, keyLength);
var keyGenerator = new CipherKeyGenerator();
keyGenerator.Init(keyParam);
symKey = keyGenerator.GenerateKey();
}
public static AsymmetricCipherKeyPair GenerateRandomKeys()
{
int sizeOfKey = 256;
ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
SecureRandom secureRandom = new SecureRandom();
KeyGenerationParameters keyGenParam =
new KeyGenerationParameters(secureRandom, sizeOfKey);
keyPairGenerator.Init(keyGenParam);
return(keyPairGenerator.GenerateKeyPair());
}
public static EthECKey GenerateKey()
{
var gen = new ECKeyPairGenerator("EC");
var keyGenParam = new KeyGenerationParameters(SecureRandom, 256);
gen.Init(keyGenParam);
var keyPair = gen.GenerateKeyPair();
var privateBytes = ((ECPrivateKeyParameters)keyPair.Private).D.ToByteArray();
if (privateBytes.Length != 32)
return GenerateKey();
return new EthECKey(privateBytes, true);
}
/// <summary>
/// Generates an RSA key pair.
/// Source: https://stackoverflow.com/questions/23056347/creating-rsa-public-private-key-pair-with-bouncy-castle-or-net-rsacryptoservice
/// </summary>
private static AsymmetricCipherKeyPair GenerateRSAKeyPair(int keySize)
{
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom secureRandom = new SecureRandom(randomGenerator);
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(secureRandom, keySize);
RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
return(keyPairGenerator.GenerateKeyPair());
}
private AsymmetricCipherKeyPair setPublicKey(X509V3CertificateGenerator generator, SecureRandom random)
{
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var keyPair = keyPairGenerator.GenerateKeyPair();
generator.SetPublicKey(keyPair.Public);
return(keyPair);
}
/// <summary>
/// Initializes a new instance of the <see cref="KeyGenerator"/> class
/// with the specified key size and seed.
/// </summary>
/// <remarks>Following key sizes are supported:
/// - 192
/// - 224
/// - 239
/// - 256 (default)
/// - 384
/// - 521</remarks>
/// <param name="keySize">The key size.</param>
/// <param name="seed">The seed.</param>
public KeyGenerator(int keySize, byte[] seed)
{
var secureRandom = SecureRandom.GetInstance("SHA256PRNG");
secureRandom.SetSeed(seed);
var keyParams = new KeyGenerationParameters(secureRandom, keySize);
keyGenerator = new ECKeyPairGenerator();
keyGenerator.Init(keyParams);
}
/// <summary>
/// Generates an asymmetric key pair.
/// </summary>
/// <param name="strength">Key size</param>
/// <returns></returns>
public static AsymmetricCipherKeyPair GenerateAsymmetricKeyPair(int strength = 256)
{
ECKeyPairGenerator keyPairGenerator = new ECKeyPairGenerator();
SecureRandom randomGenerator = new SecureRandom();
KeyGenerationParameters parameters = new KeyGenerationParameters(
randomGenerator, strength);
keyPairGenerator.Init(parameters);
return(keyPairGenerator.GenerateKeyPair());
}
/// <summary> Generates a ca certificate. </summary>
/// <param name="subjectName"> Name of the subject. </param>
/// <param name="caPrivateKey"> [in,out] The ca private key. </param>
/// <param name="validTill"> The valid till Date/Time. </param>
/// <param name="keyStrength"> (Optional) The key strength. </param>
/// <returns> The ca certificate. </returns>
public static X509Certificate2 GenerateCaCertificate(string subjectName,
out AsymmetricKeyParameter caPrivateKey,
DateTime validTill, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber =
BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Issuer and Subject Name
var subjectDn = new X509Name(subjectName);
var issuerDn = subjectDn;
certificateGenerator.SetIssuerDN(issuerDn);
certificateGenerator.SetSubjectDN(subjectDn);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = validTill;
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// Signature Algorithm
ISignatureFactory signatureFactory = new Asn1SignatureFactory(SignatureAlgorithm, issuerKeyPair.Private);
// selfsign certificate
var certificate = certificateGenerator.Generate(signatureFactory);
var x509 = new X509Certificate2(certificate.GetEncoded());
caPrivateKey = issuerKeyPair.Private;
return(x509);
}
public AsymmetricCipherKeyPair GenerateKeyPair(int keyStrength = 2048)
{
var randomGenerator = new CryptoApiRandomGenerator();
var secureRandom = new SecureRandom(randomGenerator);
var keyGenerationParameters = new KeyGenerationParameters(secureRandom, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
return(keyPairGenerator.GenerateKeyPair());
}
/**
* initialise the key generator - if strength is set to zero
* the key generated will be 64 bits in size, otherwise
* strength can be 64 or 56 bits (if you don't count the parity bits).
*
* @param param the parameters to be used for key generation
*/
protected override void engineInit(
KeyGenerationParameters parameters)
{
base.engineInit(parameters);
if (strength == 0 || strength == (56 / 8))
{
strength = DesParameters.DesKeyLength;
}
else if (strength != DesParameters.DesKeyLength)
{
throw new ArgumentException(
"DES key must be " + (DesParameters.DesKeyLength * 8) + " bits long.");
}
}
public void Init(
KeyGenerationParameters parameters)
{
if (parameters is Gost3410KeyGenerationParameters)
{
this.param = (Gost3410KeyGenerationParameters) parameters;
}
else
{
Gost3410KeyGenerationParameters kgp = new Gost3410KeyGenerationParameters(
parameters.Random,
CryptoProObjectIdentifiers.GostR3410x94CryptoProA);
if (parameters.Strength != kgp.Parameters.P.BitLength - 1)
{
// TODO Should we complain?
}
this.param = kgp;
}
}
/**
* initialise the key generator - if strength is set to zero
* the key Generated will be 192 bits in size, otherwise
* strength can be 128 or 192 (or 112 or 168 if you don't count
* parity bits), depending on whether you wish to do 2-key or 3-key
* triple DES.
*
* @param param the parameters to be used for key generation
*/
protected override void engineInit(
KeyGenerationParameters parameters)
{
base.engineInit(parameters);
if (strength == 0 || strength == (168 / 8))
{
strength = DesEdeParameters.DesEdeKeyLength;
}
else if (strength == (112 / 8))
{
strength = 2 * DesEdeParameters.DesKeyLength;
}
else if (strength != DesEdeParameters.DesEdeKeyLength
&& strength != (2 * DesEdeParameters.DesKeyLength))
{
throw new ArgumentException("DESede key must be "
+ (DesEdeParameters.DesEdeKeyLength * 8) + " or "
+ (2 * 8 * DesEdeParameters.DesKeyLength)
+ " bits long.");
}
}
public virtual void Init(
KeyGenerationParameters parameters)
{
this.param = (DHKeyGenerationParameters)parameters;
}
public void Init(
KeyGenerationParameters parameters)
{
this.param = (ElGamalKeyGenerationParameters) parameters;
}
