KeyPair GetAsymmetricKeyPair() { var asymmetricAlias = $"{alias}.asymmetric"; var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>(); var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey; // Return the existing key if found if (privateKey != null && publicKey != null) { return(new KeyPair(publicKey, privateKey)); } // Otherwise we create a new key var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore); var end = DateTime.UtcNow.AddYears(20); var startDate = new Java.Util.Date(); var endDate = new Java.Util.Date(end.Year, end.Month, end.Day); #pragma warning disable CS0618 var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext) .SetAlias(asymmetricAlias) .SetSerialNumber(Java.Math.BigInteger.One) .SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate")) .SetStartDate(startDate) .SetEndDate(endDate); generator.Initialize(builder.Build()); #pragma warning restore CS0618 return(generator.GenerateKeyPair()); }
public void CreateKeyPair() { DeleteKey(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KEYSTORE_NAME); if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 && Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1) { var calendar = Calendar.GetInstance(_context.Resources.Configuration.Locale); var endDate = Calendar.GetInstance(_context.Resources.Configuration.Locale); endDate.Add(CalendarField.Year, 20); //this API is obsolete after Android M, but I am supporting Android L #pragma warning disable 618 var builder = new KeyPairGeneratorSpec.Builder(_context) #pragma warning restore 618 .SetAlias(_keyName).SetSerialNumber(BigInteger.One) .SetSubject(new X500Principal($"CN={_keyName} CA Certificate")) .SetStartDate(calendar.Time) .SetEndDate(endDate.Time).SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); } else if (Build.VERSION.SdkInt >= BuildVersionCodes.M) { var builder = new KeyGenParameterSpec.Builder(_keyName, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetRandomizedEncryptionRequired(false).SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); } keyGenerator.GenerateKeyPair(); }
//BELOW API 23 public KeyPair GetAsymmetricKey() { var asymmetricAlias = $"{alias}.asymmetric"; var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>(); var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey; if (privateKey != null && publicKey != null) { return(new KeyPair(publicKey, privateKey)); } // var originalLocale = Platform. var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, CONST_ANDROIDKEY); var end = DateTime.UtcNow.AddYears(20); var startDate = new Java.Util.Date(); var endDate = new Java.Util.Date(end.Year, end.Month, end.Day); var builder = new KeyPairGeneratorSpec.Builder(appContext) .SetAlias(asymmetricAlias) .SetSerialNumber(Java.Math.BigInteger.One) .SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate")) .SetStartDate(startDate) .SetEndDate(endDate); generator.Initialize(builder.Build()); return(generator.GenerateKeyPair()); }
KeyPair GetAsymmetricKeyPair() { // set that we generated keys on pre-m device. Preferences.Set(useSymmetricPreferenceKey, false, SecureStorage.Alias); var asymmetricAlias = $"{alias}.asymmetric"; var privateKey = keyStore.GetKey(asymmetricAlias, null)?.JavaCast <IPrivateKey>(); var publicKey = keyStore.GetCertificate(asymmetricAlias)?.PublicKey; // Return the existing key if found if (privateKey != null && publicKey != null) { return(new KeyPair(publicKey, privateKey)); } var originalLocale = Platform.GetLocale(); try { // Force to english for known bug in date parsing: // https://issuetracker.google.com/issues/37095309 Platform.SetLocale(Java.Util.Locale.English); // Otherwise we create a new key var generator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, androidKeyStore); var end = DateTime.UtcNow.AddYears(20); var startDate = new Java.Util.Date(); #pragma warning disable CS0618 // Type or member is obsolete var endDate = new Java.Util.Date(end.Year, end.Month, end.Day); #pragma warning restore CS0618 // Type or member is obsolete #pragma warning disable CS0618 var builder = new KeyPairGeneratorSpec.Builder(Platform.AppContext) .SetAlias(asymmetricAlias) .SetSerialNumber(Java.Math.BigInteger.One) .SetSubject(new Javax.Security.Auth.X500.X500Principal($"CN={asymmetricAlias} CA Certificate")) .SetStartDate(startDate) .SetEndDate(endDate); generator.Initialize(builder.Build()); #pragma warning restore CS0618 return(generator.GenerateKeyPair()); } finally { Platform.SetLocale(originalLocale); } }
private void GenerateStoreKey(bool withDate) { if (_keyStore.ContainsAlias(KeyAlias)) { return; } ClearSettings(); var end = Calendar.Instance; end.Add(CalendarField.Year, 99); if (_oldAndroid) { var subject = new X500Principal($"CN={KeyAlias}"); var builder = new KeyPairGeneratorSpec.Builder(Application.Context) .SetAlias(KeyAlias) .SetSubject(subject) .SetSerialNumber(BigInteger.Ten); if (withDate) { builder.SetStartDate(new Date(0)).SetEndDate(end.Time); } var spec = builder.Build(); var gen = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore); gen.Initialize(spec); gen.GenerateKeyPair(); } else { var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Decrypt | KeyStorePurpose.Encrypt) .SetBlockModes(KeyProperties.BlockModeGcm) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingNone); if (withDate) { builder.SetKeyValidityStart(new Date(0)).SetKeyValidityEnd(end.Time); } var spec = builder.Build(); var gen = KeyGenerator.GetInstance(KeyProperties.KeyAlgorithmAes, AndroidKeyStore); gen.Init(spec); gen.GenerateKey(); } }
private void PrepareKeyStore() { _keyStore = KeyStore.GetInstance(AndroidKeyStoreKey); _keyStore.Load(null); if (_keyStore.ContainsAlias(ProtectedDataKey)) { _keyStore.GetKey(ProtectedDataKey, null); } else { var context = global::Android.App.Application.Context; // thanks to https://dzone.com/articles/xamarin-android-asymmetric-encryption-without-any var keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStoreKey); if (_sdkLessThan23) { var calendar = Calendar.GetInstance(context.Resources.Configuration.Locale); var endDate = Calendar.GetInstance(context.Resources.Configuration.Locale); endDate.Add(CalendarField.Year, 20); #pragma warning disable 618 var builder = new KeyPairGeneratorSpec.Builder(context) #pragma warning restore 618 .SetAlias(ProtectedDataKey) .SetSerialNumber(BigInteger.One) .SetSubject(new X500Principal($"CN={ProtectedDataKey} CA Certificate")) .SetStartDate(calendar.Time) .SetEndDate(endDate.Time) .SetKeySize(2048); keyGenerator.Initialize(builder.Build()); } else { var builder = new KeyGenParameterSpec.Builder(ProtectedDataKey, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetRandomizedEncryptionRequired(false) .SetKeySize(2048); keyGenerator.Initialize(builder.Build()); } keyGenerator.GenerateKeyPair(); } }
private static void GenerateKeyPair(Context context, String alias) { Calendar start = new GregorianCalendar(); Calendar end = new GregorianCalendar(); end.Add(CalendarField.Year, 100); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context) .SetAlias(alias) .SetSubject(new X500Principal("CN=" + alias)) .SetSerialNumber(BigInteger.One) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); KeyPairGenerator gen = KeyPairGenerator.GetInstance("RSA", "AndroidKeyStore"); gen.Initialize(spec); gen.GenerateKeyPair(); }
/// <summary> /// Creates a new public-private key pair. An already existing key will be deleted, so /// make sure to call <see cref="KeysExistInKeyStore"/> before. /// </summary> private void CreateKeyPairInKeyStore() { RemoveKeyFromKeyStore(); KeyPairGenerator keyGenerator = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, KeyStoreName); if (Build.VERSION.SdkInt >= BuildVersionCodes.JellyBeanMr2 && Build.VERSION.SdkInt <= BuildVersionCodes.LollipopMr1) { Calendar startDateCalendar = Calendar.GetInstance(Locale.Default); startDateCalendar.Add(CalendarField.Year, -1); Calendar endDateCalendar = Calendar.GetInstance(Locale.Default); endDateCalendar.Add(CalendarField.Year, 100); string certificateName = string.Format("CN={0} CA Certificate", KeyAlias); // this API is obsolete after Android M, but we are supporting Android L #pragma warning disable 618 var builder = new KeyPairGeneratorSpec.Builder(_applicationContext) .SetAlias(KeyAlias) .SetSerialNumber(BigInteger.One) .SetSubject(new X500Principal(certificateName)) .SetStartDate(startDateCalendar.Time) .SetEndDate(endDateCalendar.Time) .SetKeySize(KeySize); #pragma warning restore 618 keyGenerator.Initialize(builder.Build()); } else if (Build.VERSION.SdkInt >= BuildVersionCodes.M) { Calendar endDateCalendar = Calendar.GetInstance(Locale.Default); endDateCalendar.Add(CalendarField.Year, 100); var builder = new KeyGenParameterSpec.Builder(KeyAlias, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt) .SetBlockModes(KeyProperties.BlockModeEcb) .SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1) .SetCertificateNotAfter(endDateCalendar.Time) .SetKeySize(KeySize); keyGenerator.Initialize(builder.Build()); } // Key generator is initialized, generate the key keyGenerator.GenerateKeyPair(); }
private void GenerateRSAKeyPairs(string alias) { // Generate the RSA key pairs if (!_keyStore.ContainsAlias(alias)) { // Generate a key pair for encryption var start = Calendar.GetInstance(Locale.English); var end = Calendar.GetInstance(Locale.English); end.Add(CalendarField.Year, 30); var spec = new KeyPairGeneratorSpec.Builder(_context) .SetAlias(alias) .SetSubject(new X500Principal("CN=" + alias)) .SetSerialNumber(BigInteger.Ten) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); var kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, AndroidKeyStore); kpg.Initialize(spec); kpg.GenerateKeyPair(); } }
private void GenerateRSAKey() { // Generate a key pair for encryption Calendar start = Calendar.GetInstance(Locale.Default); Calendar end = Calendar.GetInstance(Locale.Default); #pragma warning disable CS0618 // Type or member is obsolete end.Add(Calendar.Year, 30); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(Android.App.Application.Context) #pragma warning restore CS0618 // Type or member is obsolete .SetAlias(_secureStoredKeyAlias) .SetSubject(new X500Principal("CN=" + _secureStoredKeyAlias)) .SetSerialNumber(BigInteger.Ten) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); KeyPairGenerator kpg = KeyPairGenerator.GetInstance(KeyProperties.KeyAlgorithmRsa, _droidKeyStore); kpg.Initialize(spec); kpg.GenerateKeyPair(); }
/// <summary> /// Create new RSA key pair for KeyStore instance /// </summary> /// <param name="alias">KeyStore instance alias</param> /// <param name="context">Root context</param> /// <returns>True/False = Created or not</returns> private static bool CreateNewRSAKeyPair(string alias, Context context) { try { Calendar start = Calendar.GetInstance(Java.Util.TimeZone.Default); Calendar end = Calendar.GetInstance(Java.Util.TimeZone.Default); end.Add(CalendarField.Year, 100); KeyPairGeneratorSpec spec = new KeyPairGeneratorSpec.Builder(context) .SetAlias(alias) .SetSubject(new Javax.Security.Auth.X500.X500Principal("CN=CryptoTouch, O=Android Authority")) .SetSerialNumber(Java.Math.BigInteger.One) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); KeyPairGenerator generator = KeyPairGenerator.GetInstance("RSA", STORE_NAME); generator.Initialize(spec); _keyPair = generator.GenerateKeyPair(); return(true); } catch (Exception ex) { Toast.MakeText(context, ex.Message, ToastLength.Long).Show(); return(false); } }
private void InitializePrivateKey() { if (!_HasKeyStore) { return; } try { var keystore = KeyStore.GetInstance("AndroidKeyStore"); keystore.Load(null); if (keystore.ContainsAlias(Alias)) { return; } } catch (Exception e) { Log.To.NoDomain.E(Tag, "Unable to open Android keystore", e); return; } try { var start = Calendar.GetInstance(Locale.Default); var end = Calendar.GetInstance(Locale.Default); end.Add(CalendarField.Year, 1); var spec = new KeyPairGeneratorSpec.Builder(Application.Context) .SetAlias(Alias) .SetSubject(new X500Principal($"CN={Alias}")) .SetSerialNumber(BigInteger.ValueOf(1337)) .SetStartDate(start.Time) .SetEndDate(end.Time) .Build(); var generator = KeyPairGenerator.GetInstance(KeyPairGenAlgorithm, "AndroidKeyStore"); generator.Initialize(spec); var keyPair = generator.GenerateKeyPair(); } catch (Exception e) { Log.To.NoDomain.E(Tag, "Unable to create new key", e); } }
private void CreateKey_Credentials() { var generator = KeyPairGenerator.GetInstance("RSA", AndroidKeyStore); if (Build.VERSION.SdkInt < BuildVersionCodes.M) { Java.Util.Calendar calendar = Java.Util.Calendar.Instance; calendar.Add(Java.Util.CalendarField.Year, 20); Date startDate = Java.Util.Calendar.Instance.Time; Date endDate = calendar.Time; #pragma warning disable 0618 var builder = new KeyPairGeneratorSpec.Builder(_context); #pragma warning restore 0618 builder.SetAlias(KEYALIAS_CREDENTIALS); builder.SetSerialNumber(Java.Math.BigInteger.One); builder.SetSubject(new Javax.Security.Auth.X500.X500Principal("CN=${alias} CA Certificate")); builder.SetStartDate(startDate); builder.SetEndDate(endDate); generator.Initialize(builder.Build()); } else { var builder = new KeyGenParameterSpec.Builder(KEYALIAS_CREDENTIALS, KeyStorePurpose.Encrypt | KeyStorePurpose.Decrypt); builder.SetBlockModes(KeyProperties.BlockModeEcb); builder.SetEncryptionPaddings(KeyProperties.EncryptionPaddingRsaPkcs1); generator.Initialize(builder.Build()); } generator.GenerateKeyPair(); }