public static void Main(String[] args) { string[] dirs = Directory.GetFiles(@"c:\PATHTODOCS", "*"); Org.BouncyCastle.Pkcs.Pkcs12Store store = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open), PASSWORD); String alias = ""; ICollection <X509Certificate> chain = new List <X509Certificate>(); // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters; C2_01_SignHelloWorld app = new C2_01_SignHelloWorld(); foreach (string dir in dirs) { app.Sign(dir, String.Format(dir + ".pdf", 1), chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Food Safety", "Prime Time International"); } }
public void Sign(String keystore, String src, String name, String dest) { Pkcs12Store store = new Pkcs12Store(new FileStream(keystore, FileMode.Open), PASSWORD); String alias = ""; ICollection <X509Certificate> chain = new List <X509Certificate>(); // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters; PdfReader reader = new PdfReader(src); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0', null, true); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.SetVisibleSignature(name); // Creating the signature IExternalSignature pks = new PrivateKeySignature(parameters, "SHA-256"); MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CMS); }
public void setKeyStore(Pkcs12Store keystore, string hashAlgorithm) //Getkey { //get name String alias = ""; foreach (string al in keystore.Aliases) { if (keystore.IsKeyEntry(al) && keystore.GetKey(al).Key.IsPrivate) // **** what this if do ? { alias = al; break; } } //get privatekey this.privateKey = keystore.GetKey(alias).Key; //create instance of Cretificate list for Long Time this.chain = new List <Org.BouncyCastle.X509.X509Certificate>(); foreach (X509CertificateEntry entry in keystore.GetCertificateChain(alias)) { this.chain.Add(entry.Certificate); } this.signature = new PrivateKeySignature(privateKey, hashAlgorithm); }
public static void Main(String[] args) { Properties properties = new Properties(); properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open)); String path = properties["PRIVATE"]; char[] pass = properties["PASSWORD"].ToCharArray(); Pkcs12Store ks = new Pkcs12Store(); ks.Load(new FileStream(path, FileMode.Open), pass); String alias = ""; foreach (string al in ks.Aliases) { if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyParameter pk = ks.GetKey(alias).Key; ICollection <X509Certificate> chain = new List <X509Certificate>(); foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) { chain.Add(entry.Certificate); } IOcspClient ocspClient = new OcspClientBouncyCastle(); C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test", "Ghent", null, ocspClient, null, 0); }
public byte[] SignHash(string hexhash, string password) { byte[] hash = StringToByteArray(hexhash); Pkcs12Store store = new Pkcs12Store(getCertificate(), password.ToCharArray()); String alias = ""; foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); X509CertificateEntry[] chain = store.GetCertificateChain(alias); List <Org.BouncyCastle.X509.X509Certificate> c = new List <Org.BouncyCastle.X509.X509Certificate>(); foreach (X509CertificateEntry en in chain) { c.Add(en.Certificate); } PrivateKeySignature signature = new PrivateKeySignature(pk.Key, "SHA256"); String hashAlgorithm = signature.GetHashAlgorithm(); PdfPKCS7 sgn = new PdfPKCS7(null, c, hashAlgorithm, false); DateTime signingTime = DateTime.Now; byte[] sh = sgn.getAuthenticatedAttributeBytes(hash, null, null, CryptoStandard.CMS); byte[] extSignature = signature.Sign(sh); sgn.SetExternalDigest(extSignature, null, signature.GetEncryptionAlgorithm()); return(sgn.GetEncodedPKCS7(hash, null, null, null, CryptoStandard.CMS)); }
public void ConvertPfxToPem( string pfxPath, string pfxPassword, string keyPath) { using (Stream stream = File.Open(pfxPath, FileMode.Open)) { Pkcs12Store pkcs = new Pkcs12Store(stream, pfxPassword.ToCharArray()); foreach (string alias in pkcs.Aliases) { if (pkcs.IsKeyEntry(alias) && pkcs.GetKey(alias).Key.IsPrivate) { AsymmetricKeyParameter privateKey = pkcs.GetKey(alias).Key; using (Stream s = new FileStream(keyPath, FileMode.Create)) using (TextWriter textWriter = new StreamWriter(s)) { var generator = new MiscPemGenerator(privateKey); PemWriter pemWriter = new PemWriter(textWriter); pemWriter.WriteObject(generator); textWriter.Flush(); } } } } }
static void Main(string[] args) { Pkcs12Store store = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open), PASSWORD); String alias = ""; ICollection <X509Certificate> chain = new List <X509Certificate>(); // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters; C2_05_CustomAppearance app = new C2_05_CustomAppearance(); app.Sign(SRC, "Signature1", DEST, chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Custom appearance example", "Ghent"); }
public static void Main(String[] args) { Directory.CreateDirectory(OUT_DIR); // we load our private key from the key store Pkcs12Store store = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open), PASSWORD); String alias = ""; // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } IList <X509Certificate> chain = new List <X509Certificate>(); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } AsymmetricKeyEntry pk = store.GetKey(alias); C4_09_DeferredSigning app = new C4_09_DeferredSigning(); app.EmptySignature(SRC, TEMP, "sig", chain); app.CreateSignature(TEMP, DEST, "sig", pk, chain); }
static void Main(string[] args) { Pkcs12Store store = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open), PASSWORD); String alias = ""; ICollection <X509Certificate> chain = new List <X509Certificate>(); // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters; C2_08_SignatureMetadata app = new C2_08_SignatureMetadata(); app.Sign(SRC, "Signature1", String.Format(DEST, 1), chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Appearance 1", "Ghent", "555 123 456", new DateTime(2012, 8, 5), "Bruno L. Specimen"); }
static void Main(string[] args) { C2_04_CreateEmptyField appCreate = new C2_04_CreateEmptyField(); appCreate.CreatePdf(UNSIGNED); appCreate.AddField(SRC, UNSIGNED2); Pkcs12Store store = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open), PASSWORD); String alias = ""; ICollection <X509Certificate> chain = new List <X509Certificate>(); // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters; C2_03_SignEmptyField appSign = new C2_03_SignEmptyField(); appSign.Sign(UNSIGNED, SIGNAME, DEST, chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test", "Ghent"); }
private void ExportKey(ListItemEntry entry, String algorithm, char[] password, String path) { AsymmetricKeyEntry keyentry = _store.GetKey(entry.Alias); string pem = PemUtilities.Encode(keyentry.Key, algorithm, password, Repository.Srand); File.WriteAllText(path, pem); }
public async Task DigitallySign(int idDocument, string userId, string password, byte[] certificateData, string reason, string location) { var document = await dbContext .Documents .FirstAsync(it => it.IdDocument == idDocument); var lastState = await dbContext.DocumentStates.Include(it => it.DocumentData).Where(it => it.IdDocument == idDocument).LastAsync(); var unsignedData = ((DocumentDataUpload)lastState.DocumentData).Data; var store = new Pkcs12Store(new MemoryStream(certificateData), password.ToCharArray()); var alias = string.Empty; foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } var pk = store.GetKey(alias); var chain = new List <X509Certificate>(); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } var certificate = new System.Security.Cryptography.X509Certificates.X509Certificate(certificateData, password); var signedPdfData = new MemoryStream(); using (var reader = new PdfReader(unsignedData)) { var stp = PdfStamper.CreateSignature(reader, signedPdfData, '\0'); stp.SignatureAppearance.Reason = reason; stp.SignatureAppearance.Location = location; stp.SignatureAppearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, null); var es = new PrivateKeySignature(pk.Key as RsaPrivateCrtKeyParameters, DigestAlgorithms.SHA256); MakeSignature.SignDetached(stp.SignatureAppearance, es, chain, null, null, null, 0, CryptoStandard.CMS); stp.Close(); } dbContext.Entry(lastState).State = EntityState.Detached; lastState.IdDocumentState = 0; lastState.IdDocumentData = 0; lastState.StatusDate = DateTime.Now; lastState.IsDigitallySigned = true; lastState.Version = GetNextVersion(lastState.Version, lastState.DocumentStatus); lastState.DocumentData = new DocumentDataUpload { Data = signedPdfData.ToArray() }; dbContext.DocumentStates.Add(lastState); }
public static string GetPayloadSignature(string payload) { string keypairPath = ConfigurationManager.AppSettings["keypairPath"]; string keypairPassword = ConfigurationManager.AppSettings["keypairPassword"]; FileStream fileStream = null; Pkcs12Store keypairStore = null; try { fileStream = new FileStream(keypairPath, FileMode.Open, FileAccess.Read); keypairStore = new Pkcs12Store(fileStream, keypairPassword.ToCharArray()); } catch (FileNotFoundException e) { throw new ApiException(400, "\n\nContenedor no encontrado, verifique la ruta.\n\n" + e.Message); } catch (Exception e) { throw new ApiException(400, "\n\nPassword del contenedor erróneo.\n\n" + e.Message); } finally { if (fileStream != null) { fileStream.Close(); } } string alias = null; foreach (string al in keypairStore.Aliases) { if (keypairStore.IsKeyEntry(al) && keypairStore.GetKey(al).Key.IsPrivate) { alias = al; } } AsymmetricKeyEntry pKey = keypairStore.GetKey(alias); ECPrivateKeyParameters privateKey = (ECPrivateKeyParameters)pKey.Key; byte[] tmpPayload = Encoding.UTF8.GetBytes(payload); ISigner sign = SignerUtilities.GetSigner("SHA-256withECDSA"); sign.Init(true, privateKey); sign.BlockUpdate(tmpPayload, 0, tmpPayload.Length); byte[] signature = sign.GenerateSignature(); byte[] asciiBytes = Hex.Encode(signature); char[] asciiChars = new char[Encoding.UTF8.GetCharCount(asciiBytes, 0, asciiBytes.Length)]; Encoding.UTF8.GetChars(asciiBytes, 0, asciiBytes.Length, asciiChars, 0); string xSignature = new string(asciiChars); return(xSignature); }
/// <summary> /// Sign (fill) named field in the document soft way (using existing stamper) /// </summary> /// <param name="stamper">PdfStamper</param> /// <param name="fieldName">Field to be signed</param> /// <param name="reason">Sign reason</param> /// <param name="location">Sign location</param> /// <param name="graphics">Sign graphic</param> /// <param name="certFile">PFX certificate</param> /// <param name="certPassword">password of certificate</param> /// <param name="renderingMode">SignatureRender renderingMode</param> /// <param name="certificationLevel">PdfSignatureAppearance Certification Level</param> /// <returns>Successfull or not</returns> public static bool SignField(ref PdfStamper stamper, string fieldName, string reason, string location, Bitmap graphics, string certFile, string certPassword, PdfSignatureAppearance.SignatureRender renderingMode = PdfSignatureAppearance.SignatureRender.GraphicAndDescription, int certificationLevel = PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED) { bool result = false; try { if (stamper.Reader.AcroFields.Fields.ContainsKey(fieldName)) { PdfSignatureAppearance psa = GetPSA(fieldName, stamper, graphics, reason, location, renderingMode, certificationLevel); Pkcs12Store store = new Pkcs12Store(new FileStream(certFile, FileMode.Open), certPassword.ToCharArray()); string alias = ""; ICollection <X509Certificate> chain = new List <X509Certificate>(); foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry ake = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = ake.Key as RsaPrivateCrtKeyParameters; psa.SetCrypto(parameters, chain.ToArray(), null, PdfSignatureAppearance.WINCER_SIGNED); result = true; } else { result = false; } } catch (Exception e) { Console.WriteLine(e.Message); result = false; } return(result); }
public static void Main(String[] args) { LoggerFactory.GetInstance().SetLogger(new SysoLogger()); Properties properties = new Properties(); properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open)); String path = properties["PRIVATE"]; char[] pass = properties["PASSWORD"].ToCharArray(); Pkcs12Store ks = new Pkcs12Store(); ks.Load(new FileStream(path, FileMode.Open), pass); String alias = ""; foreach (string al in ks.Aliases) { if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyParameter pk = ks.GetKey(alias).Key; IList <X509Certificate> chain = new List <X509Certificate>(); foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) { chain.Add(entry.Certificate); } FileStream ins = new FileStream(CRLURL, FileMode.Open); MemoryStream baos = new MemoryStream(); byte[] buf = new byte[1024]; int readedBytes; while ((readedBytes = ins.Read(buf, 0, 1024)) > 0) { baos.Write(buf, 0, readedBytes); } ins.Close(); ICrlClient crlClient = new CrlClientOffline(baos.ToArray()); X509CrlParser crlParser = new X509CrlParser(); X509Crl crl = crlParser.ReadCrl(new FileStream(CRLURL, FileMode.Open)); Console.WriteLine("CRL valid until: " + crl.NextUpdate); Console.WriteLine("Certificate revoked: " + crl.IsRevoked(chain[0])); IList <ICrlClient> crlList = new List <ICrlClient>(); crlList.Add(crlClient); C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test", "Ghent", crlList, null, null, 0); }
public static void Main(String[] args) { Properties properties = new Properties(); properties.Load(new FileStream("c:/home/blowagie/key.properties", FileMode.Open)); String path = properties["PRIVATE"]; char[] pass = properties["PASSWORD"].ToCharArray(); String tsaUrl = properties["TSAURL"]; String tsaUser = properties["TSAUSERNAME"]; String tsaPass = properties["TSAPASSWORD"]; Pkcs12Store ks = new Pkcs12Store(); ks.Load(new FileStream(path, FileMode.Open), pass); String alias = ""; foreach (string al in ks.Aliases) { if (ks.IsKeyEntry(al) && ks.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyParameter pk = ks.GetKey(alias).Key; IList <X509Certificate> chain = new List <X509Certificate>(); foreach (X509CertificateEntry entry in ks.GetCertificateChain(alias)) { chain.Add(entry.Certificate); } IOcspClient ocspClient = new OcspClientBouncyCastle(); TSAClientBouncyCastle tsaClient = new TSAClientBouncyCastle(tsaUrl, tsaUser, tsaPass); C3_12_SignWithEstimatedSize app = new C3_12_SignWithEstimatedSize(); bool succeeded = false; int estimatedSize = 10300; while (!succeeded) { try { Console.WriteLine("Attempt: " + estimatedSize + " bytes"); C3_01_SignWithCAcert.Sign(DEST, chain, pk, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Test", "Ghent", null, ocspClient, tsaClient, estimatedSize); succeeded = true; Console.WriteLine("Succeeded!"); } catch (IOException ioe) { Console.WriteLine("Not succeeded: " + ioe.Message); estimatedSize += 50; } } Console.ReadKey(); }
public static void Main(String[] args) { Pkcs12Store store = new Pkcs12Store(new FileStream(KEYSTORE, FileMode.Open), PASSWORD); String alias = ""; ICollection <X509Certificate> chain = new List <X509Certificate>(); // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters; C2_09_SignatureTypes app = new C2_09_SignatureTypes(); app.Sign(SRC, String.Format(DEST, 1), chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CMS, PdfSignatureAppearance.NOT_CERTIFIED, "Test 1", "Ghent"); app.Sign(SRC, String.Format(DEST, 2), chain, parameters, DigestAlgorithms.SHA512, CryptoStandard.CMS, PdfSignatureAppearance.CERTIFIED_FORM_FILLING_AND_ANNOTATIONS, "Test 1", "Ghent"); app.Sign(SRC, String.Format(DEST, 3), chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CADES, PdfSignatureAppearance.CERTIFIED_FORM_FILLING, "Test 1", "Ghent"); app.Sign(SRC, String.Format(DEST, 4), chain, parameters, DigestAlgorithms.RIPEMD160, CryptoStandard.CADES, PdfSignatureAppearance.CERTIFIED_NO_CHANGES_ALLOWED, "Test 1", "Ghent"); app.AddWrongAnnotation(String.Format(DEST, 1), String.Format(DEST, "1_annotated_wrong")); app.AddAnnotation(String.Format(DEST, 1), String.Format(DEST, "1_annotated")); app.AddAnnotation(String.Format(DEST, 2), String.Format(DEST, "2_annotated")); app.AddAnnotation(String.Format(DEST, 3), String.Format(DEST, "3_annotated")); app.AddAnnotation(String.Format(DEST, 4), String.Format(DEST, "4_annotated")); app.AddText(String.Format(DEST, 1), String.Format(DEST, "1_text")); app.SignAgain(String.Format(DEST, 1), String.Format(DEST, "1_double"), chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Second signature test", "Ghent"); app.SignAgain(String.Format(DEST, 2), String.Format(DEST, "2_double"), chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Second signature test", "Ghent"); app.SignAgain(String.Format(DEST, 3), String.Format(DEST, "3_double"), chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Second signature test", "Ghent"); app.SignAgain(String.Format(DEST, 4), String.Format(DEST, "4_double"), chain, parameters, DigestAlgorithms.SHA256, CryptoStandard.CMS, "Second signature test", "Ghent"); }
public byte[] signPdfWithPfxFile(string pfxFile, string pinCode, string pdfFileName) { PfxSigner signer = new PfxSigner(SignatureAlg.RSA_SHA256.getName(), pfxFile, pinCode); ECertificate signatureCertificate = signer.getSignersCertificate(); Pkcs12Store store = new Pkcs12Store(new FileStream(pfxFile, FileMode.Open), pinCode.ToCharArray()); String alias = ""; string dest = AppDomain.CurrentDomain.BaseDirectory + "\\tmp.pdf"; if (File.Exists(dest)) { File.Delete(dest); } ICollection <Org.BouncyCastle.X509.X509Certificate> chain = new List <Org.BouncyCastle.X509.X509Certificate>(); // searching for private key foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } AsymmetricKeyEntry pk = store.GetKey(alias); foreach (X509CertificateEntry c in store.GetCertificateChain(alias)) { chain.Add(c.Certificate); } RsaPrivateCrtKeyParameters parameters = pk.Key as RsaPrivateCrtKeyParameters; // Creating the reader and the stamper PdfReader reader = new PdfReader(pdfFileName); FileStream os = new FileStream(dest, FileMode.Create); PdfStamper stamper = PdfStamper.CreateSignature(reader, os, '\0'); // Creating the appearance PdfSignatureAppearance appearance = stamper.SignatureAppearance; appearance.Reason = ""; appearance.Location = ""; //appearance.SetVisibleSignature(new Rectangle(36, 748, 144, 780), 1, "sig");//don't show rectangle on pdf // Creating the signature IExternalSignature pks = new PrivateKeySignature(parameters, DigestAlgorithms.SHA256); MakeSignature.SignDetached(appearance, pks, chain, null, null, null, 0, CryptoStandard.CADES); byte[] buffer = File.ReadAllBytes(dest); File.Delete(dest); return(buffer); }
public bool Open() { if ((filename == null) || (filename.Length == 0)) { this.lastError = Resources.PKCS12_FILENAME_MISSING; return(false); } if (!File.Exists(filename)) { this.lastError = Resources.PKCS12_FILE_MISSING + filename; return(false); } FileStream fs = new FileStream(filename, FileMode.Open); store = new Pkcs12Store(fs, password.ToCharArray()); string alias = null; foreach (string al in store.Aliases) { if (store.IsKeyEntry(al) && store.GetKey(al).Key.IsPrivate) { alias = al; break; } } fs.Close(); key = store.GetKey(alias).Key; X509CertificateEntry[] x = store.GetCertificateChain(alias); chain = new X509Certificate[x.Length]; for (int k = 0; k < x.Length; ++k) { chain[k] = x[k].Certificate; } if (key == null) { this.lastError = Resources.INVALID_PKCS12_CERT_PRI_KEY_MISSING; } ; if (chain == null || chain.Length == 0) { this.lastError = Resources.INVALID_PKCS12_CERT_PUB_KEY_MISSING; } return(key != null && chain != null && chain.Length > 0); }
private void processCert() { string alias = null; Pkcs12Store pk12; //First we'll read the certificate file Stream fs; if (this.path != null) { fs = new FileStream(this.Path, FileMode.Open, FileAccess.Read); } else { fs = new MemoryStream(this.rawData); } pk12 = new Pkcs12Store(fs, this.password.ToCharArray()); //then Iterate throught certificate entries to find the private key entry foreach (string al in pk12.Aliases) { if (pk12.IsKeyEntry(al) && pk12.GetKey(al).Key.IsPrivate) { alias = al; break; } } //IEnumerator i = pk12.Aliases.GetEnumerator(); //while (i.MoveNext()) //{ // alias = ((string)i.Current); // if (pk12.IsKeyEntry(alias)) // break; //} fs.Close(); this.akp = pk12.GetKey(alias).Key; X509CertificateEntry[] ce = pk12.GetCertificateChain(alias); this.chain = new Org.BouncyCastle.X509.X509Certificate[ce.Length]; for (int k = 0; k < ce.Length; ++k) { chain[k] = ce[k].Certificate; } //this.tsc = new TSAClientBouncyCastle("http://www.ca-soft.com/request.aspx", TSA_ACCNT, TSA_PASSW); //this.tsc = new TSAClientBouncyCastle("http://www.ca-soft.com/request.aspx"); }
public void EncryptWithCertificateAndSignTest() { String inPdf = SOURCE_FOLDER + "in.pdf"; String outPdf = DEST_FOLDER + "encrypt_cert_signed.pdf"; String tmpPdf = DEST_FOLDER + "encrypt_cert.pdf"; EncryptPdfWithCertificate(inPdf, tmpPdf, SOURCE_FOLDER + "test.cer"); X509Certificate cert = new X509Certificate(); cert.Import(SOURCE_FOLDER + "test.cer"); Pkcs12Store pkstore = new Pkcs12Store(new FileStream(SOURCE_FOLDER + "test.p12", FileMode.Open, FileAccess.Read), "kspass".ToCharArray()); string pkalias = null; foreach (object a in pkstore.Aliases) { pkalias = ((string)a); if (pkstore.IsKeyEntry(pkalias)) { break; } } ICipherParameters certpk = pkstore.GetKey(pkalias).Key; X509Certificate2 signCert = new X509Certificate2(SOURCE_FOLDER + "test.p12", "kspass"); CertSign(signCert, new X509CertificateParser(), outPdf, new PdfReader(tmpPdf, Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(cert), certpk), "reason", "location"); }
private void processCert() { string alias = null; Pkcs12Store pk12; //First we'll read the certificate file pk12 = new Pkcs12Store(new FileStream(this.Path, FileMode.Open, FileAccess.Read), this.password.ToCharArray()); //then Iterate throught certificate entries to find the private key entry IEnumerator i = pk12.Aliases.GetEnumerator(); while (i.MoveNext()) { alias = ((string)i.Current); if (pk12.IsKeyEntry(alias)) { break; } } akp = pk12.GetKey(alias).Key; X509CertificateEntry[] ce = pk12.GetCertificateChain(alias); this.chain = new X509Certificate[ce.Length]; for (int k = 0; k < ce.Length; ++k) { chain[k] = ce[k].Certificate; } }
public void testSignSimpleECDsa() { string testFileName = @"..\..\..\resources\circles.pdf"; string storePath = @"..\..\..\..\simple\keystore\test1234.p12"; char[] storePass = "******".ToCharArray(); string storeAlias = "ECDSAkey"; Pkcs12Store pkcs12 = new Pkcs12Store(new FileStream(storePath, FileMode.Open, FileAccess.Read), storePass); AsymmetricKeyParameter key = pkcs12.GetKey(storeAlias).Key; X509CertificateEntry[] chainEntries = pkcs12.GetCertificateChain(storeAlias); X509Certificate[] chain = new X509Certificate[chainEntries.Length]; for (int i = 0; i < chainEntries.Length; i++) { chain[i] = chainEntries[i].Certificate; } PrivateKeySignature signature = new PrivateKeySignature(key, "SHA512"); using (PdfReader pdfReader = new PdfReader(testFileName)) using (FileStream result = File.Create("circles-ECDSA-BC-signed-simple.pdf")) { PdfSigner pdfSigner = new PdfSigner(pdfReader, result, new StampingProperties().UseAppendMode()); ITSAClient tsaClient = null; pdfSigner.SignDetached(signature, chain, null, null, tsaClient, 0, PdfSigner.CryptoStandard.CMS); } }
public void testSignSimpleDsaSha256() { string testFileName = @"..\..\..\resources\circles.pdf"; string storePath = @"..\..\..\..\simple\keystore\test1234.p12"; char[] storePass = "******".ToCharArray(); string storeAlias = "DSAkey"; Pkcs12Store pkcs12 = new Pkcs12Store(new FileStream(storePath, FileMode.Open, FileAccess.Read), storePass); AsymmetricKeyParameter key = pkcs12.GetKey(storeAlias).Key; X509CertificateEntry[] chainEntries = pkcs12.GetCertificateChain(storeAlias); X509Certificate[] chain = new X509Certificate[chainEntries.Length]; for (int i = 0; i < chainEntries.Length; i++) { chain[i] = chainEntries[i].Certificate; } PrivateKeySignatureContainer signature = new PrivateKeySignatureContainer(key, chain, "SHA256withDSA"); using (PdfReader pdfReader = new PdfReader(testFileName)) using (FileStream result = File.Create("circles-DSASHA256-BC-signed-simple.pdf")) { PdfSigner pdfSigner = new PdfSigner(pdfReader, result, new StampingProperties().UseAppendMode()); pdfSigner.SignExternalContainer(signature, 8192); } }
public static UnionPayCertificate GetSignCertificate(string certificate, string certPwd) { var stream = File.Exists(certificate) ? File.OpenRead(certificate) : (Stream) new MemoryStream(Convert.FromBase64String(certificate)); var store = new Pkcs12Store(stream, certPwd.ToCharArray()); var alias = string.Empty; foreach (string n in store.Aliases) { if (store.IsKeyEntry(n)) { alias = n; } } var chain = store.GetCertificateChain(alias); var cert = chain[0].Certificate; return(new UnionPayCertificate { key = store.GetKey(alias).Key, cert = cert, certId = cert.SerialNumber.ToString() }); }
static void Main(string[] args) { var certificateData = File.ReadAllBytes("YOUR_p7b_FILE"); var cert = new X509CertificateParser().ReadCertificate(certificateData); //I just wanted to know if I can see the publicKey somehow //var publicKey = cert.GetPublicKey(); var store = new Pkcs12Store(File.OpenRead("YOUR_p12_File"), "test".ToCharArray()); var privateKey = store.GetKey("THE_NAME_OF_KEY_YOU_WANT_TO_GET").Key; var signedDataGen = new CmsSignedDataGenerator(); signedDataGen.AddSigner(privateKey, cert, CmsSignedDataGenerator.EncryptionRsa, CmsSignedDataGenerator.DigestSha512); var zipContent = new CmsProcessableFile(new FileInfo("YOUR_DATA_FILE")); //For me a zip var signedData = signedDataGen.Generate(zipContent, true); var envDataGen = new CmsEnvelopedDataGenerator(); envDataGen.AddKeyTransRecipient(cert); var sData = new CmsProcessableByteArray(signedData.GetEncoded()); var enveloped = envDataGen.Generate(sData, CmsEnvelopedDataGenerator.DesEde3Cbc); var dos = new DerOutputStream(File.OpenWrite("YOUR_DATA_FILE.zip.encrypted.sig)")); var bytesToWrite = enveloped.GetEncoded(); dos.Write(bytesToWrite, 0, bytesToWrite.Length); dos.Flush(); dos.Close(); }
/// <summary> /// Load the Root Certificate byte array to digitally sign other certificates. /// </summary> /// <param name="RootPFXCertificate">The byte array that contains the Root PFX file.</param> /// <param name="PFXFilePassword">The PFX password of the Root Certificate.</param> public void LoadRootCertificate(byte[] RootPFXCertificate, string PFXFilePassword) { if (RootPFXCertificate == null) { throw new Exception("Root PFX certificate cannot be null"); } if (PFXFilePassword == null || PFXFilePassword == "") { throw new Exception("Root certificate password must be set!"); } Pkcs12Store pkcs12Store = new Pkcs12Store(new MemoryStream(RootPFXCertificate), PFXFilePassword.ToCharArray()); string current = null; IEnumerator enumerator = pkcs12Store.Aliases.GetEnumerator(); do { if (!enumerator.MoveNext()) { break; } current = (string)enumerator.Current; }while (!pkcs12Store.IsKeyEntry(current)); AsymmetricKeyParameter key = pkcs12Store.GetKey(current).Key; X509CertificateEntry[] certificateChain = pkcs12Store.GetCertificateChain(current); ArrayList arrayLists = new ArrayList(); this.rootCert = certificateChain[0].Certificate; this.rootKeyPair = new AsymmetricCipherKeyPair(this.rootCert.GetPublicKey(), key); }
private (string certificate, string key) TransformPfx(IPasswordFinder passwordFinder) { var certOutput = new StringWriter(); var keyOutput = new StringWriter(); using (var input = File.OpenRead(CertificatePath)) { var certWriter = new PemWriter(certOutput); var keyWriter = new PemWriter(keyOutput); var store = new Pkcs12Store(input, passwordFinder.GetPassword()); foreach (string alias in store.Aliases) { var cert = store.GetCertificate(alias); if (cert != null) { certWriter.WriteObject(cert.Certificate); } var key = store.GetKey(alias); if (key != null && key.Key.IsPrivate) { keyWriter.WriteObject(key.Key); } } } return(certOutput.ToString(), keyOutput.ToString()); }
/// <summary> /// Imports certificates and keys from a pkcs12-encoded stream. /// </summary> /// <remarks> /// Imports certificates and keys from a pkcs12-encoded stream. /// </remarks> /// <param name="stream">The raw certificate and key data.</param> /// <param name="password">The password to unlock the stream.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="stream"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="password"/> is <c>null</c>.</para> /// </exception> public override void Import(Stream stream, string password) { if (stream == null) { throw new ArgumentNullException("stream"); } if (password == null) { throw new ArgumentNullException("password"); } var pkcs12 = new Pkcs12Store(stream, password.ToCharArray()); foreach (string alias in pkcs12.Aliases) { if (pkcs12.IsKeyEntry(alias)) { var chain = pkcs12.GetCertificateChain(alias); var entry = pkcs12.GetKey(alias); for (int i = 0; i < chain.Length; i++) { certificates.Add(chain[i].Certificate); } keys.Add(chain[0].Certificate, entry.Key); } else if (pkcs12.IsCertificateEntry(alias)) { var entry = pkcs12.GetCertificate(alias); certificates.Add(entry.Certificate); } } }
static X509Certificate[] LoadPkcs12CertificateChain(string fileName, string password, out AsymmetricKeyParameter key) { using (var stream = File.OpenRead(fileName)) { var pkcs12 = new Pkcs12Store(stream, password.ToCharArray()); foreach (string alias in pkcs12.Aliases) { if (pkcs12.IsKeyEntry(alias)) { var chain = pkcs12.GetCertificateChain(alias); var entry = pkcs12.GetKey(alias); if (!entry.Key.IsPrivate) { continue; } key = entry.Key; var certificates = new X509Certificate[chain.Length]; for (int i = 0; i < chain.Length; i++) { certificates[i] = chain[i].Certificate; } return(certificates); } } } throw new Exception("Failed to locate private key entry."); }