//private X509Certificate2 _x5092;
#region properties
#endregion
#region .ctors
#endregion
#region methods
public async Task <ProtectedX509Certificate2> IssueNewCertificateAsync(IPublicKey keyProtector, ICertificatePolicy certificatePolicy)
{
if (keyProtector == null)
{
throw new ArgumentNullException("keyProtectorPublicKey");
}
//if (keyProtector.PublicKey == null)
//{
// throw new ArgumentNullException("keyProtectorPublicKey.PublicKey");
//}
//var publicKeyProvider = keyProtector.PublicKey.Key as RSACryptoServiceProvider;
//if (publicKeyProvider == null)
//{
// throw new NotImplementedException("keyProtectorPublicKey.PublicKey.Key must be a valid RSACryptoServiceProvider");
//}
string thumbprint;
string pemPublicCert;
byte[] pkcs12Data;
System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2;
GenerateSigningCertificate(certificatePolicy, out thumbprint, out pemPublicCert, out pkcs12Data, out x509Certificate2);
// encrypt the password using our primary certificate
var encryptor = new AsymmetricEncryptor()
{
AsymmetricStrategy = AsymmetricStrategyOption.Aes256_1000
};
var asymEncObj = encryptor.EncryptObjectAsync(pkcs12Data, keyProtector).GetAwaiter().GetResult();
if (string.IsNullOrEmpty(asymEncObj.KeyId) || asymEncObj.KeyId.Length != 40)
{
throw new InvalidOperationException("AsymmetricEncryptor.EncryptObject returned without KeyId populated.");
}
var protectedKey = new ProtectedX509Certificate2(x509Certificate2.Thumbprint.ToLower(), asymEncObj);
return(await Task.FromResult(protectedKey));
}
//private X509Certificate2 _x5092;
#region properties
#endregion
#region .ctors
#endregion
#region methods
public async Task<ProtectedX509Certificate2> IssueNewCertificateAsync(IPublicKey keyProtector, ICertificatePolicy certificatePolicy)
{
if (keyProtector == null)
{
throw new ArgumentNullException("keyProtectorPublicKey");
}
//if (keyProtector.PublicKey == null)
//{
// throw new ArgumentNullException("keyProtectorPublicKey.PublicKey");
//}
//var publicKeyProvider = keyProtector.PublicKey.Key as RSACryptoServiceProvider;
//if (publicKeyProvider == null)
//{
// throw new NotImplementedException("keyProtectorPublicKey.PublicKey.Key must be a valid RSACryptoServiceProvider");
//}
string thumbprint;
string pemPublicCert;
byte[] pkcs12Data;
System.Security.Cryptography.X509Certificates.X509Certificate2 x509Certificate2;
GenerateSigningCertificate(certificatePolicy, out thumbprint, out pemPublicCert, out pkcs12Data, out x509Certificate2);
// encrypt the password using our primary certificate
var encryptor = new AsymmetricEncryptor() { AsymmetricStrategy = AsymmetricStrategyOption.Aes256_1000 };
var asymEncObj = encryptor.EncryptObjectAsync(pkcs12Data, keyProtector).GetAwaiter().GetResult();
if (string.IsNullOrEmpty(asymEncObj.KeyId) || asymEncObj.KeyId.Length != 40)
{
throw new InvalidOperationException("AsymmetricEncryptor.EncryptObject returned without KeyId populated.");
}
var protectedKey = new ProtectedX509Certificate2(x509Certificate2.Thumbprint.ToLower(), asymEncObj);
return await Task.FromResult(protectedKey);
}
public void TestAes1000WithCertificate()
{
var cert2 = LoadCertificate();
//var publicKey = X509CertificateHelper.GetRSACryptoServiceProviderFromPublicKey(cert2);
var keyProtector = X509CertificateHelper.GetKeyEncryptionKey(cert2);
// generate a protected key
var gen = new ProtectedX509Certificate2Generator();
var policy = new CertificatePolicy()
{
CommonName = "Testing protected certs",
AllPurposes = true,
ValidForDays = 2
};
var protectedKey = Task.Run(() => gen.IssueNewCertificateAsync(keyProtector, policy)).GetAwaiter().GetResult();
// save the key to test
var keyOutputFilePath = (CERT_FOLDER + "temp\\pk-" + protectedKey.KeyId + ".kpk");
var fi = new FileInfo(keyOutputFilePath);
if (!fi.Directory.Exists)
{
fi.Directory.Create();
}
var bytes = Task.Run(() => protectedKey.ToByteArrayAsync()).GetAwaiter().GetResult();
File.WriteAllBytes(fi.FullName, bytes);
Console.WriteLine(fi.FullName);
var list = new List <string>();
var listEnc = new List <AsymmetricallyEncryptedObject>();
using (var privateKey = Task.Run(() => protectedKey.ToKeyEncyrptionKeyAsync(keyProtector)).GetAwaiter().GetResult())
{
//var publicKey = privateKey.PublicKey.Key as RSACryptoServiceProvider;
//File.WriteAllText(fi.FullName + "_A.cer", privateKey.PublicKeyToPEM());
int length = 100;
var rand = new RandomGenerator();
for (int i = 0; i < length; i++)
{
var stringToEncrypt = Guid.NewGuid().ToString("N") + ":* d’une secrétairE chargée des affaires des étudiants de la section";
list.Add(stringToEncrypt);
var asymEnc = new AsymmetricEncryptor(AsymmetricStrategyOption.Aes256_1000);
var asymObj = asymEnc.EncryptObjectAsync(stringToEncrypt, privateKey).GetAwaiter().GetResult();
listEnc.Add(asymObj);
var decrypted = asymEnc.DecryptObjectAsync(asymObj, privateKey).GetAwaiter().GetResult();
Assert.AreEqual(stringToEncrypt, decrypted);
}
}
// lets reload a new private key
var fileBytes = File.ReadAllBytes(fi.FullName);
var encKey = new AsymmetricallyEncryptedObject();
encKey.LoadFromByteArray(fileBytes);
var protectedKey2 = new ProtectedX509Certificate2(protectedKey.KeyId, encKey);
using (var privateKey = Task.Run(() => protectedKey2.ToKeyEncyrptionKeyAsync(keyProtector)).GetAwaiter().GetResult())
{
var asymEnc = new AsymmetricEncryptor(AsymmetricStrategyOption.Aes256_1000);
int i = 0;
foreach (var line in list)
{
var asymObj = listEnc[i];
var decrypted = asymEnc.DecryptObject(asymObj, privateKey);
Assert.AreEqual(line, decrypted);
i++;
}
}
}
public void TestAes1000WithCertificate()
{
var cert2 = LoadCertificate();
//var publicKey = X509CertificateHelper.GetRSACryptoServiceProviderFromPublicKey(cert2);
var keyProtector = X509CertificateHelper.GetKeyEncryptionKey(cert2);
// generate a protected key
var gen = new ProtectedX509Certificate2Generator();
var policy = new CertificatePolicy()
{
CommonName = "Testing protected certs",
AllPurposes = true,
ValidForDays = 2
};
var protectedKey = Task.Run(() => gen.IssueNewCertificateAsync(keyProtector, policy)).GetAwaiter().GetResult();
// save the key to test
var keyOutputFilePath = (CERT_FOLDER + "temp\\pk-" + protectedKey.KeyId + ".kpk");
var fi = new FileInfo(keyOutputFilePath);
if (!fi.Directory.Exists)
{
fi.Directory.Create();
}
var bytes = Task.Run(() => protectedKey.ToByteArrayAsync()).GetAwaiter().GetResult();
File.WriteAllBytes(fi.FullName, bytes);
Console.WriteLine(fi.FullName);
var list = new List<string>();
var listEnc = new List<AsymmetricallyEncryptedObject>();
using (var privateKey = Task.Run(() => protectedKey.ToKeyEncyrptionKeyAsync(keyProtector)).GetAwaiter().GetResult())
{
//var publicKey = privateKey.PublicKey.Key as RSACryptoServiceProvider;
//File.WriteAllText(fi.FullName + "_A.cer", privateKey.PublicKeyToPEM());
int length = 100;
var rand = new RandomGenerator();
for (int i = 0; i < length; i++)
{
var stringToEncrypt = Guid.NewGuid().ToString("N") + ":* d’une secrétairE chargée des affaires des étudiants de la section";
list.Add(stringToEncrypt);
var asymEnc = new AsymmetricEncryptor(AsymmetricStrategyOption.Aes256_1000);
var asymObj = asymEnc.EncryptObjectAsync(stringToEncrypt, privateKey).GetAwaiter().GetResult();
listEnc.Add(asymObj);
var decrypted = asymEnc.DecryptObjectAsync(asymObj, privateKey).GetAwaiter().GetResult();
Assert.AreEqual(stringToEncrypt, decrypted);
}
}
// lets reload a new private key
var fileBytes = File.ReadAllBytes(fi.FullName);
var encKey = new AsymmetricallyEncryptedObject();
encKey.LoadFromByteArray(fileBytes);
var protectedKey2 = new ProtectedX509Certificate2(protectedKey.KeyId, encKey);
using (var privateKey = Task.Run(() => protectedKey2.ToKeyEncyrptionKeyAsync(keyProtector)).GetAwaiter().GetResult())
{
var asymEnc = new AsymmetricEncryptor(AsymmetricStrategyOption.Aes256_1000);
int i = 0;
foreach (var line in list)
{
var asymObj = listEnc[i];
var decrypted = asymEnc.DecryptObject(asymObj, privateKey);
Assert.AreEqual(line, decrypted);
i++;
}
}
}
