// From: // http://blogs.interfacett.com/selecting-a-cryptographic-key-provider-in-windows-server-2012-ad-cs // https://msdn.microsoft.com/en-us/library/windows/desktop/aa386983(v=vs.85).aspx // // Microsoft Base Smart Card Crypto Provider // Microsoft Enhanced Cryptographic Provider v1.0 // ECDA_P256#Microsoft Smart Card Key Storage Provider // ECDA_P521#Microsoft Smart Card Key Storage Provider // RSA#Microsoft Software Key Storage Provider // Microsoft Base Cryptographic Provider v1.0 // ECDA_P256#Microsoft Software Key Storage Provider // ECDA_P521#Microsoft Software Key Storage Provider // Microsoft Strong Cryptographic Provider // ECDA_P384#Microsoft Software Key Storage Provider // Microsoft Base DSS Cryptographic Provider // RSA#Microsoft Smart Card Key Storage Provider // DSA#Microsoft Software Key Storage Provider // ECDA_P384#Microsoft Smart Card Key Storage Provider public override PrivateKey GeneratePrivateKey(PrivateKeyParams pkp) { var rsaPkp = pkp as RsaPrivateKeyParams; var ecPkp = pkp as EcPrivateKeyParams; var algId = new CERTENROLLLib.CObjectId(); if (rsaPkp != null) { var oid = new System.Security.Cryptography.Oid("RSA"); algId.InitializeFromValue(oid.Value); } else if (ecPkp != null) { throw new NotImplementedException("EC keys not implemented YET!"); } else { throw new NotSupportedException("unsupported private key parameters type"); } var cePk = new CERTENROLLLib.CX509PrivateKey(); // MS_DEF_PROV //cePk.ProviderName = "Microsoft Base Cryptographic Provider"; cePk.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; //cePk.ProviderType = CERTENROLLLib.X509ProviderType.XCN_PROV_RSA_FULL; cePk.Algorithm = algId; cePk.KeySpec = CERTENROLLLib.X509KeySpec.XCN_AT_KEYEXCHANGE; cePk.Length = rsaPkp.NumBits; // Don't store in the machine's local cert store and allow exporting of private key cePk.MachineContext = false; cePk.ExportPolicy = CERTENROLLLib.X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG; cePk.Create(); var pk = new CeRsaPrivateKey(rsaPkp.NumBits, null, null) { Exported = cePk.Export(BCRYPT_PRIVATE_KEY_BLOB), }; return(pk); }
public CryptographicAttributeObject(System.Security.Cryptography.Oid oid, AsnEncodedDataCollection values) { this.m_oid = new System.Security.Cryptography.Oid(oid); if (values == null) { this.m_values = new AsnEncodedDataCollection(); } else { AsnEncodedDataEnumerator enumerator = values.GetEnumerator(); while (enumerator.MoveNext()) { if (string.Compare(enumerator.Current.Oid.Value, oid.Value, StringComparison.Ordinal) != 0) { throw new InvalidOperationException(SecurityResources.GetResourceString("InvalidOperation_DuplicateItemNotAllowed")); } } this.m_values = values; } }
public AsnEncodedData(System.Security.Cryptography.Oid oid, byte[] rawData) { }
public PublicKey(System.Security.Cryptography.Oid oid, System.Security.Cryptography.AsnEncodedData parameters, System.Security.Cryptography.AsnEncodedData keyValue) { }
public Pkcs9AttributeObject(System.Security.Cryptography.Oid oid, byte[] encodedData) { }
public CryptographicAttributeObject(System.Security.Cryptography.Oid oid) { }
public AlgorithmIdentifier(System.Security.Cryptography.Oid oid, int keyLength) { }
public static System.Security.Cryptography.ECCurve CreateFromOid(System.Security.Cryptography.Oid curveOid) { throw null; }
public Pkcs12CertBag(System.Security.Cryptography.Oid certificateType, System.ReadOnlyMemory <byte> encodedCertificate) : base(default(string), default(System.ReadOnlyMemory <byte>), default(bool)) { }
public override Csr GenerateCsr(CsrParams csrParams, PrivateKey pk, Crt.MessageDigest md) { var rsaPk = pk as CeRsaPrivateKey; if (rsaPk != null) { var cePk = new CERTENROLLLib.CX509PrivateKey(); // MS_DEF_PROV //cePk.ProviderName = "Microsoft Base Cryptographic Provider"; cePk.ProviderName = "Microsoft Enhanced Cryptographic Provider v1.0"; // Don't store in the machine's local cert store and allow exporting of private key cePk.MachineContext = false; cePk.ExportPolicy = CERTENROLLLib.X509PrivateKeyExportFlags.XCN_NCRYPT_ALLOW_EXPORT_FLAG; cePk.Import(BCRYPT_PRIVATE_KEY_BLOB, rsaPk.Exported); var ceReq = new CERTENROLLLib.CX509CertificateRequestCertificate(); ceReq.InitializeFromPrivateKey( CERTENROLLLib.X509CertificateEnrollmentContext.ContextUser, cePk, ""); // CN=Test Cert, OU=Sandbox var subjParts = new[] { new { name = "C", value = csrParams?.Details?.Country }, new { name = "ST", value = csrParams?.Details?.StateOrProvince }, new { name = "L", value = csrParams?.Details?.Locality }, new { name = "O", value = csrParams?.Details?.Organization }, new { name = "OU", value = csrParams?.Details?.OrganizationUnit }, new { name = "CN", value = csrParams?.Details?.CommonName }, new { name = "E", value = csrParams?.Details?.Email }, }; // Escape any non-standard character var re = new Regex("[^A-Za-z0-9\\._-]"); var subj = ""; foreach (var sp in subjParts) { if (!string.IsNullOrEmpty(sp.value)) { var spVal = re.Replace(sp.value, "\\$0"); subj += $",{sp.name}={spVal}"; } } if (string.IsNullOrEmpty(subj)) { throw new InvalidOperationException("invalid CSR details"); } subj = subj.Substring(1); // Skip over the first comma // http://msdn.microsoft.com/en-us/library/aa377051(VS.85).aspx var subjDN = new CERTENROLLLib.CX500DistinguishedName(); subjDN.Encode(subj); ceReq.Subject = subjDN; if (csrParams.NotBefore != null) { ceReq.NotBefore = csrParams.NotBefore.Value; } if (csrParams.NotAfter != null) { ceReq.NotAfter = csrParams.NotAfter.Value; } var mdVal = Enum.GetName(typeof(Crt.MessageDigest), md); var mdOid = new System.Security.Cryptography.Oid(mdVal); var mdAlg = new CERTENROLLLib.CObjectId(); mdAlg.InitializeFromValue(mdOid.Value); ceReq.SignatureInformation.HashAlgorithm = mdAlg; ceReq.Encode(); var csr = new Csr(ceReq.RawData); return(csr); } else { throw new NotSupportedException("unsuppored private key type"); } }
private void Reset(System.Security.Cryptography.Oid oid, byte[] rawData) { this.Oid = oid; this.RawData = rawData; }
public AsnEncodedData(System.Security.Cryptography.Oid oid, byte[] rawData) { this.Reset(oid, rawData); }
internal AsnEncodedData(System.Security.Cryptography.Oid oid, CAPIBase.CRYPTOAPI_BLOB encodedBlob) : this(oid, CAPI.BlobToByteArray(encodedBlob)) { }
internal AsnEncodedData(System.Security.Cryptography.Oid oid) { this.m_oid = oid; }
public void Decode(byte[] test, ref int bi) { TagType tagType = (TagType)((test[bi] & 0xc0) >> 6); bool constructed = ((test[bi] & 0x20) == 0x20); int tagNum = (test[bi] & 0x1f); // move on past the tag byte bi++; // test bits 7&8 of the first byte are zero - universal tag known from above enum if (tagType == TagType.Universal) { if (tagNum == 0) { Console.WriteLine("[0]"); if (constructed) { // length and value in subsequent bytes long length = GetLength(test, ref bi); int start = bi; while (bi < start + length) { Decode(test, ref bi); } } } else if (tagNum == (int)UniversalTag.Boolean) { // length and value in subsequent bytes long length = GetLength(test, ref bi); bool value = (bool)(test[bi] != 0); Console.WriteLine("Boolean: {0}", value); bi++; } else if (tagNum == (int)UniversalTag.Integer) { Console.WriteLine("Integer"); // length and value in subsequent bytes long length = GetLength(test, ref bi); // TODO: UNFINISHED, need to get head around twos-complement and do this properly BigInteger value = GetValue(test, ref bi, (int)length); foreach (byte b in value.ToByteArray()) { Console.Write("{0:X2} ", b); } Console.WriteLine(value); } else if (tagNum == (int)UniversalTag.Null) { bi++; Console.WriteLine("NULL"); } else if (tagNum == (int)UniversalTag.BitString) { // length and value in subsequent bytes int length = GetLength(test, ref bi); if (constructed) { int start = bi; while (bi < start + length) { Decode(test, ref bi); } } else { // first byte of a bit string denotes how many unused bits are at the end of the bit string byte unused = test[bi]; bi++; length--; Console.WriteLine("Bit string, length = {0}, unused = {1}", length, unused); byte[] raw = new byte[length]; Array.Copy(test, bi, raw, 0, length); Console.WriteLine("Base64 encoded BitString:\r\n{0}", Convert.ToBase64String(raw)); foreach (var b in raw) { Console.Write(b.ToString("X2")); } Console.WriteLine(""); bi += (int)length; } } else if (tagNum == (int)UniversalTag.OctetString) { // length and value in subsequent bytes int length = GetLength(test, ref bi); Console.WriteLine("Octet string, length = {0} bytes", length); // TODO: some octet strings are decomposable but i think it depends on the use //int start = bi; //while (bi < start + length) //{ // Decode(test, ref bi); //} byte[] raw = new byte[length]; Array.Copy(test, bi, raw, 0, length); foreach (var b in raw) { Console.Write(b.ToString("X2")); } Console.WriteLine(""); bi += (int)length; } else if (tagNum == (int)UniversalTag.ObjectID) { Console.WriteLine("Object ID"); // length and value in subsequent bytes int length = GetLength(test, ref bi); byte[] raw = new byte[length]; Array.Copy(test, bi, raw, 0, length); // special case, first byte int id1 = (raw[0] / 40); int id2 = (raw[0] % 40); bool cont = false; long biggun = 0; string oid = id1.ToString() + "." + id2.ToString(); for (int i = 1; i < raw.Length; i++) { if ((raw[i] & 0x80) == 0x80) { cont = true; biggun <<= 7; biggun += raw[i] & 0x7f; } else { if (cont) { biggun <<= 7; biggun += raw[i] & 0x7f; oid += "." + biggun.ToString(); cont = false; biggun = 0; } else { oid += "." + raw[i].ToString(); } } } System.Security.Cryptography.Oid o = new System.Security.Cryptography.Oid(oid); Console.WriteLine(oid); Console.WriteLine(o.FriendlyName); bi += (int)length; } else if (tagNum == (int)UniversalTag.UTF8String) { Console.WriteLine("UTF8 String"); // length and value in subsequent bytes int length = GetLength(test, ref bi); byte[] raw = new byte[length]; Array.Copy(test, bi, raw, 0, length); string decoded = System.Text.Encoding.UTF8.GetString(raw); Console.WriteLine(decoded); bi += (int)length; } else if (tagNum == (int)UniversalTag.Sequence) { long length = GetLength(test, ref bi); Console.WriteLine("Sequence contained in {0} bytes", (int)length); // because sequence is a constructed type we can recurse into this function if (constructed) { int start = bi; while (bi < start + length) { Decode(test, ref bi); } } } else if (tagNum == (int)UniversalTag.Set) { long length = GetLength(test, ref bi); Console.WriteLine("Set contained in {0} bytes", (int)length); // because sequence is a constructed type we can recurse into this function if (constructed) { int start = bi; while (bi < start + length) { Decode(test, ref bi); } } } else if (tagNum == (int)UniversalTag.PrintableString) { Console.WriteLine("Printable String"); // length and value in subsequent bytes int length = GetLength(test, ref bi); byte[] raw = new byte[length]; Array.Copy(test, bi, raw, 0, length); string decoded = System.Text.Encoding.ASCII.GetString(raw); Console.WriteLine(decoded); bi += (int)length; } else if (tagNum == (int)UniversalTag.T61String) { Console.WriteLine("T61 String"); // length and value in subsequent bytes int length = GetLength(test, ref bi); byte[] raw = new byte[length]; Array.Copy(test, bi, raw, 0, length); string decoded = System.Text.Encoding.UTF8.GetString(raw); Console.WriteLine(decoded); bi += (int)length; } else if (tagNum == (int)UniversalTag.IA5String) { Console.WriteLine("IA5 String"); // length and value in subsequent bytes int length = GetLength(test, ref bi); byte[] raw = new byte[(int)length]; Array.Copy(test, bi, raw, 0, (int)length); string decoded = System.Text.Encoding.ASCII.GetString(raw); Console.WriteLine(decoded); bi += (int)length; } else if (tagNum == (int)UniversalTag.UTCTime) { Console.WriteLine("UTC Time"); long length = GetLength(test, ref bi); byte[] raw = new byte[(int)length]; Array.Copy(test, bi, raw, 0, (int)length); string decoded = System.Text.Encoding.ASCII.GetString(raw); int offsetIndex = decoded.IndexOfAny(new char[] { '+', '-', 'Z' }); DateTime date = DateTime.ParseExact(decoded.Substring(0, 6), "yyMMdd", CultureInfo.CurrentCulture); string timeString = decoded.Substring(6, offsetIndex - 6); TimeSpan time = TimeSpan.MinValue; if (timeString.Length == 4) { time = TimeSpan.ParseExact(timeString, "hhmm", CultureInfo.CurrentCulture); } else if (timeString.Length == 6) { time = TimeSpan.ParseExact(timeString, "hhmmss", CultureInfo.CurrentCulture); } else { throw new FormatException(); } date = date.Add(time); if (decoded.Substring(offsetIndex + 1).Length > 0) { TimeSpan offset = TimeSpan.ParseExact(decoded.Substring(offsetIndex + 1), "hhmm", CultureInfo.CurrentCulture); date = date.Add(offset); } Console.WriteLine(date); bi += (int)length; } else if (tagNum == (int)UniversalTag.GeneralisedTime) { Console.WriteLine("Generalised Time"); long length = GetLength(test, ref bi); byte[] raw = new byte[(int)length]; Array.Copy(test, bi, raw, 0, (int)length); string decoded = System.Text.Encoding.ASCII.GetString(raw); int offsetIndex = decoded.IndexOfAny(new char[] { '+', '-', 'Z' }); DateTime date = DateTime.ParseExact(decoded.Substring(0, 8), "yyyyMMdd", CultureInfo.CurrentCulture); string timeString = decoded.Substring(8, offsetIndex - 8); TimeSpan time = TimeSpan.MinValue; if (timeString.Length == 4) { time = TimeSpan.ParseExact(timeString, "hhmm", CultureInfo.CurrentCulture); } else if (timeString.Length == 6) { time = TimeSpan.ParseExact(timeString, "hhmmss", CultureInfo.CurrentCulture); } else { throw new FormatException(); } date = date.Add(time); if (decoded.Substring(offsetIndex + 1).Length > 0) { TimeSpan offset = TimeSpan.ParseExact(decoded.Substring(offsetIndex + 1), "hhmm", CultureInfo.CurrentCulture); date = date.Add(offset); } Console.WriteLine(date); bi += (int)length; } else if (tagNum == (int)UniversalTag.BMPString) { int length = GetLength(test, ref bi); byte[] raw = new byte[length]; Array.Copy(test, bi, raw, 0, length); string decoded = System.Text.Encoding.Unicode.GetString(raw); Console.WriteLine("BMPString ({1}): {0}", decoded, length); } else { throw new InvalidOperationException("Unknown tag: " + test[bi].ToString("x2")); } } else if (tagType == TagType.Context) { if (constructed) { // length and value in subsequent bytes long length = GetLength(test, ref bi); Console.WriteLine("Context tag: " + tagNum + " - length " + length); int start = bi; while (bi < start + length) { Decode(test, ref bi); } } else { throw new InvalidOperationException("Primitive context specific tag, I don't know what to do with this"); } } else { throw new InvalidOperationException("Unknown tag type, I don't know what to do with this"); } }
public Rfc3161TimestampTokenInfo(System.Security.Cryptography.Oid policyId, System.Security.Cryptography.Oid hashAlgorithmId, System.ReadOnlyMemory <byte> messageHash, System.ReadOnlyMemory <byte> serialNumber, System.DateTimeOffset timestamp, long?accuracyInMicroseconds = default(long?), bool isOrdering = false, System.ReadOnlyMemory <byte>?nonce = default(System.ReadOnlyMemory <byte>?), System.ReadOnlyMemory <byte>?timestampAuthorityName = default(System.ReadOnlyMemory <byte>?), System.Security.Cryptography.X509Certificates.X509ExtensionCollection extensions = null) { }
public static System.Security.Cryptography.ECCurve CreateFromOid(System.Security.Cryptography.Oid curveOid) { return(default(System.Security.Cryptography.ECCurve)); }
public int Add(System.Security.Cryptography.Oid oid) { throw null; }
public CryptographicAttributeObject(System.Security.Cryptography.Oid oid) : this(oid, new AsnEncodedDataCollection()) { }
public AlgorithmIdentifier(System.Security.Cryptography.Oid oid) { }
public bool VerifySignatureForHash(System.ReadOnlySpan <byte> hash, System.Security.Cryptography.Oid hashAlgorithmId, [System.Diagnostics.CodeAnalysis.NotNullWhenAttribute(true)] out System.Security.Cryptography.X509Certificates.X509Certificate2?signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection?extraCandidates = null) { throw null; }
public ContentInfo(System.Security.Cryptography.Oid contentType, byte[] content) { }
public System.Security.Cryptography.Pkcs.Pkcs12SecretBag AddSecret(System.Security.Cryptography.Oid secretType, System.ReadOnlyMemory <byte> secretValue) { throw null; }
public CryptographicAttributeObject(System.Security.Cryptography.Oid oid, System.Security.Cryptography.AsnEncodedDataCollection values) { }
public Pkcs8PrivateKeyInfo(System.Security.Cryptography.Oid algorithmId, System.ReadOnlyMemory <byte>?algorithmParameters, System.ReadOnlyMemory <byte> privateKey, bool skipCopies = false) { }
public X509Extension(System.Security.Cryptography.Oid oid, byte[] rawData, bool critical) { }
public static System.Security.Cryptography.Pkcs.Rfc3161TimestampRequest CreateFromSignerInfo(System.Security.Cryptography.Pkcs.SignerInfo signerInfo, System.Security.Cryptography.HashAlgorithmName hashAlgorithm, System.Security.Cryptography.Oid requestedPolicyId = null, System.ReadOnlyMemory <byte>?nonce = default(System.ReadOnlyMemory <byte>?), bool requestSignerCertificates = false, System.Security.Cryptography.X509Certificates.X509ExtensionCollection extensions = null) { throw null; }
public Oid(System.Security.Cryptography.Oid oid) { }
public bool VerifySignatureForHash(System.ReadOnlySpan <byte> hash, System.Security.Cryptography.Oid hashAlgorithmId, out System.Security.Cryptography.X509Certificates.X509Certificate2 signerCertificate, System.Security.Cryptography.X509Certificates.X509Certificate2Collection extraCandidates = null) { throw null; }
public int Add(System.Security.Cryptography.Oid oid) { return(default(int)); }