/// <summary> /// Gets the PEM for the Private Key from the Asymmetric Key Pair. /// </summary> /// <param name="keys"></param> /// <returns></returns> public static String GetPrivateKey(AsymmetricCipherKeyPair keys) { TextWriter textWriter = new StringWriter(); PemWriter pemWriter = new PemWriter(textWriter); pemWriter.WriteObject(keys.Private); pemWriter.Writer.Flush(); return textWriter.ToString(); }
public static void SaveToFile( X509Certificate newCert, AsymmetricCipherKeyPair kp, string FilePath, string CertAlias, string Password) { var newStore = new Pkcs12Store(); var certEntry = new X509CertificateEntry(newCert); newStore.SetCertificateEntry( CertAlias, certEntry ); newStore.SetKeyEntry( CertAlias, new AsymmetricKeyEntry(kp.Private), new[] { certEntry } ); using (var certFile = File.Create(FilePath)) { newStore.Save( certFile, Password.ToCharArray(), new SecureRandom(new CryptoApiRandomGenerator()) ); } }
// https://social.msdn.microsoft.com/Forums/vstudio/en-US/80ccc76f-bf98-4cda-9583-f651013b24a5/extract-private-key-as-string-from-pfx-file?forum=csharpgeneral // One of my collegues actually found the solution and I thought I'd share it. // Extract Private Key as String from PFX File public static void GetPrivateKey(string pfxLocation, string password) { // Windows's PFX files are just renamed PKCS#12 files, // Load your certificate from file System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxLocation, password , System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable | System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet); // Private Key if (certificate.HasPrivateKey) { throw new System.IO.InvalidDataException("no private key in pfx file."); } System.Security.Cryptography.RSACryptoServiceProvider rsa = (System.Security.Cryptography.RSACryptoServiceProvider)certificate.PrivateKey; System.IO.MemoryStream memoryStream = new System.IO.MemoryStream(); System.IO.TextWriter streamWriter = new System.IO.StreamWriter(memoryStream); Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(streamWriter); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = Org.BouncyCastle.Security.DotNetUtilities.GetRsaKeyPair(rsa); pemWriter.WriteObject(keyPair.Private); streamWriter.Flush(); string output = System.Text.Encoding.ASCII.GetString(memoryStream.GetBuffer()).Trim(); int index_of_footer = output.IndexOf("-----END RSA PRIVATE KEY-----"); memoryStream.Close(); streamWriter.Close(); string PrivKey = output.Substring(0, index_of_footer + 29); }
public static byte[] encodeUserKeyPairPrivate(AsymmetricCipherKeyPair userKey) { PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(userKey.Private); byte[] serializedPrivateBytes = privateKeyInfo.ToAsn1Object().GetDerEncoded(); return serializedPrivateBytes; }
public static byte[] encodeUserKeyPairPublic(AsymmetricCipherKeyPair userKey) { SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(userKey.Public); byte[] serializedPublicBytes = publicKeyInfo.ToAsn1Object().GetDerEncoded(); return serializedPublicBytes; }
public static X509Certificate MakeCertificate(AsymmetricCipherKeyPair _subKP, string _subDN, AsymmetricCipherKeyPair _issKP, string _issDN, string algorithm, bool _ca) { AsymmetricKeyParameter _subPub = _subKP.Public; AsymmetricKeyParameter _issPriv = _issKP.Private; AsymmetricKeyParameter _issPub = _issKP.Public; X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator(); _v3CertGen.Reset(); _v3CertGen.SetSerialNumber(allocateSerialNumber()); _v3CertGen.SetIssuerDN(new X509Name(_issDN)); _v3CertGen.SetNotBefore(DateTime.UtcNow); _v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100)); _v3CertGen.SetSubjectDN(new X509Name(_subDN)); _v3CertGen.SetPublicKey(_subPub); _v3CertGen.SetSignatureAlgorithm(algorithm); _v3CertGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(_subPub)); _v3CertGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(_issPub)); _v3CertGen.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(_ca)); X509Certificate _cert = _v3CertGen.Generate(_issPriv); _cert.CheckValidity(DateTime.UtcNow); _cert.Verify(_issPub); return _cert; }
public PgpKeyPair( PublicKeyAlgorithmTag algorithm, AsymmetricCipherKeyPair keyPair, DateTime time) : this(algorithm, keyPair.Public, keyPair.Private, time) { }
/// <summary> /// Generate a cert/key pair /// </summary> private void GenerateCertKeyPair() { // Generate RSA key pair RsaKeyPairGenerator r = new RsaKeyPairGenerator(); r.Init(new KeyGenerationParameters(new SecureRandom(), 2048)); keyPair = r.GenerateKeyPair(); // Generate the X509 certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X509Name dnName = new X509Name("CN=NVIDIA GameStream Client"); certGen.SetSerialNumber(BigInteger.ValueOf(DateTime.Now.Ticks / TimeSpan.TicksPerMillisecond)); certGen.SetSubjectDN(dnName); certGen.SetIssuerDN(dnName); // use the same // Expires in 20 years certGen.SetNotBefore(DateTime.Now); certGen.SetNotAfter(DateTime.Now.AddYears(20)); certGen.SetPublicKey(keyPair.Public); certGen.SetSignatureAlgorithm("SHA1withRSA"); try { cert = certGen.Generate(keyPair.Private); } catch (Exception ex) { Debug.WriteLine(ex.StackTrace); } Task.Run(async () => await SaveCertKeyPair()).Wait(); }
static void test() { RsaKeyPairGenerator rsaKeyPairGnr_s = new RsaKeyPairGenerator(); rsaKeyPairGnr_s.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 32)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair_s = rsaKeyPairGnr_s.GenerateKeyPair(); RsaKeyParameters pubKey = (RsaKeyParameters)keyPair_s.Public; RsaKeyParameters prKey = (RsaKeyParameters)keyPair_s.Private; IAsymmetricBlockCipher cipher = new RsaEngine(); cipher.Init(true, prKey); byte[] plain_byte = BitConverter.GetBytes(10); byte[] enc = cipher.ProcessBlock(plain_byte, 0, plain_byte.Length); Org.BouncyCastle.Math.BigInteger test = new Org.BouncyCastle.Math.BigInteger(enc); Console.WriteLine(test); test = test.Multiply(new Org.BouncyCastle.Math.BigInteger(BitConverter.GetBytes(2))); test = test.Mod(prKey.Modulus); Console.WriteLine(test); byte[] new_enc = test.ToByteArray(); cipher.Init(false, pubKey); byte[] dec = cipher.ProcessBlock(new_enc, 0, new_enc.Length); Console.WriteLine(BitConverter.ToInt32(dec)); }
public static byte[] GetObsoleteSharedSecret(AsymmetricCipherKeyPair localKeyWithPrivate, byte[] remotePublicKeyDerEncoded) { var remotePublicKey = PublicKeyFactory.CreateKey(remotePublicKeyDerEncoded); var agreement = new ECDHBasicAgreement(); agreement.Init(localKeyWithPrivate.Private); return agreement.CalculateAgreement(remotePublicKey).ToByteArray(); }
private void GenerateSigningRequestViaOpenSSL(string TargetCertRequestFileName, AsymmetricCipherKeyPair KeyPair) { // We expect openssl.exe to exist in the same directory as iPhonePackager string OpenSSLPath = Path.GetDirectoryName( Application.ExecutablePath ) + @"\openssl.exe"; if (!File.Exists( OpenSSLPath )) { MessageBox.Show("A version of OpenSSL is required to generate certificate requests. Please place OpenSSL.exe in Binaries\\DotNET\\IOS", Config.AppDisplayName, MessageBoxButtons.OK, MessageBoxIcon.Error); return; } string EffectiveBuildPath = (Program.GameName.Length > 0) ? Config.BuildDirectory : Path.GetFullPath("."); // Create a temporary file to write the key pair out to (in a format that OpenSSL understands) string KeyFileName = Path.GetTempFileName(); TextWriter KeyWriter = new StreamWriter(KeyFileName); PemWriter KeyWriterPEM = new PemWriter(KeyWriter); KeyWriterPEM.WriteObject(KeyPair); KeyWriter.Close(); // Create a temporary file containing the configuration settings to drive OpenSSL string ConfigFileName = Path.GetTempFileName(); TextWriter ConfigFile = new StreamWriter(ConfigFileName); ConfigFile.WriteLine("[ req ]"); ConfigFile.WriteLine("distinguished_name = req_distinguished_name"); ConfigFile.WriteLine("prompt = no"); ConfigFile.WriteLine("[ req_distinguished_name ]"); ConfigFile.WriteLine("emailAddress = {0}", EMailEditBox.Text); ConfigFile.WriteLine("commonName = {0}", CommonNameEditBox.Text); ConfigFile.WriteLine("countryName = {0}", System.Globalization.CultureInfo.CurrentCulture.TwoLetterISOLanguageName); ConfigFile.Close(); // Invoke OpenSSL to generate the certificate request Program.Log("Running OpenSSL to generate certificate request..."); string ResultsText; string Executable = OpenSSLPath; string Arguments = String.Format("req -new -nodes -out \"{0}\" -key \"{1}\" -config \"{2}\"", TargetCertRequestFileName, KeyFileName, ConfigFileName); Utilities.RunExecutableAndWait(Executable, Arguments, out ResultsText); Program.Log(ResultsText); if (!File.Exists(TargetCertRequestFileName)) { Program.Error("... Failed to generate certificate request"); } else { Program.Log("... Successfully generated certificate request '{0}'", TargetCertRequestFileName); } // Clean up the temporary files we created File.Delete(KeyFileName); File.Delete(ConfigFileName); }
/// <summary> /// Public constructor for a Pkcs certificate, takes in values to describe it's state. /// </summary> /// <param name="password">The value used to secure (encrypt) the private key with the certificate</param> /// <param name="keypair">An object used for manipulating/accessing the public and private key of a certificate</param> /// <param name="cert">An easy to manipulate version of an X509 certificate</param> /// <param name="store">A store of Pkcs12 certificates used to store and manipulate certificat chains and key associations</param> public PkcsCertificate(string password ,AsymmetricCipherKeyPair keypair, Org.BouncyCastle.X509.X509Certificate cert, Pkcs12Store store) { this.Password = password; this.Keypair = keypair; this.X509Certificate = cert; this.PkcsStore = store; // this is not the best place to do this }
static DkimTests () { using (var stream = new StreamReader (Path.Combine ("..", "..", "TestData", "dkim", "example.pem"))) { var reader = new PemReader (stream); DkimKeys = reader.ReadObject () as AsymmetricCipherKeyPair; } }
private static byte[] ExportCertificate(X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, TCertificateFormat certificateFormat) { byte[] result = null; switch (certificateFormat) { case TCertificateFormat.NotSet: break; case TCertificateFormat.PEM: using (MemoryStream stream = new MemoryStream()) { using (StreamWriter writer = new StreamWriter(stream)) { Org.BouncyCastle.Utilities.IO.Pem.PemWriter pemWriter = new Org.BouncyCastle.Utilities.IO.Pem.PemWriter(writer); if (subjectKeyPair.Private is ECKeyParameters) { ECPrivateKeyParameters priv = (ECPrivateKeyParameters)subjectKeyPair.Private; ECDomainParameters dp = priv.Parameters; int orderBitLength = dp.N.BitLength; Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure ec; Org.BouncyCastle.Asn1.X9.X962Parameters x962; if (priv.PublicKeyParamSet == null) { Org.BouncyCastle.Asn1.X9.X9ECParameters ecP = new Org.BouncyCastle.Asn1.X9.X9ECParameters(dp.Curve, dp.G, dp.N, dp.H, dp.GetSeed()); x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(ecP); } else { x962 = new Org.BouncyCastle.Asn1.X9.X962Parameters(priv.PublicKeyParamSet); } ec = new Org.BouncyCastle.Asn1.Sec.ECPrivateKeyStructure(orderBitLength, priv.D, SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(subjectKeyPair.Public).PublicKeyData, x962); pemWriter.WriteObject(new Org.BouncyCastle.Utilities.IO.Pem.PemObject("EC PRIVATE KEY", ec.GetEncoded())); } else { pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Private)); } pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(subjectKeyPair.Public)); pemWriter.WriteObject(new Org.BouncyCastle.OpenSsl.MiscPemGenerator(certificate)); writer.Flush(); result = stream.ToArray(); } } break; case TCertificateFormat.PFX: //Asn1Sequence asn1Sequence = Asn1Sequence.GetInstance(Asn1Object.FromByteArray(certificate.GetEncoded())); //asn1Sequence.GetObjects //Org.BouncyCastle.Asn1.Pkcs.Pfx pfx = new Org.BouncyCastle.Asn1.Pkcs.Pfx(); //Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo info = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); //result = pfx.GetEncoded(Asn1Encodable.Der); break; case TCertificateFormat.CER: result = certificate.GetEncoded(); break; default: break; } return result; }
public Key(int strength) { var generator = new RsaKeyPairGenerator(); generator.Init(new KeyGenerationParameters(new SecureRandom(), strength)); _keyPair = generator.GenerateKeyPair(); _rsaKey = _keyPair.Private as RsaPrivateCrtKeyParameters; PublicKey = new PublicKey(_keyPair.Public as RsaKeyParameters); }
// This returns a public static string GetPrivateKey(AsymmetricCipherKeyPair keyPair) { var dhPrivateKeyParameters = keyPair.Private as DHPrivateKeyParameters; if (dhPrivateKeyParameters != null) { return dhPrivateKeyParameters.X.ToString(); } throw new NullReferenceException("The key pair provided is not a valid DH keypair."); }
public DHProvider(DHParameters parameters) { _parameters = parameters; IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("DH"); KeyGenerationParameters kgp = new DHKeyGenerationParameters(new SecureRandom(), _parameters); keyGen.Init(kgp); _kp = keyGen.GenerateKeyPair(); }
public static byte[] GetSharedSecret(AsymmetricCipherKeyPair localKeyWithPrivate, byte[] remotePublicKeyDerEncoded) { var remotePublicKey = PublicKeyFactory.CreateKey(remotePublicKeyDerEncoded); var agreement = new ECDHBasicAgreement(); agreement.Init(localKeyWithPrivate.Private); using (var sha = SHA256.Create()) { // CalculateAgreement returns a BigInteger, whose length is variable, and bits are not whitened. // So hash it. return sha.ComputeHash(agreement.CalculateAgreement(remotePublicKey).ToByteArray()); } }
public ServerAuthority(DHParameters parameters) { this.parameters = parameters; IAsymmetricCipherKeyPairGenerator keyGen = GeneratorUtilities.GetKeyPairGenerator("DH"); KeyGenerationParameters kgp = new DHKeyGenerationParameters(new SecureRandom(), parameters); keyGen.Init(kgp); kp = keyGen.GenerateKeyPair(); agreement = AgreementUtilities.GetBasicAgreement("DH"); agreement.Init(kp.Private); }
static void gen_keys() { var key_variable = Encoding.ASCII.GetBytes("test_pro"); RsaKeyPairGenerator rsaKeyPairGnr_s = new RsaKeyPairGenerator(); rsaKeyPairGnr_s.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(key_variable), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair_s = rsaKeyPairGnr_s.GenerateKeyPair(); Pp = (RsaKeyParameters)keyPair_s.Public; Sp = (RsaKeyParameters)keyPair_s.Private; }
public Account() { var namedCurve = NistNamedCurves.GetByName("P-256"); var ecdomp = new ECDomainParameters(namedCurve.Curve, namedCurve.G, namedCurve.N); var srnd = new SecureRandom(); var eckeygenparams = new ECKeyGenerationParameters(ecdomp, srnd); var g = new ECKeyPairGenerator("ECDSA"); g.Init(eckeygenparams); keyPair = g.GenerateKeyPair(); address = generateAddress(keyPair.Public); this.Label = "(no label)"; }
public static RsaKeyParameters req_ver_key() { var key_variable = Encoding.ASCII.GetBytes("test_ver"); RsaKeyPairGenerator rsaKeyPairGnr_s = new RsaKeyPairGenerator(); rsaKeyPairGnr_s.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(key_variable), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair_s = rsaKeyPairGnr_s.GenerateKeyPair(); RsaKeyParameters key = (RsaKeyParameters)keyPair_s.Public; return(key); }
/// <summary> /// Add the Authority Key Identifier. According to http://www.alvestrand.no/objectid/2.5.29.35.html, this /// identifies the public key to be used to verify the signature on this certificate. /// In a certificate chain, this corresponds to the "Subject Key Identifier" on the *issuer* certificate. /// The Bouncy Castle documentation, at http://www.bouncycastle.org/wiki/display/JA1/X.509+Public+Key+Certificate+and+Certification+Request+Generation, /// shows how to create this from the issuing certificate. Since we're creating a self-signed certificate, we have to do this slightly differently. /// </summary> /// <param name="certificateGenerator"></param> /// <param name="issuerDN"></param> /// <param name="issuerKeyPair"></param> /// <param name="issuerSerialNumber"></param> private static void AddAuthorityKeyIdentifier(X509V3CertificateGenerator certificateGenerator, X509Name issuerDN, AsymmetricCipherKeyPair issuerKeyPair, BigInteger issuerSerialNumber) { var authorityKeyIdentifierExtension = new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(issuerKeyPair.Public), new GeneralNames(new GeneralName(issuerDN)), issuerSerialNumber); certificateGenerator.AddExtension( X509Extensions.AuthorityKeyIdentifier.Id, false, authorityKeyIdentifierExtension); }
public static RsaKeyParameters[] req_keys(int n) { RsaKeyParameters[] keys = new RsaKeyParameters[n]; for (int i = 0; i < n; ++i) { RsaKeyPairGenerator rsaKeyPairGnr_s = new RsaKeyPairGenerator(); rsaKeyPairGnr_s.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair_s = rsaKeyPairGnr_s.GenerateKeyPair(); keys[i] = (RsaKeyParameters)keyPair_s.Public; } return(keys); }
GenerateCertificate(string subjectName, out AsymmetricCipherKeyPair kp) { var kpgen = new RsaKeyPairGenerator(); // certificate strength 1024 bits kpgen.Init(new KeyGenerationParameters( new SecureRandom(new CryptoApiRandomGenerator()), 1024)); kp = kpgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); var certName = new X509Name("CN=" + subjectName); var serialNo = BigInteger.ProbablePrime(120, new Random()); gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotAfter(DateTime.Now.AddYears(100)); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetSignatureAlgorithm("SHA1withRSA"); gen.SetPublicKey(kp.Public); gen.AddExtension( X509Extensions.AuthorityKeyIdentifier.Id, false, new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public), new GeneralNames(new GeneralName(certName)), serialNo)); /* 1.3.6.1.5.5.7.3.1 - id_kp_serverAuth 1.3.6.1.5.5.7.3.2 - id_kp_clientAuth 1.3.6.1.5.5.7.3.3 - id_kp_codeSigning 1.3.6.1.5.5.7.3.4 - id_kp_emailProtection 1.3.6.1.5.5.7.3.5 - id-kp-ipsecEndSystem 1.3.6.1.5.5.7.3.6 - id-kp-ipsecTunnel 1.3.6.1.5.5.7.3.7 - id-kp-ipsecUser 1.3.6.1.5.5.7.3.8 - id_kp_timeStamping 1.3.6.1.5.5.7.3.9 - OCSPSigning */ gen.AddExtension( X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new[] { KeyPurposeID.IdKPServerAuth })); var newCert = gen.Generate(kp.Private); return newCert; }
/// <summary> /// Zertifikat mit privatem Schlüssel verknüpfen. (BouncyCastle-Teil) /// </summary> /// <param name="bcCert">Zertifikat</param> /// <param name="rsaKeyPair">Private Schlüssel</param> /// <param name="keyPwd">Passwort mit dem das Zertifikat verschlüsselt werden soll.</param> /// <returns></returns> private static byte[] LinkPrivateKeyToCert( Org.BouncyCastle.X509.X509Certificate bcCert, Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair rsaKeyPair, System.Security.SecureString keyPwd) { var pkcs12store = new Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder().Build(); pkcs12store.SetKeyEntry(string.Empty, new Org.BouncyCastle.Pkcs.AsymmetricKeyEntry(rsaKeyPair.Private), new[] { new Org.BouncyCastle.Pkcs.X509CertificateEntry(bcCert) }); var pkcs12data = new System.IO.MemoryStream(); pkcs12store.Save(pkcs12data, keyPwd.ToUnencryptedString().ToCharArray(), new Org.BouncyCastle.Security.SecureRandom(new CryptoApiRandomGenerator())); return(pkcs12data.ToArray()); }
static DkimTests () { using (var stream = new StreamReader (Path.Combine ("..", "..", "TestData", "dkim", "example.pem"))) { var reader = new PemReader (stream); DkimKeys = reader.ReadObject () as AsymmetricCipherKeyPair; } // Note: you can use http://dkimcore.org/tools/dkimrecordcheck.html to get public keys manually using (var stream = new StreamReader (Path.Combine ("..", "..", "TestData", "dkim", "gmail.pub"))) { var reader = new PemReader (stream); GMailDkimPublicKey = reader.ReadObject () as AsymmetricKeyParameter; } }
public static X509Certificate GenerateRootCert( AsymmetricCipherKeyPair pair) { X509V1CertificateGenerator certGen = new X509V1CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name("CN=Test CA Certificate")); certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50)); certGen.SetSubjectDN(new X509Name("CN=Test CA Certificate")); certGen.SetPublicKey(pair.Public); certGen.SetSignatureAlgorithm("SHA256WithRSAEncryption"); return certGen.Generate(pair.Private); }
public static string Crypt(string input) { RsaKeyParameters parameters; AsymmetricCipherKeyPair keyPair; using (var reader = File.OpenText(@"publickey.pem")) // file containing RSA PKCS1 private key parameters = (RsaKeyParameters)new PemReader(reader).ReadObject(); keyPair = new AsymmetricCipherKeyPair(parameters, new AsymmetricKeyParameter(true)); var encryptEngine = new Pkcs1Encoding(new RsaEngine()); encryptEngine.Init(true, keyPair.Public); byte[] utf = Encoding.UTF8.GetBytes(input); return Convert.ToBase64String(encryptEngine.ProcessBlock(utf, 0, utf.Length)); }
public bool doLoadWallet(string thisFile) { string theWalletJSON = File.ReadAllText(thisFile); Console.Out.WriteLine(theWalletJSON); Wallet = JsonConvert.DeserializeObject<Dictionary<string, string>>(theWalletJSON); Byte[] bKey = Convert.FromBase64String(Wallet["private_key"]); // much like java - the built in crypto doesn't work and looks like it was written by and intern // you MUST use bouncycastle - dont even try to use the microsoft lib String thePEM = Wallet["pem"]; var reader = new StringReader(thePEM); PemReader pr = new PemReader(reader); keyPair = (AsymmetricCipherKeyPair)pr.ReadObject(); return true; }
public void WczytajPoczatkoweParametry() { //Wczytywanie klucza prywatnego Sprzedającego readerKluczPrywatny = new StreamReader("KluczPrywatnyKlienta.pem"); pemReaderKluczPrywatny = new PemReader(readerKluczPrywatny); keyPairPriv = (AsymmetricCipherKeyPair)pemReaderKluczPrywatny.ReadObject(); kluczPrywatnyKlienta = keyPairPriv.Private; //Wczytywanie klucza publicznego bramy przeznaczonego tylko dla klienta readerKluczPublicznyBramyTylkoDlaKlienta = new StreamReader("KluczPublicznyBramyTylkoDlaKlienta.pem"); pemReaderkluczPublicznyBramyTylkoDlaKlienta = new PemReader(readerKluczPublicznyBramyTylkoDlaKlienta); kluczPublicznyBramyTylkoDlaKlienta = (AsymmetricKeyParameter)pemReaderkluczPublicznyBramyTylkoDlaKlienta.ReadObject(); //Wczytywanie certyfikatu Klienta sciezkaCertyfikatuKlienta = "CertyfikatKlienta.crt"; certyfikatKlienta = new X509Certificate2(sciezkaCertyfikatuKlienta); }
public static byte[] Init() { AsymmetricCipherKeyPair keyPair = null; string path = "proxy/session-key"; try { AsymmetricKeyParameter keyPub = PublicKeyFactory.CreateKey(File.ReadAllBytes(path + ".pub")); AsymmetricKeyParameter KeyPriv = PrivateKeyFactory.CreateKey(File.ReadAllBytes(path + ".priv")); keyPair = new AsymmetricCipherKeyPair(keyPub, KeyPriv); Debug.WriteLine("Loaded session.key"); } catch (Exception e) { Log.WriteServer(e); Debug.WriteLine("Generating session.key..."); var generator = new RsaKeyPairGenerator(); generator.Init(new KeyGenerationParameters(new SecureRandom(), 2048)); keyPair = generator.GenerateKeyPair(); Debug.WriteLine("Generated, saving..."); SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); byte[] bytePub = publicKeyInfo.ToAsn1Object().GetDerEncoded(); Directory.CreateDirectory(Path.GetDirectoryName(path)); File.WriteAllBytes(path + ".pub", bytePub); PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); byte[] bytePriv = privateKeyInfo.ToAsn1Object().GetDerEncoded(); File.WriteAllBytes(path + ".priv", bytePriv); Debug.WriteLine("Saved session.key"); } //Old method /*var generator = new RsaKeyPairGenerator(); generator.Init(new KeyGenerationParameters(new SecureRandom(), 2048)); var keyPair = generator.GenerateKeyPair(); */ keyParameters = (RsaKeyParameters)keyPair.Private; SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); return info.GetEncoded(); }
static void Main(string[] args) { byte[][] X = new byte[11][]; Random rnd = new Random(); for (int i = 0; i < 11; ++i) { UTF8Encoding utf8enc = new UTF8Encoding(); X[i] = utf8enc.GetBytes(rnd.Next().ToString()); } RsaKeyParameters[] P = new RsaKeyParameters[11]; for (int i = 0; i < 10; ++i) { RsaKeyPairGenerator rsaKeyPairGnr = new RsaKeyPairGenerator(); rsaKeyPairGnr.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = rsaKeyPairGnr.GenerateKeyPair(); RsaKeyParameters publicKey = (RsaKeyParameters)keyPair.Public; IAsymmetricBlockCipher cipher = new RsaEngine(); P[i + 1] = publicKey; } RsaKeyPairGenerator rsaKeyPairGnr_s = new RsaKeyPairGenerator(); rsaKeyPairGnr_s.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair_s = rsaKeyPairGnr_s.GenerateKeyPair(); P[0] = (RsaKeyParameters)keyPair_s.Public; RsaKeyParameters Ks = (RsaKeyParameters)keyPair_s.Private; string m = "Hello!!"; byte[] v = ring_sign(P, m, Ks, X); Console.WriteLine("v: " + ByteArrayToString(v)); Console.WriteLine(); ring_verify(P, v, X, m); }
static void gen_keypair() { key = KeyGenerator.GenerateKey(polynomsCount * 16); var byte_key = KeyGenerator.GenerateDoubleBytesKey(key); var hexKey = KeyGenerator.GetHexKey(byte_key); var key_variable = Encoding.ASCII.GetBytes(hexKey); RsaKeyPairGenerator rsaKeyPairGnr = new RsaKeyPairGenerator(); rsaKeyPairGnr.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(key_variable), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = rsaKeyPairGnr.GenerateKeyPair(); P = (RsaKeyParameters)keyPair.Public; S = (RsaKeyParameters)keyPair.Private; print_key(hexKey); }
/// <summary> /// PEM representation of the key pair /// </summary> /// <param name="keyPair">Key value pair</param> /// <returns>Key pair in pem format</returns> public string ExportKeyPair(AsymmetricCipherKeyPair keyPair) { // using Bouncy Castle, so that we are 100% sure that the result is exaclty the same as: // openssl pkcs12 -in filename.pfx -nocerts -out privateKey.pem // openssl rsa -in privateKey.pem -out private.pem using (var memoryStream = new MemoryStream()) { using (var streamWriter = new StreamWriter(memoryStream)) { var pemWriter = new PemWriter(streamWriter); pemWriter.WriteObject(keyPair.Private); streamWriter.Flush(); // Here is the output with ---BEGIN RSA PRIVATE KEY--- // that should be exactly the same as in private.pem return Encoding.ASCII.GetString(memoryStream.GetBuffer()); } } }
/// <summary> /// Create ECDSA and generates new key pair /// </summary> /// <param name="type">0 or 1 (1 faster)</param> /// <param name="forSign">if created for signing, otherwise for verifying</param> public ECDSAWrapper(int type, bool forSign) { try { this.initCurveandParams(type); SecureRandom random = new SecureRandom(); ECKeyGenerationParameters genParam = new ECKeyGenerationParameters(this.parameters, random); ECKeyPairGenerator pGen = new ECKeyPairGenerator(); pGen.Init(genParam); this.pair = pGen.GenerateKeyPair(); if (forSign) this.ecdsa.Init(true, new ParametersWithRandom(this.pair.Private, random)); else this.ecdsa.Init(false, this.pair.Public); } catch (Exception ex) { throw new Exception("Error while creating ECDSA with new key pair", ex); } }
private static void ExportKeyPair( Stream secretOut, Stream publicOut, AsymmetricCipherKeyPair dsaKp, AsymmetricCipherKeyPair elgKp, string identity, char[] passPhrase, bool armor) { if (armor) { secretOut = new ArmoredOutputStream(secretOut); } PgpKeyPair dsaKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.Dsa, dsaKp, DateTime.UtcNow); PgpKeyPair elgKeyPair = new PgpKeyPair(PublicKeyAlgorithmTag.ElGamalEncrypt, elgKp, DateTime.UtcNow); PgpKeyRingGenerator keyRingGen = new PgpKeyRingGenerator(PgpSignature.PositiveCertification, dsaKeyPair, identity, SymmetricKeyAlgorithmTag.Aes256, passPhrase, true, null, null, new SecureRandom()); keyRingGen.AddSubKey(elgKeyPair); keyRingGen.GenerateSecretKeyRing().Encode(secretOut); if (armor) { secretOut.Close(); publicOut = new ArmoredOutputStream(publicOut); } keyRingGen.GeneratePublicKeyRing().Encode(publicOut); if (armor) { publicOut.Close(); } }
public static byte[] CreatePKCS12KeyStoreWithPublicPrivateKeyPair(AsymmetricCipherKeyPair keyPair, string passphrase) { var keyContainerName = new Guid().ToString(); var x509V3CertificateGenerator = new X509V3CertificateGenerator(); // The fields that Thali cares about x509V3CertificateGenerator.SetSignatureAlgorithm(SignerAlgorithm); x509V3CertificateGenerator.SetPublicKey(keyPair.Public); // To avoid getting an InvalidOperationExceptoin when calling generate below we have to // specify a certain number of mandatory fields as explained in http://blog.differentpla.net/post/53 // We don't actually care about these fields but Bouncy Castle does var serialNumber = BigInteger.ProbablePrime(120, new Random()); x509V3CertificateGenerator.SetSerialNumber(serialNumber); x509V3CertificateGenerator.SetSubjectDN(X500Name); x509V3CertificateGenerator.SetIssuerDN(X500Name); x509V3CertificateGenerator.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(24, 0, 0))); x509V3CertificateGenerator.SetNotAfter(DateTime.Now.AddDays(ExpirationPeriodForCertsInDays)); var bouncyCastleX509Cert = x509V3CertificateGenerator.Generate(keyPair.Private); try { var msX509Cert = new X509Certificate2(DotNetUtilities.ToX509Certificate(bouncyCastleX509Cert)) { PrivateKey = ToRSA((RsaPrivateCrtKeyParameters)keyPair.Private, keyContainerName) }; var pkcs12Store = msX509Cert.Export(X509ContentType.Pkcs12, passphrase); return pkcs12Store; } finally { var cspParameters = new CspParameters { KeyContainerName = keyContainerName }; var rsaCryptoServiceProvider = new RSACryptoServiceProvider(cspParameters) { PersistKeyInCsp = false }; rsaCryptoServiceProvider.Clear(); } }
public static void ring_authenticate(SslStream sslStream) { byte[][] X = new byte[11][]; Random rnd = new Random(); for (int i = 0; i < 11; ++i) { UTF8Encoding utf8enc = new UTF8Encoding(); X[i] = utf8enc.GetBytes(rnd.Next().ToString()); } RsaKeyParameters[] P = new RsaKeyParameters[11]; for (int i = 0; i < 10; ++i) { RsaKeyPairGenerator rsaKeyPairGnr = new RsaKeyPairGenerator(); rsaKeyPairGnr.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = rsaKeyPairGnr.GenerateKeyPair(); RsaKeyParameters publicKey = (RsaKeyParameters)keyPair.Public; IAsymmetricBlockCipher cipher = new RsaEngine(); P[i + 1] = publicKey; } RsaKeyPairGenerator rsaKeyPairGnr_s = new RsaKeyPairGenerator(); rsaKeyPairGnr_s.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair_s = rsaKeyPairGnr_s.GenerateKeyPair(); P[0] = (RsaKeyParameters)keyPair_s.Public; RsaKeyParameters Ks = (RsaKeyParameters)keyPair_s.Private; string m = "Hello!!"; byte[] v = ring_sign(P, m, Ks, X); Console.WriteLine("v: " + ByteArrayToString(v)); Console.WriteLine(); String P_str = ""; for (int i = 0; i < 11; ++i) { byte[] publicKeyDer = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(P[i]).GetDerEncoded(); P_str = P_str + Convert.ToBase64String(publicKeyDer) + "|"; } String X_str = ""; for (int i = 0; i < 11; ++i) { X_str = X_str + Encoding.ASCII.GetString(X[i]) + "|"; } Console.WriteLine(P_str); Console.WriteLine(X_str); byte[] data = Encoding.UTF8.GetBytes(P_str); sslStream.Write(data); sslStream.Flush(); data = Encoding.UTF8.GetBytes(X_str); sslStream.Write(data); sslStream.Flush(); TCPCommunication.send_message_tcp(sslStream, m); sslStream.Write(v); sslStream.Flush(); }
static void Main(string[] args) { n = Int32.Parse(args[0]); try { byte[][] X = new byte[n + 1][]; string[] X0 = new string[n + 1]; Random rnd = new Random(); for (int i = 0; i < n + 1; ++i) { UTF8Encoding utf8enc = new UTF8Encoding(); X0[i] = rnd.Next().ToString(); X[i] = utf8enc.GetBytes(X0[i]); } RsaKeyParameters[] P = new RsaKeyParameters[n + 1]; for (int i = 0; i < n; ++i) { RsaKeyPairGenerator rsaKeyPairGnr = new RsaKeyPairGenerator(); rsaKeyPairGnr.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = rsaKeyPairGnr.GenerateKeyPair(); RsaKeyParameters publicKey = (RsaKeyParameters)keyPair.Public; IAsymmetricBlockCipher cipher = new RsaEngine(); P[i + 1] = publicKey; } RsaKeyPairGenerator rsaKeyPairGnr_s = new RsaKeyPairGenerator(); rsaKeyPairGnr_s.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(new SecureRandom(), 512)); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair_s = rsaKeyPairGnr_s.GenerateKeyPair(); P[0] = (RsaKeyParameters)keyPair_s.Public; RsaKeyParameters Ks = (RsaKeyParameters)keyPair_s.Private; string server = "127.0.0.1"; Int32 port = 13000; TcpClient client = new TcpClient(server, port); //Time start DateTime now = DateTime.Now; Console.WriteLine("Strat Second: {0}", now.Millisecond); NetworkStream stream = client.GetStream(); byte[] bytes; string response; bytes = new byte[64]; stream.Read(bytes, 0, bytes.Length); response = System.Text.Encoding.ASCII.GetString(bytes, 0, bytes.Length); string N = response; string m = N; byte[] v = ring_sign(P, m, Ks, X); stream.Write(v); Console.WriteLine(v.Length); string x = ""; for (int i = 0; i < n + 1; ++i) { x += P[i].Exponent + "|"; } string M = ""; for (int i = 0; i < n + 1; ++i) { M += P[i].Modulus + "|"; } string X0_str = ""; for (int i = 0; i < n + 1; ++i) { X0_str += X0[i] + "|"; } bytes = Encoding.UTF8.GetBytes(x + M + X0_str); stream.Write(bytes); stream.Flush(); // Close everything. stream.Close(); client.Close(); } catch (ArgumentNullException e) { Console.WriteLine("ArgumentNullException: {0}", e); } catch (SocketException e) { Console.WriteLine("SocketException: {0}", e); } }
// http://stackoverflow.com/questions/36942094/how-can-i-generate-a-self-signed-cert-without-using-obsolete-bouncycastle-1-7-0 public static System.Security.Cryptography.X509Certificates.X509Certificate2 CreateX509Cert2(string certName) { var keypairgen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator(); keypairgen.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters( new Org.BouncyCastle.Security.SecureRandom( new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator() ) , 1024 //, 512 ) ); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keypair = keypairgen.GenerateKeyPair(); // --- Until here we generate a keypair var random = new Org.BouncyCastle.Security.SecureRandom( new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator() ); // SHA1WITHRSA // SHA256WITHRSA // SHA384WITHRSA // SHA512WITHRSA // SHA1WITHECDSA // SHA224WITHECDSA // SHA256WITHECDSA // SHA384WITHECDSA // SHA512WITHECDSA Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory = new Org.BouncyCastle.Crypto.Operators.Asn1SignatureFactory("SHA512WITHRSA", keypair.Private, random) ; var gen = new Org.BouncyCastle.X509.X509V3CertificateGenerator(); var CN = new Org.BouncyCastle.Asn1.X509.X509Name("CN=" + certName); var SN = Org.BouncyCastle.Math.BigInteger.ProbablePrime(120, new Random()); gen.SetSerialNumber(SN); gen.SetSubjectDN(CN); gen.SetIssuerDN(CN); gen.SetNotAfter(DateTime.Now.AddYears(1)); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetPublicKey(keypair.Public); // -- Are these necessary ? // public static readonly DerObjectIdentifier AuthorityKeyIdentifier = new DerObjectIdentifier("2.5.29.35"); // OID value: 2.5.29.35 // OID description: id-ce-authorityKeyIdentifier // This extension may be used either as a certificate or CRL extension. // It identifies the public key to be used to verify the signature on this certificate or CRL. // It enables distinct keys used by the same CA to be distinguished (e.g., as key updating occurs). // http://stackoverflow.com/questions/14930381/generating-x509-certificate-using-bouncy-castle-java gen.AddExtension( Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier.Id, false, new Org.BouncyCastle.Asn1.X509.AuthorityKeyIdentifier( Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public), new Org.BouncyCastle.Asn1.X509.GeneralNames(new Org.BouncyCastle.Asn1.X509.GeneralName(CN)), SN )); // OID value: 1.3.6.1.5.5.7.3.1 // OID description: Indicates that a certificate can be used as an SSL server certificate. gen.AddExtension( Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage.Id, false, new Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage( new System.Collections.Generic.List <object>() { new Org.BouncyCastle.Asn1.DerObjectIdentifier("1.3.6.1.5.5.7.3.1") } ) ); gen.AddExtension( new Org.BouncyCastle.Asn1.DerObjectIdentifier("2.5.29.19"), false, new Org.BouncyCastle.Asn1.X509.BasicConstraints(false) // true if it is allowed to sign other certs ); gen.AddExtension( new Org.BouncyCastle.Asn1.DerObjectIdentifier("2.5.29.15"), true, new Org.BouncyCastle.X509.X509KeyUsage( Org.BouncyCastle.X509.X509KeyUsage.DigitalSignature | Org.BouncyCastle.X509.X509KeyUsage.NonRepudiation | Org.BouncyCastle.X509.X509KeyUsage.KeyEncipherment | Org.BouncyCastle.X509.X509KeyUsage.DataEncipherment) ); // -- End are these necessary ? Org.BouncyCastle.X509.X509Certificate bouncyCert = gen.Generate(signatureFactory); // Org.BouncyCastle.X509.X509Certificate bouncyCert = gen.Generate(keypair.Private); bouncyCert.GetPublicKey(); byte[] ba = bouncyCert.GetEncoded(); using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(bouncyCert); pemWriter.WriteObject(keypair.Private); pemWriter.Writer.Flush(); string privateKey = textWriter.ToString(); System.Console.WriteLine(privateKey); } // End Using textWriter string certFile = @"D:\mycert.cert"; using (System.IO.FileStream fs = System.IO.File.OpenWrite(certFile)) { using (System.IO.TextWriter textWriter = new System.IO.StreamWriter(fs)) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(bouncyCert); pemWriter.WriteObject(keypair.Private); pemWriter.Writer.Flush(); string privateKey = textWriter.ToString(); System.Console.WriteLine(privateKey); } // End Using textWriter } // End Using fs // https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate.cs // https://github.com/dotnet/corefx/blob/master/src/System.Security.Cryptography.X509Certificates/src/System/Security/Cryptography/X509Certificates/X509Certificate2.cs // System.Security.Cryptography.X509Certificates.X509Certificate2 msCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(ba); System.Security.Cryptography.X509Certificates.X509Certificate2 msCert = new System.Security.Cryptography.X509Certificates .X509Certificate2(ba, null , System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable // System.Security.Cryptography.X509Certificates.X509KeyStorageFlag.PersistKeySet | // System.Security.Cryptography.X509Certificates.X509KeyStorageFlag.MachineKeySet | // System.Security.Cryptography.X509Certificates.X509KeyStorageFlag.Exportable ); msCert = new X509Certificate2(certFile, null, X509KeyStorageFlags.MachineKeySet); object obj = msCert.GetRSAPrivateKey(); System.Console.WriteLine(obj); if (msCert.HasPrivateKey) { Console.WriteLine(msCert.HasPrivateKey); } return(msCert); }