private static void VerifyUnprotectedAttributes0(byte[] encodedMessage) { EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); AsnEncodedData[] attributes = ecms.UnprotectedAttributes.FlattenAndSort(); Assert.Equal(0, attributes.Length); }
public static void ImportEdgeCase() { // // Pfx's imported into a certificate collection propagate their "delete on Dispose" behavior to its cloned instances: // a subtle difference from Pfx's created using the X509Certificate2 constructor that can lead to premature or // double key deletion. Since EnvelopeCms.Decrypt() has no legitimate reason to clone the extraStore certs, this shouldn't // be a problem, but this test will verify that it isn't. // byte[] encodedMessage = ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253" + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e" + "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c" + "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4" + "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d" + "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray(); EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.LoadPfxUsingCollectionImport()) { X509Certificate2Collection extraStore = new X509Certificate2Collection(cert); ecms.Decrypt(extraStore); byte[] expectedContent = { 1, 2, 3 }; ContentInfo contentInfo = ecms.ContentInfo; Assert.Equal<byte>(expectedContent, contentInfo.Content); } }
private static void VerifyCertificates0(byte[] encodedMessage) { EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); X509Certificate2Collection certs = ecms.Certificates; Assert.Equal(0, certs.Count); }
public static void Rc4AndCngWrappersDontMixTest() { // // Combination of RC4 over a CAPI certificate. // // This works as long as the PKCS implementation opens the cert using CAPI. If he creates a CNG wrapper handle (by passing CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG), // the test fails with a NOTSUPPORTED crypto exception inside Decrypt(). The same happens if the key is genuinely CNG. // byte[] content = { 6, 3, 128, 33, 44 }; AlgorithmIdentifier rc4 = new AlgorithmIdentifier(new Oid(Oids.Rc4)); EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(content), rc4); CmsRecipientCollection recipients = new CmsRecipientCollection(new CmsRecipient(Certificates.RSAKeyTransferCapi1.GetCertificate())); ecms.Encrypt(recipients); byte[] encodedMessage = ecms.Encode(); ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey()) { if (cert == null) return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can. X509Certificate2Collection extraStore = new X509Certificate2Collection(); extraStore.Add(cert); ecms.Decrypt(extraStore); } ContentInfo contentInfo = ecms.ContentInfo; Assert.Equal<byte>(content, contentInfo.Content); }
private static void VerifyVersion0(byte[] encodedMessage) { EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); int version = ecms.Version; Assert.Equal(0, version); }
private static void VerifyUnprotectedAttributes1_DocumentDescription(byte[] encodedMessage) { EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); AsnEncodedData[] attributes = ecms.UnprotectedAttributes.FlattenAndSort(); Assert.Equal(1, attributes.Length); attributes[0].AssertIsDocumentationDescription("My Description"); }
private byte[] EncryptedBytes(byte[] bytes) { var contentInfo = new ContentInfo(bytes); var encryptAlgoOid = new Oid("2.16.840.1.101.3.4.1.42"); // AES-256-CBC var envelopedCms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(encryptAlgoOid)); var recipient = new CmsRecipient(CryptographicCertificate); envelopedCms.Encrypt(recipient); return envelopedCms.Encode(); }
private static void VerifyAlgorithmRc2_128(byte[] encodedMessage) { EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); AlgorithmIdentifier algorithm = ecms.ContentEncryptionAlgorithm; Assert.NotNull(algorithm.Oid); Assert.Equal(Oids.Rc2, algorithm.Oid.Value); Assert.Equal(128, algorithm.KeyLength); }
public byte[] encrypt(byte[] plainTest) { envelopedContentInfo = new ContentInfo(plainTest); envelopedCms = new EnvelopedCms(envelopedContentInfo); envelopeCmsResipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cryptographyClientCert); envelopedCms.Encrypt(envelopeCmsResipient); return envelopedCms.Encode(); }
private byte[] Envelope(byte[] contentBytes) { Pkcs.ContentInfo content = new Pkcs.ContentInfo(contentBytes); Pkcs.EnvelopedCms envMsg = new Pkcs.EnvelopedCms(content); Pkcs.CmsRecipient recipient = new Pkcs.CmsRecipient(Pkcs.SubjectIdentifierType.IssuerAndSerialNumber, _recipientCert); envMsg.Encrypt(recipient); byte[] encryptedBytes = envMsg.Encode(); return(encryptedBytes); }
/// <summary> /// Encrypts the specified string. /// </summary> /// <param name="plaintext">The plaintext to be encrypted.</param> /// <param name="certificate">The certificate to be used for encryption.</param> /// <returns>The encrypted text.</returns> public static string Encrypt(this string plaintext, X509Certificate2 certificate) { var contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(plaintext)); var envelopedCms = new EnvelopedCms(contentInfo); var cmsRecipient = new CmsRecipient(certificate); envelopedCms.Encrypt(cmsRecipient); return Convert.ToBase64String(envelopedCms.Encode()); }
public static string DecryptEnvelop(string base64EncryptedString) { var encryptedBytes = Convert.FromBase64String(base64EncryptedString); var envelope = new EnvelopedCms(); envelope.Decode(encryptedBytes); var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); envelope.Decrypt(store.Certificates); return Encoding.UTF8.GetString(envelope.ContentInfo.Content); }
public static void DecodeCertificates0_RoundTrip() { ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); VerifyCertificates0(encodedMessage); }
public static void DecodeAlgorithmDes_RoundTrip() { AlgorithmIdentifier algorithm = new AlgorithmIdentifier(new Oid(Oids.Des)); ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo, algorithm); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); VerifyAlgorithmDes(encodedMessage); }
public static void DecodeRecipients3_RoundTrip() { ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); CmsRecipientCollection recipients = new CmsRecipientCollection(); foreach (X509Certificate2 cert in s_certs) { recipients.Add(new CmsRecipient(cert)); } ecms.Encrypt(recipients); byte[] encodedMessage = ecms.Encode(); VerifyRecipients3(encodedMessage); }
private void DefaultProperties (EnvelopedCms ep, int contentLength, int version) { Assert.AreEqual (0, ep.Certificates.Count, "Certificates"); Assert.AreEqual (0, ep.ContentEncryptionAlgorithm.KeyLength, "ContentEncryptionAlgorithm.KeyLength"); Assert.AreEqual (tdesName, ep.ContentEncryptionAlgorithm.Oid.FriendlyName, "ContentEncryptionAlgorithm.Oid.FriendlyName"); Assert.AreEqual (tdesOid, ep.ContentEncryptionAlgorithm.Oid.Value, "ContentEncryptionAlgorithm.Oid.Value"); Assert.AreEqual (0, ep.ContentEncryptionAlgorithm.Parameters.Length, "ContentEncryptionAlgorithm.Parameters"); Assert.AreEqual (p7DataName, ep.ContentInfo.ContentType.FriendlyName, "ContentInfo.ContentType.FriendlyName"); Assert.AreEqual (p7DataOid, ep.ContentInfo.ContentType.Value, "ContentInfo.ContentType.Value"); Assert.AreEqual (contentLength, ep.ContentInfo.Content.Length, "ContentInfo.Content"); Assert.AreEqual (0, ep.RecipientInfos.Count, "RecipientInfos"); Assert.AreEqual (0, ep.UnprotectedAttributes.Count, "UnprotectedAttributes"); Assert.AreEqual (version, ep.Version, "Version"); }
public static string Decrypt(string encryptedString) { // パスワードを復号 var store = new X509Store(StoreLocation.LocalMachine); // (StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); var encPasswordBase64 = Convert.FromBase64String(encryptedString); var enveloped = new EnvelopedCms(); enveloped.Decode(encPasswordBase64); enveloped.Decrypt(store.Certificates); return Encoding.UTF8.GetString(enveloped.ContentInfo.Content); }
/// <summary> /// Decrypts enveloped mime content. /// </summary> /// <param name="cert">Decrypting certificate.</param> /// <returns>Returns decrypted enveloped mime content.</returns> /// <exception cref="ArgumentNullException">Is raised when <b>cert</b> is null reference.</exception> /// <exception cref="InvalidOperationException">Is raised when <b>smime-type != enveloped-data</b>.</exception> public MIME_Message GetEnvelopedMime(X509Certificate2 cert) { if(cert == null){ throw new ArgumentNullException("cert"); } if(!string.Equals(this.Entity.ContentType.Parameters["smime-type"],"enveloped-data",StringComparison.InvariantCultureIgnoreCase)){ throw new InvalidOperationException("The VerifySignature method is only valid if Content-Type parameter smime-type=enveloped-data."); } EnvelopedCms envelopedCms = new EnvelopedCms(); envelopedCms.Decode(this.Data); X509Certificate2Collection certificates = new X509Certificate2Collection(cert); envelopedCms.Decrypt(certificates); return MIME_Message.ParseFromStream(new MemoryStream(envelopedCms.Encode())); }
/// <summary> /// Decrypts the specified string. /// </summary> /// <param name="ciphertext">The ciphertext to be decrypted.</param> /// <param name="certificates">A set of certificates containing the one that was used to encrypt the ciphertext.</param> /// <returns>The decrypted text.</returns> public static string Decrypt(this string ciphertext, params X509Certificate2[] certificates) { var store = new X509Store(StoreName.My, StoreLocation.LocalMachine); store.Open(OpenFlags.ReadOnly); var certCollection = store.Certificates; if (certificates != null && certificates.Length > 0) { certCollection.AddRange(certificates); } var envelopedCms = new EnvelopedCms(); envelopedCms.Decode(Convert.FromBase64String(ciphertext)); envelopedCms.Decrypt(certCollection); return Encoding.UTF8.GetString(envelopedCms.ContentInfo.Content); }
public static void ZeroLengthContent_RoundTrip() { ContentInfo contentInfo = new ContentInfo(Array.Empty<byte>()); EnvelopedCms ecms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); try { ecms.Encrypt(cmsRecipient); } catch (CryptographicException e) { throw new Exception("ecms.Encrypt() threw " + e.Message + ".\nIf you're running on the desktop CLR, this is actually an expected result."); } } byte[] encodedMessage = ecms.Encode(); ValidateZeroLengthContent(encodedMessage); }
public static void ImportEdgeCaseSki() { byte[] encodedMessage = ("3081f206092a864886f70d010703a081e43081e10201023181ae3081ab0201028014f2008aa9fa3742e8370cb1674ce1d158" + "2921dcc3300d06092a864886f70d01010105000481804336e978bc72ba2f5264cd854867fac438f36f2b3df6004528f2df83" + "4fb2113d6f7c07667e7296b029756222d6ced396a8fffed32be838eec7f2e54b9467fa80f85d097f7d1f0fbde57e07ab3d46" + "a60b31f37ef9844dcab2a8eef4fec5579fac5ec1e7ee82409898e17d30c3ac1a407fca15d23c9df2904a707294d78d4300ba" + "302b06092a864886f70d010701301406082a864886f70d03070408355c596e3e8540608008f1f811e862e51bbd").HexToByteArray(); EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.LoadPfxUsingCollectionImport()) { X509Certificate2Collection extraStore = new X509Certificate2Collection(cert); ecms.Decrypt(extraStore); byte[] expectedContent = { 1, 2, 3 }; ContentInfo contentInfo = ecms.ContentInfo; Assert.Equal<byte>(new byte[] { 1, 2, 3 }, contentInfo.Content); Assert.Equal<byte>(expectedContent, contentInfo.Content); } }
/// <summary> /// Encrypts the message and envelopes it for multiple recipients. /// </summary> /// <param name="recipients">An object containing the recipients' certificates with public keys.</param> /// <example> /// <code> /// [C#] /// /// CmsRecipientCollection recipients = new CmsRecipientCollection(); /// /// recipients.Add(new CmsRecipient(new X509Certificate2("C:\\recipient1.cer"))); /// recipients.Add(new CmsRecipient(new X509Certificate2("C:\\recipient2.cer"))); /// /// message.SmimeEnvelopeAndEncryptFor(recipients); /// </code> /// </example> public void SmimeEnvelopeAndEncryptFor(CmsRecipientCollection recipients) { string mimeString = this.ToMimeString(); byte[] toencrypt = Encoding.ASCII.GetBytes(mimeString); EnvelopedCms cms = new EnvelopedCms(new ContentInfo(toencrypt)); cms.Encrypt(recipients); MimePart envelope = new MimePart(); envelope.ContentType.MimeType = "application/pkcs7-mime"; envelope.ContentType.Parameters.Add("smime-type", "encrypted-data"); envelope.ContentType.Parameters.Add("name", "smime.p7m"); envelope.ContentDisposition.Disposition = "attachment"; envelope.ContentDisposition.FileName = "smime.p7m"; envelope.ContentTransferEncoding = ContentTransferEncoding.Base64; envelope.BinaryContent = cms.Encode(); this.PartTreeRoot = envelope; this.ContentType = this.PartTreeRoot.ContentType; this.ContentDisposition = this.PartTreeRoot.ContentDisposition; this.ContentTransferEncoding = this.PartTreeRoot.ContentTransferEncoding; }
/// <summary> /// Extracts the original message from the S/MIME envelope and decrypts it. /// </summary> /// <param name="extraStore">Certificates with private keys to be used in addition to those found in the current user's personal store.</param> /// <returns>A Message object representing the message as it was before encryption.</returns> /// <example> /// <code> /// [C#] /// /// // Load a certificate (with private key) and add it to the collection. /// X509Certificate2 cert = new X509Certificate2("C:\\mycertificate.pfx"); /// /// // We retrieved a Message object by some means and have a reference to it in variable message. /// Message originalMessage = message.SmimeDevelopeAndDecrypt(new X509Certificate2Collection(cert)); /// /// //originalMessage contains all information about the encrypted message. /// /// </code> /// </example> #if !PocketPC public Message SmimeDevelopeAndDecrypt(X509Certificate2Collection extraStore) { if (!this.IsSmimeEncrypted) throw new InvalidOperationException("This message doesn't seem to be encrypted, or the encryption method is unknown."); else { EnvelopedCms cms = new EnvelopedCms(); cms.Decode(this.PartTreeRoot.BinaryContent); cms.Decrypt(extraStore); Message sub = Parser.ParseMessage(cms.ContentInfo.Content); return sub; } }
public static void EnvelopedCmsNullDecode() { EnvelopedCms ecms = new EnvelopedCms(); Assert.Throws<ArgumentNullException>(() => ecms.Decode(null)); }
private static void ValidateZeroLengthContent(byte[] encodedMessage) { EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey()) { if (cert == null) return; X509Certificate2Collection extraStore = new X509Certificate2Collection(cert); ecms.Decrypt(extraStore); ContentInfo contentInfo = ecms.ContentInfo; byte[] content = contentInfo.Content; if (content.Length == 6) throw new Exception("ContentInfo expected to be 0 but was actually 6. If you're running on the desktop CLR, this is actually a known bug."); Assert.Equal(0, content.Length); } }
public static byte[] Encrypt(byte[] data, X509Certificate2 encryptingCert) { ContentInfo plainContent = new ContentInfo(data); EnvelopedCms encryptedData = new EnvelopedCms(plainContent); CmsRecipient recipient = new CmsRecipient(encryptingCert); encryptedData.Encrypt(recipient); byte[] encryptedBytes = encryptedData.Encode(); return encryptedBytes; }
public static void EnvelopedCmsDecryptWithoutMatchingCertSki() { // You don't have the private key? No message for you. // This is the private key that "we don't have." We want to force it to load anyway, though, to trigger // the "fail the test due to bad machine config" exception if someone left this cert in the MY store check. using (X509Certificate2 ignore = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey()) { } byte[] encodedMessage = ("3081f206092a864886f70d010703a081e43081e10201023181ae3081ab0201028014f2008aa9fa3742e8370cb1674ce1d158" + "2921dcc3300d06092a864886f70d01010105000481804336e978bc72ba2f5264cd854867fac438f36f2b3df6004528f2df83" + "4fb2113d6f7c07667e7296b029756222d6ced396a8fffed32be838eec7f2e54b9467fa80f85d097f7d1f0fbde57e07ab3d46" + "a60b31f37ef9844dcab2a8eef4fec5579fac5ec1e7ee82409898e17d30c3ac1a407fca15d23c9df2904a707294d78d4300ba" + "302b06092a864886f70d010701301406082a864886f70d03070408355c596e3e8540608008f1f811e862e51bbd").HexToByteArray(); EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); RecipientInfo recipientInfo = ecms.RecipientInfos[0]; X509Certificate2Collection extraStore = new X509Certificate2Collection(); Assert.ThrowsAny<CryptographicException>(() => ecms.Decrypt(recipientInfo)); Assert.ThrowsAny<CryptographicException>(() => ecms.Decrypt(extraStore)); Assert.ThrowsAny<CryptographicException>(() => ecms.Decrypt(recipientInfo, extraStore)); }
public static void EnvelopedCmsDecryptWithoutMatchingCert() { // You don't have the private key? No message for you. // This is the private key that "we don't have." We want to force it to load anyway, though, to trigger // the "fail the test due to bad machine config" exception if someone left this cert in the MY store check. using (X509Certificate2 ignore = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey()) { } byte[] encodedMessage = ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253" + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e" + "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c" + "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4" + "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d" + "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray(); EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); RecipientInfo recipientInfo = ecms.RecipientInfos[0]; X509Certificate2Collection extraStore = new X509Certificate2Collection(); Assert.ThrowsAny<CryptographicException>(() => ecms.Decrypt(recipientInfo)); Assert.ThrowsAny<CryptographicException>(() => ecms.Decrypt(extraStore)); Assert.ThrowsAny<CryptographicException>(() => ecms.Decrypt(recipientInfo, extraStore)); }
public static void EnvelopedCmsDecryptNullExtraStore() { byte[] encodedMessage = ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253" + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e" + "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c" + "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4" + "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d" + "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray(); EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); RecipientInfo recipientInfo = ecms.RecipientInfos[0]; X509Certificate2Collection extraStore = null; Assert.Throws<ArgumentNullException>(() => ecms.Decrypt(extraStore)); Assert.Throws<ArgumentNullException>(() => ecms.Decrypt(recipientInfo, extraStore)); }
public byte[] decrypt(byte[] data) { var envelopedCms = new EnvelopedCms(); envelopedCms.Decode(data); envelopedCms.Decrypt(envelopedCms.RecipientInfos[0]); return envelopedCms.ContentInfo.Content; }
/// <summary> /// /// </summary> /// <param name="message"></param> /// <param name="encryptionCertificates"></param> /// <returns></returns> internal static byte[] EncryptMessage(Byte[] message, X509Certificate2Collection encryptionCertificates) { EnvelopedCms envelopedCms = new EnvelopedCms(new ContentInfo(message)); CmsRecipientCollection recipients = new CmsRecipientCollection(SubjectIdentifierType.IssuerAndSerialNumber, encryptionCertificates); envelopedCms.Encrypt(recipients); return envelopedCms.Encode(); }