예제 #1
        public static void Rc4AndCngWrappersDontMixTest()
            // Combination of RC4 over a CAPI certificate.
            //  This works as long as the PKCS implementation opens the cert using CAPI. If he creates a CNG wrapper handle (by passing CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG),
            //  the test fails with a NOTSUPPORTED crypto exception inside Decrypt(). The same happens if the key is genuinely CNG.

            byte[] content = { 6, 3, 128, 33, 44 };
            AlgorithmIdentifier rc4 = new AlgorithmIdentifier(new Oid(Oids.Rc4));

            EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(content), rc4);
            CmsRecipientCollection recipients = new CmsRecipientCollection(new CmsRecipient(Certificates.RSAKeyTransferCapi1.GetCertificate()));
            byte[] encodedMessage = ecms.Encode();

            ecms = new EnvelopedCms();

            using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey())
                if (cert == null)
                    return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.

                X509Certificate2Collection extraStore = new X509Certificate2Collection();

            ContentInfo contentInfo = ecms.ContentInfo;
            Assert.Equal<byte>(content, contentInfo.Content);
예제 #2
        public byte[] encrypt(byte[] plainTest)
            envelopedContentInfo = new ContentInfo(plainTest);
            envelopedCms = new EnvelopedCms(envelopedContentInfo);
            envelopeCmsResipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cryptographyClientCert);

            return envelopedCms.Encode();
 private byte[] EncryptedBytes(byte[] bytes)
     var contentInfo = new ContentInfo(bytes);
     var encryptAlgoOid = new Oid("2.16.840."); // AES-256-CBC            
     var envelopedCms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(encryptAlgoOid));
     var recipient = new CmsRecipient(CryptographicCertificate);
     return envelopedCms.Encode();
        /// <summary>
        /// Encrypts the specified string.
        /// </summary>
        /// <param name="plaintext">The plaintext to be encrypted.</param>
        /// <param name="certificate">The certificate to be used for encryption.</param>
        /// <returns>The encrypted text.</returns>
        public static string Encrypt(this string plaintext, X509Certificate2 certificate)
            var contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(plaintext));
            var envelopedCms = new EnvelopedCms(contentInfo);

            var cmsRecipient = new CmsRecipient(certificate);

            return Convert.ToBase64String(envelopedCms.Encode());
예제 #5
    private byte[] Envelope(byte[] contentBytes)
        Pkcs.ContentInfo  content   = new Pkcs.ContentInfo(contentBytes);
        Pkcs.EnvelopedCms envMsg    = new Pkcs.EnvelopedCms(content);
        Pkcs.CmsRecipient recipient = new Pkcs.CmsRecipient(Pkcs.SubjectIdentifierType.IssuerAndSerialNumber, _recipientCert);
        byte[] encryptedBytes = envMsg.Encode();

예제 #6
        public static void DecodeCertificates0_RoundTrip()
            ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(contentInfo);
            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
                CmsRecipient cmsRecipient = new CmsRecipient(cert);
            byte[] encodedMessage = ecms.Encode();

 public static void DecodeAlgorithmDes_RoundTrip()
     AlgorithmIdentifier algorithm = new AlgorithmIdentifier(new Oid(Oids.Des));
     ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
     EnvelopedCms ecms = new EnvelopedCms(contentInfo, algorithm);
     using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
         CmsRecipient cmsRecipient = new CmsRecipient(cert);
     byte[] encodedMessage = ecms.Encode();
예제 #8
        public static void DecodeRecipients3_RoundTrip()
            ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(contentInfo);
            CmsRecipientCollection recipients = new CmsRecipientCollection();
            foreach (X509Certificate2 cert in s_certs)
                recipients.Add(new CmsRecipient(cert));
            byte[] encodedMessage = ecms.Encode();

예제 #9
 public static void ZeroLengthContent_RoundTrip()
     ContentInfo contentInfo = new ContentInfo(Array.Empty<byte>());
     EnvelopedCms ecms = new EnvelopedCms(contentInfo);
     using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
         CmsRecipient cmsRecipient = new CmsRecipient(cert);
         catch (CryptographicException e)
             throw new Exception("ecms.Encrypt() threw " + e.Message + ".\nIf you're running on the desktop CLR, this is actually an expected result.");
     byte[] encodedMessage = ecms.Encode();
예제 #10
        public static void PostEncrypt_ContentInfo()
            ContentInfo expectedContentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(expectedContentInfo);
            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
                ecms.Encrypt(new CmsRecipient(cert));

            // Encrypting does not update ContentInfo.
            ContentInfo actualContentInfo = ecms.ContentInfo;
            Assert.Equal(expectedContentInfo.ContentType, actualContentInfo.ContentType);
            Assert.Equal<byte>(expectedContentInfo.Content, actualContentInfo.Content);
 private string Encrypt(string password, X509Certificate2 cert)
     byte[] bytes = Encoding.UTF8.GetBytes(password);
     EnvelopedCms envelopedCms = new EnvelopedCms(new ContentInfo(bytes));
     envelopedCms.Encrypt(new CmsRecipient(cert));
     return Convert.ToBase64String(envelopedCms.Encode());
        private static KeyTransRecipientInfo EncodeKeyTransl(SubjectIdentifierType type = SubjectIdentifierType.IssuerAndSerialNumber)
            ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(contentInfo);
            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
                CmsRecipient cmsRecipient = new CmsRecipient(type, cert);
            byte[] encodedMessage = ecms.Encode();

            EnvelopedCms ecms2 = new EnvelopedCms();

            RecipientInfoCollection recipients = ecms2.RecipientInfos;
            Assert.Equal(1, recipients.Count);
            RecipientInfo recipientInfo = recipients[0];
            Assert.True(recipientInfo is KeyTransRecipientInfo);
            return (KeyTransRecipientInfo)recipientInfo;
예제 #13
        public static void DecryptMultipleRecipients()
            // Force Decrypt() to try multiple recipients. Ensure that a failure to find a matching cert in one doesn't cause it to quit early.

            CertLoader[] certLoaders = new CertLoader[]

            byte[] content = { 6, 3, 128, 33, 44 };
            EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(content), new AlgorithmIdentifier(new Oid(Oids.Aes256)));
            CmsRecipientCollection recipients = new CmsRecipientCollection();
            foreach (CertLoader certLoader in certLoaders)
                recipients.Add(new CmsRecipient(certLoader.GetCertificate()));
            byte[] encodedMessage = ecms.Encode();

            ecms = new EnvelopedCms();

            // How do we know that Decrypt() tries receipients in the order they appear in ecms.RecipientInfos? Because we wrote the implementation.
            // Not that some future implementation can't ever change it but it's the best guess we have.
            RecipientInfo me = ecms.RecipientInfos[2];

            CertLoader matchingCertLoader = null;
            for (int index = 0; index < recipients.Count; index++)
                if (recipients[index].Certificate.Issuer == ((X509IssuerSerial)(me.RecipientIdentifier.Value)).IssuerName)
                    matchingCertLoader = certLoaders[index];

            using (X509Certificate2 cert = matchingCertLoader.TryGetCertificateWithPrivateKey())
                if (cert == null)
                    return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
                X509Certificate2Collection extraStore = new X509Certificate2Collection();

            ContentInfo contentInfo = ecms.ContentInfo;
            Assert.Equal<byte>(content, contentInfo.Content);
예제 #14
		public void EnvelopedCmsRecipientCollectionNull ()
			EnvelopedCms ep = new EnvelopedCms ();
			CmsRecipientCollection p7rc = null; // do not confuse compiler
			ep.Encrypt (p7rc);
예제 #15
        private static void TestSimpleDecrypt_RoundTrip(CertLoader certLoader, ContentInfo contentInfo, string algorithmOidValue, SubjectIdentifierType type)
            // Deep-copy the contentInfo since the real ContentInfo doesn't do this. This defends against a bad implementation changing
            // our "expectedContentInfo" to match what it produces.
            ContentInfo expectedContentInfo = new ContentInfo(new Oid(contentInfo.ContentType), (byte[])(contentInfo.Content.Clone()));

            string certSubjectName;
            byte[] encodedMessage;
            using (X509Certificate2 certificate = certLoader.GetCertificate())
                certSubjectName = certificate.Subject;
                AlgorithmIdentifier alg = new AlgorithmIdentifier(new Oid(algorithmOidValue));
                EnvelopedCms ecms = new EnvelopedCms(contentInfo, alg);
                CmsRecipient cmsRecipient = new CmsRecipient(type, certificate);
                encodedMessage = ecms.Encode();

            // We don't pass "certificate" down because it's expected that the certificate used for encrypting doesn't have a private key (part of the purpose of this test is
            // to ensure that you don't need the recipient's private key to encrypt.) The decrypt phase will have to locate the matching cert with the private key.
            VerifySimpleDecrypt(encodedMessage, certLoader, expectedContentInfo);
예제 #16
		public void EncryptEmpty () 
			EnvelopedCms ep = new EnvelopedCms ();
			ep.Encrypt ();
예제 #17
 public static void EnvelopedCmsEncryptWithNullRecipients()
     EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(new byte[3]));
     Assert.Throws<ArgumentNullException>(() => ecms.Encrypt((CmsRecipientCollection)null));
예제 #18
        public static void ReuseEnvelopeCmsEncodeThenDecode()
            // Test ability to encrypt, encode and decode all in one EnvelopedCms instance.

            ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(contentInfo);
            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
                CmsRecipient cmsRecipient = new CmsRecipient(cert);

            byte[] encodedMessage = ecms.Encode();

            RecipientInfoCollection recipients = ecms.RecipientInfos;
            Assert.Equal(1, recipients.Count);
            RecipientInfo recipientInfo = recipients[0];
            KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo;

            SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
            object value = subjectIdentifier.Value;
            Assert.True(value is X509IssuerSerial);
            X509IssuerSerial xis = (X509IssuerSerial)value;
            Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName);
            Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber);
예제 #19
        private static byte[] CreateEcmsWithAttributes(params AsnEncodedData[] attributes)
            ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(contentInfo);

            foreach (AsnEncodedData attribute in attributes)

            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
                CmsRecipient cmsRecipient = new CmsRecipient(cert);
            byte[] encodedMessage = ecms.Encode();
            return encodedMessage;
예제 #20
 public static void PostEncrypt_Decrypt()
     ContentInfo expectedContentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
     EnvelopedCms ecms = new EnvelopedCms(expectedContentInfo);
     using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
         ecms.Encrypt(new CmsRecipient(cert));
     Assert.ThrowsAny<CryptographicException>(() => ecms.Decrypt());
예제 #21
        public static void PostEncrypt_Version()
            ContentInfo expectedContentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(expectedContentInfo);
            int versionBeforeEncrypt = ecms.Version;
            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
                ecms.Encrypt(new CmsRecipient(cert));

            // Encrypt does not update Version member.
            Assert.Equal(versionBeforeEncrypt, ecms.Version);
예제 #22
        private byte[] Envelope(byte[] contentBytes)
            Pkcs.ContentInfo content = new Pkcs.ContentInfo(contentBytes);
            Pkcs.EnvelopedCms envMsg = new Pkcs.EnvelopedCms(content);
            Pkcs.CmsRecipient recipient = new Pkcs.CmsRecipient(Pkcs.SubjectIdentifierType.IssuerAndSerialNumber, _recipientCert);
            byte[] encryptedBytes = envMsg.Encode();

            return encryptedBytes;
예제 #23
        public static void PostDecrypt_Encode()
            byte[] expectedContent = { 6, 3, 128, 33, 44 };

            EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(expectedContent));
            ecms.Encrypt(new CmsRecipient(Certificates.RSAKeyTransfer1.GetCertificate()));
            byte[] encodedMessage =
                + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004818067"
                + "6bada56dcaf2e65226941242db73b5a5420a6212cd6af662db52fdc0ca63875cb69066f7074da0fc009ce724e2d73fb19380"
                + "2deea8d92b069486a41c7c4fc3cd0174a918a559f79319039b40ae797bcacc909c361275ee2a5b1f0ff09fb5c19508e3f5ac"
                + "051ac0f03603c27fb8993d49ac428f8bcfc23a90ef9b0fac0f423a302b06092a864886f70d010701301406082a864886f70d"
                + "0307040828dc4d72ca3132e48008546cc90f2c5d4b79").HexToByteArray();

            using (X509Certificate2 cer = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
                if (cer == null)
                    return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
                X509Certificate2Collection extraStore = new X509Certificate2Collection(cer);
                RecipientInfoCollection r = ecms.RecipientInfos;
                ecms.Decrypt(r[0], extraStore);

                // Desktop compat: Calling Encode() at this point should have thrown an InvalidOperationException. Instead, it returns
                // the decrypted inner content (same as ecms.ContentInfo.Content). This is easy for someone to take a reliance on
                // so for compat sake, we'd better keep it. 
                byte[] encoded = ecms.Encode();
                Assert.Equal<byte>(expectedContent, encoded);
예제 #24
        public static void ReuseEnvelopeCmsDecodeThenEncode()
            byte[] encodedMessage =
                + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e"
                + "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c"
                + "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4"
                + "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d"
                + "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray();

            EnvelopedCms ecms = new EnvelopedCms();
            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
                CmsRecipient cmsRecipient = new CmsRecipient(cert);

            encodedMessage = ecms.Encode();

            RecipientInfoCollection recipients = ecms.RecipientInfos;
            Assert.Equal(1, recipients.Count);
            RecipientInfo recipientInfo = recipients[0];
            KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo;

            SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier;
            object value = subjectIdentifier.Value;
            Assert.True(value is X509IssuerSerial);
            X509IssuerSerial xis = (X509IssuerSerial)value;
            Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName);
            Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber);
예제 #25
        public static void PostDecrypt_RecipientInfos()
            byte[] expectedContent = { 6, 3, 128, 33, 44 };

            EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(expectedContent));
            ecms.Encrypt(new CmsRecipient(Certificates.RSAKeyTransfer1.GetCertificate()));
            byte[] encodedMessage =
                + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004818067"
                + "6bada56dcaf2e65226941242db73b5a5420a6212cd6af662db52fdc0ca63875cb69066f7074da0fc009ce724e2d73fb19380"
                + "2deea8d92b069486a41c7c4fc3cd0174a918a559f79319039b40ae797bcacc909c361275ee2a5b1f0ff09fb5c19508e3f5ac"
                + "051ac0f03603c27fb8993d49ac428f8bcfc23a90ef9b0fac0f423a302b06092a864886f70d010701301406082a864886f70d"
                + "0307040828dc4d72ca3132e48008546cc90f2c5d4b79").HexToByteArray();

            using (X509Certificate2 cer = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
                if (cer == null)
                    return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
                X509Certificate2Collection extraStore = new X509Certificate2Collection(cer);
                RecipientInfoCollection col1 = ecms.RecipientInfos;
                ecms.Decrypt(col1[0], extraStore);

                // Make sure we can still RecipientInfos after a Decrypt()
                RecipientInfoCollection col2 = ecms.RecipientInfos;
                Assert.Equal(col1.Count, col2.Count);

                RecipientInfo r1 = col1[0];
                RecipientInfo r2 = col2[0];

                X509IssuerSerial is1 = (X509IssuerSerial)(r1.RecipientIdentifier.Value);
                X509IssuerSerial is2 = (X509IssuerSerial)(r2.RecipientIdentifier.Value);
                Assert.Equal(is1.IssuerName, is2.IssuerName);
                Assert.Equal(is1.SerialNumber, is2.SerialNumber);
예제 #26
 public static void EnvelopedCmsEncryptWithZeroRecipients()
     // On the desktop, this throws up a UI for the user to select a recipient. We don't support that.
     EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(new byte[3]));
     Assert.Throws<PlatformNotSupportedException>(() => ecms.Encrypt(new CmsRecipientCollection()));
예제 #27
		public void EncryptCmsRecipientUnknown () 
			ContentInfo ci = new ContentInfo (asnNull);
			EnvelopedCms ep = new EnvelopedCms (SubjectIdentifierType.IssuerAndSerialNumber, ci);

			X509Certificate2 x509 = GetCertificate (false);
			CmsRecipient p7r = new CmsRecipient (SubjectIdentifierType.Unknown, x509);
			ep.Encrypt (p7r);
			byte[] encoded = ep.Encode ();
#if DEBUG			
			FileStream fs = File.OpenWrite ("EncryptCmsRecipientUnknown.der");
			fs.Write (encoded, 0, encoded.Length);
			fs.Close ();
			RoundTrip (encoded);
예제 #28
        /// <summary>
        /// Encrypts the message and envelopes it for multiple recipients.
        /// </summary>
        /// <param name="recipients">An object containing the recipients' certificates with public keys.</param>
        /// <example>
        /// <code>
        /// [C#]
        /// CmsRecipientCollection recipients = new CmsRecipientCollection();
        /// recipients.Add(new CmsRecipient(new X509Certificate2("C:\\recipient1.cer")));
        /// recipients.Add(new CmsRecipient(new X509Certificate2("C:\\recipient2.cer")));
        /// message.SmimeEnvelopeAndEncryptFor(recipients);
        /// </code>
        /// </example>
        public void SmimeEnvelopeAndEncryptFor(CmsRecipientCollection recipients)
            string mimeString = this.ToMimeString();
            byte[] toencrypt = Encoding.ASCII.GetBytes(mimeString);
            EnvelopedCms cms = new EnvelopedCms(new ContentInfo(toencrypt));

            MimePart envelope = new MimePart();

            envelope.ContentType.MimeType = "application/pkcs7-mime";
            envelope.ContentType.Parameters.Add("smime-type", "encrypted-data");
            envelope.ContentType.Parameters.Add("name", "smime.p7m");
            envelope.ContentDisposition.Disposition = "attachment";
            envelope.ContentDisposition.FileName = "smime.p7m";
            envelope.ContentTransferEncoding = ContentTransferEncoding.Base64;

            envelope.BinaryContent = cms.Encode();

            this.PartTreeRoot = envelope;

            this.ContentType = this.PartTreeRoot.ContentType;
            this.ContentDisposition = this.PartTreeRoot.ContentDisposition;
            this.ContentTransferEncoding = this.PartTreeRoot.ContentTransferEncoding;
예제 #29
        public static byte[] Encrypt(byte[] data, X509Certificate2 encryptingCert)
            ContentInfo plainContent = new ContentInfo(data);

            EnvelopedCms encryptedData = new EnvelopedCms(plainContent);

            CmsRecipient recipient = new CmsRecipient(encryptingCert);


            byte[] encryptedBytes = encryptedData.Encode();

            return encryptedBytes;
예제 #30
		public void EnvelopedCmsRecipientNull ()
			EnvelopedCms ep = new EnvelopedCms ();
			CmsRecipient p7r = null; // do not confuse compiler
			ep.Encrypt (p7r);
예제 #31
        /// <summary>
        /// </summary>
        /// <param name="message"></param>
        /// <param name="encryptionCertificates"></param>
        /// <returns></returns>
        internal static byte[] EncryptMessage(Byte[] message, X509Certificate2Collection encryptionCertificates)
            EnvelopedCms envelopedCms = new EnvelopedCms(new ContentInfo(message));

            CmsRecipientCollection recipients = new CmsRecipientCollection(SubjectIdentifierType.IssuerAndSerialNumber, encryptionCertificates);


            return envelopedCms.Encode();