public X509SubjectKeyIdentifierExtension(PublicKey key, bool critical) { Contract.Requires(key.EncodedKeyValue != null); Contract.Requires(key.EncodedKeyValue.RawData != null); Contract.Requires(key.EncodedParameters != null); Contract.Requires(key.EncodedParameters.RawData != null); Contract.Ensures(key.EncodedParameters.RawData != null); }
public override void Reset() { _lazyRawData = null; _lazySignatureAlgorithm = null; _lazyVersion = 0; _lazySubjectName = null; _lazyIssuerName = null; _lazyPublicKey = null; _lazyPrivateKey = null; _lazyExtensions = null; base.Reset(); }
public byte[] ComputeCapiSha1OfPublicKey(PublicKey key) { // The CapiSha1 value is the SHA-1 of the SubjectPublicKeyInfo field, inclusive // of the DER structural bytes. //SubjectPublicKeyInfo::= SEQUENCE { // algorithm AlgorithmIdentifier{ { SupportedAlgorithms} }, // subjectPublicKey BIT STRING, // ... } // //AlgorithmIdentifier{ ALGORITHM: SupportedAlgorithms} ::= SEQUENCE { // algorithm ALGORITHM.&id({ SupportedAlgorithms}), // parameters ALGORITHM.&Type({ SupportedAlgorithms} // { @algorithm}) OPTIONAL, // ... } // //ALGORITHM::= CLASS { // &Type OPTIONAL, // &id OBJECT IDENTIFIER UNIQUE } //WITH SYNTAX { // [&Type] //IDENTIFIED BY &id } // key.EncodedKeyValue corresponds to SubjectPublicKeyInfo.subjectPublicKey, except it // has had the BIT STRING envelope removed. // // key.EncodedParameters corresponds to AlgorithmIdentifier.Parameters precisely // (DER NULL for RSA, DER Constructed SEQUENCE for DSA) byte[] empty = Array.Empty<byte>(); byte[][] algorithmOid = DerEncoder.SegmentedEncodeOid(key.Oid); // Because ConstructSegmentedSequence doesn't look to see that it really is tag+length+value (but does check // that the array has length 3), just hide the joined TLV triplet in the last element. byte[][] segmentedParameters = { empty, empty, key.EncodedParameters.RawData }; byte[][] algorithmIdentifier = DerEncoder.ConstructSegmentedSequence(algorithmOid, segmentedParameters); byte[][] subjectPublicKey = DerEncoder.SegmentedEncodeBitString(key.EncodedKeyValue.RawData); using (SHA1 hash = SHA1.Create()) { return hash.ComputeHash( DerEncoder.ConstructSequence( algorithmIdentifier, subjectPublicKey)); } }
public void Constructor_Dsa_WeirdParameters () { PublicKey pk = new PublicKey (new Oid (dsaOid.Value), new AsnEncodedData (new byte[16] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }), new AsnEncodedData (dsa_public_key)); Assert.AreEqual (dsaOid.Value, pk.Oid.Value, "Oid.Value"); Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid"); Assert.AreEqual ("00-01-02-03-04-05-06-07-08-09-0A-0B-0C-0D-0E-0F", BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData"); Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid"); Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData"); }
private static byte[] ExportPublicKey(PublicKey key) { // From: http://pstaev.blogspot.fr/2010/08/convert-rsa-public-key-from-xml-to-pem.html byte[] oid = { 0x30, 0xD, 0x6, 0x9, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0xD, 0x1, 0x1, 0x1, 0x5, 0x0 }; // Object ID for RSA //Transform the public key to PEM Base64 Format List<byte> binaryPublicKey = key.EncodedKeyValue.RawData.ToList(); binaryPublicKey.Insert(0, 0x0); // Add NULL value CalculateAndAppendLength(ref binaryPublicKey); binaryPublicKey.Insert(0, 0x3); binaryPublicKey.InsertRange(0, oid); CalculateAndAppendLength(ref binaryPublicKey); binaryPublicKey.Insert(0, 0x30); return binaryPublicKey.ToArray(); }
public X509SubjectKeyIdentifierExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical) { throw new NotImplementedException(); }
private static byte[] EncodeExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm) { if (key == null) throw new ArgumentNullException(nameof(key)); byte[] subjectKeyIdentifier = GenerateSubjectKeyIdentifierFromPublicKey(key, algorithm); return EncodeExtension(subjectKeyIdentifier); }
public X509SubjectKeyIdentifierExtension(PublicKey key, bool critical) : this(key, X509SubjectKeyIdentifierHashAlgorithm.Sha1, critical) { }
// Construct CERT_PUBLIC_KEY_INFO2 in unmanged memory from given encoded blobs. private static unsafe SafeLocalAllocHandle EncodePublicKey (PublicKey key) { SafeLocalAllocHandle publicKeyInfo = SafeLocalAllocHandle.InvalidHandle; CAPI.CERT_PUBLIC_KEY_INFO2 * pPublicKeyInfo = null; string objId = key.Oid.Value; byte[] encodedParameters = key.EncodedParameters.RawData; byte[] encodedKeyValue = key.EncodedKeyValue.RawData; uint cbPublicKeyInfo = (uint) (Marshal.SizeOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO2)) + X509Utils.AlignedLength((uint) (objId.Length + 1)) + X509Utils.AlignedLength((uint) encodedParameters.Length) + encodedKeyValue.Length); publicKeyInfo = CAPI.LocalAlloc(CAPI.LPTR, new IntPtr(cbPublicKeyInfo)); pPublicKeyInfo = (CAPI.CERT_PUBLIC_KEY_INFO2 *) publicKeyInfo.DangerousGetHandle(); IntPtr pszObjId = new IntPtr((long) pPublicKeyInfo + Marshal.SizeOf(typeof(CAPI.CERT_PUBLIC_KEY_INFO2))); IntPtr pbParameters = new IntPtr((long) pszObjId + X509Utils.AlignedLength(((uint) (objId.Length + 1)))); IntPtr pbPublicKey = new IntPtr((long) pbParameters + X509Utils.AlignedLength((uint) encodedParameters.Length)); pPublicKeyInfo->Algorithm.pszObjId = pszObjId; byte[] szObjId = new byte[objId.Length + 1]; Encoding.ASCII.GetBytes(objId, 0, objId.Length, szObjId, 0); Marshal.Copy(szObjId, 0, pszObjId, szObjId.Length); if (encodedParameters.Length > 0) { pPublicKeyInfo->Algorithm.Parameters.cbData = (uint) encodedParameters.Length; pPublicKeyInfo->Algorithm.Parameters.pbData = pbParameters; Marshal.Copy(encodedParameters, 0, pbParameters, encodedParameters.Length); } pPublicKeyInfo->PublicKey.cbData = (uint) encodedKeyValue.Length; pPublicKeyInfo->PublicKey.pbData = pbPublicKey; Marshal.Copy(encodedKeyValue, 0, pbPublicKey, encodedKeyValue.Length); return publicKeyInfo; }
public override void Reset () { _serial = null; _publicKey = null; base.Reset (); }
public override void Reset () { if (x509 != null) { x509.Dispose (); x509 = null; } if (nativePrivateKey != null) { nativePrivateKey = null; } subjectName = null; issuerName = null; archived = false; publicKey = null; intermediateCerts = null; if (fallback != null) fallback.Reset (); }
public void Constructor_Dsa_EmptyParameters_Key () { PublicKey pk = new PublicKey (new Oid (dsaOid.Value), new AsnEncodedData (new byte[0]), // same as NULL (0x05, 0x00) new AsnEncodedData (dsa_public_key)); Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key"); }
public override bool Verify(byte[] data, byte[] signature, SctHashAlgorithm algorithm) { var publicKey = new PublicKey(new Oid(KnownOids.X509Algorithms.RSA), new AsnEncodedData(_key), AsnNull); var rsa = publicKey.Key as RSACryptoServiceProvider; if (rsa == null) { return false; } return rsa.VerifyData(data, SctHashAlgorithmToOid(algorithm), signature); }
public void Constructor_Dsa_EmptyParameters () { PublicKey pk = new PublicKey (new Oid (dsaOid.Value), new AsnEncodedData (new byte[0]), // same as NULL (0x05, 0x00) new AsnEncodedData (dsa_public_key)); Assert.AreEqual (dsaOid.Value, pk.Oid.Value, "Oid.Value"); Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid"); Assert.AreEqual (String.Empty, BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData"); Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid"); Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData"); }
public void Constructor_Dsa_FromScratch () { // providing Oid for parameters and keyvalue isn't required PublicKey pk = new PublicKey (new Oid (dsaOid.Value), new AsnEncodedData (dsa_params), new AsnEncodedData (dsa_public_key)); Assert.AreEqual (dsaOid.Value, pk.Oid.Value, "Oid.Value"); Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid"); Assert.AreEqual (BitConverter.ToString (dsa_params), BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData"); Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid"); Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData"); Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key"); Assert.IsTrue ((pk.Key as DSACryptoServiceProvider).PublicOnly, "Key.PublicOnly"); }
public void Constructor_Dsa_FromCertificate () { PublicKey pk1 = x509b.PublicKey; PublicKey pk2 = new PublicKey (pk1.Oid, pk1.EncodedParameters, pk1.EncodedKeyValue); Assert.AreEqual (dsaOid.Value, pk2.Oid.Value, "Oid.Value"); Assert.AreEqual (dsaOid.Value, pk2.EncodedParameters.Oid.Value, "EncodedParameters.Oid.Value"); Assert.AreEqual (BitConverter.ToString (dsa_params), BitConverter.ToString (pk2.EncodedParameters.RawData), "EncodedParameters.RawData"); Assert.AreEqual (dsaOid.Value, pk2.EncodedKeyValue.Oid.Value, "EncodedKeyValue.Oid.Value"); Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk2.EncodedKeyValue.RawData), "EncodedKeyValue.RawData"); Assert.AreEqual (dsa_public_key_xml, pk2.Key.ToXmlString (false), "Key"); Assert.IsTrue ((pk2.Key as DSACryptoServiceProvider).PublicOnly, "Key.PublicOnly"); }
/// <summary> /// Verify a signature with a given certificate. It is assumed that /// the signature is made from a SHA1 hash of the data. /// </summary> /// <param name="data">Signed data</param> /// <param name="signature">Signature to be verified</param> /// <param name="certificate">Certificate containing the public key used to verify the code</param> /// <returns>True if the verification succeeds</returns> public bool Verify(byte[] data, byte[] signature, byte[] certificate) { try { X509Certificate2 x509Certificate; // create certificate object from byte 'file' x509Certificate = new X509Certificate2(certificate); String algo = x509Certificate.GetKeyAlgorithm(); if (String.Compare(algo, "1.2.840.113549.1.1.1") == 0) //rsaEncryption { // use public key from certificate during verification RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509Certificate.PublicKey.Key; // verify signature. assume that the data was SHA1 hashed. return(rsa.VerifyData(data, "SHA1", signature)); } else if (String.Compare(algo, "1.2.840.10045.2.1") == 0) //EC Public Key { // use public key from certificate during verification PublicKey publicKey = x509Certificate.PublicKey; // Offset(dec) ENCODING ASN.1 Syntax // 00 06 05 -- OBJECT_ID LENGTH // 02 2B 81 04 00 22 Secp384r1(1 3 132 0 34) byte[] EncodedParamsCurve = publicKey.EncodedParameters.RawData; // Offset(dec) ENCODING ASN.1 Syntax // 00 04 compression byte // 01 { 48 bytes} --X coordinate // 49: { 48 bytes} --Y coordinate byte[] EncodedParamsPoint = publicKey.EncodedKeyValue.RawData; byte[] KeyParams = new byte[5]; byte[] Secp384r1 = { 0x2B, 0x81, 0x04, 0x00, 0x22 }; byte[] KeyValue_X = new byte[48]; byte[] KeyValue_Y = new byte[48]; Array.Copy(EncodedParamsCurve, 0x02, KeyParams, 0, 5); ECParameters parameters = new ECParameters(); //check if the curve is Secp384r1(1 3 132 0 34) if (System.Collections.StructuralComparisons.StructuralEqualityComparer.Equals(KeyParams, Secp384r1)) { //Fill in parameters named curve: //Create a named curve using the specified Oid object. System.Security.Cryptography.Oid cardP384oid = new Oid("ECDSA_P384"); parameters.Curve = ECCurve.CreateFromOid(cardP384oid); Array.Copy(EncodedParamsPoint, 0x01, KeyValue_X, 0, 48); Array.Copy(EncodedParamsPoint, 0x31, KeyValue_Y, 0, 48); //Fill in parameters public key (Q) System.Security.Cryptography.ECPoint Q; Q.X = KeyValue_X; Q.Y = KeyValue_Y; parameters.Q = Q; } else { //not supported, cannot verify, exit return(false); } ECDsa dsa = ECDsa.Create(parameters); // verify signature. assume that the data was SHA384 hashed. return(dsa.VerifyData(data, signature, HashAlgorithmName.SHA384)); } else { return(true); } } catch (Exception e) { Console.WriteLine("Error: " + e.Message); return(false); } }
public override string ToString(bool verbose) { if (verbose == false || Pal == null) { return(ToString()); } StringBuilder sb = new StringBuilder(); // Version sb.AppendLine("[Version]"); sb.Append(" V"); sb.Append(Version); // Subject sb.AppendLine(); sb.AppendLine(); sb.AppendLine("[Subject]"); sb.Append(" "); sb.Append(SubjectName.Name); string simpleName = GetNameInfo(X509NameType.SimpleName, false); if (simpleName.Length > 0) { sb.AppendLine(); sb.Append(" "); sb.Append("Simple Name: "); sb.Append(simpleName); } string emailName = GetNameInfo(X509NameType.EmailName, false); if (emailName.Length > 0) { sb.AppendLine(); sb.Append(" "); sb.Append("Email Name: "); sb.Append(emailName); } string upnName = GetNameInfo(X509NameType.UpnName, false); if (upnName.Length > 0) { sb.AppendLine(); sb.Append(" "); sb.Append("UPN Name: "); sb.Append(upnName); } string dnsName = GetNameInfo(X509NameType.DnsName, false); if (dnsName.Length > 0) { sb.AppendLine(); sb.Append(" "); sb.Append("DNS Name: "); sb.Append(dnsName); } // Issuer sb.AppendLine(); sb.AppendLine(); sb.AppendLine("[Issuer]"); sb.Append(" "); sb.Append(IssuerName.Name); simpleName = GetNameInfo(X509NameType.SimpleName, true); if (simpleName.Length > 0) { sb.AppendLine(); sb.Append(" "); sb.Append("Simple Name: "); sb.Append(simpleName); } emailName = GetNameInfo(X509NameType.EmailName, true); if (emailName.Length > 0) { sb.AppendLine(); sb.Append(" "); sb.Append("Email Name: "); sb.Append(emailName); } upnName = GetNameInfo(X509NameType.UpnName, true); if (upnName.Length > 0) { sb.AppendLine(); sb.Append(" "); sb.Append("UPN Name: "); sb.Append(upnName); } dnsName = GetNameInfo(X509NameType.DnsName, true); if (dnsName.Length > 0) { sb.AppendLine(); sb.Append(" "); sb.Append("DNS Name: "); sb.Append(dnsName); } // Serial Number sb.AppendLine(); sb.AppendLine(); sb.AppendLine("[Serial Number]"); sb.Append(" "); sb.AppendLine(SerialNumber); // NotBefore sb.AppendLine(); sb.AppendLine("[Not Before]"); sb.Append(" "); sb.AppendLine(FormatDate(NotBefore)); // NotAfter sb.AppendLine(); sb.AppendLine("[Not After]"); sb.Append(" "); sb.AppendLine(FormatDate(NotAfter)); // Thumbprint sb.AppendLine(); sb.AppendLine("[Thumbprint]"); sb.Append(" "); sb.AppendLine(Thumbprint); // Signature Algorithm sb.AppendLine(); sb.AppendLine("[Signature Algorithm]"); sb.Append(" "); sb.Append(SignatureAlgorithm.FriendlyName); sb.Append('('); sb.Append(SignatureAlgorithm.Value); sb.AppendLine(")"); // Public Key sb.AppendLine(); sb.Append("[Public Key]"); // It could throw if it's some user-defined CryptoServiceProvider try { PublicKey pubKey = PublicKey; sb.AppendLine(); sb.Append(" "); sb.Append("Algorithm: "); sb.Append(pubKey.Oid.FriendlyName); // So far, we only support RSACryptoServiceProvider & DSACryptoServiceProvider Keys try { sb.AppendLine(); sb.Append(" "); sb.Append("Length: "); using (RSA pubRsa = this.GetRSAPublicKey()) { if (pubRsa != null) { sb.Append(pubRsa.KeySize); } } } catch (NotSupportedException) { } sb.AppendLine(); sb.Append(" "); sb.Append("Key Blob: "); sb.AppendLine(pubKey.EncodedKeyValue.Format(true)); sb.Append(" "); sb.Append("Parameters: "); sb.Append(pubKey.EncodedParameters.Format(true)); } catch (CryptographicException) { } // Private key Pal.AppendPrivateKeyInfo(sb); // Extensions X509ExtensionCollection extensions = Extensions; if (extensions.Count > 0) { sb.AppendLine(); sb.AppendLine(); sb.Append("[Extensions]"); foreach (X509Extension extension in extensions) { try { sb.AppendLine(); sb.Append("* "); sb.Append(extension.Oid.FriendlyName); sb.Append('('); sb.Append(extension.Oid.Value); sb.Append("):"); sb.AppendLine(); sb.Append(" "); sb.Append(extension.Format(true)); } catch (CryptographicException) { } } } sb.AppendLine(); return(sb.ToString()); }
public byte[] ComputeCapiSha1OfPublicKey(PublicKey key) { throw new NotImplementedException(); }
public void Constructor_Dsa_WeirdParameters_Key () { PublicKey pk = new PublicKey (new Oid (dsaOid.Value), new AsnEncodedData (new byte[16] { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }), new AsnEncodedData (dsa_public_key)); Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key"); }
public X509SubjectKeyIdentifierExtension (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical) { if (key == null) throw new ArgumentNullException ("key"); byte[] pkraw = key.EncodedKeyValue.RawData; // compute SKI switch (algorithm) { // hash of the public key, excluding Tag, Length and unused bits values case X509SubjectKeyIdentifierHashAlgorithm.Sha1: _subjectKeyIdentifier = SHA1.Create ().ComputeHash (pkraw); break; // 0100 bit pattern followed by the 60 last bit of the hash case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1: byte[] hash = SHA1.Create ().ComputeHash (pkraw); _subjectKeyIdentifier = new byte [8]; Buffer.BlockCopy (hash, 12, _subjectKeyIdentifier, 0, 8); _subjectKeyIdentifier [0] = (byte) (0x40 | (_subjectKeyIdentifier [0] & 0x0F)); break; // hash of the public key, including Tag, Length and unused bits values case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1: // CryptoAPI does that hash on the complete subjectPublicKeyInfo (unlike PKIX) // http://groups.google.ca/groups?selm=e7RqM%24plCHA.1488%40tkmsftngp02&oe=UTF-8&output=gplain ASN1 subjectPublicKeyInfo = new ASN1 (0x30); ASN1 algo = subjectPublicKeyInfo.Add (new ASN1 (0x30)); algo.Add (new ASN1 (CryptoConfig.EncodeOID (key.Oid.Value))); algo.Add (new ASN1 (key.EncodedParameters.RawData)); // add an extra byte for the unused bits (none) byte[] full = new byte [pkraw.Length + 1]; Buffer.BlockCopy (pkraw, 0, full, 1, pkraw.Length); subjectPublicKeyInfo.Add (new ASN1 (0x03, full)); _subjectKeyIdentifier = SHA1.Create ().ComputeHash (subjectPublicKeyInfo.GetBytes ()); break; default: throw new ArgumentException ("algorithm"); } _oid = new Oid (oid, friendlyName); base.Critical = critical; RawData = Encode (); }
public void Constructor_Dsa_UnknownOid () { // providing Oid for parameters and keyvalue isn't required PublicKey pk = new PublicKey (new Oid (unknownOid.Value), new AsnEncodedData (dsa_params), new AsnEncodedData (dsa_public_key)); Assert.AreEqual (unknownOid.Value, pk.Oid.Value, "Oid.Value"); Assert.IsNull (pk.EncodedParameters.Oid, "EncodedParameters.Oid"); Assert.AreEqual (BitConverter.ToString (dsa_params), BitConverter.ToString (pk.EncodedParameters.RawData), "EncodedParameters.RawData"); Assert.IsNull (pk.EncodedKeyValue.Oid, "EncodedKeyValue.Oid"); Assert.AreEqual (BitConverter.ToString (dsa_public_key), BitConverter.ToString (pk.EncodedKeyValue.RawData), "EncodedKeyValue.RawData"); }
public X509SubjectKeyIdentifierExtension (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical) : base (CAPI.szOID_SUBJECT_KEY_IDENTIFIER, EncodePublicKey(key, algorithm), critical) {}
public void Constructor_Dsa_UnknownOid_Key () { // providing Oid for parameters and keyvalue isn't required PublicKey pk = new PublicKey (new Oid (unknownOid.Value), new AsnEncodedData (dsa_params), new AsnEncodedData (dsa_public_key)); Assert.AreEqual (dsa_public_key_xml, pk.Key.ToXmlString (false), "Key"); }
private static unsafe byte[] EncodePublicKey (PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm) { if (key == null) throw new ArgumentNullException("key"); // Construct CERT_PUBLIC_KEY_INFO2 in unmanged memory from given encoded blobs. SafeLocalAllocHandle publicKeyInfo = EncodePublicKey(key); CAPI.CERT_PUBLIC_KEY_INFO2 * pPublicKeyInfo = (CAPI.CERT_PUBLIC_KEY_INFO2 *) publicKeyInfo.DangerousGetHandle(); byte [] buffer = new byte[20]; byte [] identifier = null; fixed (byte * pBuffer = buffer) { uint cbData = (uint)buffer.Length; IntPtr pbData = new IntPtr(pBuffer); try { if ((X509SubjectKeyIdentifierHashAlgorithm.Sha1 == algorithm) || (X509SubjectKeyIdentifierHashAlgorithm.ShortSha1 == algorithm)) { //+================================================================= // (1) The keyIdentifier is composed of the 160-bit SHA-1 hash of // the value of the BIT STRING subjectPublicKey (excluding the tag, // length, and number of unused bits). if (!CAPI.CryptHashCertificate( IntPtr.Zero, // hCryptProv CAPI.CALG_SHA1, 0, // dwFlags, pPublicKeyInfo->PublicKey.pbData, pPublicKeyInfo->PublicKey.cbData, pbData, new IntPtr(&cbData))) throw new CryptographicException(Marshal.GetHRForLastWin32Error()); } //+================================================================= // Microsoft convention: The keyIdentifier is composed of the // 160-bit SHA-1 hash of the encoded subjectPublicKey BITSTRING // (including the tag, length, and number of unused bits). else if (X509SubjectKeyIdentifierHashAlgorithm.CapiSha1 == algorithm) { if (!CAPI.CryptHashPublicKeyInfo( IntPtr.Zero, // hCryptProv CAPI.CALG_SHA1, 0, // dwFlags, CAPI.X509_ASN_ENCODING, new IntPtr(pPublicKeyInfo), pbData, new IntPtr(&cbData))) { throw new CryptographicException(Marshal.GetHRForLastWin32Error()); } } else { throw new ArgumentException("algorithm"); } //+================================================================= // (2) The keyIdentifier is composed of a four bit type field with // the value 0100 followed by the least significant 60 bits of the // SHA-1 hash of the value of the BIT STRING subjectPublicKey // (excluding the tag, length, and number of unused bit string bits) if (X509SubjectKeyIdentifierHashAlgorithm.ShortSha1 == algorithm) { identifier = new byte[8]; Array.Copy(buffer, buffer.Length - 8, identifier, 0, identifier.Length); identifier[0] &= 0x0f; identifier[0] |= 0x40; } else { identifier = buffer; // return the meaningful part only if (buffer.Length > (int)cbData) { identifier = new byte[cbData]; Array.Copy(buffer, 0, identifier, 0, identifier.Length); } } } finally { publicKeyInfo.Dispose(); } } return EncodeExtension(identifier); }
public void FixtureSetUp () { pk1 = new X509Certificate2 (Encoding.ASCII.GetBytes (X509Certificate2Test.base64_cert)).PublicKey; }
public byte[] ComputeCapiSha1OfPublicKey(PublicKey key) { unsafe { fixed (byte* pszOidValue = key.Oid.ValueAsAscii()) { byte[] encodedParameters = key.EncodedParameters.RawData; fixed (byte* pEncodedParameters = encodedParameters) { byte[] encodedKeyValue = key.EncodedKeyValue.RawData; fixed (byte* pEncodedKeyValue = encodedKeyValue) { CERT_PUBLIC_KEY_INFO publicKeyInfo = new CERT_PUBLIC_KEY_INFO() { Algorithm = new CRYPT_ALGORITHM_IDENTIFIER() { pszObjId = new IntPtr(pszOidValue), Parameters = new CRYPTOAPI_BLOB(encodedParameters.Length, pEncodedParameters), }, PublicKey = new CRYPT_BIT_BLOB() { cbData = encodedKeyValue.Length, pbData = pEncodedKeyValue, cUnusedBits = 0, }, }; int cb = 20; byte[] buffer = new byte[cb]; if (!Interop.crypt32.CryptHashPublicKeyInfo(IntPtr.Zero, AlgId.CALG_SHA1, 0, CertEncodingType.All, ref publicKeyInfo, buffer, ref cb)) throw Marshal.GetHRForLastWin32Error().ToCryptographicException();; if (cb < buffer.Length) { byte[] newBuffer = new byte[cb]; Array.Copy(buffer, 0, newBuffer, 0, cb); buffer = newBuffer; } return buffer; } } } } }
public override void Reset () { _cert = null; _archived = false; _extensions = null; _serial = null; _publicKey = null; issuer_name = null; subject_name = null; signature_algorithm = null; if (intermediateCerts != null) { intermediateCerts.Dispose (); intermediateCerts = null; } }
private static byte[] GenerateSubjectKeyIdentifierFromPublicKey(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm) { switch (algorithm) { case X509SubjectKeyIdentifierHashAlgorithm.Sha1: return ComputeSha1(key.EncodedKeyValue.RawData); case X509SubjectKeyIdentifierHashAlgorithm.ShortSha1: { byte[] sha1 = ComputeSha1(key.EncodedKeyValue.RawData); // ShortSha1: The keyIdentifier is composed of a four bit type field with // the value 0100 followed by the least significant 60 bits of the // SHA-1 hash of the value of the BIT STRING subjectPublicKey // (excluding the tag, length, and number of unused bit string bits) byte[] shortSha1 = new byte[8]; Buffer.BlockCopy(sha1, sha1.Length - 8, shortSha1, 0, shortSha1.Length); shortSha1[0] &= 0x0f; shortSha1[0] |= 0x40; return shortSha1; } case X509SubjectKeyIdentifierHashAlgorithm.CapiSha1: return X509Pal.Instance.ComputeCapiSha1OfPublicKey(key); default: throw new ArgumentException(SR.Format(SR.Arg_EnumIllegalVal, algorithm), nameof(algorithm)); } }
public override void Reset () { m_version = 0; m_notBefore = DateTime.MinValue; m_notAfter = DateTime.MinValue; m_privateKey = null; m_publicKey = null; m_extensions = null; m_signatureAlgorithm = null; m_subjectName = null; m_issuerName = null; if (!m_safeCertContext.IsInvalid) { // Free the current certificate handle m_safeCertContext.Dispose(); m_safeCertContext = SafeCertContextHandle.InvalidHandle; } base.Reset(); }
public X509SubjectKeyIdentifierExtension(PublicKey key, X509SubjectKeyIdentifierHashAlgorithm algorithm, bool critical) : base(Oids.SubjectKeyIdentifier, EncodeExtension(key, algorithm), critical) { }
internal PublicKey (PublicKey publicKey) { m_oid = new Oid(publicKey.m_oid); m_encodedParameters = new AsnEncodedData(publicKey.m_encodedParameters); m_encodedKeyValue = new AsnEncodedData(publicKey.m_encodedKeyValue); }
public override void Reset () { _cert = null; _archived = false; _extensions = null; _name = String.Empty; _serial = null; _publicKey = null; issuer_name = null; subject_name = null; signature_algorithm = null; base.Reset (); }