public static void TestNegativeVerify384()
{
CngKey key = TestData.s_ECDsa384Key;
ECDsaCng e = new ECDsaCng(key);
byte[] tamperedSig = ("7805c494b17bba8cba09d3e5cdd16d69ce785e56c4f2d9d9061d549fce0a6860cca1cb9326bd534da21ad4ff326a1e0810d8"
+ "f366eb6afc66ede0d1ffe345f6b37ac622ed77838b42825ceb96cd3996d3d77fd6a248357ae1ae6cb85f048b1b04").HexToByteArray();
bool verified = e.VerifyHash(TestData.s_hashSha512, tamperedSig);
Assert.False(verified);
}
public static byte[] CreateSignature(byte[] data, CngKey key)
{
// 创建签名
byte[] signature;
using(var signingAlg = new ECDsaCng(key))
{
signature = signingAlg.SignData(data);
signingAlg.Clear();
}
return signature;
}
public MtbContainer Sign(MtbContainer mtb)
{
mtb.IssuerSignedTicketBundle.Header = new IssuerSignatureHeader(SignatureAlgorithm.ES256, _keyRepository.SigningIssuerId, _keyRepository.SigningKeyId);
var signingInput = CreateCoseSigningInput(mtb.IssuerSignedTicketBundle.Header.GetBytes(), mtb.IssuerSignedTicketBundle.TicketBundle.GetBytes());
var privateKey = _keyRepository.GetPrivateKey();
using (var dsa = new ECDsaCng(privateKey))
{
mtb.IssuerSignedTicketBundle.Signature = dsa.SignData(signingInput);
}
return mtb;
}
private static byte[] Sign(byte[] message, byte[] prikey)
{
var Secp256r1_G = HexString2Bytes("04" + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5");
var PublicKey = Neo.Cryptography.ECC.ECCurve.Secp256r1.G * prikey;
var pubkey = PublicKey.EncodePoint(false).Skip(1).ToArray();
//#if NET461
const int ECDSA_PRIVATE_P256_MAGIC = 0x32534345;
prikey = BitConverter.GetBytes(ECDSA_PRIVATE_P256_MAGIC).Concat(BitConverter.GetBytes(32)).Concat(pubkey).Concat(prikey).ToArray();
using (System.Security.Cryptography.CngKey key = System.Security.Cryptography.CngKey.Import(prikey, System.Security.Cryptography.CngKeyBlobFormat.EccPrivateBlob))
using (System.Security.Cryptography.ECDsaCng ecdsa = new System.Security.Cryptography.ECDsaCng(key))
//#else
// using (var ecdsa = System.Security.Cryptography.ECDsa.Create(new System.Security.Cryptography.ECParameters
// {
// Curve = System.Security.Cryptography.ECCurve.NamedCurves.nistP256,
// D = prikey,
// Q = new System.Security.Cryptography.ECPoint
// {
// X = pubkey.Take(32).ToArray(),
// Y = pubkey.Skip(32).ToArray()
// }
// }))
//#endif
{
return(ecdsa.SignData(message, System.Security.Cryptography.HashAlgorithmName.SHA256));
}
}
static void Main(string[] args)
{
if (args.Length == 1)
{
// Got Signature (License)? Then Verify it
byte[] signature = Convert.FromBase64String(args[0]);
// Public key must be hard-coded!
const string publicKeyString = "RUNTMSAAAACOUGMbADUgo3dDq42gwv+uCPsI8jjQm61r0CUPVioibLfzskpsGmUAJD29rt3FzS5qb28gS5Ed85jDPwQoesBJ";
byte[] publicKey = Convert.FromBase64String(publicKeyString);
CngKey cngKey = CngKey.Import(publicKey, CngKeyBlobFormat.EccPublicBlob);
ECDsaCng dsa = new ECDsaCng(cngKey);
dsa.HashAlgorithm = CngAlgorithm.MD5;
if (dsa.VerifyData(MachineID.ComputeEasyMachineID(), signature))
{
Console.WriteLine("License is valid. Thank you!");
}
else
{
Console.WriteLine("License is invalid!");
}
dsa.Clear();
}
else
{
// No Signature (License). Display InstallationID
Console.WriteLine("No license found. Contact your software vendor and provide the following code:");
foreach (byte b in MachineID.ComputeEasyMachineID())
{
Console.Write(b);
}
}
Console.WriteLine("Press any key to continue ...");
Console.ReadKey();
}
public ECDSASigner(string privateKey) //konstruktor do importowania klucza
{
this.privateKey = Base58CheckEncoding.DecodePlain(privateKey);
CngPrivateKey = CngKey.Import(this.privateKey, CngKeyBlobFormat.EccPrivateBlob);
ECDSA = new ECDsaCng(CngPrivateKey);
ECDSA.HashAlgorithm = CngAlgorithm.Sha256;
}
private ECDsaCng BuildEcDsaCng() {
byte[] publicBlob = ECCPublicKeyBlobFormatter.Instance.BuildECCPublicBlob( this );
using( var cng = CngKey.Import( publicBlob, CngKeyBlobFormat.EccPublicBlob ) ) {
// ECDsaCng copies the CngKey, hence the using
var ecDsa = new ECDsaCng( cng );
return ecDsa;
}
}
internal static byte[] Sign(this ISignable signable, byte[] prikey, byte[] pubkey)
{
const int ECDSA_PRIVATE_P256_MAGIC = 0x32534345;
prikey = BitConverter.GetBytes(ECDSA_PRIVATE_P256_MAGIC).Concat(BitConverter.GetBytes(32)).Concat(pubkey).Concat(prikey).ToArray();
using (CngKey key = CngKey.Import(prikey, CngKeyBlobFormat.EccPrivateBlob))
using (ECDsaCng ecdsa = new ECDsaCng(key))
{
return ecdsa.SignHash(signable.GetHashForSigning());
}
}
public void Receive(byte[] data, byte[] signature)
{
using (ECDsaCng ecsdKey = new ECDsaCng(CngKey.Import(key, CngKeyBlobFormat.EccPublicBlob)))
{
if (ecsdKey.VerifyData(data, signature))
Console.WriteLine("Data is good");
else
Console.WriteLine("Data is bad");
}
}
public static void TestNegativeVerify256()
{
CngKey key = TestData.s_ECDsa256Key;
ECDsaCng e = new ECDsaCng(key);
byte[] tamperedSig = ("998791331eb2e1f4259297f5d9cb82fa20dec98e1cb0900e6b8f014a406c3d02cbdbf5238bde471c3155fc25565524301429"
+ "e8713dad9a67eb0a5c355e9e23dc").HexToByteArray();
bool verified = e.VerifyHash(TestData.s_hashSha512, tamperedSig);
Assert.False(verified);
}
public static void TestNegativeVerify521()
{
CngKey key = TestData.s_ECDsa521Key;
ECDsaCng e = new ECDsaCng(key);
byte[] tamperedSig = ("0084461450745672df85735fbf89f2dccef804d6b56e86ca45ea5c366a05a5de96327eddb75582821c6315c8bb823c875845"
+ "a6f25963ddab70461b786261507f971401fdc300697824129e0a84e0ba1ab4820ac7b29e7f8248bc2e29d152a9190eb3fcb7"
+ "6e8ebf1aa5dd28ffd582a24cbfebb3426a5f933ce1d995b31c951103d24f6256").HexToByteArray();
bool verified = e.VerifyHash(TestData.s_hashSha512, tamperedSig);
Assert.False(verified);
}
public byte[] GetSignature(string claimString)
{
CngKey key = _keyProvider.GetKey();
using (_keyProvider.GetKey())
using(var dsa = new ECDsaCng(key))
{
var bytes = Encoding.UTF8.GetBytes(claimString);
return dsa.SignData(bytes);
}
}
public ECDSASigner() //konstruktor do generowania klucza
{
keyCreationParameters = new CngKeyCreationParameters();
keyCreationParameters.ExportPolicy = CngExportPolicies.AllowExport;
keyCreationParameters.KeyUsage = CngKeyUsages.Signing;
keyCreationParameters.ExportPolicy = CngExportPolicies.AllowPlaintextExport;
CngPrivateKey = CngKey.Create(CngAlgorithm.ECDsaP256, null, keyCreationParameters);
ECDSA = new ECDsaCng(CngPrivateKey);
this.privateKey = ECDSA.Key.Export(CngKeyBlobFormat.EccPrivateBlob);
ECDSA.HashAlgorithm = CngAlgorithm.Sha256;
}
public byte[] Sign(ISignable signable)
{
byte[] signature;
ProtectedMemory.Unprotect(key_exported, MemoryProtectionScope.SameProcess);
using (CngKey key = CngKey.Import(key_exported, CngKeyBlobFormat.EccPrivateBlob))
using (ECDsaCng ecdsa = new ECDsaCng(key))
{
signature = ecdsa.SignHash(signable.GetHashForSigning());
}
ProtectedMemory.Protect(key_exported, MemoryProtectionScope.SameProcess);
return signature;
}
private Boolean isValidSignedMsg(byte[] hash)
{
Boolean bReturn;
using (var dsa = new ECDsaCng(CngKey.Import(PublicKey, CngKeyBlobFormat.EccPublicBlob)))
{
dsa.HashAlgorithm = Global.HashAlgorithm;
bReturn = dsa.VerifyData(hash, SignedMsg);
}
return bReturn;
}
public bool Check(string source)
{
using (ECDsaCng ecsdKey = new ECDsaCng(CngKey.Import(key, CngKeyBlobFormat.EccPublicBlob)))
{
byte[] destData = new byte[source.Length / 2];
for(int i = 0; i < source.Length / 2; ++i)
{
destData[i] = Convert.ToByte(source.Substring(i * 2, 2), 16);
}
return ecsdKey.VerifyData(TestDataBytes, destData);
}
}
internal void ExtractValues(string appParam, byte[] originalChallenge)
{
DataContractJsonSerializer jsonSerializerResponse = new DataContractJsonSerializer(typeof(ClientData));
object objResponse = jsonSerializerResponse.ReadObject(new MemoryStream(Helpers.Base64UrlDecode(clientData)));
ClientData clientDataObject = objResponse as ClientData;
if (clientDataObject == null
|| !clientDataObject.origin.Equals(appParam)
|| !clientDataObject.typ.Equals("navigator.id.finishEnrollment")
|| !clientDataObject.challenge.Equals(Helpers.Base64UrlEncode(originalChallenge))
)
throw new Exception("clientData does not contain necessary fields");
byte[] data = Helpers.Base64UrlDecode(registrationData);
if (data[0] != 0x05)
throw new Exception("Invalid registration data");
var keyLen = 65;
byte[] keyBytes = new byte[keyLen];
Array.Copy(data, 1, keyBytes, 0, keyLen);
publicKey = Helpers.Base64UrlEncode(keyBytes);
int keyHandleLen = data[66];
byte[] keyHandleBytes = new byte[keyHandleLen];
Array.Copy(data, 1 + 1 + keyLen, keyHandleBytes, 0, keyHandleLen);
keyHandle = Helpers.Base64UrlEncode(keyHandleBytes);
int certLen = data.Length - 1 - 1 - keyLen - keyHandleLen; // temporary!
byte[] certBytes = new byte[certLen];
Array.Copy(data, 1 + 1 + keyLen + keyHandleLen, certBytes, 0, certLen);
X509Certificate certObject = new X509Certificate(certBytes);
certBytes = certObject.Export(X509ContentType.Cert);
certLen = certBytes.Length;
int sigLen = data.Length - 1 - 1 - keyLen - keyHandleLen - certLen;
byte[] signatureBytes = new byte[sigLen];
Array.Copy(data, data.Length - sigLen, signatureBytes, 0, sigLen);
var bytesToVerify = new byte[] { 0x00 }
.Concat(SHA256.Create().ComputeHash(new UTF8Encoding().GetBytes(appParam)))
.Concat(SHA256.Create().ComputeHash(Helpers.Base64UrlDecode(clientData)))
.Concat(keyHandleBytes)
.Concat(keyBytes)
.ToArray();
var ecdsa = new ECDsaCng(CngKey.Import(FixKeyBytes(certObject.GetPublicKey()), CngKeyBlobFormat.EccPublicBlob))
{
HashAlgorithm = CngAlgorithm.Sha256
};
if (!ecdsa.VerifyData(bytesToVerify, FixSignatureBytes(signatureBytes)))
throw new Exception("Signature is not valid");
}
public override CertificatePrivateKey ImportPrivateKey(byte[] keyData)
{
try {
string magic = Encoding.ASCII.GetString(keyData, 0, 4);
if (magic.Equals("ECS2") || magic.Equals("ECS4") || magic.Equals("ECS6")) {
CngKey cngKey = CngKey.Import(keyData, CngKeyBlobFormat.EccPrivateBlob);
ECDsaCng ecdsa = new ECDsaCng(cngKey);
return new CertificatePrivateKey(ecdsa);
}
} catch (Exception) {}
return null;
}
public static bool Verify(string publicKey, string message, string signature)
{
bool isValid = false;
using (CngKey k = CngKey.Import(Convert.FromBase64String(publicKey), CngKeyBlobFormat.EccPublicBlob))
using (ECDsaCng dsa = new ECDsaCng(k))
{
byte[] sigData = Convert.FromBase64String(signature);
isValid = dsa.VerifyData(Encoding.Unicode.GetBytes(message), sigData);
}
return isValid;
}
/// <summary>
/// Weryfikacja na podstawie klucza publicznego, podpisu i podpisanych danych
/// </summary>
/// <param name="publicKey"></param>
/// <param name="signature"></param>
/// <param name="data"></param>
/// <returns></returns>
public static bool verifyData(byte[] publicKey, byte[] signature, byte[] data)
{
try
{
ECDsaCng ECDSA = new ECDsaCng(CngKey.Import(publicKey, CngKeyBlobFormat.EccPublicBlob));
ECDSA.HashAlgorithm = CngAlgorithm.Sha256;
return ECDSA.VerifyData(data, signature);
}
catch(Exception)
{
return false;
}
}
public static byte[] Sign(byte[] privateKey, Stream stream)
{
#if Mono
throw new NotSupportedException();
#else
using (CngKey ck = CngKey.Import(privateKey, CngKeyBlobFormat.Pkcs8PrivateBlob))
using (ECDsaCng ecdsa = new ECDsaCng(ck))
{
ecdsa.HashAlgorithm = CngAlgorithm.Sha256;
return ecdsa.SignData(stream);
}
#endif
}
/// <summary>
/// 使用私钥签名
/// </summary>
public static byte[] SignData(byte[] data, byte[] privateKey)
{
///是否能够完全的释放using,在return以后
// 打开密钥
using (CngKey cngKey = CngKey.Import(privateKey, CngKeyBlobFormat.EccPrivateBlob))
{
// 签名
using (ECDsaCng ecdsa = new ECDsaCng(cngKey))
{
byte[] signature = ecdsa.SignData(data);
return signature;
}
}
}
public static bool VerifySignature(byte[] data, byte[] signature, byte[] pubKey)
{
// 验证签名
bool result = false;
using (CngKey key = CngKey.Import(pubKey, CngKeyBlobFormat.GenericPublicBlob))
{
using(var signingAlg = new ECDsaCng(key))
{
result = signingAlg.VerifyData(data, signature);
signingAlg.Clear();
}
}
return result;
}
private static ECDsa DecodeECDsaPublicKey(CertificatePal certificatePal)
{
ECDsa ecdsa;
using (SafeBCryptKeyHandle bCryptKeyHandle = ImportPublicKeyInfo(certificatePal.CertContext))
{
CngKeyBlobFormat blobFormat;
byte[] keyBlob;
#if NETNATIVE
blobFormat = CngKeyBlobFormat.EccPublicBlob;
keyBlob = ExportKeyBlob(bCryptKeyHandle, blobFormat);
using (CngKey cngKey = CngKey.Import(keyBlob, blobFormat))
{
ecdsa = new ECDsaCng(cngKey);
}
#else
string curveName = GetCurveName(bCryptKeyHandle);
if (curveName == null)
{
if (HasExplicitParameters(bCryptKeyHandle))
{
blobFormat = CngKeyBlobFormat.EccFullPublicBlob;
}
else
{
blobFormat = CngKeyBlobFormat.EccPublicBlob;
}
keyBlob = ExportKeyBlob(bCryptKeyHandle, blobFormat);
using (CngKey cngKey = CngKey.Import(keyBlob, blobFormat))
{
ecdsa = new ECDsaCng(cngKey);
}
}
else
{
blobFormat = CngKeyBlobFormat.EccPublicBlob;
keyBlob = ExportKeyBlob(bCryptKeyHandle, blobFormat);
ECParameters ecparams = new ECParameters();
ExportNamedCurveParameters(ref ecparams, keyBlob, false);
ecparams.Curve = ECCurve.CreateFromFriendlyName(curveName);
ecdsa = new ECDsaCng();
ecdsa.ImportParameters(ecparams);
}
#endif
}
return ecdsa;
}
/// <summary>
/// 使用公钥验证签名
/// </summary>
public static bool VerifyData(byte[] data, byte[] signature, byte[] publicKey)
{
//验证是否签名匹配
bool verified = false;
// 导入公钥
using (CngKey cngKey = CngKey.Import(publicKey, CngKeyBlobFormat.EccPublicBlob))
{
// 验证签名
using (ECDsaCng ecdsa = new ECDsaCng(cngKey))
{
verified = ecdsa.VerifyData(data, signature);
return verified;
}
}
}
private bool VerifySignature(byte[] data, byte[] signature, byte[] pubKey)
{
bool retValue = false;
using (CngKey key = CngKey.Import(pubKey, CngKeyBlobFormat.GenericPublicBlob))
using (var signingAlg = new ECDsaCng(key))
{
#if NET46
retValue = signingAlg.VerifyData(data, signature);
signingAlg.Clear();
#else
retValue = signingAlg.VerifyData(data, signature, HashAlgorithmName.SHA512);
#endif
}
return retValue;
}
private byte[] CreateSignature(byte[] data, CngKey key)
{
byte[] signature;
using (var signingAlg = new ECDsaCng(key))
{
#if NET46
signature = signingAlg.SignData(data);
signingAlg.Clear();
#else
signature = signingAlg.SignData(data, HashAlgorithmName.SHA512);
#endif
}
return signature;
}
static void Main(string[] args)
{
if (args.Length != 1 && args[0].Length != 8)
{
Console.WriteLine("Use a valid MachineID as the argument.");
return;
}
else
{
Console.WriteLine("MachineID: " + args[0]);
}
// The data to sign.
byte[] data = new byte[8];
// Convert MachineID to byte array
for (int i = 0; i < 8; i++)
{
data[i] = Byte.Parse(args[0][i].ToString());
}
// Load the key from system store
// This key was created by key gen
CngKey cngKey = CngKey.Open("PA ECDSA Key");
using (ECDsaCng dsa = new ECDsaCng(cngKey))
{
dsa.HashAlgorithm = CngAlgorithm.MD5;
byte[] signature = dsa.SignData(data);
dsa.Clear();
// Print signature
Console.WriteLine("\nSignature:\n" + Debugger.BytesToString(signature));
// Base64
Console.WriteLine("\nSignature in Base64:\n" + CodeConverter.ToBase64(signature));
// Big numbers
Console.WriteLine("\nSignature in Codes:");
ulong[] a = CodeConverter.ToInt64Array(signature);
foreach (ulong i in a) Console.WriteLine(i.ToString());
// Formated Base32
Console.WriteLine("\nSignature in Formated Base32:\n" + CodeConverter.ToFormatedBase32Code(signature));
Console.WriteLine("\nPress any key to continue");
Console.ReadKey();
}
}
/// <summary>
/// 公開鍵と秘密鍵を作成して返す
/// </summary>
/// <param name="publicKey">作成された公開鍵</param>
/// <param name="privateKey">作成された秘密鍵</param>
public static void CreateKeys(out byte[] publicKey, out byte[] privateKey)
{
#if Mono
throw new NotSupportedException();
#else
CngKeyCreationParameters ckcp = new CngKeyCreationParameters();
ckcp.ExportPolicy = CngExportPolicies.AllowPlaintextExport;
ckcp.KeyUsage = CngKeyUsages.Signing;
using (CngKey ck = CngKey.Create(CngAlgorithm.ECDsaP521, null, ckcp))
using (ECDsaCng ecdsa = new ECDsaCng(ck))
{
publicKey = Encoding.ASCII.GetBytes(ecdsa.ToXmlString(ECKeyXmlFormat.Rfc4050));
privateKey = ecdsa.Key.Export(CngKeyBlobFormat.Pkcs8PrivateBlob);
}
#endif
}
public void TestMethod1()
{
string stringSignature;
Bob bob = new Bob();
using (ECDsaCng dsa = new ECDsaCng(100))
{
dsa.HashAlgorithm = CngAlgorithm.MD5;
bob.key = dsa.Key.Export(CngKeyBlobFormat.EccPublicBlob);
byte[] data = new byte[] { 21, 5, 8, 12, 207 };
byte[] signature = dsa.SignData(data);
stringSignature = Convert.ToBase64String(signature);
bob.Receive(data, signature);
}
}
public static byte[] SignData(byte[] prikey, byte[] data)
{
var PublicKey = ThinNeo.Cryptography.ECC.ECCurve.Secp256r1.G * prikey;
byte[] pubkey = PublicKey.EncodePoint(false).Skip(1).ToArray();
//签名的私钥
byte[] first = { 0x45, 0x43, 0x53, 0x32, 0x20, 0x00, 0x00, 0x00 };
byte[] signprikey = first.Concat(pubkey).Concat(prikey).ToArray();
using (System.Security.Cryptography.CngKey key = System.Security.Cryptography.CngKey.Import(signprikey, System.Security.Cryptography.CngKeyBlobFormat.EccPrivateBlob))
{
using (System.Security.Cryptography.ECDsaCng ecdsa = new System.Security.Cryptography.ECDsaCng(key))
{
var hashsrc = sha256.ComputeHash(data);
var signdata = ecdsa.SignHash(hashsrc);
return(signdata);
}
}
}
public static string Sign(string privateKey, string message)
{
string signature = null;
using (CngKey k = CngKey.Import(Convert.FromBase64String(privateKey), CngKeyBlobFormat.EccPrivateBlob))
using (ECDsaCng dsa = new ECDsaCng(k))
{
byte[] sigData = dsa.SignData(Encoding.Unicode.GetBytes(message));
signature = Convert.ToBase64String(sigData);
}
return signature;
}