// https://www.csharpcodi.com/csharp-examples/Org.BouncyCastle.X509.X509Certificate.GetPublicKey()/
public static bool CheckRequestSignature(
byte[] serializedSpeechletRequest
, string expectedSignature
, Org.BouncyCastle.X509.X509Certificate cert)
{
byte[] expectedSig = null;
try
{
expectedSig = System.Convert.FromBase64String(expectedSignature);
}
catch (System.FormatException)
{
return(false);
}
Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters publicKey =
(Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)cert.GetPublicKey();
Org.BouncyCastle.Crypto.ISigner signer =
Org.BouncyCastle.Security.SignerUtilities.GetSigner("Sdk.SIGNATURE_ALGORITHM");
signer.Init(false, publicKey);
signer.BlockUpdate(serializedSpeechletRequest, 0, serializedSpeechletRequest.Length);
return(signer.VerifySignature(expectedSig));
}
private string generaSello()
{
String pass = ConfigurationManager.AppSettings["keypass"]; //Contraseña de la llave privada
String llave = ConfigurationManager.AppSettings["rutaKey"]; //Archivo de la llave privada
byte[] llave2 = File.ReadAllBytes(llave); // Convertimos el archivo anterior a byte
String CadenaOriginal = generarCadenaOriginal(@"C:\CFDI\SinTimbrar.xml");
//1) Desencriptar la llave privada, el primer parámetro es la contraseña de llave privada y el segundo es la llave privada en formato binario.
Org.BouncyCastle.Crypto.AsymmetricKeyParameter asp = Org.BouncyCastle.Security.PrivateKeyFactory.DecryptKey(pass.ToCharArray(), llave2);
//2) Convertir a parámetros de RSA
Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters key = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)asp;
//3) Crear el firmador con SHA1
//Org.BouncyCastle.Crypto.ISigner sig = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA1withRSA");
//La siguiente linea es para generar el sello para la nueva versión de CFDI 3.3
Org.BouncyCastle.Crypto.ISigner sig = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withRSA");
//4) Inicializar el firmador con la llave privada
sig.Init(true, key);
// 5) Pasar la cadena original a formato binario
byte[] bytes = Encoding.UTF8.GetBytes(CadenaOriginal);
// 6) Encriptar
sig.BlockUpdate(bytes, 0, bytes.Length);
byte[] bytesFirmados = sig.GenerateSignature();
// 7) Finalmente obtenemos el sello
String sello = Convert.ToBase64String(bytesFirmados);
return(sello);
}
} // End Sub Test
public static string SignData(string msg, Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters privKey)
{
try
{
byte[] msgBytes = System.Text.Encoding.UTF8.GetBytes(msg);
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
// algorithms["SHA-256/ECDSA"] = "SHA-256withECDSA";
// algorithms["SHA-384/ECDSA"] = "SHA-384withECDSA";
// algorithms["SHA-512/ECDSA"] = "SHA-512withECDSA";
Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(true, privKey);
signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
byte[] sigBytes = signer.GenerateSignature();
return(System.Convert.ToBase64String(sigBytes));
}
catch (System.Exception exc)
{
System.Console.WriteLine("Signing Failed: " + exc.ToString());
return(null);
}
} // End Function SignData
} // End Function SignData
public static bool VerifySignature(Org.BouncyCastle.Crypto.AsymmetricKeyParameter pubKey, string signature, string msg)
{
if (pubKey == null)
{
throw new System.ArgumentNullException("pubKey", "pubKey is not allowed to be NULL.");
}
if (pubKey.IsPrivate)
{
throw new System.ArgumentException("Invalid key. What should be a public-key is actually a private key.", "pubKey");
}
try
{
if (msg == null)
{
msg = "";
}
byte[] msgBytes = System.Text.Encoding.UTF8.GetBytes(msg);
byte[] sigBytes = System.Convert.FromBase64String(signature);
Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withRSA");
signer.Init(false, pubKey);
signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
return(signer.VerifySignature(sigBytes));
}
catch (System.Exception exc)
{
System.Console.WriteLine("Verification failed with the error: " + exc.ToString());
return(false);
}
} // End Function VerifySignature
} // End Function SignHash
public override bool VerifyHash(byte[] hash, byte[] signature)
{
// byte[] hash = System.Text.Encoding.UTF8.GetBytes(strHash);
// byte[] signature = System.Convert.FromBase64String(strSignature);
// base.SignatureAlgorithm
Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(false, m_pubKey);
signer.BlockUpdate(hash, 0, hash.Length);
return(signer.VerifySignature(signature));
} // End Function VerifyHash
} // End Constructor
public override byte[] SignHash(byte[] hash)
{
// byte[] hash = System.Text.Encoding.UTF8.GetBytes(strHash);
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
// algorithms["SHA-256/ECDSA"] = "SHA-256withECDSA";
// algorithms["SHA-384/ECDSA"] = "SHA-384withECDSA";
// algorithms["SHA-512/ECDSA"] = "SHA-512withECDSA";
// base.SignatureAlgorithm
Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(true, m_privKey);
signer.BlockUpdate(hash, 0, hash.Length);
return(signer.GenerateSignature());
} // End Function SignHash
} // End Function GenerateCertificate
static bool ValidateSelfSignedCert(
Org.BouncyCastle.X509.X509Certificate cert,
Org.BouncyCastle.Crypto.ICipherParameters pubKey
)
{
cert.CheckValidity(System.DateTime.UtcNow);
byte[] tbsCert = cert.GetTbsCertificate(); // (TBS is short for To Be Signed), see RFC5280 for all the gory details.
byte[] sig = cert.GetSignature();
Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner(
cert.SigAlgName
);
signer.Init(false, pubKey);
signer.BlockUpdate(tbsCert, 0, tbsCert.Length);
return(signer.VerifySignature(sig));
} // End Function ValidateSelfSignedCert
} // End Function SignData
public static bool VerifySignature(Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters pubKey, string signature, string msg)
{
try
{
byte[] msgBytes = System.Text.Encoding.UTF8.GetBytes(msg);
byte[] sigBytes = System.Convert.FromBase64String(signature);
Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(false, pubKey);
signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
return(signer.VerifySignature(sigBytes));
}
catch (System.Exception exc)
{
System.Console.WriteLine("Verification failed with the error: " + exc.ToString());
return(false);
}
} // End Function VerifySignature
} // End Sub CerKeyInfo
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair
//public static string SignData(string msg, Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters privKey)
public static string SignData(string msg, Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey)
{
if (privKey == null)
{
throw new System.ArgumentNullException("privKey", "privKey is not allowed to be NULL.");
}
if (!privKey.IsPrivate)
{
throw new System.ArgumentException("Invalid private-key. PrivKey should be a private key. You passed a public-key...", "privKey");
}
try
{
if (msg == null)
{
msg = "";
}
byte[] msgBytes = System.Text.Encoding.UTF8.GetBytes(msg);
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
// algorithms["SHA-256WITHRSA"] = "SHA-256withRSA";
// algorithms["SHA-384WITHRSA"] = "SHA-384withRSA";
// algorithms["SHA-512WITHRSA"] = "SHA-512withRSA";
Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withRSA");
signer.Init(true, privKey);
signer.BlockUpdate(msgBytes, 0, msgBytes.Length);
byte[] sigBytes = signer.GenerateSignature();
return(System.Convert.ToBase64String(sigBytes));
}
catch (System.Exception exc)
{
System.Console.WriteLine("Signing Failed: " + exc.ToString());
return(null);
}
} // End Function SignData
// http://crypto.stackexchange.com/questions/5646/what-are-the-differences-between-a-digital-signature-a-mac-and-a-hash
// Integrity: Can the recipient be confident that the message has not been accidentally modified?
// Authentication: Can the recipient be confident that the message originates from the sender?
// Non-repudiation: If the recipient passes the message and the proof to a third party,
// can the third party be confident that the message originated from the sender?
// Cryptographic primitive | Hash | MAC | Digital
// Security Goal | | | signature
// ------------------------+------+-----------+-------------
// Integrity | Yes | Yes | Yes
// Authentication | No | Yes | Yes
// Non-repudiation | No | No | Yes
// ------------------------+------+-----------+-------------
// Kind of keys | none | symmetric | asymmetric
// | | keys | keys
static JsonWebToken()
{
JsonSerializer = new DefaultJsonSerializer();
UnixEpoch = new System.DateTime(1970, 1, 1, 0, 0, 0, 0, System.DateTimeKind.Utc);
// https://stackoverflow.com/questions/10055158/is-there-a-json-web-token-jwt-example-in-c
// https://stackoverflow.com/questions/34403823/verifying-jwt-signed-with-the-rs256-algorithm-using-public-key-in-c-sharp
// http://codingstill.com/2016/01/verify-jwt-token-signed-with-rs256-using-the-public-key/
HashAlgorithms = new System.Collections.Generic.Dictionary <JwtHashAlgorithm, GenericHashFunction_t>
{
{ JwtHashAlgorithm.None, delegate(JwtKey key, byte[] value)
{ throw new TokenAlgorithmRefusedException(); } },
{ JwtHashAlgorithm.HS256, delegate(JwtKey key, byte[] value)
{
// using (HMACSHA256 sha = new HMACSHA256(key.MacKeyBytes)) { return sha.ComputeHash(value); }
Org.BouncyCastle.Crypto.Macs.HMac hmac =
new Org.BouncyCastle.Crypto.Macs.HMac(
new Org.BouncyCastle.Crypto.Digests.Sha256Digest()
);
hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key.MacKeyBytes));
byte[] result = new byte[hmac.GetMacSize()];
hmac.BlockUpdate(value, 0, value.Length);
hmac.DoFinal(result, 0);
return(result);
} },
// { JwtHashAlgorithm.HS384, delegate(byte[] key, byte[]value) { using (HMACSHA384 sha = new HMACSHA384(key)) { return sha.ComputeHash(value); } } },
{ JwtHashAlgorithm.HS384, delegate(JwtKey key, byte[] value)
{
// using (HMACSHA384 sha = new HMACSHA384(key.MacKeyBytes)) { return sha.ComputeHash(value); }
Org.BouncyCastle.Crypto.Macs.HMac hmac =
new Org.BouncyCastle.Crypto.Macs.HMac(
new Org.BouncyCastle.Crypto.Digests.Sha384Digest()
);
hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key.MacKeyBytes));
byte[] result = new byte[hmac.GetMacSize()];
hmac.BlockUpdate(value, 0, value.Length);
hmac.DoFinal(result, 0);
return(result);
} },
{ JwtHashAlgorithm.HS512, delegate(JwtKey key, byte[] value)
{
// using (HMACSHA512 sha = new HMACSHA512(key.MacKeyBytes)) { return sha.ComputeHash(value); }
Org.BouncyCastle.Crypto.Macs.HMac hmac =
new Org.BouncyCastle.Crypto.Macs.HMac(
new Org.BouncyCastle.Crypto.Digests.Sha512Digest()
);
hmac.Init(new Org.BouncyCastle.Crypto.Parameters.KeyParameter(key.MacKeyBytes));
byte[] result = new byte[hmac.GetMacSize()];
hmac.BlockUpdate(value, 0, value.Length);
hmac.DoFinal(result, 0);
return(result);
} },
{ JwtHashAlgorithm.RS256, delegate(JwtKey key, byte[] value)
{
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withRSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
{ JwtHashAlgorithm.RS384, delegate(JwtKey key, byte[] value)
{
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-384withRSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
{
JwtHashAlgorithm.RS512
, delegate(JwtKey key, byte[] value)
{
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-512withRSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
}
},
// https://github.com/mono/mono/tree/master/mcs/class/referencesource/System.Core/System/Security/Cryptography
// https://github.com/mono/mono/blob/master/mcs/class/referencesource/System.Core/System/Security/Cryptography/ECDsaCng.cs
// https://github.com/mono/mono/blob/master/mcs/class/referencesource/System.Core/System/Security/Cryptography/ECDsa.cs
// ECDsaCng => next generation cryptography
// Is just a wrapper around ncrypt, plus some constructors throw on mono/netstandard... in short - horrible thing
{ JwtHashAlgorithm.ES256, delegate(JwtKey key, byte[] value) {
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
{ JwtHashAlgorithm.ES384, delegate(JwtKey key, byte[] value) {
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-384withECDSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
{ JwtHashAlgorithm.ES512, delegate(JwtKey key, byte[] value) {
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = key.PrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-512withECDSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
return(signer.GenerateSignature());
} },
};
} // End Constructor
public Ed25519Signer(string keyId, byte[] privateKey)
{
this.keyId = keyId;
signer = SignerUtilities.GetSigner("Ed25519");
signer.Init(true, new Ed25519PrivateKeyParameters(privateKey, 0));
}
} // End Function GenerateEcdsaKeyPair
public static void WritePrivatePublic(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair)
{
string privateKey = null;
string publicKey = null;
string bothKeys = null;
// id_rsa
using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
{
Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);
pemWriter.WriteObject(keyPair.Private);
pemWriter.Writer.Flush();
privateKey = textWriter.ToString();
} // End Using textWriter
// id_rsa.pub
using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
{
Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);
pemWriter.WriteObject(keyPair.Public);
pemWriter.Writer.Flush();
publicKey = textWriter.ToString();
} // End Using textWriter
// // This writes the same as private key, not both
//using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
//{
// Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);
// pemWriter.WriteObject(keyPair);
// pemWriter.Writer.Flush();
// bothKeys = textWriter.ToString();
//} // End Using textWriter
System.Console.WriteLine(privateKey);
System.Console.WriteLine(publicKey);
//System.Console.WriteLine(bothKeys);
// Org.BouncyCastle.Crypto.AsymmetricKeyParameter pk = ReadPrivateKey(privateKey);
// Org.BouncyCastle.Crypto.AsymmetricKeyParameter pubKey = ReadPublicKey(publicKey);
// ReadPublicKey(privateKey); // Cannot read this
// ReadPrivateKey(publicKey); // Cannot read this either...
ReadPublicKey(publicKey);
// ReadPrivateKey(publicKey);
Org.BouncyCastle.Crypto.AsymmetricKeyParameter privKey = ReadPrivateKey(privateKey);
byte[] value = System.Text.Encoding.UTF8.GetBytes("hello world");
// Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters privKey = pk; // key.EcPrivateKey;
Org.BouncyCastle.Crypto.ISigner signer =
// https://github.com/neoeinstein/bouncycastle/blob/master/crypto/src/security/SignerUtilities.cs
Org.BouncyCastle.Security.SignerUtilities.GetSigner("SHA-256withECDSA");
signer.Init(true, privKey);
signer.BlockUpdate(value, 0, value.Length);
byte[] signature = signer.GenerateSignature();
System.Console.WriteLine(signature);
} // End Sub WritePrivatePublic
private bool verifySign(byte[] certificateData, byte[] signature, byte[] data, string digestAlg, out string errorMessage)
{
try
{
Org.BouncyCastle.Asn1.X509.SubjectPublicKeyInfo ski = Org.BouncyCastle.Asn1.X509.X509CertificateStructure.GetInstance(Org.BouncyCastle.Asn1.Asn1Object.FromByteArray(certificateData)).SubjectPublicKeyInfo;
Org.BouncyCastle.Crypto.AsymmetricKeyParameter pk = Org.BouncyCastle.Security.PublicKeyFactory.CreateKey(ski);
string algStr = ""; //signature alg
//find digest
switch (digestAlg)
{
case "http://www.w3.org/2000/09/xmldsig#rsa-sha1":
algStr = "sha1";
break;
case "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256":
algStr = "sha256";
break;
case "http://www.w3.org/2001/04/xmldsig-more#rsa-sha384":
algStr = "sha384";
break;
case "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512":
algStr = "sha512";
break;
}
//find encryption
switch (ski.AlgorithmID.ObjectID.Id)
{
case "1.2.840.10040.4.1": //dsa
algStr += "withdsa";
break;
case "1.2.840.113549.1.1.1": //rsa
algStr += "withrsa";
break;
default:
errorMessage = "verifySign 5: Unknown key algId = " + ski.AlgorithmID.ObjectID.Id;
return(false);
}
Console.WriteLine("Hash digest pred decryptom: " + Convert.ToBase64String(data));
errorMessage = "verifySign 8: Creating signer: " + algStr;
Org.BouncyCastle.Crypto.ISigner verif = Org.BouncyCastle.Security.SignerUtilities.GetSigner(algStr);
verif.Init(false, pk);
verif.BlockUpdate(data, 0, data.Length);
bool res = verif.VerifySignature(signature);
Console.WriteLine("Hodnota pk je: " + pk.GetHashCode());
Console.WriteLine("Hash digest po decrypte: " + Convert.ToBase64String(data));
Console.WriteLine("- ");
Console.WriteLine("Hodnota je " + res);
Console.WriteLine("- ");
if (!res)
{
errorMessage = "verifySign 9: VerifySignature=false: dataB64=" + Convert.ToBase64String(data) + Environment.NewLine + "signatureB64=" + Convert.ToBase64String(signature) + Environment.NewLine + "certificateDataB64=" + Convert.ToBase64String(certificateData);
}
return(res);
}
catch (Exception ex)
{
errorMessage = "verifySign 10: " + ex.ToString();
return(false);
}
}
public Ed25519Veifier(byte[] publicKey)
{
signer = SignerUtilities.GetSigner("Ed25519");
signer.Init(false, new Ed25519PublicKeyParameters(publicKey, 0));
}
