// "private class Pkcs12Test" @ https://github.com/bcgit/bc-csharp/blob/b19e68a517e56ef08cd2e50df4dcb8a96ddbe507/crypto/test/src/test/PBETest.cs
// https://github.com/bcgit/bc-csharp/blob/b19e68a517e56ef08cd2e50df4dcb8a96ddbe507/crypto/src/crypto/generators/Pkcs12ParametersGenerator.cs
// https://github.com/bcgit/bc-csharp/blob/master/crypto/src/crypto/BufferedStreamCipher.cs
// https://github.com/bcgit/bc-csharp/blob/master/crypto/src/crypto/io/CipherStream.cs
// https://forum.facepunch.com/f/nerds/payx/How-can-I-encrypt-a-txt-file/1/#posticazt
public static void EncryptStreamPBE(
Action <Stream> streamWriter,
Stream outStream,
EncryptionAlgorithm algorithm,
string key)
{
var pbeAlg = PBEAlgorithmMap[algorithm];
var digest = pbeAlg.Digest;
byte[] salt = DigestUtilities.DoFinal(digest);
PbeParametersGenerator pGen = new Pkcs12ParametersGenerator(digest);
pGen.Init(
PbeParametersGenerator.Pkcs12PasswordToBytes(key.ToArray()),
salt,
IterationCount);
ParametersWithIV parameters = (ParametersWithIV)
pGen.GenerateDerivedParameters(pbeAlg.BaseAlgorithm, pbeAlg.KeySize, pbeAlg.IVSize);
KeyParameter encKey = (KeyParameter)parameters.Parameters;
IBufferedCipher c = CipherUtilities.GetCipher(pbeAlg.BaseAlgorithm + "/CBC/PKCS7Padding");
c.Init(true, parameters);
using (CipherStream encStream = new CipherStream(outStream, null, c))
{
streamWriter(encStream);
}
}
static public Task <byte[]> GetKey(string password, byte[] salt, int count)
{
return(Task.Run(() =>
{
var pgen = new Pkcs12ParametersGenerator(new Sha256Digest());
pgen.Init(PbeParametersGenerator.Pkcs12PasswordToBytes(password.ToCharArray()), salt, count);
var key = (KeyParameter)pgen.GenerateDerivedParameters("AES", 32 * 8);
return key.GetKey();
}));
}
private void Run1(int id, char[] password, byte[] salt, int iCount, byte[] result)
{
PbeParametersGenerator generator = new Pkcs12ParametersGenerator(new Sha1Digest());
generator.Init(PbeParametersGenerator.Pkcs12PasswordToBytes(password), salt, iCount);
ICipherParameters key = generator.GenerateDerivedParameters("DESEDE", 24 * 8);
if (!Arrays.AreEqual(result, ((KeyParameter)key).GetKey()))
{
Fail("id " + id + " Failed");
}
}
private static KeyParameter KeyGen(string salt)
{
string text = Guid.NewGuid().ToString();
saltString = salt;
byte[] bytes = Encoding.UTF8.GetBytes(saltString);
char[] password = text.ToCharArray();
byte[] password2 = PbeParametersGenerator.Pkcs12PasswordToBytes(password);
IDigest digest = new Sha1Digest();
PbeParametersGenerator pbeParametersGenerator = new Pkcs12ParametersGenerator(digest);
pbeParametersGenerator.Init(password2, bytes, 32768);
return((KeyParameter)pbeParametersGenerator.GenerateDerivedParameters("AES", 256));
}
private void Run2(int id, char[] password, byte[] salt, int iCount, byte[] result)
{
PbeParametersGenerator generator = new Pkcs12ParametersGenerator(new Sha1Digest());
generator.Init(PbeParametersGenerator.Pkcs12PasswordToBytes(password), salt, iCount);
ParametersWithIV parameters = (ParametersWithIV)
generator.GenerateDerivedParameters("DES", 64, 64);
if (!Arrays.AreEqual(result, parameters.GetIV()))
{
Fail("id " + id + " Failed");
}
}
private Asn1Encodable CreateDERForRecipient(byte[] inp, X509Certificate cert)
{
string algorithm = PkcsObjectIdentifiers.RC2Cbc.Id;
Pkcs12ParametersGenerator apg;
CipherKeyGenerator keygen;
IBufferedCipher cipher;
try
{
apg = new Pkcs12ParametersGenerator(new Sha1Digest());//TODO Check
keygen = GeneratorUtilities.GetKeyGenerator(algorithm);
cipher = CipherUtilities.GetCipher(algorithm);
}
catch (Exception e)
{
// happens when using the command line app .jar file
throw new IOException("Could not find a suitable javax.crypto provider for algorithm " +
algorithm + "; possible reason: using an unsigned .jar file", e);
}
//TODO apg.Init(PbeParametersGenerator.Pkcs12PasswordToBytes(password), salt, iCount);
var parameters = apg.GenerateDerivedParameters(algorithm, inp.Length * 8);
Asn1Encodable obj = null;
//TODO
//using (Asn1InputStream input = new Asn1InputStream(parameters.getEncoded("ASN.1")))
//{
// obj = input.ReadObject();
//}
keygen.Init(new KeyGenerationParameters(new SecureRandom(), 128));
var secretkey = keygen.GenerateKey();
//TODO cipher.Init(true, secretkey, parameters);
byte[] bytes = cipher.DoFinal(inp);
var recipientInfo = ComputeRecipientInfo(cert, secretkey);
var set = new DerSet(new RecipientInfo(recipientInfo));
var algorithmId = new AlgorithmIdentifier(new DerObjectIdentifier(algorithm), obj);
var encryptedInfo = new EncryptedContentInfo(PkcsObjectIdentifiers.Data, algorithmId, new DerOctetString(bytes));
var enveloped = new EnvelopedData(null, set, encryptedInfo, (Asn1Set)null);
var contentInfo = new Org.BouncyCastle.Asn1.Cms.ContentInfo(PkcsObjectIdentifiers.EnvelopedData, enveloped);
return(contentInfo.Content);
}
public override void PerformTest()
{
int iCount = 100;
byte[] salt = DigestUtilities.DoFinal(digest);
PbeParametersGenerator pGen = new Pkcs12ParametersGenerator(digest);
pGen.Init(
PbeParametersGenerator.Pkcs12PasswordToBytes(password),
salt,
iCount);
ParametersWithIV parameters = (ParametersWithIV)
pGen.GenerateDerivedParameters(baseAlgorithm, keySize, ivSize);
KeyParameter encKey = (KeyParameter)parameters.Parameters;
IBufferedCipher c;
if (baseAlgorithm.Equals("RC4"))
{
c = CipherUtilities.GetCipher(baseAlgorithm);
c.Init(true, encKey);
}
else
{
c = CipherUtilities.GetCipher(baseAlgorithm + "/CBC/PKCS7Padding");
c.Init(true, parameters);
}
byte[] enc = c.DoFinal(salt);
c = CipherUtilities.GetCipher(algorithm);
// PBEKeySpec keySpec = new PBEKeySpec(password, salt, iCount);
// SecretKeyFactory fact = SecretKeyFactory.getInstance(algorithm);
//
// c.Init(false, fact.generateSecret(keySpec));
Asn1Encodable algParams = PbeUtilities.GenerateAlgorithmParameters(
algorithm, salt, iCount);
ICipherParameters cipherParams = PbeUtilities.GenerateCipherParameters(
algorithm, password, algParams);
c.Init(false, cipherParams);
byte[] dec = c.DoFinal(enc);
if (!AreEqual(salt, dec))
{
Fail("" + algorithm + "failed encryption/decryption test");
}
// NB: We don't support retrieving parameters from cipher
// //
// // get the parameters
// //
// AlgorithmParameters param = c.getParameters();
// PBEParameterSpec spec = (PBEParameterSpec)param.getParameterSpec(PBEParameterSpec.class);
//
// if (!AreEqual(salt, spec.getSalt()))
// {
// Fail("" + algorithm + "failed salt test");
// }
//
// if (iCount != spec.getIterationCount())
// {
// Fail("" + algorithm + "failed count test");
// }
// NB: This section just repeats earlier test passing 'param' separately
// //
// // try using parameters
// //
// keySpec = new PBEKeySpec(password);
//
// c.Init(false, fact.generateSecret(keySpec), param);
//
// dec = c.DoFinal(enc);
//
// if (!AreEqual(salt, dec))
// {
// Fail("" + algorithm + "failed encryption/decryption test");
// }
}