public void ExtractEd25519PublicKeyFromEd25519SecretKeyTest()
{
var kp = PublicKeyAuth.GenerateKeyPair();
var pub = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(kp.Secret);
Assert.AreEqual(Convert.ToBase64String(kp.Public), Convert.ToBase64String(pub));
}
public void ExtractEd25519PublicKeyFromEd25519SecretKey()
{
// generate an Ed25519 keypair
var keypair = PublicKeyAuth.GenerateKeyPair();
// extract the seed from the generated keypair
var publicKey = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(keypair.PrivateKey);
CollectionAssert.AreEqual(keypair.PublicKey, publicKey);
}
public static SodiumSecurityKey FromPrivateKey(byte[] privateKey)
{
if (privateKey.Length != PrivateKeyLength)
{
throw new ArgumentException($"PrivateKey needs to have a length of {PrivateKeyLength} bytes.", nameof(privateKey));
}
var publicKey = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(privateKey);
return(new SodiumSecurityKey(privateKey, publicKey));
}
/// <summary>
/// Encrypts data with a public key
/// </summary>
/// <param name="data">String data to encrypt</param>
/// <param name="publicKey">32 byte public key</param>
/// <param name="version">Int version to generated</param>
/// <param name="nonce">24 byte nonce.</param>
/// <returns>byte[] containing the encrypted data</returns>
public byte[] Encrypt(String data, byte[] publicKey, int version, byte[] nonce)
{
if (publicKey.Length != PublicKeyBox.PublicKeyBytes)
{
throw new ArgumentException(String.Format("Public key should be %d bytes", PublicKeyBox.PublicKeyBytes));
}
if (nonce.Length != 24)
{
throw new ArgumentException(String.Format("Nonce should be %d bytes", 24));
}
this.nonce = nonce;
if (version == 2)
{
try {
byte[] header = Sodium.Utilities.HexToBinary("DE259002");
byte[] body = this.EncryptBody(data, publicKey, nonce);
if (body == null)
{
throw new EncryptionFailedException();
}
publicKey = ScalarMult.Base(this.secretKey);
byte[] sigPubKey = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(this.signatureSecretKey);
byte[] signature = this.Sign(data);
if (signature == null)
{
throw new EncryptionFailedException();
}
MemoryStream m = new MemoryStream();
m.Write(header, 0, header.Length);
m.Write(nonce, 0, nonce.Length);
m.Write(publicKey, 0, publicKey.Length);
m.Write(body, 0, body.Length);
m.Write(sigPubKey, 0, sigPubKey.Length);
m.Write(signature, 0, signature.Length);
byte[] payload = m.ToArray();
byte[] checksum = GenericHash.Hash(payload, nonce, 64);
m.Write(checksum, 0, checksum.Length);
return(m.ToArray());
} catch (Exception e) {
throw new EncryptionFailedException("Unable to encrypt message.", e);
}
}
return(this.EncryptBody(data, publicKey, nonce));
}
public static Key Create(string base64EncodedPrivateKey = null)
{
byte[] privateKey;
byte[] publicKey;
if (string.IsNullOrEmpty(base64EncodedPrivateKey))
{
var keyPair = PublicKeyAuth.GenerateKeyPair();
privateKey = keyPair.PrivateKey;
publicKey = keyPair.PublicKey;
}
else
{
privateKey = Convert.FromBase64String(base64EncodedPrivateKey);
publicKey = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(privateKey);
}
return(new Key(privateKey, publicKey));
}
/// <summary>
/// Load a public key into a MinisignPublicKey object.
/// </summary>
/// <param name="privateKey">A valid private key.</param>
/// <param name="password">The password to decrypt the private key.</param>
/// <returns>A MinisignPrivateKey object.</returns>
/// <exception cref="OverflowException"></exception>
/// <exception cref="CorruptPrivateKeyException"></exception>
/// <exception cref="ArgumentOutOfRangeException"></exception>
/// <exception cref="ArgumentException"></exception>
/// <exception cref="ArgumentNullException"></exception>
public static MinisignPrivateKey LoadPrivateKey(byte[] privateKey, byte[] password)
{
if (privateKey == null)
{
throw new ArgumentException("missing privateKey input", nameof(privateKey));
}
if (password == null)
{
throw new ArgumentException("missing password input", nameof(password));
}
var minisignPrivateKey = new MinisignPrivateKey
{
SignatureAlgorithm = ArrayHelpers.SubArray(privateKey, 0, 2),
KdfAlgorithm = ArrayHelpers.SubArray(privateKey, 2, 2),
ChecksumAlgorithm = ArrayHelpers.SubArray(privateKey, 4, 2),
KdfSalt = ArrayHelpers.SubArray(privateKey, 6, 32),
KdfOpsLimit = BitConverter.ToInt64(ArrayHelpers.SubArray(privateKey, 38, 8), 0), //currently unused
KdfMemLimit = BitConverter.ToInt64(ArrayHelpers.SubArray(privateKey, 46, 8), 0) //currently unused
};
if (!minisignPrivateKey.SignatureAlgorithm.SequenceEqual(Encoding.UTF8.GetBytes(Sigalg)))
{
throw new CorruptPrivateKeyException("bad SignatureAlgorithm");
}
if (!minisignPrivateKey.ChecksumAlgorithm.SequenceEqual(Encoding.UTF8.GetBytes(Chkalg)))
{
throw new CorruptPrivateKeyException("bad ChecksumAlgorithm");
}
if (!minisignPrivateKey.KdfAlgorithm.SequenceEqual(Encoding.UTF8.GetBytes(Kdfalg)))
{
throw new CorruptPrivateKeyException("bad KdfAlgorithm");
}
if (minisignPrivateKey.KdfSalt.Length != KeySaltBytes)
{
throw new CorruptPrivateKeyException("bad KdfSalt length");
}
var encryptedKeyData = ArrayHelpers.SubArray(privateKey, 54, 104);
var decryptionKey = PasswordHash.ScryptHashBinary(password, minisignPrivateKey.KdfSalt,
PasswordHash.Strength.Sensitive,
104);
var decryptedKeyData = EncryptionHelpers.Xor(encryptedKeyData, decryptionKey);
minisignPrivateKey.KeyId = ArrayHelpers.SubArray(decryptedKeyData, 0, 8);
minisignPrivateKey.SecretKey = ArrayHelpers.SubArray(decryptedKeyData, 8, 64);
minisignPrivateKey.Checksum = ArrayHelpers.SubArray(decryptedKeyData, 72, 32);
if (minisignPrivateKey.KeyId.Length != KeyNumBytes)
{
throw new CorruptPrivateKeyException("bad KeyId length");
}
var calculatedChecksum =
GenericHash.Hash(
ArrayHelpers.ConcatArrays(minisignPrivateKey.SignatureAlgorithm, minisignPrivateKey.KeyId,
minisignPrivateKey.SecretKey), null, 32);
if (!ArrayHelpers.ConstantTimeEquals(minisignPrivateKey.Checksum, calculatedChecksum))
{
throw new CorruptPrivateKeyException("bad private key checksum");
}
// extract the public key from the private key
minisignPrivateKey.PublicKey =
PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(minisignPrivateKey.SecretKey);
return(minisignPrivateKey);
}
public static Tuple <byte[], byte[]> GenerateKeyPairFromPrivateKey(byte[] privateKey)
{
var publicKey = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(privateKey);
return(new Tuple <byte[], byte[]>(publicKey, privateKey));
}
public static byte[] GetEd25519PublicKey(byte[] privateKey)
{
byte[] publicKey = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(privateKey);
return(Utilities.ConcatArrays(Constants.Ed25519KeyHeader, publicKey));
}
static byte[] deriveEd25519PublicKey(byte[] privateKey)
{
return(PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(privateKey));
}
/// <summary>
/// Extracts the signature public key from the provided private key
/// </summary>
/// <returns>32 byte signature public key</returns>
public byte[] GetSignaturePublicKey()
{
return(PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(this._signature));
}
public static byte[] GetEd25519PublicKey(byte[] privateKey)
{
byte[] publicKey = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(privateKey);
CryptographicOperations.ZeroMemory(privateKey);
return(Arrays.Concat(Constants.Ed25519KeyHeader, publicKey));
}
