static void Main(string[] args)
{
Console.WriteLine("\n --- RSA.ALGORITHM ---\n");
RsaAlgorithm rsa = new RsaAlgorithm();
RsaPublicKey publicKey = rsa.GetPublicKeyEN();
RsaPrivateKey privateKey = rsa.GetPrivateKeyDN();
Console.WriteLine($" * Private key: {privateKey.D}, {privateKey.N}");
Console.WriteLine($" * Public key: {publicKey.E}, {publicKey.N}");
int input;
do
{
Console.Write("\n - Enter for encrypt/decrypt (1 - 10000): ");
input = int.Parse(Console.ReadLine() ?? string.Empty);
} while (input < 1 || input > 10000);
int encrypt = rsa.EncryptMessage(input);
int decrypt = rsa.DecryptMessage(encrypt);
Console.WriteLine($"\n * Encrypt: {encrypt}");
Console.WriteLine($" * Decrypt: {decrypt}");
Console.Write("\n --- Press <ENTER>: ");
Console.ReadLine();
}
/// <summary>
/// Parsing encrypted FEK data from <see cref="byte"/>[].
/// </summary>
/// <param name="fekEncrypted">Encrypted FEK data.</param>
/// <param name="privateKey">Users private RSA key used for decryption of encrypted FEK data.</param>
public void ParseFek(byte[] fekEncrypted, RSAParameters privateKey)
{
var fekData = new RsaAlgorithm(privateKey).Decrypt(fekEncrypted); // decryption of FEK data (Key length + Key)
var keyLength = BitConverter.ToInt16(fekData, 0); // parse Key length
Key = new byte[keyLength];
Buffer.BlockCopy(fekData, 2, Key, 0, Key.Length); // parse Key byte[]
}
/// <summary>
/// Second part of 2FA.
/// </summary>
/// <param name="user">User information.</param>
/// <param name="certificate">User <see cref="X509Certificate2"/> public certificate in raw form.</param>
/// <param name="usersDb">Enigma's user database.</param>
/// <param name="crlListPath">Path on FS to CRL directory.</param>
/// <param name="caTrustListPath">Path on FS to CA trust list.</param>
public void LoginPartTwo(User user, byte[] certificate, UserDatabase usersDb, string crlListPath, string caTrustListPath)
{
var userCert = new X509Certificate2(certificate);
var publicKeyFromCertificate = ((RSACryptoServiceProvider)userCert.PublicKey.Key).ExportParameters(false);
// compare user public RSA key from x509 public certificate with a public RSA key that was stored when user first registered
if (!RsaAlgorithm.CompareKeys(publicKeyFromCertificate, RsaAlgorithm.ExportParametersFromXmlString(user.PublicKey, false)))
{
throw new Exception("Wrong certificate used.");
}
// if wrong file is loaded instead of the x509 public certificate in PEM format
if (userCert == null)
{
throw new Exception("Certificate error.");
}
// update user last login time and reset atttemp count
usersDb.UpdateLoginTime(user, DateTime.Now.ToString("dddd, MMM dd yyyy, hh:mm:ss"));
// reset login attempt if necessary
if (user.LoginAttempt != 0)
{
usersDb.ResetLoginAttempts(user);
}
//if (CertificateValidator.VerifyCertificate(userCert, out var errorMsg, false) == false)
//{
// throw new Exception(errorMsg);
//}
// Check if the certificate has been revoked and set Revoked value if necessary.
if (CertificateValidator.VerifyCertificateRevocationStatus(userCert, crlListPath, caTrustListPath))
{
usersDb.SetCertificateRevokeStatus(user);
//throw new Exception("Certificate has been revoked.");
}
}
public static RSAParameters GetPrivateKey(byte[] encryptedPrivateKey, string password)
{
var keyRaw = DecryptTheUserKey(encryptedPrivateKey, password);
return(RsaAlgorithm.ExportParametersFromPemKey(Encoding.ASCII.GetString(keyRaw), true));
}
//public void LoginPartTwo(string privateKeyPath, string password, UserInformation user)
//{
// this.privateKeyPath = privateKeyPath;
// // decrypt the raw key file and create keyRaw
// var keyRaw = DecryptTheUserKey(File.ReadAllBytes(this.privateKeyPath), password);
// var privateParameters = new KeyFileParser(keyRaw).GetParameters();
// var publicKeyProvider = (RSACryptoServiceProvider)user.Certificate.PublicKey.Key;
// if (!RsaAlgorithm.CompareKeys(publicKeyProvider.ExportParameters(false), privateParameters))
// {
// throw new Exception("The given private key does not match this user's certificate.");
// }
//}
/// <summary>
/// Gets users private RSA key from encryped user's key.
/// </summary>
/// <param name="encryptedPrivateKeyPath">Path to the user's encrypted RSA key haystack.</param>
/// <param name="password">Users private RSA key password.</param>
/// <returns>Users private RSA key.</returns>
public RSAParameters GetPrivateKey(string encryptedPrivateKeyPath, string password)
{
var keyRaw = DecryptTheUserKey(File.ReadAllBytes(encryptedPrivateKeyPath), password);
return(RsaAlgorithm.ExportParametersFromPemKey(Encoding.ASCII.GetString(keyRaw), true));
}
