/**
         * An implementation of the RSASP method: Assuming that the designated
         * RSA private key is a valid one, this method computes a signature
         * representative for a designated message representative signed
         * by the holder of the designated RSA private key.
         * 
         * @param K the RSA private key.
         * @param m the message representative: an integer between
         *          0 and n - 1, where n
         *          is the RSA modulus.
         * @return the signature representative, an integer between
         *         0 and n - 1, where n
         *         is the RSA modulus.
         */
        public static BigInteger RSASP1(RSAKey K, BigInteger m)
        {
            // 1. If the representative c is not between 0 and n - 1, output
            // "representative out of range" and stop.
            BigInteger n = K.getModulus();
            if (m.CompareTo(BigInteger.Zero) < 0 || m.CompareTo(n - BigInteger.One) > 0)
                throw new ArgumentException();
            // 2. The representative m is computed as follows.
            BigInteger result;
            // a. If the first form (n, d) of K is used, let m = c^d mod n.
            BigInteger d = K.getExponent();
            result = BigInteger.ModPow(m, d, n);

            // 3. Output m
            return result;
        }
 private void btnGeneratePublicKey_Click(object sender, EventArgs e)
 {
     BigInteger p = PrimeNumberGenerator.GenerateLargePrime(155);
     BigInteger q = PrimeNumberGenerator.GenerateLargePrime(152);
     BigInteger n = p * q;
     BigInteger publ_e = PrimeNumberGenerator.GenerateLargePrime(6);
     RSAKey publicKey = new RSAKey(n, publ_e);
     inputPublicModulus.Text = publicKey.getModulus().ToString();
     inputPublicExponent.Text = publicKey.getExponent().ToString();
 }
 private void btnGeneratePrivateKey_Click(object sender, EventArgs e)
 {
     RSAKey privateKey;
     RSAKey publicKey;
     BigInteger encrypted;
     BigInteger decrypted;
     BigInteger test = new BigInteger(11);
     do
     {
         BigInteger p = PrimeNumberGenerator.GenerateLargePrime(155);
         BigInteger q = PrimeNumberGenerator.GenerateLargePrime(152);
         BigInteger n = p * q;
         BigInteger fi = (p - 1) * (q - 1);
         BigInteger publ_e = genCoPrime(fi);
         BigInteger d = modInverse(publ_e, fi);
         
         privateKey = new RSAKey(n, d);
         publicKey = new RSAKey(n, publ_e);
         encrypted = RSAPKCS1V1_5Signature.RSASP1(privateKey, test);
         decrypted = RSAPKCS1V1_5Signature.RSAVP1(publicKey, encrypted);
     } while (test != decrypted);
     //BigInteger n = BigInteger.Parse("145906768007583323230186939349070635292401872375357164399581871019873438799005358938369571402670149802121818086292467422828157022922076746906543401224889672472407926969987100581290103199317858753663710862357656510507883714297115637342788911463535102712032765166518411726859837988672111837205085526346618740053");
     //BigInteger publ_e = BigInteger.Parse("65537");
     //BigInteger d = BigInteger.Parse("89489425009274444368228545921773093919669586065884257445497854456487674839629818390934941973262879616797970608917283679875499331574161113854088813275488110588247193077582527278437906504015680623423550067240042466665654232383502922215493623289472138866445818789127946123407807725702626644091036502372545139713");
     
     inputPrivateModulus.Text = privateKey.getModulus().ToString();
     inputPrivateExponent.Text = privateKey.getExponent().ToString();
     inputPublicModulus.Text = publicKey.getModulus().ToString();
     inputPublicExponent.Text = publicKey.getExponent().ToString();
 }
 /**
  * Signature verification operation.
  * 
  *  @param K signer's RSA public key
  *  @param M message whose signature is to be verified, an octet string
  *  @param S signature to be verified, an octet string of length k, where
  *           k is the length in octets of the RSA modulus n
  *  
  *  @return true/false - "valid signature"/"invalid signature"
  */
 public static bool verify(RSAKey K, String M, byte[] S)
 {
     // 1. Length checking: If the length of the signature S is not k octets,
     // output "invalid signature" and stop.
     int modBits = bitLength(K.getModulus());
     int k = (modBits + 7) / 8;
     if (S.Length != k)
         return false;
     // 2. RSA verification:
     // a. Convert the signature S to an integer signature representative
     // s (see Section 4.2): s = OS2IP (S).
     BigInteger s = OS2IP(S);
     // b. Apply the RSAVP1 verification primitive (Section 5.2.2) to the
     // RSA public key (n, e) and the signature representative s to
     // produce an integer message representative m:
     // m = RSAVP1 ((n, e), s).
     // If RSAVP1 outputs "signature representative out of range,"
     // output "invalid signature" and stop.
     BigInteger m;
     try
     {
         m = RSAVP1(K, s);
     }
     catch (ArgumentException x)
     {
         return false;
     }
     // c. Convert the message representative m to an encoded message EM
     // of length k octets (see Section 4.1): EM = I2OSP (m, k).
     // If I2OSP outputs "integer too large," output "invalid signature"
     // and stop.
     byte[] EM;
     try
     {
         EM = I2OSP(m, k);
     }
     catch (ArgumentException x)
     {
         return false;
     }
     // 3. EMSA-PKCS1-v1_5 encoding: Apply the EMSA-PKCS1-v1_5 encoding
     // operation (Section 9.2) to the message M to produce a second
     // encoded message EM' of length k octets:
     // EM' = EMSA-PKCS1-V1_5-ENCODE (M, k).
     // If the encoding operation outputs "message too long," output
     // "message too long" and stop. If the encoding operation outputs
     // "intended encoded message length too short," output "RSA modulus
     // too short" and stop.
     byte[] EMp = EMSA_PKCS1_V1_5_ENCODE(M, k).Reverse().ToArray();
     // 4. Compare the encoded message EM and the second encoded message EM'.
     // If they are the same, output "valid signature"; otherwise, output
     // "invalid signature."
     for (int i = 0; i < EM.Length; i++)
     {
         if (EM[i] != EMp[i])
         {
             return false;
         }
     }
         return true;
 }
 /**
  * Signature generation operation.
  * 
  * @param K signer's RSA private key
  * @param M message to be signed, an octet string
  * @return signature, an octet string of length k, where k is the length in octets of the RSA modulus n
  */
 public static byte[] sign(RSAKey K, String M)
 {
     // 1. EMSA-PKCS1-v1_5 encoding: Apply the EMSA-PKCS1-v1_5 encoding
     // operation (Section 9.2) to the message M to produce an encoded
     // message EM of length k octets:
     //
     // EM = EMSA-PKCS1-V1_5-ENCODE (M, k).
     //
     // If the encoding operation outputs "message too long," output
     // "message too long" and stop. If the encoding operation outputs
     // "intended encoded message length too short," output "RSA modulus
     // too short" and stop.
     int modBits = bitLength(K.getModulus());
     int k = (modBits + 7) / 8;
     byte[] EM = EMSA_PKCS1_V1_5_ENCODE(M, k);
     BigInteger test = OS2IP(EM);
     // 2. RSA signature:
     // a. Convert the encoded message EM to an integer message epresentative
     // m (see Section 4.2): m = OS2IP (EM).
     BigInteger m = OS2IP(EM);
     // b. Apply the RSASP1 signature primitive (Section 5.2.1) to the RSA
     // private key K and the message representative m to produce an
     // integer signature representative s: s = RSASP1 (K, m).
     BigInteger s = RSASP1(K, m);
     // c. Convert the signature representative s to a signature S of length
     // k octets (see Section 4.1): S = I2OSP (s, k).
     // 3. Output the signature S.
     return I2OSP(s, k);
 }
 /**
  * An implementation of the RSAVP method: Assuming that the designated
  * RSA public key is a valid one, this method computes a message
  * representative for the designated signature representative
  * generated by an RSA private key, for a message intended for the holder of
  * the designated RSA public key.
  * 
  * @param K the RSA public key.
  * @param s the signature representative, an integer between
  *          0 and n - 1, where n is the RSA modulus.
  * @return a message representative: an integer between 0
  *         and n - 1, where n is the RSA modulus.
  */
 public static BigInteger RSAVP1(RSAKey K, BigInteger s)
 {
     // 1. If the representative m is not between 0 and n - 1, output
     // "representative out of range" and stop.
     BigInteger n = K.getModulus();
     if (s.CompareTo(BigInteger.Zero) < 0 || s.CompareTo(n - BigInteger.One) > 0)
         throw new ArgumentException();
     // 2. Let c = m^e mod n.
     BigInteger e = K.getExponent();
     BigInteger result = BigInteger.ModPow(s, e, n); ;
     // 3. Output c.
     return result;
 }