public override byte[] ExportEncryptedPkcs8PrivateKey( ReadOnlySpan <char> password, PbeParameters pbeParameters) { if (pbeParameters == null) { throw new ArgumentNullException(nameof(pbeParameters)); } PasswordBasedEncryption.ValidatePbeParameters( pbeParameters, password, ReadOnlySpan <byte> .Empty); if (CngPkcs8.IsPlatformScheme(pbeParameters)) { return(ExportEncryptedPkcs8(password, pbeParameters.IterationCount)); } return(CngPkcs8.ExportEncryptedPkcs8PrivateKey( this, password, pbeParameters)); }
public override bool TryExportEncryptedPkcs8PrivateKey( ReadOnlySpan <char> password, PbeParameters pbeParameters, Span <byte> destination, out int bytesWritten) => _wrapped.TryExportEncryptedPkcs8PrivateKey(password, pbeParameters, destination, out bytesWritten);
public override byte[] ExportEncryptedPkcs8PrivateKey( ReadOnlySpan <byte> passwordBytes, PbeParameters pbeParameters !!) { return(CngPkcs8.ExportEncryptedPkcs8PrivateKey(
public override byte[] ExportEncryptedPkcs8PrivateKey( ReadOnlySpan <char> password, PbeParameters pbeParameters) => _wrapped.ExportEncryptedPkcs8PrivateKey(password, pbeParameters);
/// <summary> /// Exports the current key in the PKCS#8 EncryptedPrivateKeyInfo format /// with a char-based password, PEM encoded. /// </summary> /// <param name="password"> /// The password to use when encrypting the key material. /// </param> /// <param name="pbeParameters"> /// The password-based encryption (PBE) parameters to use when encrypting the key material. /// </param> /// <returns>A string containing the PEM-encoded PKCS#8 EncryptedPrivateKeyInfo.</returns> /// <exception cref="NotImplementedException"> /// An implementation for <see cref="ExportEncryptedPkcs8PrivateKey(ReadOnlySpan{char}, PbeParameters)" /> or /// <see cref="TryExportEncryptedPkcs8PrivateKey(ReadOnlySpan{char}, PbeParameters, Span{byte}, out int)" /> has not been provided. /// </exception> /// <exception cref="CryptographicException"> /// The key could not be exported. /// </exception> /// <remarks> /// <p> /// When <paramref name="pbeParameters" /> indicates an algorithm that /// uses PBKDF2 (Password-Based Key Derivation Function 2), the password /// is converted to bytes via the UTF-8 encoding. /// </p> /// <p> /// A PEM-encoded PKCS#8 EncryptedPrivateKeyInfo will begin with /// <c>-----BEGIN ENCRYPTED PRIVATE KEY-----</c> and end with /// <c>-----END ENCRYPTED PRIVATE KEY-----</c>, with the base64 encoded DER /// contents of the key between the PEM boundaries. /// </p> /// <p> /// The PEM is encoded according to the IETF RFC 7468 "strict" /// encoding rules. /// </p> /// </remarks> public unsafe string ExportEncryptedPkcs8PrivateKeyPem(ReadOnlySpan <char> password, PbeParameters pbeParameters) { byte[] exported = ExportEncryptedPkcs8PrivateKey(password, pbeParameters); // Fixed to prevent GC moves. fixed(byte *pExported = exported) { try { return(PemKeyHelpers.CreatePemFromData(PemLabels.EncryptedPkcs8PrivateKey, exported)); } finally { CryptographicOperations.ZeroMemory(exported); } } }
/// <summary> /// Attempts to export the current key in the PKCS#8 EncryptedPrivateKeyInfo /// format into a provided buffer, using a byte-based password. /// </summary> /// <param name="passwordBytes"> /// The bytes to use as a password when encrypting the key material. /// </param> /// <param name="pbeParameters"> /// The password-based encryption (PBE) parameters to use when encrypting /// the key material. /// </param> /// <param name="destination"> /// The byte span to receive the PKCS#8 EncryptedPrivateKeyInfo data. /// </param> /// <param name="bytesWritten"> /// When this method returns, contains a value that indicates the number /// of bytes written to <paramref name="destination" />. This parameter /// is treated as uninitialized. /// </param> /// <returns> /// <see langword="true" /> if <paramref name="destination" /> is big enough /// to receive the output; otherwise, <see langword="false" />. /// </returns> /// <exception cref="ArgumentNullException"> /// <paramref name="pbeParameters" /> is <see langword="null" />. /// </exception> /// <exception cref="NotSupportedException"> /// A derived class has not provided an implementation for <see cref="ExportParameters" />. /// </exception> /// <exception cref="CryptographicException"> /// <p> /// The key could not be exported. /// </p> /// <p>-or-</p> /// <p> /// <paramref name="pbeParameters" /> indicates that <see cref="PbeEncryptionAlgorithm.TripleDes3KeyPkcs12" /> /// should be used, which requires <see langword="char" />-based passwords. /// </p> /// </exception> /// <remarks> /// The password bytes are passed directly into the Key Derivation Function (KDF) /// used by the algorithm indicated by <paramref name="pbeParameters" />. This /// enables compatibility with other systems which use a text encoding other than /// UTF-8 when processing passwords with PBKDF2 (Password-Based Key Derivation Function 2). /// </remarks> public override unsafe bool TryExportEncryptedPkcs8PrivateKey( ReadOnlySpan <byte> passwordBytes, PbeParameters pbeParameters !!,
internal static byte[] ExportEncryptedPkcs8PrivateKey( AsymmetricAlgorithm key, ReadOnlySpan <byte> passwordBytes, PbeParameters pbeParameters !!) {