internal ECDiffieHellmanCngPublicKey(CngKey key) : base(key.Export(CngKeyBlobFormat.EccPublicBlob)) { this.m_format = CngKeyBlobFormat.EccPublicBlob; new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); this.m_key = CngKey.Open(key.Handle, key.IsEphemeral ? CngKeyHandleOpenOptions.EphemeralKey : CngKeyHandleOpenOptions.None); CodeAccessPermission.RevertAssert(); }
/// <summary> /// Create a CNG Key and form as string. /// </summary> /// <param name="ca">The Algorithm.</param> /// <param name="cbf">The CNG Key Blob Format.</param> /// <returns>The key.</returns> public string GenerateCngKeyAsString(CngAlgorithm ca, CngKeyBlobFormat cbf) { CngKey ck = GenerateCngKey(ca); byte[] b = ck.Export(cbf); string[] s = new string[b.Length]; int i = 0; foreach (byte v in b) { StringBuilder sb = new StringBuilder(); sb.Append(v); s[i] = sb.ToString(); } StringBuilder strb = new StringBuilder(); foreach (string st in s) { strb.Append(st); strb.Append(','); } return(strb.ToString()); }
private static byte[] ExportKeyBlob(SafeBCryptKeyHandle bCryptKeyHandle, CngKeyBlobFormat blobFormat) { #if NETNATIVE // BCryptExportKey() not in the UWP api list. throw new PlatformNotSupportedException(); #else string blobFormatString = blobFormat.Format; int numBytesNeeded = 0; NTSTATUS ntStatus = Interop.BCrypt.BCryptExportKey(bCryptKeyHandle, IntPtr.Zero, blobFormatString, null, 0, out numBytesNeeded, 0); if (ntStatus != NTSTATUS.STATUS_SUCCESS) { throw new CryptographicException(Interop.mincore.GetMessage((int)ntStatus)); } byte[] keyBlob = new byte[numBytesNeeded]; ntStatus = Interop.BCrypt.BCryptExportKey(bCryptKeyHandle, IntPtr.Zero, blobFormatString, keyBlob, keyBlob.Length, out numBytesNeeded, 0); if (ntStatus != NTSTATUS.STATUS_SUCCESS) { throw new CryptographicException(Interop.mincore.GetMessage((int)ntStatus)); } Array.Resize(ref keyBlob, numBytesNeeded); return(keyBlob); #endif //NETNATIVE }
internal static CngKey Import(byte[] keyBlob, string curveName, CngKeyBlobFormat format, CngProvider provider) { if (keyBlob == null) throw new ArgumentNullException(nameof(keyBlob)); if (format == null) throw new ArgumentNullException(nameof(format)); if (provider == null) throw new ArgumentNullException(nameof(provider)); SafeNCryptProviderHandle providerHandle = provider.OpenStorageProvider(); SafeNCryptKeyHandle keyHandle = null; ErrorCode errorCode; if (curveName == null) { errorCode = Interop.NCrypt.NCryptImportKey(providerHandle, IntPtr.Zero, format.Format, IntPtr.Zero, out keyHandle, keyBlob, keyBlob.Length, 0); if (errorCode != ErrorCode.ERROR_SUCCESS) { throw errorCode.ToCryptographicException(); } } else { #if !NETNATIVE keyHandle = ECCng.ImportKeyBlob(format.Format, keyBlob, curveName, providerHandle); #endif //!NETNATIVE } CngKey key = new CngKey(providerHandle, keyHandle); // We can't tell directly if an OpaqueTransport blob imported as an ephemeral key or not key.IsEphemeral = format != CngKeyBlobFormat.OpaqueTransportBlob; return key; }
/// <summary> /// Create a CNG Key and form as string, then export as a file. /// </summary> /// <param name="ca">The Algorithm.</param> /// <param name="cbf">The CNG Key Blob Format.</param> public void GenerateAndExportAsFile(string path, CngAlgorithm ca, CngKeyBlobFormat cbf) { StreamWriter sw = new StreamWriter(path); sw.Write(GenerateCngKeyAsString(ca, cbf)); sw.Close(); }
private byte[] ExportKeyBlob(bool includePrivateParameters) { // Use generic blob type for multiple version support CngKeyBlobFormat blobFormat = includePrivateParameters ? CngKeyBlobFormat.GenericPrivateBlob : CngKeyBlobFormat.GenericPublicBlob; return(Key.Export(blobFormat)); }
internal static CngKey ImportKeyBlob(byte[] ecBlob, string curveName, bool includePrivateParameters) { CngKeyBlobFormat blobFormat = includePrivateParameters ? CngKeyBlobFormat.EccPrivateBlob : CngKeyBlobFormat.EccPublicBlob; CngKey newKey = CngKey.Import(ecBlob, curveName, blobFormat); newKey.ExportPolicy |= CngExportPolicies.AllowPlaintextExport; return(newKey); }
private void ImportKeyBlob(byte[] rsaBlob, bool includePrivate) { CngKeyBlobFormat blobFormat = includePrivate ? s_rsaPrivateBlob : s_rsaPublicBlob; CngKey newKey = CngKey.Import(rsaBlob, blobFormat); newKey.ExportPolicy |= CngExportPolicies.AllowPlaintextExport; Key = newKey; }
private static ECDsa DecodeECDsaPublicKey(CertificatePal certificatePal) { using (SafeBCryptKeyHandle bCryptKeyHandle = ImportPublicKeyInfo(certificatePal.CertContext)) { CngKeyBlobFormat blobFormat = CngKeyBlobFormat.EccPublicBlob; byte[] keyBlob = ExportKeyBlob(bCryptKeyHandle, blobFormat); using (CngKey cngKey = CngKey.Import(keyBlob, blobFormat)) { return(new ECDsaCng(cngKey)); } } }
private void ImportKeyBlob(byte[] dsaBlob, bool includePrivate) { // Use generic blob type for multiple version support CngKeyBlobFormat blobFormat = includePrivate ? CngKeyBlobFormat.GenericPrivateBlob : CngKeyBlobFormat.GenericPublicBlob; CngKey newKey = CngKey.Import(dsaBlob, blobFormat); newKey.ExportPolicy |= CngExportPolicies.AllowPlaintextExport; Key = newKey; }
public static ECDsa GetECDsaPublicKey(this X509Certificate2 certificate) { if (LocalAppContextSwitches.UseLegacyPublicKeyBehavior) { return(LegacyGetECDsaPublicKey(certificate)); } if (certificate == null) { throw new ArgumentNullException("certificate"); } if (!IsECDsa(certificate)) { return(null); } using (SafeCertContextHandle safeCertContext = X509Native.GetCertificateContext(certificate)) using (SafeBCryptKeyHandle bcryptKeyHandle = ImportPublicKeyInfo(safeCertContext)) { if (bcryptKeyHandle.IsInvalid) { throw new CryptographicException("SR.GetString(SR.Cryptography_OpenInvalidHandle)"); } string curveName = GetCurveName(bcryptKeyHandle); if (curveName == null) { CngKeyBlobFormat blobFormat = HasExplicitParameters(bcryptKeyHandle) ? CngKeyBlobFormat.EccFullPublicBlob : CngKeyBlobFormat.EccPublicBlob; byte[] keyBlob = BCryptNative.ExportBCryptKey(bcryptKeyHandle, blobFormat.Format); using (CngKey key = CngKey.Import(keyBlob, blobFormat)) { return(new ECDsaCng(key)); } } else { CngKeyBlobFormat blobFormat = CngKeyBlobFormat.EccPublicBlob; byte[] keyBlob = BCryptNative.ExportBCryptKey(bcryptKeyHandle, blobFormat.Format); ECParameters ecparams = new ECParameters(); ExportNamedCurveParameters(ref ecparams, keyBlob, false); ecparams.Curve = ECCurve.CreateFromFriendlyName(curveName); ECDsaCng ecdsa = new ECDsaCng(); ecdsa.ImportParameters(ecparams); return(ecdsa); } } }
private static PrivateKeyAlgorithmAndBytes AttemptToResolvePrivateKeyFromUserCertificate(X509Certificate2 userCertificate) { if (!userCertificate.HasPrivateKey) { throw new InvalidOperationException("In-memory certificate must have a private key assigned to it"); } #if (!NET45 && !NETSTANDARD1_3) const CngExportPolicies requiredPrivateKeyExportPolicies = CngExportPolicies.AllowPlaintextExport; CngKeyBlobFormat exportFormat = CngKeyBlobFormat.Pkcs8PrivateBlob; #if (!NET46) DSACng dsaCng = userCertificate.GetDSAPrivateKey() as DSACng; if (dsaCng != null) { using (dsaCng) { if (!dsaCng.Key.ExportPolicy.HasFlag(requiredPrivateKeyExportPolicies)) { throw new InvalidOperationException("In-memory certificate must be marked as exportable when importing to be used"); } return(new PrivateKeyAlgorithmAndBytes( PrivateKeyAlgorithm.DSA, dsaCng.Key.Export(exportFormat))); } } #endif RSACng rsaCng = userCertificate.GetRSAPrivateKey() as RSACng; if (rsaCng != null) { using (rsaCng) { if (!rsaCng.Key.ExportPolicy.HasFlag(requiredPrivateKeyExportPolicies)) { throw new InvalidOperationException("In-memory certificate must be marked as exportable when importing to be used"); } return(new PrivateKeyAlgorithmAndBytes( PrivateKeyAlgorithm.RSA, rsaCng.Key.Export(exportFormat))); } } #endif throw new InvalidOperationException("In-memory certificate has an unknown type of private key and cannot be used"); }
public static ECDiffieHellmanPublicKey FromByteArray(byte[] publicKeyBlob, CngKeyBlobFormat format) { if (publicKeyBlob == null) { throw new ArgumentNullException("publicKeyBlob"); } if (format == null) { throw new ArgumentNullException("format"); } using (CngKey imported = CngKey.Import(publicKeyBlob, format)) { if (imported.AlgorithmGroup != CngAlgorithmGroup.ECDiffieHellman) { throw new ArgumentException(SR.GetString(SR.Cryptography_ArgECDHRequiresECDHKey)); } return new ECDiffieHellmanCngPublicKey(imported); } }
/// <summary> /// Export the key out of the KSP /// </summary> public byte[] Export(CngKeyBlobFormat format) { if (format == null) throw new ArgumentNullException("format"); int numBytesRequired; ErrorCode errorCode = Interop.NCrypt.NCryptExportKey(_keyHandle, IntPtr.Zero, format.Format, IntPtr.Zero, null, 0, out numBytesRequired, 0); if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); byte[] buffer = new byte[numBytesRequired]; errorCode = Interop.NCrypt.NCryptExportKey(_keyHandle, IntPtr.Zero, format.Format, IntPtr.Zero, buffer, numBytesRequired, out numBytesRequired, 0); if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); return buffer; }
/// <summary> /// Export the key out of the KSP /// </summary> public byte[] Export(CngKeyBlobFormat format) { if (format == null) throw new ArgumentNullException(nameof(format)); int numBytesNeeded; ErrorCode errorCode = Interop.NCrypt.NCryptExportKey(_keyHandle, IntPtr.Zero, format.Format, IntPtr.Zero, null, 0, out numBytesNeeded, 0); if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); byte[] buffer = new byte[numBytesNeeded]; errorCode = Interop.NCrypt.NCryptExportKey(_keyHandle, IntPtr.Zero, format.Format, IntPtr.Zero, buffer, buffer.Length, out numBytesNeeded, 0); if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); Array.Resize(ref buffer, numBytesNeeded); return buffer; }
private static byte[] ExportKeyBlob(SafeBCryptKeyHandle bCryptKeyHandle, CngKeyBlobFormat blobFormat) { throw new CryptographicException("Not implemented"); // string blobFormatString = blobFormat.Format; // int numBytesNeeded = 0; // NTSTATUS ntStatus = Interop.BCrypt.BCryptExportKey(bCryptKeyHandle, IntPtr.Zero, blobFormatString, null, 0, out numBytesNeeded, 0); // if (ntStatus != NTSTATUS.STATUS_SUCCESS) // throw new CryptographicException(Interop.Kernel32.GetMessage((int)ntStatus)); // byte[] keyBlob = new byte[numBytesNeeded]; // ntStatus = Interop.BCrypt.BCryptExportKey(bCryptKeyHandle, IntPtr.Zero, blobFormatString, keyBlob, keyBlob.Length, out numBytesNeeded, 0); // if (ntStatus != NTSTATUS.STATUS_SUCCESS) // throw new CryptographicException(Interop.Kernel32.GetMessage((int)ntStatus)); // Array.Resize(ref keyBlob, numBytesNeeded); // return keyBlob; }
/// <inheritdoc/> public ICryptographicKey ImportPublicKey(byte[] keyBlob, CryptographicPublicKeyBlobType blobType) { Requires.NotNull(keyBlob, nameof(keyBlob)); CngKeyBlobFormat format = GetPlatformKeyBlobType(blobType); CngKey? key; try { key = CngKey.Import(keyBlob, format); } catch (NotImplementedException ex) { throw new PlatformNotSupportedException($"CngKey.Import(byte[], {format}) threw an exception.", ex); } return(new CngCryptographicKey(key, null, this.Algorithm)); }
private void ExportKey() { CngKeyBlobFormat format = isPrivate ? CngKeyBlobFormat.EccPrivateBlob : CngKeyBlobFormat.EccPublicBlob; byte[] blob = key.Export(format); byte[] length = new[] { blob[4], blob[5], blob[6], blob[7] }; int partSize = BitConverter.ToInt32(length, 0); int partCount = isPrivate ? 24 : 16; byte[][] keyParts = Arrays.Slice(Arrays.RightmostBits(blob, partSize * partCount), partSize); x = keyParts[0]; y = keyParts[1]; if (isPrivate) { d = keyParts[2]; } }
/// <summary> /// Hydrate a public key from a blob /// </summary> public static ECDiffieHellmanPublicKey FromByteArray(byte[] publicKeyBlob, CngKeyBlobFormat format) { if (publicKeyBlob == null) { throw new ArgumentNullException(nameof(publicKeyBlob)); } if (format == null) { throw new ArgumentNullException(nameof(format)); } // Verify that the key can import successfully, because we did in the past. using (CngKey imported = CngKey.Import(publicKeyBlob, format)) { if (imported.AlgorithmGroup != CngAlgorithmGroup.ECDiffieHellman) { throw new ArgumentException(SR.Cryptography_ArgECDHRequiresECDHKey); } return(new ECDiffieHellmanCngPublicKey(publicKeyBlob, null, format)); } }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { if (keyBlob == null) throw new ArgumentNullException("keyBlob"); if (format == null) throw new ArgumentNullException("format"); if (provider == null) throw new ArgumentNullException("provider"); SafeNCryptProviderHandle providerHandle = provider.OpenStorageProvider(); SafeNCryptKeyHandle keyHandle; ErrorCode errorCode = Interop.NCrypt.NCryptImportKey(providerHandle, IntPtr.Zero, format.Format, IntPtr.Zero, out keyHandle, keyBlob, keyBlob.Length, 0); if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); CngKey key = new CngKey(providerHandle, keyHandle); // We can't tell directly if an OpaqueTransport blob imported as an ephemeral key or not key.IsEphemeral = format != CngKeyBlobFormat.OpaqueTransportBlob; return key; }
private static byte[] ExportKeyBlob(SafeBCryptKeyHandle bCryptKeyHandle, CngKeyBlobFormat blobFormat) { string blobFormatString = blobFormat.Format; int numBytesNeeded; NTSTATUS ntStatus = Interop.BCrypt.BCryptExportKey(bCryptKeyHandle, IntPtr.Zero, blobFormatString, null, 0, out numBytesNeeded, 0); if (ntStatus != NTSTATUS.STATUS_SUCCESS) { throw new CryptographicException(Interop.Kernel32.GetMessage((int)ntStatus)); } byte[] keyBlob = new byte[numBytesNeeded]; ntStatus = Interop.BCrypt.BCryptExportKey(bCryptKeyHandle, IntPtr.Zero, blobFormatString, keyBlob, keyBlob.Length, out numBytesNeeded, 0); if (ntStatus != NTSTATUS.STATUS_SUCCESS) { throw new CryptographicException(Interop.Kernel32.GetMessage((int)ntStatus)); } Array.Resize(ref keyBlob, numBytesNeeded); return(keyBlob); }
internal ECDiffieHellmanCngPublicKey(CngKey key) : base(key.Export(CngKeyBlobFormat.EccPublicBlob)) { Contract.Requires(key != null && key.AlgorithmGroup == CngAlgorithmGroup.ECDiffieHellman); Contract.Ensures(m_format != null); m_format = CngKeyBlobFormat.EccPublicBlob; // // We need to make a copy of the key to prevent the situation where the ECDiffieHellmanCng algorithm // object is disposed (this disposing its key) before the ECDiffieHellmanCngPublic key is disposed. // // Accessing the handle in partial trust is safe because we're not exposing it back out to user code // new SecurityPermission(SecurityPermissionFlag.UnmanagedCode).Assert(); // This looks odd, but .Handle returns a duplicate, so we need to dispose it using (SafeNCryptKeyHandle importKey = key.Handle) { m_key = CngKey.Open(importKey, key.IsEphemeral ? CngKeyHandleOpenOptions.EphemeralKey : CngKeyHandleOpenOptions.None); } CodeAccessPermission.RevertAssert(); }
/// <summary> /// Imports a key from file. /// </summary> /// <param name="keyPath">Path to key.</param> /// <param name="kbF">The CNG Key Blob Format.</param> /// <returns>The key.</returns> public CngKey ImportKeyFromFile(string keyPath, CngKeyBlobFormat kbF) { StreamReader sr = new StreamReader(keyPath); string keyBlockStr = sr.ReadToEnd(); sr.Close(); string[] keyBlockStrArray = keyBlockStr.Split(','); byte[] keyBlock = new byte[keyBlockStrArray.Length]; int i = 0; foreach (string item in keyBlockStrArray) { keyBlock[i] = byte.Parse(item); i++; } CngKey ck = CngKey.Import(keyBlock, kbF); return(ck); }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { if (keyBlob == null) { throw new ArgumentNullException("keyBlob"); } if (format == null) { throw new ArgumentNullException("format"); } if (provider == null) { throw new ArgumentNullException("provider"); } if (!NCryptNative.NCryptSupported) { throw new PlatformNotSupportedException(System.SR.GetString("Cryptography_PlatformNotSupported")); } if ((format != CngKeyBlobFormat.EccPublicBlob) && (format != CngKeyBlobFormat.GenericPublicBlob)) { new KeyContainerPermission(KeyContainerPermissionFlags.Import).Demand(); } SafeNCryptProviderHandle kspHandle = NCryptNative.OpenStorageProvider(provider.Provider); return new CngKey(kspHandle, NCryptNative.ImportKey(kspHandle, keyBlob, format.Format)) { IsEphemeral = format != CngKeyBlobFormat.OpaqueTransportBlob }; }
internal static byte[] ExportFullKeyBlob(CngKey key, bool includePrivateParameters) { CngKeyBlobFormat blobFormat = includePrivateParameters ? CngKeyBlobFormat.EccFullPrivateBlob : CngKeyBlobFormat.EccFullPublicBlob; return(key.Export(blobFormat)); }
private static byte[] ExportKeyBlob(SafeBCryptKeyHandle bCryptKeyHandle, CngKeyBlobFormat blobFormat) { #if NETNATIVE // BCryptExportKey() not in the UWP api list. throw new PlatformNotSupportedException(); #else string blobFormatString = blobFormat.Format; int numBytesNeeded = 0; NTSTATUS ntStatus = Interop.BCrypt.BCryptExportKey(bCryptKeyHandle, IntPtr.Zero, blobFormatString, null, 0, out numBytesNeeded, 0); if (ntStatus != NTSTATUS.STATUS_SUCCESS) throw new CryptographicException(Interop.mincore.GetMessage((int)ntStatus)); byte[] keyBlob = new byte[numBytesNeeded]; ntStatus = Interop.BCrypt.BCryptExportKey(bCryptKeyHandle, IntPtr.Zero, blobFormatString, keyBlob, keyBlob.Length, out numBytesNeeded, 0); if (ntStatus != NTSTATUS.STATUS_SUCCESS) throw new CryptographicException(Interop.mincore.GetMessage((int)ntStatus)); Array.Resize(ref keyBlob, numBytesNeeded); return keyBlob; #endif //NETNATIVE }
public byte[] Export(CngKeyBlobFormat format) { throw new NotImplementedException (); }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { throw new NotImplementedException (); }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { return Import(keyBlob, null, format, provider); }
// // Import factory methods // public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format) { return Import(keyBlob, format, provider: CngProvider.MicrosoftSoftwareKeyStorageProvider); }
public static unsafe byte[] ForceExport(this CngKey key, CngKeyBlobFormat format) { if ((key.ExportPolicy & CngExportPolicies.AllowPlaintextExport) != 0) { return(key.Export(format)); } // The key is not exportable, lets hack. Thanks @bartonjs // https://stackoverflow.com/questions/57269726/x509certificate2-import-with-ncrypt-allow-plaintext-export-flag // https://stackoverflow.com/questions/55236230/export-private-key-pkcs8-of-cng-rsa-certificate-with-oldschool-net string blobType = "PKCS8_PRIVATEKEY"; try { byte[] exported; fixed(byte *oidPtr = CryptNativeHelpers.PKCS12_3DES_OID) { var salt = ByteHelper.GetRandom(CryptNativeHelpers.NCrypt.PbeParams.RgbSaltSize); var pbeParams = new CryptNativeHelpers.NCrypt.PbeParams(); pbeParams.Params.iIterations = 1; pbeParams.Params.cbSalt = salt.Length; Marshal.Copy(salt, 0, (IntPtr)pbeParams.rgbSalt, salt.Length); var buffers = stackalloc CryptNativeHelpers.NCrypt.NCryptBuffer[3]; buffers[0] = new CryptNativeHelpers.NCrypt.NCryptBuffer { BufferType = CryptNativeHelpers.NCrypt.BufferType.PkcsSecret, cbBuffer = 0, pvBuffer = IntPtr.Zero, }; buffers[1] = new CryptNativeHelpers.NCrypt.NCryptBuffer { BufferType = CryptNativeHelpers.NCrypt.BufferType.PkcsAlgOid, cbBuffer = CryptNativeHelpers.PKCS12_3DES_OID.Length, pvBuffer = (IntPtr)oidPtr, }; buffers[2] = new CryptNativeHelpers.NCrypt.NCryptBuffer { BufferType = CryptNativeHelpers.NCrypt.BufferType.PkcsAlgParam, cbBuffer = sizeof(CryptNativeHelpers.NCrypt.PbeParams), pvBuffer = (IntPtr)(&pbeParams), }; var desc = new CryptNativeHelpers.NCrypt.NCryptBufferDesc { cBuffers = 3, pBuffers = (IntPtr)buffers, ulVersion = 0, }; if (CryptNativeHelpers.NCrypt.NCryptExportKey(key.Handle, IntPtr.Zero, blobType, ref desc, null, 0, out int bytesNeeded, 0) != 0) { return(null); } exported = new byte[bytesNeeded]; if (CryptNativeHelpers.NCrypt.NCryptExportKey(key.Handle, IntPtr.Zero, blobType, ref desc, exported, exported.Length, out bytesNeeded, 0) != 0) { return(null); } } fixed(char *keyNamePtr = key.KeyName) fixed(byte *blobPtr = exported) { var buffers = stackalloc CryptNativeHelpers.NCrypt.NCryptBuffer[2]; buffers[0] = new CryptNativeHelpers.NCrypt.NCryptBuffer { BufferType = CryptNativeHelpers.NCrypt.BufferType.PkcsSecret, cbBuffer = 0, pvBuffer = IntPtr.Zero, }; buffers[1] = new CryptNativeHelpers.NCrypt.NCryptBuffer { BufferType = CryptNativeHelpers.NCrypt.BufferType.PkcsName, cbBuffer = checked (2 * (key.KeyName.Length + 1)), pvBuffer = new IntPtr(keyNamePtr), }; var desc = new CryptNativeHelpers.NCrypt.NCryptBufferDesc { cBuffers = 2, pBuffers = (IntPtr)buffers, ulVersion = 0, }; SafeNCryptKeyHandle keyHandle; if (CryptNativeHelpers.NCrypt.NCryptImportKey(key.ProviderHandle, IntPtr.Zero, blobType, ref desc, out keyHandle, new IntPtr(blobPtr), exported.Length, CryptNativeHelpers.NCrypt.NCryptImportFlags.NCRYPT_OVERWRITE_KEY_FLAG | CryptNativeHelpers.NCrypt.NCryptImportFlags.NCRYPT_DO_NOT_FINALIZE_FLAG) != 0) { keyHandle.Dispose(); return(null); } using (keyHandle) using (CngKey cngKey = CngKey.Open(keyHandle, CngKeyHandleOpenOptions.None)) { cngKey.SetProperty(new CngProperty("Export Policy", BitConverter.GetBytes((int)CngExportPolicies.AllowPlaintextExport), CngPropertyOptions.Persist)); if (CryptNativeHelpers.NCrypt.NCryptFinalizeKey(keyHandle, 0) != 0) { return(null); } return(cngKey.Export(format)); } } } catch (Exception) { return(null); } }
/// <summary> /// Wrap a CNG key /// </summary> internal ECDiffieHellmanCngPublicKey(byte[] keyBlob, string curveName, CngKeyBlobFormat format) : base(keyBlob) { _format = format; // Can be null for P256, P384, P521, or an explicit blob _curveName = curveName; }
bool IKeyManagementDriver.LoadKeyBlob(int session, IntPtr pKey, int keyLen, KeyType keyType, KeyAttribute keyAttrib, out int hKey) { bool bRet = false; hKey = -1; try { SessionData ctx = ((SessionDriver)this.Hal.Session).GetSessionCtx(session); CryptokiObjectMgrDriver objMgr = (CryptokiObjectMgrDriver)Hal.CryptokiObjectMgr; byte[] keyData = new byte[keyLen]; Marshal.Copy(pKey, keyData, 0, keyLen); if (keyAttrib == KeyAttribute.Secret) { SecretKey key = new SecretKey(keyLen * 8, keyData); hKey = ctx.ObjectCtx.AddObject(CryptokiObjectType.Key, new KeyData(keyData, key)); bRet = true; } else { switch (keyType) { case KeyType.RSA: RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.ImportCspBlob(keyData); hKey = ctx.ObjectCtx.AddObject(CryptokiObjectType.Key, new KeyData(rsa.ExportCspBlob(0 != (keyAttrib & KeyAttribute.Private)), rsa)); bRet = true; break; case KeyType.DSA: DSACryptoServiceProvider dsa = new DSACryptoServiceProvider(); dsa.ImportCspBlob(keyData); hKey = ctx.ObjectCtx.AddObject(CryptokiObjectType.Key, new KeyData(dsa.ExportCspBlob(0 != (keyAttrib & KeyAttribute.Private)), dsa)); bRet = true; break; case KeyType.ECDSA: { CngKeyBlobFormat fmt = (0 == (keyAttrib & KeyAttribute.Private)) ? CngKeyBlobFormat.EccPublicBlob : CngKeyBlobFormat.EccPrivateBlob; CngKey key = CngKey.Import(keyData, fmt); ECDsaCng ec = new ECDsaCng(key); hKey = ctx.ObjectCtx.AddObject(CryptokiObjectType.Key, new KeyData(ec.Key.Export(fmt), ec)); bRet = true; } break; case KeyType.DH: { CngKeyBlobFormat fmt = (0 == (keyAttrib & KeyAttribute.Private)) ? CngKeyBlobFormat.EccPublicBlob : CngKeyBlobFormat.EccPrivateBlob; CngKey key = CngKey.Import(keyData, fmt); ECDiffieHellmanCng ecdh = new ECDiffieHellmanCng(key); hKey = ctx.ObjectCtx.AddObject(CryptokiObjectType.Key, new KeyData(ecdh.Key.Export(fmt), ecdh)); bRet = true; } break; } } } catch { return(false); } return(bRet); }
public byte[] Export(CngKeyBlobFormat format) { Contract.Assert(m_keyHandle != null); if (format == null) { throw new ArgumentNullException("format"); } KeyContainerPermission permission = BuildKeyContainerPermission(KeyContainerPermissionFlags.Export); if (permission != null) { permission.Demand(); } return NCryptNative.ExportKey(m_keyHandle, format.Format); }
public static ECDiffieHellmanPublicKey FromByteArray(byte[] publicKeyBlob, CngKeyBlobFormat format) { Contract.Ensures(Contract.Result<System.Security.Cryptography.ECDiffieHellmanPublicKey>() != null); return default(ECDiffieHellmanPublicKey); }
// // Import factory methods // public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format) { Contract.Ensures(Contract.Result<CngKey>() != null); return Import(keyBlob, format, CngProvider.MicrosoftSoftwareKeyStorageProvider); }
/// <summary>キー・マテリアルを派生</summary> /// <param name="exchangeKeyOfPartner">相方の交換鍵</param> /// <param name="ckbf">CngKeyBlobFormat</param> public void DeriveKeyMaterial(byte[] exchangeKeyOfPartner, CngKeyBlobFormat ckbf) { // 交換鍵から、暗号化に使用する秘密鍵を生成 this._privateKey = ((ECDiffieHellmanCng)this._asa). DeriveKeyMaterial(CngKey.Import(exchangeKeyOfPartner, ckbf)); }
public ECDiffieHellmanAgreement(ECDiffieHellmanKeyDerivationFunction function, CngAlgorithm algorithm, CngKeyBlobFormat format) { this.keyDerivationFunction = function; this.algorithm = algorithm; this.keyBlobFormat = format; }
internal static CngKey Import(byte[] keyBlob, string curveName, CngKeyBlobFormat format) { return Import(keyBlob, curveName, format, provider: CngProvider.MicrosoftSoftwareKeyStorageProvider); }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format) { Contract.Ensures(Contract.Result<System.Security.Cryptography.CngKey>() != null); return default(CngKey); }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { Contract.Ensures(Contract.Result<CngKey>() != null); if (keyBlob == null) { throw new ArgumentNullException("keyBlob"); } if (format == null) { throw new ArgumentNullException("format"); } if (provider == null) { throw new ArgumentNullException("provider"); } // Make sure that NCrypt is supported on this platform if (!NCryptNative.NCryptSupported) { throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_PlatformNotSupported)); } // If we don't know for sure that the key will be ephemeral, then we need to demand Import // permission. Since we won't know the name of the key until it's too late, we demand a full Import // rather than one scoped to the key. bool safeKeyImport = format == CngKeyBlobFormat.EccPublicBlob || format == CngKeyBlobFormat.GenericPublicBlob; if (!safeKeyImport) { new KeyContainerPermission(KeyContainerPermissionFlags.Import).Demand(); } // Import the key into the KSP SafeNCryptProviderHandle kspHandle = NCryptNative.OpenStorageProvider(provider.Provider); SafeNCryptKeyHandle keyHandle = NCryptNative.ImportKey(kspHandle, keyBlob, format.Format); // Prepare the key for use CngKey key = new CngKey(kspHandle, keyHandle); // We can't tell directly if an OpaqueTransport blob imported as an ephemeral key or not key.IsEphemeral = format != CngKeyBlobFormat.OpaqueTransportBlob; return key; }
public byte[] Export(CngKeyBlobFormat format) { Contract.Ensures(Contract.Result<byte[]>() != null); return default(byte[]); }