public static bool Exists(string keyName, CngProvider provider) { return Exists(keyName, provider, options: CngKeyOpenOptions.None); }
internal BCryptHMAC(CngAlgorithm algorithm, CngProvider algorithmProvider, string hashName, int blockSize, byte[] key) { Debug.Assert(algorithm != null, "algorithm != null"); Debug.Assert(algorithmProvider != null, "algorithmProvider != null"); Debug.Assert(!String.IsNullOrEmpty(hashName), "!String.IsNullOrEmpty(hashName)"); Debug.Assert(blockSize > 0, "blockSize > 0"); Debug.Assert(key != null, "key != null"); BlockSizeValue = blockSize; HashName = hashName; m_algorithm = BCryptNative.OpenAlgorithm(algorithm.Algorithm, algorithmProvider.Provider, BCryptNative.AlgorithmProviderOptions.HmacAlgorithm); // Resetting the key will call Initialize for us, and get us setup with a hash handle, // so we don't need to create the hash handle ourselves Key = key; HashSizeValue = BCryptNative.GetInt32Property(m_hash, BCryptNative.HashPropertyName.HashLength) * 8; }
public static bool Exists(string keyName, CngProvider provider, CngKeyOpenOptions options) { if (keyName == null) throw new ArgumentNullException(nameof(keyName)); if (provider == null) throw new ArgumentNullException(nameof(provider)); using (SafeNCryptProviderHandle providerHandle = provider.OpenStorageProvider()) { SafeNCryptKeyHandle keyHandle = null; try { ErrorCode errorCode = Interop.NCrypt.NCryptOpenKey(providerHandle, out keyHandle, keyName, 0, options); if (errorCode == ErrorCode.NTE_BAD_KEYSET) return false; if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); return true; } finally { if (keyHandle != null) keyHandle.Dispose(); } } }
public static CngKey CreateKey(CngProvider provider = null, string keyName = null) { var hProvider = IntPtr.Zero; var hKey = IntPtr.Zero; int err = 0; try { err = NCryptOpenStorageProvider(out hProvider, provider == null ? null : provider.Provider, 0); if (err != 0) throw new CryptographicException(err); err = NCryptCreatePersistedKey(hProvider, out hKey, "RSA", keyName, 0, 0); if (err != 0) throw new CryptographicException(err); err = NCryptSetProperty(hKey, "Length", BitConverter.GetBytes(3072), 4, 0); if (err != 0) throw new CryptographicException(err); err = NCryptFinalizeKey(hKey, 0); if (err != 0) throw new CryptographicException(err); return CngKey.Open(keyName, provider); } finally { if (hProvider != IntPtr.Zero) NCryptFreeObject(hProvider); if (hKey != IntPtr.Zero) NCryptFreeObject(hKey); } }
internal static CngKey Import(byte[] keyBlob, string curveName, CngKeyBlobFormat format, CngProvider provider) { if (keyBlob == null) throw new ArgumentNullException(nameof(keyBlob)); if (format == null) throw new ArgumentNullException(nameof(format)); if (provider == null) throw new ArgumentNullException(nameof(provider)); SafeNCryptProviderHandle providerHandle = provider.OpenStorageProvider(); SafeNCryptKeyHandle keyHandle = null; ErrorCode errorCode; if (curveName == null) { errorCode = Interop.NCrypt.NCryptImportKey(providerHandle, IntPtr.Zero, format.Format, IntPtr.Zero, out keyHandle, keyBlob, keyBlob.Length, 0); if (errorCode != ErrorCode.ERROR_SUCCESS) { throw errorCode.ToCryptographicException(); } } else { #if !NETNATIVE keyHandle = ECCng.ImportKeyBlob(format.Format, keyBlob, curveName, providerHandle); #endif //!NETNATIVE } CngKey key = new CngKey(providerHandle, keyHandle); // We can't tell directly if an OpaqueTransport blob imported as an ephemeral key or not key.IsEphemeral = format != CngKeyBlobFormat.OpaqueTransportBlob; return key; }
/// <summary> /// Configures the core to use plaintext keys (to be auto-generated when first needed.) /// </summary> public CngSymmetricAlgorithmCore(ICngSymmetricAlgorithm outer) { _outer = outer; _keyName = null; // Setting _keyName to null signifies that this object is based on a plaintext key, not a stored CNG key. _provider = null; _optionOptions = CngKeyOpenOptions.None; }
public RNGCng(CngProvider algorithmProvider) { if (algorithmProvider == null) throw new ArgumentNullException("algorithmProvider"); m_algorithm = BCryptNative.OpenAlgorithm(BCryptNative.AlgorithmName.Rng, algorithmProvider.Provider); }
public HMACSHA256Cng(byte[] key, CngProvider algorithmProvider) { if (key == null) throw new ArgumentNullException("key"); if (algorithmProvider == null) throw new ArgumentNullException("algorithmProvider"); HashName = "SHA256"; m_hmac = new BCryptHMAC(CngAlgorithm.Sha256, algorithmProvider, HashName, BlockSize, key); }
public RNGCng(CngProvider algorithmProvider) { if (algorithmProvider == null) { throw new ArgumentNullException("algorithmProvider"); } m_algorithm = BCryptNative.OpenAlgorithm(BCryptNative.AlgorithmName.Rng, algorithmProvider.Provider); m_implementation = algorithmProvider; }
/// <summary> /// GetKeys provides an enumerator over all of the keys that are stored in the key storage /// provider. /// </summary> public static IEnumerable <CngKey> GetKeys(this CngProvider provider) { foreach (CngKey machineKey in GetKeys(provider, CngKeyOpenOptions.MachineKey)) { yield return(machineKey); } foreach (CngKey userKey in GetKeys(provider, CngKeyOpenOptions.UserKey)) { yield return(userKey); } }
private static int GuessKeySpec(CngProvider provider, string keyName, bool machineKey, CngAlgorithmGroup algorithmGroup) { if (provider == CngProvider.MicrosoftSoftwareKeyStorageProvider || provider == CngProvider.MicrosoftSmartCardKeyStorageProvider) { return(0); } CngKeyOpenOptions openOptions = machineKey ? CngKeyOpenOptions.MachineKey : CngKeyOpenOptions.None; using (CngKey.Open(keyName, provider, openOptions)) { return(0); } }
/// <summary> /// GetKeys provides an enumerator over all of the keys that are stored in the key storage /// provider. This overload of GetKeys allows you to enumerate over only the user keys in the KSP /// or only the machine keys. It also allows you to return only keys that are usable with a /// specified algorithm. /// </summary> /// <param name="provider">CngProvider to enumerate the keys of</param> /// <param name="openOptions">options to use when opening the CNG keys</param> /// <param name="algorithm">algorithm that the returned keys should support</param> /// <exception cref="ArgumentNullException">if <paramref name="algorithm" /> is null</exception> public static IEnumerable <CngKey> GetKeys(this CngProvider provider, CngKeyOpenOptions openOptions, CngAlgorithm algorithm) { if (algorithm == null) { throw new ArgumentNullException("algorithm"); } return(from key in provider.GetKeys(openOptions) where key.Algorithm == algorithm select key); }
public static void Sign() { CngProvider provider = new CngProvider("Dyadic Security Key Storage Provider"); // get the key RSACng privateKey = new RSACng(CngKey.Open("test", provider)); // sign with the key byte[] message = new byte[32]; byte[] signature = privateKey.SignData(message, HashAlgorithmName.SHA256, RSASignaturePadding.Pss); Console.WriteLine("Message :" + Convert.ToBase64String(message)); Console.WriteLine("Signature :" + Convert.ToBase64String(signature)); }
/// <summary> /// Constructs a HMACSHA256Cng object using the given key, which will calculate the HMAC using the /// given algorithm provider and key. /// </summary> /// <param name="key">key to use when calculating the HMAC</param> /// <param name="algorithmProvider">algorithm provider to calculate the HMAC in</param> /// <exception cref="ArgumentNullException"> /// if <paramref name="key"/> or <paramref name="algorithmProvider"/> are null /// </exception> public HMACSHA256Cng(byte[] key, CngProvider algorithmProvider) { if (key == null) { throw new ArgumentNullException("key"); } if (algorithmProvider == null) { throw new ArgumentNullException("algorithmProvider"); } m_hmac = new BCryptHMAC(CngAlgorithm.Sha256, algorithmProvider, "SHA256", BlockSize, key); HashName = m_hmac.HashName; }
public static CngKey Open(string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { if (keyName == null) throw new ArgumentNullException("keyName"); if (provider == null) throw new ArgumentNullException("provider"); SafeNCryptProviderHandle providerHandle = provider.OpenStorageProvider(); SafeNCryptKeyHandle keyHandle; ErrorCode errorCode = Interop.NCrypt.NCryptOpenKey(providerHandle, out keyHandle, keyName, 0, openOptions); if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); return new CngKey(providerHandle, keyHandle); }
/// <summary> /// Check for the existence of a key and set the Options accordingly. /// </summary> /// <param name="provider">Provider Object</param> /// <param name="keyName">Name of the key to destroy</param> /// <param name="cngKeyOpts">MachineKey or None depending on where it found the key.</param> /// <returns></returns> private bool doesKeyExists(CngProvider provider, string keyName, CngKeyOpenOptions openOpts = CngKeyOpenOptions.MachineKey) { bool keyExists = false; try { keyExists = CngKey.Exists(keyName, provider, openOpts); } catch (CryptographicException e) { throw new CryptographicException(string.Format("There was an error contacting provider {0}. It may not exist or may be configured incorrectly. Error Code:0x{1:X8} Exception thrown:{2}\nStack Trace:{3}\n", provider.ToString(), e.HResult, e.Message, e.StackTrace), e); } return(keyExists); }
public HMACSHA384Cng(byte[] key, CngProvider algorithmProvider) { if (key == null) { throw new ArgumentNullException("key"); } if (algorithmProvider == null) { throw new ArgumentNullException("algorithmProvider"); } HashName = "SHA384"; m_hmac = new BCryptHMAC(CngAlgorithm.Sha384, algorithmProvider, HashName, BlockSize, key); }
public static IEnumerable <CngKey> GetKeys(this CngProvider provider, CngKeyOpenOptions openOptions) { using (SafeNCryptProviderHandle providerHandle = provider.OpenProvider()) { NCryptNative.NCryptKeyName[] keyNames = NCryptNative.EnumerateKeys(providerHandle, openOptions); CngKey[] keys = new CngKey[keyNames.Length]; for (int i = 0; i < keys.Length; ++i) { keys[i] = CngKey.Open(keyNames[i].pszName, provider); } return(keys); } }
public static IEnumerable <CngAlgorithm> GetSupportedAlgorithms(this CngProvider provider, NCryptAlgorithmOperations operations) { using (SafeNCryptProviderHandle providerHandle = provider.OpenProvider()) { NCryptNative.NCryptAlgorithmName[] algorithmNames = NCryptNative.EnumerateAlgorithms(providerHandle, operations); CngAlgorithm[] algorithms = new CngAlgorithm[algorithmNames.Length]; for (int i = 0; i < algorithmNames.Length; ++i) { algorithms[i] = new CngAlgorithm(algorithmNames[i].pszName); } return(algorithms); } }
/// <summary> /// Will destroy the key with keyname within the given provider with providerName. Will throw CryptographicException if either Provider or Key don't exist /// </summary> /// <param name="providerName">Name of the provider</param> /// <param name="keyName">Name of the key to destroy</param> public void DestroyLocalRSAKey(string providerName, string keyName) { CngProvider provider = new CngProvider(providerName); bool keyExists = doesKeyExists(provider, keyName); if (!keyExists) { //Nothing to destroy return; } using (CngKey key = CngKey.Open(keyName, provider, CngKeyOpenOptions.MachineKey)) { key.Delete(); } }
internal BCryptSymmetricAlgorithm(CngAlgorithm algorithm, CngProvider algorithmProvider, KeySizes[] legalBlockSizes, KeySizes[] legalkeySizes) { Debug.Assert(algorithm != null, "algorithm != null"); Debug.Assert(algorithmProvider != null, "algorithmProvider != null"); Debug.Assert(legalBlockSizes != null, "legalBlockSizes != null"); Debug.Assert(legalkeySizes != null, "legalKeySizes != null"); m_algorithm = algorithm; m_algorithmProvider = algorithmProvider; LegalBlockSizesValue = legalBlockSizes; LegalKeySizesValue = legalkeySizes; }
public TripleDESCng(CngProvider algorithmProvider) { if (algorithmProvider == null) throw new ArgumentNullException("algorithmProvider"); m_symmetricAlgorithm = new BCryptSymmetricAlgorithm(new CngAlgorithm(BCryptNative.AlgorithmName.TripleDes), algorithmProvider, LegalBlockSizesValue, LegalKeySizesValue); // Propigate the default properties from the TripleDES class to the implementation algorithm. m_symmetricAlgorithm.BlockSize = BlockSizeValue; m_symmetricAlgorithm.KeySize = KeySizeValue; m_symmetricAlgorithm.Mode = ModeValue; m_symmetricAlgorithm.Padding = PaddingValue; }
/// <summary> /// Constructs an AesCng object using the specified algorithm provider. The default settings for /// this object are: /// <list type="bullet"> /// <item>Algorithm provider - Microsoft Primitive Algorithm Provider</item> /// <item>Block size - 128 bits</item> /// <item>Feedback size - 8 bits</item> /// <item>Key size - 256 bits</item> /// <item>Cipher mode - CipherMode.CBC</item> /// <item>Padding mode - PaddingMode.PKCS7</item> /// </list> /// </summary> /// <exception cref="ArgumentNullException">if <paramref name="algorithmProvider"/> is null</exception> /// <param name="algorithmProvider">algorithm provider to use for AES computation</param> public AesCng(CngProvider algorithmProvider) { if (algorithmProvider == null) { throw new ArgumentNullException("algorithmProvider"); } m_symmetricAlgorithm = new BCryptSymmetricAlgorithm(new CngAlgorithm(BCryptNative.AlgorithmName.Aes), algorithmProvider, LegalBlockSizesValue, LegalKeySizesValue); // Propigate the default properties from the Aes class to the implementation algorithm. m_symmetricAlgorithm.BlockSize = BlockSizeValue; m_symmetricAlgorithm.KeySize = KeySizeValue; m_symmetricAlgorithm.Mode = ModeValue; m_symmetricAlgorithm.Padding = PaddingValue; }
/// <summary> /// Construct an AuthenticatedAesCng using a specific algorithm provider. The default settings /// for this object are: /// <list type="bullet"> /// <item>CngMode - CngChainingMode.Gcm</item> /// </list> /// </summary> /// <param name="provider">algorithm provider to use for AES computation</param> /// <exception cref="ArgumentNullException">if <paramref name="provider"/> is null</exception> public AuthenticatedAesCng(CngProvider provider) { if (provider == null) { throw new ArgumentNullException("provider"); } m_authenticatedSymmetricAlgorithm = new BCryptAuthenticatedSymmetricAlgorithm(CngAlgorithm2.Aes, provider, LegalBlockSizesValue, LegalKeySizesValue); // Propigate the default properties from the Aes class to the implementation algorithm. m_authenticatedSymmetricAlgorithm.BlockSize = BlockSizeValue; m_authenticatedSymmetricAlgorithm.KeySize = KeySizeValue; m_authenticatedSymmetricAlgorithm.Padding = PaddingValue; }
/// <summary> /// Export the private key so that decryption can happen on other machines. /// </summary> /// <param name="providerName">Name of the provider</param> /// <param name="keyName">Name of the key to destroy</param> /// <param name="filePath">Output Path for where to write the key</param> public void ExportPrivateKeytoFile(string providerName, string keyName, string filePath) { CngProvider provider = new CngProvider(providerName); bool keyExists = doesKeyExists(provider, keyName); if (!keyExists) { throw new CryptographicException(string.Format("They key {0} does not exist so there is no key to export", keyName)); } if (File.Exists(filePath)) { throw new IOException(string.Format("File {0} already exists.", filePath)); } using (CngKey key = CngKey.Open(keyName, provider, CngKeyOpenOptions.MachineKey)) { File.WriteAllBytes(filePath, key.Export(new CngKeyBlobFormat("RSAFULLPRIVATEBLOB"))); } }
public void Init() { using (X509Store store = new X509Store(StoreName.My, StoreLocation.CurrentUser, OpenFlags.ReadWrite)) { X509Certificate2Collection certificates = store.Certificates; X509Certificate2Collection signingcertificates = certificates.Find(X509FindType.FindBySubjectName, "Utimaco CNG Signing Test", false); if (signingcertificates.Count == 0) { CngProvider provider = new CngProvider("Utimaco CryptoServer Key Storage Provider"); CngKey key = CngKey.Open("DEMOecdsa", provider); ECDsaCng ecdsaKey = new ECDsaCng(key); CertificateRequest request = new CertificateRequest("CN = Utimaco CNG Signing Test", ecdsaKey, HashAlgorithmName.SHA512); X509Certificate2 certificate = request.CreateSelfSigned(System.DateTimeOffset.Now, System.DateTimeOffset.Now.AddYears(2)); certificate.FriendlyName = "Utimaco CNG Signing Test"; System.Console.WriteLine("Utimaco CNG Signing Test Certificate generated:\n****\n{0}\n****", certificate); store.Add(certificate); } } }
public void ExportPublicKeytoFile(string providerName, string keyName, string filePath) { CngProvider provider = new CngProvider(providerName); bool keyExists = doesKeyExists(provider, keyName); if (!keyExists) { throw new CryptographicException(string.Format("They key {0} does not exist so there is no public key to export", keyName)); } if (File.Exists(filePath)) { throw new IOException(string.Format("File {0} already exists.", filePath)); } using (CngKey key = IsMicrosoftSoftwareKSP(provider) ? CngKey.Open(keyName, provider, CngKeyOpenOptions.MachineKey) : CngKey.Open(keyName, provider)) { File.WriteAllBytes(filePath, key.Export(CngKeyBlobFormat.GenericPublicBlob)); } }
public static void Main() { partyAKey(); partyBKey(); CngProvider luna = new CngProvider("SafeNet Key Storage Provider"); CngKey ecKey = CngKey.Open("Party-A", luna); byte [] pubKey = softKey.Export(CngKeyBlobFormat.EccPublicBlob); softKey.Delete(); publicKey = CngKey.Import(pubKey, CngKeyBlobFormat.EccPublicBlob, luna); ECDiffieHellmanCng xChg = new ECDiffieHellmanCng(ecKey); xChg.HashAlgorithm = CngAlgorithm.Sha256; xChg.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hmac; byte[] data = xChg.DeriveKeyMaterial(publicKey); Console.ReadLine(); ecKey.Delete(); }
private unsafe ICertificatePal?CopyWithPersistedCngKey(CngKey cngKey) { if (string.IsNullOrEmpty(cngKey.KeyName)) { return(null); } // Make a new pal from bytes. CertificatePal pal = (CertificatePal)FromBlob(RawData, SafePasswordHandle.InvalidHandle, X509KeyStorageFlags.PersistKeySet); CngProvider provider = cngKey.Provider !; string keyName = cngKey.KeyName; bool machineKey = cngKey.IsMachineKey; // CAPI RSA_SIGN keys won't open correctly under CNG without the key number being specified, so // check to see if we can figure out what key number it needs to re-open. int keySpec = GuessKeySpec(provider, keyName, machineKey, cngKey.AlgorithmGroup); Interop.Crypt32.CRYPT_KEY_PROV_INFO keyProvInfo = default; fixed(char *keyNamePtr = cngKey.KeyName) fixed(char *provNamePtr = cngKey.Provider !.Provider) { keyProvInfo.pwszContainerName = keyNamePtr; keyProvInfo.pwszProvName = provNamePtr; keyProvInfo.dwFlags = machineKey ? Interop.Crypt32.CryptAcquireContextFlags.CRYPT_MACHINE_KEYSET : 0; keyProvInfo.dwKeySpec = keySpec; if (!Interop.Crypt32.CertSetCertificateContextProperty( pal._certContext, Interop.Crypt32.CertContextPropId.CERT_KEY_PROV_INFO_PROP_ID, Interop.Crypt32.CertSetPropertyFlags.None, &keyProvInfo)) { Exception e = Marshal.GetLastPInvokeError().ToCryptographicException(); pal.Dispose(); throw e; } } return(pal); }
/// <summary> /// Tries to generate and RSA Key in the given provider with this keyName. /// </summary> /// <param name="providerName">Name of the provider</param> /// <param name="keyName">Name of the key</param> /// <param name="keyLength">Length of the key to generate</param> /// <returns>true if successful, false if that key already exists.</returns> public bool TryGenerateLocalRSAKey(string providerName, string keyName, int keyLength = 2048) { CngProvider provider = new CngProvider(providerName); if (CngKey.Exists(keyName, provider)) { return(false); } CngKeyCreationParameters keyParams = new CngKeyCreationParameters() { ExportPolicy = CngExportPolicies.None, Provider = provider, Parameters = { new CngProperty("Length", BitConverter.GetBytes(keyLength), CngPropertyOptions.None) } }; using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, keyParams)) { // nothing to do inside here, except to return without throwing an exception return(true); } }
/// <summary> /// Given a KeyProvider and a KeyName, uses that key to encrypt the given data /// </summary> /// <param name="providerName">Provider where the key is stored</param> /// <param name="keyName">Name of the key to use</param> /// <param name="toEncrypt">Data to encrypt</param> /// <param name="hashAlgorithm">OAEP hash algorithm, Look in PaddingHashAlgorithmNames.cs for values, but supports only SHA1, SHA256, SHA384, SHA512</param> /// <param name="paddingFlags">Padding Type, Look in PaddingFlags.cs for values, but supports only PKCS1 amd OAEP</param> /// <exception cref="CryptographicException">Cryptographic Exception</exception> /// <returns>Encrypted data</returns> public byte[] EncryptWithLocalKey(string providerName, string keyName, byte[] toEncrypt, string hashAlgorithm = PaddingHashAlgorithmNames.SHA512, int paddingFlags = PaddingFlags.OAEPPadding) { CngProvider provider = new CngProvider(providerName); byte[] encryptedData = null; bool keyExists = doesKeyExists(provider, keyName); if (!keyExists) { throw new CryptographicException(string.Format("They key {0} does not exist and cannot be used for encryption", keyName)); } using (CngKey key = CngKey.Open(keyName, provider, CngKeyOpenOptions.MachineKey)) { using (RSACng rsa = new RSACng(key)) { RSAEncryptionPadding padding = this.GetRSAPadding(hashAlgorithm, paddingFlags); encryptedData = rsa.Encrypt(toEncrypt, padding); } } return(encryptedData); }
/// <summary> /// Creates a RSACng object from the given keyName /// </summary> /// <param name="keyPath"></param> /// <param name="isSystemOp">Indicates if ADO.NET calls or the customer calls the API</param> /// <returns></returns> private RSACng CreateRSACngProvider(string keyPath, bool isSystemOp) { // Get CNGProvider and the KeyID string cngProviderName; string keyIdentifier; GetCngProviderAndKeyId(keyPath, isSystemOp, out cngProviderName, out keyIdentifier); CngProvider cngProvider = new CngProvider(cngProviderName); CngKey cngKey; try { cngKey = CngKey.Open(keyIdentifier, cngProvider); } catch (CryptographicException) { throw SQL.InvalidCngKey(keyPath, cngProviderName, keyIdentifier, isSystemOp); } return new RSACng(cngKey); }
public byte[] Decrypt(byte[] encryptedData) { CngProvider provider = new CngProvider(kspName); CngKey key; // If you get an error here, make sure you register the KSP and the project run in 64bits if (!CngKey.Exists(keyId, provider)) { throw new System.ArgumentException("Key " + keyId + " not found in " + kspName); } key = CngKey.Open(keyId, provider); RSACng cryptoEngine = new RSACng(key); var decryptedData = cryptoEngine.Decrypt(encryptedData, System.Security.Cryptography.RSAEncryptionPadding.OaepSHA256); cryptoEngine.Dispose(); key.Dispose(); return(decryptedData); }
/// <summary> /// Creates an RSA 2048 key inside the specified CSP. /// </summary> /// <param name="providerName">CSP name</param> /// <param name="containerName">Container name</param> /// <returns></returns> internal static bool CreateCmkUsingCsp(string providerName, string containerName) { try { // open provider CngProvider provider = new CngProvider(providerName); // generate new test key pair CngKeyCreationParameters creation = new CngKeyCreationParameters(); creation.Provider = provider; CngKey privateKey = CngKey.Create(new CngAlgorithm("RSA"), containerName, creation); // default is 2048 } catch (CryptographicException e) { Console.WriteLine("\tFAILURE: The RSA key was not persisted in the container, \"{0}\".", containerName); Console.WriteLine(@" {0}", e.Message); return(false); } return(true); }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { if (keyBlob == null) throw new ArgumentNullException("keyBlob"); if (format == null) throw new ArgumentNullException("format"); if (provider == null) throw new ArgumentNullException("provider"); SafeNCryptProviderHandle providerHandle = provider.OpenStorageProvider(); SafeNCryptKeyHandle keyHandle; ErrorCode errorCode = Interop.NCrypt.NCryptImportKey(providerHandle, IntPtr.Zero, format.Format, IntPtr.Zero, out keyHandle, keyBlob, keyBlob.Length, 0); if (errorCode != ErrorCode.ERROR_SUCCESS) throw errorCode.ToCryptographicException(); CngKey key = new CngKey(providerHandle, keyHandle); // We can't tell directly if an OpaqueTransport blob imported as an ephemeral key or not key.IsEphemeral = format != CngKeyBlobFormat.OpaqueTransportBlob; return key; }
/// <summary> /// Constructs the core to use a stored CNG key. /// </summary> public CngSymmetricAlgorithmCore(string algorithm, ICngSymmetricAlgorithm outer, string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { if (keyName == null) throw new ArgumentNullException("keyName"); if (provider == null) throw new ArgumentNullException("provider"); _algorithm = algorithm; _outer = outer; _keyName = keyName; _provider = provider; _optionOptions = openOptions; using (CngKey cngKey = ProduceCngKey()) { CngAlgorithm actualAlgorithm = cngKey.Algorithm; if (algorithm != actualAlgorithm.Algorithm) throw new CryptographicException(SR.Format(SR.Cryptography_CngKeyWrongAlgorithm, actualAlgorithm.Algorithm, algorithm)); _outer.BaseKeySize = cngKey.KeySize; } }
private CngKey GetPrivateKey(X509Certificate2 cert) { var rsakey = cert.GetRSAPrivateKey() as RSACng; if (rsakey != null) { return(rsakey.Key); } var provider = new CngProvider(CSPName); var cngkey = CngKey.Open(KeyContainer, provider, CngKeyOpenOptions.MachineKey); if (cngkey == null) { throw new InvalidOperationException(NuGetMSSignCommand.MSSignCommandNoCngKeyException); } if (cngkey.AlgorithmGroup != CngAlgorithmGroup.Rsa) { throw new InvalidOperationException(NuGetMSSignCommand.MSSignCommandInvalidCngKeyException); } return(cngkey); }
public static bool Exists(string keyName, CngProvider provider, CngKeyOpenOptions options) { if (keyName == null) { throw new ArgumentNullException("keyName"); } if (provider == null) { throw new ArgumentNullException("provider"); } // Make sure that NCrypt is supported on this platform if (!NCryptNative.NCryptSupported) { throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_PlatformNotSupported)); } using (SafeNCryptProviderHandle kspHandle = NCryptNative.OpenStorageProvider(provider.Provider)) { SafeNCryptKeyHandle keyHandle = null; try { NCryptNative.ErrorCode error = NCryptNative.UnsafeNativeMethods.NCryptOpenKey(kspHandle, out keyHandle, keyName, 0, options); // CNG will return either NTE_NOT_FOUND or NTE_BAD_KEYSET for the case where the key does // not exist, so we need to check for both return codes. bool keyNotFound = error == NCryptNative.ErrorCode.KeyDoesNotExist || error == NCryptNative.ErrorCode.NotFound; if (error != NCryptNative.ErrorCode.Success && !keyNotFound) { throw new CryptographicException((int)error); } return error == NCryptNative.ErrorCode.Success; } finally { if (keyHandle != null) { keyHandle.Dispose(); } } } }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { return Import(keyBlob, null, format, provider); }
public AesCng(string keyName, CngProvider provider) : this(keyName, provider, CngKeyOpenOptions.None) { }
public AesCng(string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { _core = new CngSymmetricAlgorithmCore(this, keyName, provider, openOptions); }
/// <summary> /// Import a key from a file for use on the machine. /// </summary> /// <param name="providerName"></param> /// <param name="filePath"></param> public bool ImportKeyToKSP(string providerName, string keyName, string filePath, bool makeExportable = false) { CngProvider provider = new CngProvider(providerName); bool keyExists = doesKeyExists(provider, keyName); if (keyExists) { //Key already exists. Can't create it. return(false); } CryptoKeySecurity sec = new CryptoKeySecurity(); CngKeyCreationParameters keyParams = null; byte[] keyBlob = File.ReadAllBytes(filePath); CngProperty keyBlobProp = new CngProperty(new CngKeyBlobFormat("RSAFULLPRIVATEBLOB").Format, keyBlob, CngPropertyOptions.None); if (IsMicrosoftSoftwareKSP(provider)) { sec.AddAccessRule( new CryptoKeyAccessRule( new SecurityIdentifier(sidType: WellKnownSidType.BuiltinAdministratorsSid, domainSid: null), cryptoKeyRights: CryptoKeyRights.FullControl, type: AccessControlType.Allow)); sec.AddAccessRule( new CryptoKeyAccessRule( new SecurityIdentifier(sidType: WellKnownSidType.BuiltinSystemOperatorsSid, domainSid: null), cryptoKeyRights: CryptoKeyRights.GenericRead, type: AccessControlType.Allow)); const string NCRYPT_SECURITY_DESCR_PROPERTY = "Security Descr"; const CngPropertyOptions DACL_SECURITY_INFORMATION = (CngPropertyOptions)4; CngProperty permissions = new CngProperty( NCRYPT_SECURITY_DESCR_PROPERTY, sec.GetSecurityDescriptorBinaryForm(), CngPropertyOptions.Persist | DACL_SECURITY_INFORMATION); keyParams = new CngKeyCreationParameters() { ExportPolicy = makeExportable ? CngExportPolicies.AllowExport | CngExportPolicies.AllowPlaintextExport : CngExportPolicies.None, Provider = provider, Parameters = { permissions, keyBlobProp }, KeyCreationOptions = CngKeyCreationOptions.MachineKey }; using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, keyParams)) { if (key == null) { return(false); } return(true); } } else { keyParams = new CngKeyCreationParameters() { ExportPolicy = makeExportable ? CngExportPolicies.AllowExport | CngExportPolicies.AllowPlaintextExport : CngExportPolicies.None, Provider = provider, Parameters = { keyBlobProp }, KeyCreationOptions = CngKeyCreationOptions.MachineKey }; using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, keyParams)) { if (key == null) { return(false); } // nothing to do inside here, except to return without throwing an exception return(true); } } }
public static bool Exists(string keyName, CngProvider provider, CngKeyOpenOptions options) { return default(bool); }
public static CngKey Open(string keyName, CngProvider provider) { Contract.Ensures(Contract.Result<System.Security.Cryptography.CngKey>() != null); return default(CngKey); }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { Contract.Ensures(Contract.Result<CngKey>() != null); if (keyBlob == null) { throw new ArgumentNullException("keyBlob"); } if (format == null) { throw new ArgumentNullException("format"); } if (provider == null) { throw new ArgumentNullException("provider"); } // Make sure that NCrypt is supported on this platform if (!NCryptNative.NCryptSupported) { throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_PlatformNotSupported)); } // If we don't know for sure that the key will be ephemeral, then we need to demand Import // permission. Since we won't know the name of the key until it's too late, we demand a full Import // rather than one scoped to the key. bool safeKeyImport = format == CngKeyBlobFormat.EccPublicBlob || format == CngKeyBlobFormat.GenericPublicBlob; if (!safeKeyImport) { new KeyContainerPermission(KeyContainerPermissionFlags.Import).Demand(); } // Import the key into the KSP SafeNCryptProviderHandle kspHandle = NCryptNative.OpenStorageProvider(provider.Provider); SafeNCryptKeyHandle keyHandle = NCryptNative.ImportKey(kspHandle, keyBlob, format.Format); // Prepare the key for use CngKey key = new CngKey(kspHandle, keyHandle); // We can't tell directly if an OpaqueTransport blob imported as an ephemeral key or not key.IsEphemeral = format != CngKeyBlobFormat.OpaqueTransportBlob; return key; }
public TripleDESCng(string keyName, CngProvider provider) : this(keyName, CngProvider.MicrosoftSoftwareKeyStorageProvider, CngKeyOpenOptions.None) { }
public static bool Exists(string keyName, CngProvider provider) { throw new NotImplementedException (); }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { throw new NotImplementedException (); }
/// <summary> /// Tries to generate and RSA Key in the given provider with this keyName. /// </summary> /// <param name="providerName">Name of the provider</param> /// <param name="keyName">Name of the key</param> /// <param name="keyLength">Length of the key to generate</param> /// <returns>true if successful, false if that key already exists.</returns> public bool TryGenerateLocalRSAKey(string providerName, string keyName, int keyLength = 2048) { CngProvider provider = new CngProvider(providerName); bool keyExists = doesKeyExists(provider, keyName); if (keyExists) { //Key already exists. Can't create it. return(false); } CryptoKeySecurity sec = new CryptoKeySecurity(); CngKeyCreationParameters keyParams = null; if (IsMicrosoftSoftwareKSP(provider)) { sec.AddAccessRule( new CryptoKeyAccessRule( new SecurityIdentifier(sidType: WellKnownSidType.BuiltinAdministratorsSid, domainSid: null), cryptoKeyRights: CryptoKeyRights.FullControl, type: AccessControlType.Allow)); sec.AddAccessRule( new CryptoKeyAccessRule( new SecurityIdentifier(sidType: WellKnownSidType.BuiltinSystemOperatorsSid, domainSid: null), cryptoKeyRights: CryptoKeyRights.GenericRead, type: AccessControlType.Allow)); const string NCRYPT_SECURITY_DESCR_PROPERTY = "Security Descr"; const CngPropertyOptions DACL_SECURITY_INFORMATION = (CngPropertyOptions)4; CngProperty permissions = new CngProperty( NCRYPT_SECURITY_DESCR_PROPERTY, sec.GetSecurityDescriptorBinaryForm(), CngPropertyOptions.Persist | DACL_SECURITY_INFORMATION); keyParams = new CngKeyCreationParameters() { ExportPolicy = CngExportPolicies.None, Provider = provider, Parameters = { new CngProperty("Length", BitConverter.GetBytes(keyLength), CngPropertyOptions.None), permissions }, KeyCreationOptions = CngKeyCreationOptions.MachineKey }; using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, keyParams)) { if (key == null) { return(false); } return(true); } } else { keyParams = new CngKeyCreationParameters() { ExportPolicy = CngExportPolicies.None, Provider = provider, Parameters = { new CngProperty("Length", BitConverter.GetBytes(keyLength), CngPropertyOptions.None) } }; using (CngKey key = CngKey.Create(CngAlgorithm.Rsa, keyName, keyParams)) { if (key == null) { return(false); } // nothing to do inside here, except to return without throwing an exception return(true); } } }
public static CngKey Open(string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { throw new NotImplementedException (); }
/// <summary> /// Constructs the core to use a stored CNG key. /// </summary> public CngSymmetricAlgorithmCore(ICngSymmetricAlgorithm outer, string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { if (keyName == null) { throw new ArgumentNullException(nameof(keyName)); } if (provider == null) { throw new ArgumentNullException(nameof(provider)); } _outer = outer; _keyName = keyName; _provider = provider; _optionOptions = openOptions; using (CngKey cngKey = ProduceCngKey()) { CngAlgorithm actualAlgorithm = cngKey.Algorithm; string algorithm = _outer.GetNCryptAlgorithmIdentifier(); if (algorithm != actualAlgorithm.Algorithm) { throw new CryptographicException(SR.Format(SR.Cryptography_CngKeyWrongAlgorithm, actualAlgorithm.Algorithm, algorithm)); } _outer.BaseKeySize = cngKey.KeySize; } }
public static CngKey Import(byte[] keyBlob, CngKeyBlobFormat format, CngProvider provider) { Contract.Ensures(Contract.Result<System.Security.Cryptography.CngKey>() != null); return default(CngKey); }
public TripleDESCng(string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { throw new NotImplementedException(); }
public static CngKey Open(string keyName, CngProvider provider) { return Open(keyName, provider, openOptions: CngKeyOpenOptions.None); }
public static CngKey Open(string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { Contract.Ensures(Contract.Result<CngKey>() != null); if (keyName == null) { throw new ArgumentNullException("keyName"); } if (provider == null) { throw new ArgumentNullException("provider"); } // Make sure that NCrypt is supported on this platform if (!NCryptNative.NCryptSupported) { throw new PlatformNotSupportedException(SR.GetString(SR.Cryptography_PlatformNotSupported)); } // Ensure the user has access to the key name KeyContainerPermissionAccessEntry access = new KeyContainerPermissionAccessEntry(keyName, KeyContainerPermissionFlags.Open); access.ProviderName = provider.Provider; KeyContainerPermission permission = new KeyContainerPermission(KeyContainerPermissionFlags.NoFlags); permission.AccessEntries.Add(access); permission.Demand(); // Open the key SafeNCryptProviderHandle kspHandle = NCryptNative.OpenStorageProvider(provider.Provider); SafeNCryptKeyHandle keyHandle = NCryptNative.OpenKey(kspHandle, keyName, openOptions); return new CngKey(kspHandle, keyHandle); }
public static bool Exists(string keyName, CngProvider provider) { return default(bool); }
/// <summary> /// Constructs the core to use a stored CNG key. /// </summary> public CngSymmetricAlgorithmCore(string algorithm, ICngSymmetricAlgorithm outer, string keyName, CngProvider provider, CngKeyOpenOptions openOptions) { if (keyName == null) { throw new ArgumentNullException("keyName"); } if (provider == null) { throw new ArgumentNullException("provider"); } _algorithm = algorithm; _outer = outer; _keyName = keyName; _provider = provider; _optionOptions = openOptions; using (CngKey cngKey = ProduceCngKey()) { CngAlgorithm actualAlgorithm = cngKey.Algorithm; if (algorithm != actualAlgorithm.Algorithm) { throw new CryptographicException(SR.GetString(SR.Cryptography_CngKeyWrongAlgorithm, actualAlgorithm.Algorithm, algorithm)); } _outer.BaseKeySize = cngKey.KeySize; } }
public static CngKey Open(string keyName, CngProvider provider) { Contract.Ensures(Contract.Result<CngKey>() != null); return Open(keyName, provider, CngKeyOpenOptions.None); }