public void CanValidateSignature()
{
Ed25519KeyPairGenerator kpg = new Ed25519KeyPairGenerator();
kpg.Init(new Ed25519KeyGenerationParameters(Random));
AsymmetricCipherKeyPair kp = kpg.GenerateKeyPair();
Ed25519PrivateKeyParameters privateKey = (Ed25519PrivateKeyParameters)kp.Private;
Ed25519PublicKeyParameters publicKey = (Ed25519PublicKeyParameters)kp.Public;
var pubKeyBase64 = Convert.ToBase64String(publicKey.GetEncoded());
// create signature for item
byte[] msg = new byte[Random.NextInt() & 255];
Random.NextBytes(msg);
var signer = new Ed25519Signer();
signer.Init(true, privateKey);
signer.BlockUpdate(msg, 0, msg.Length);
byte[] signature = signer.GenerateSignature();
var signatureForAppCast = Convert.ToBase64String(signature);
// verify signature
var checker = new Ed25519Checker(NetSparkleUpdater.Enums.SecurityMode.Strict, pubKeyBase64);
Assert.True(checker.VerifySignature(signatureForAppCast, msg) == NetSparkleUpdater.Enums.ValidationResult.Valid);
}
/// <summary>
/// Signs the passed in data with a private key
/// </summary>
/// <param name="privateKey">the private key used to create the signature</param>
/// <param name="data">The data to sign</param>
/// <returns>the signature as a byte array</returns>
public byte[] Sign(byte[] privateKey, byte[] data)
{
Ed25519PrivateKeyParameters privKey = null;
try
{
privKey = (Ed25519PrivateKeyParameters)CreateAsymmetricKeyParameterFromPrivateKeyInfo(privateKey);
}
catch (InvalidCastException exception)
{
string message = "Private Key Import Failed!\n" +
$"{exception.Message}.\n" +
"The contents of the source do not represent a valid Ed25519 key parameter\n" +
"Verify that the key is not corrupted.\n" +
"- or - Verify that the correct key is selected.";
throw new CryptoException(message, exception);
}
var signer = new Ed25519Signer();
signer.Init(true, privKey);
signer.BlockUpdate(data, 0, data.Length);
var signature = signer.GenerateSignature();
return(signature);
}
public byte[] sign(byte[] msg)
{
var signer = new Ed25519Signer();
signer.Init(true, privateKey);
signer.BlockUpdate(msg, 0, msg.Length);
return(signer.GenerateSignature());
}
byte[] ICryptoLibrary.SignEd25519(byte[] plainText, byte[] privateKey)
{
var signer = new Ed25519Signer();
signer.Init(true, new Ed25519PrivateKeyParameters(privateKey, 0));
signer.BlockUpdate(plainText, 0, plainText.Length);
return(signer.GenerateSignature());
}
public static byte[] Sign(byte[] data, string privateKey)
{
Ed25519Signer signer = new Ed25519Signer();
signer.Init(true, privateKey.ToPrivateKeyCipherParamsFromHex());
signer.BlockUpdate(data, 0, data.Length);
return(signer.GenerateSignature());
}
// Sings data with signer’s private key using Bouncy Castle
public static string Sign(string data, string privateKey)
{
var signer = new Ed25519Signer();
signer.Init(true, new Ed25519PrivateKeyParameters(Hex.Decode(privateKey), 0));
signer.BlockUpdate(Encoding.UTF8.GetBytes(data), 0, Encoding.UTF8.GetBytes(data).Length);
return(Hex.ToHexString(signer.GenerateSignature()));
}
/// <summary>
/// Sign the given bytes, and wrap in Signature.
/// </summary>
/// <param name="bytes">bytes the data to sign</param>
/// <returns>a signature</returns>
private Signature RawSignBytes(byte[] bytes)
{
var signer = new Ed25519Signer();
signer.Init(true, privateKeyPair.Private);
signer.BlockUpdate(bytes, 0, bytes.Length);
byte[] signature = signer.GenerateSignature();
return(new Signature(signature));
}
public override byte[] Sign(byte[] input)
{
var signer = new Ed25519Signer();
signer.Init(true, edDsaKey.KeyParameters);
signer.BlockUpdate(input, 0, input.Length);
return(signer.GenerateSignature());
}
public Signature Sign(byte[] msg, byte[] prvKey)
{
var digest = Blake2b.GetDigest(msg);
var privateKey = new Ed25519PrivateKeyParameters(prvKey, 0);
var signer = new Ed25519Signer();
signer.Init(true, privateKey);
signer.BlockUpdate(digest, 0, digest.Length);
return(new Signature(signer.GenerateSignature(), _SignaturePrefix));
}
public override string Sign(string payload, string footer, SigningCredentials signingCredentials)
{
if (payload == null)
{
throw new ArgumentNullException(nameof(payload));
}
if (signingCredentials == null)
{
throw new ArgumentNullException(nameof(signingCredentials));
}
if (signingCredentials.Key.GetType() != typeof(EdDsaSecurityKey))
{
throw new SecurityTokenInvalidSigningKeyException($"PASETO v2 requires a key of type {typeof(EdDsaSecurityKey)}");
}
if (signingCredentials.Algorithm != ExtendedSecurityAlgorithms.EdDsa)
{
throw new SecurityTokenInvalidSigningKeyException($"PASETO v2 requires a key for configured for the '{ExtendedSecurityAlgorithms.EdDsa}' algorithm");
}
var privateKey = (EdDsaSecurityKey)signingCredentials.Key;
if (privateKey.PrivateKeyStatus != PrivateKeyStatus.Exists)
{
throw new SecurityTokenInvalidSigningKeyException($"Missing private key");
}
var payloadBytes = Encoding.UTF8.GetBytes(payload);
var messageToSign = PreAuthEncode(new[]
{
Encoding.UTF8.GetBytes(PublicHeader),
payloadBytes,
Encoding.UTF8.GetBytes(footer ?? string.Empty)
});
var signer = new Ed25519Signer();
signer.Init(true, privateKey.KeyParameters);
signer.BlockUpdate(messageToSign, 0, messageToSign.Length);
var signature = signer.GenerateSignature();
var token = $"{PublicHeader}{Base64UrlEncoder.Encode(payloadBytes.Combine(signature))}";
if (!string.IsNullOrWhiteSpace(footer))
{
token += $".{Base64UrlEncoder.Encode(footer)}";
}
return(token);
}
internal static void Sign(IInvoice invoice, Ed25519PrivateKeyParameters privateKey)
{
var ed25519Signer = new Ed25519Signer();
ed25519Signer.Init(true, privateKey);
ed25519Signer.BlockUpdate(invoice.TxBytes.ToArray(), 0, invoice.TxBytes.Length);
var signature = ed25519Signer.GenerateSignature();
ed25519Signer.Reset();
var publicKey = privateKey.GeneratePublicKey().GetEncoded();
var prefix = new ReadOnlyMemory <byte>(publicKey, 0, Math.Min(Math.Max(6, invoice.MinimumDesiredPrefixSize), publicKey.Length));
invoice.AddSignature(KeyType.Ed25519, prefix, signature);
}
byte[] ICryptoLibrary.SignEd25519(byte[] plainText, byte[] privateKey)
{
if (privateKey == null)
{
throw new ArgumentException(nameof(privateKey));
}
if (plainText == null)
{
throw new ArgumentException(nameof(plainText));
}
var signer = new Ed25519Signer();
signer.Init(true, new Ed25519PrivateKeyParameters(privateKey, 0));
signer.BlockUpdate(plainText, 0, plainText.Length);
return(signer.GenerateSignature());
}
private void BasicSigTest()
{
Ed25519PrivateKeyParameters privateKey = new Ed25519PrivateKeyParameters(
Hex.DecodeStrict("9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60"), 0);
Ed25519PublicKeyParameters publicKey = new Ed25519PublicKeyParameters(
Hex.DecodeStrict("d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a"), 0);
byte[] sig = Hex.Decode("e5564300c360ac729086e2cc806e828a84877f1eb8e5d974d873e065224901555fb8821590a33bacc61e39701cf9b46bd25bf5f0595bbe24655141438e7a100b");
ISigner signer = new Ed25519Signer();
signer.Init(true, privateKey);
IsTrue(AreEqual(sig, signer.GenerateSignature()));
signer.Init(false, publicKey);
IsTrue(signer.VerifySignature(sig));
}
/// <inheritdoc/>
public override byte[] Sign(byte[] input)
{
if (input == null || input.Length == 0)
{
throw new ArgumentNullException(nameof(input));
}
if (EdDsaKey.Curve.Equals("Ed25519"))
{
var privateKey = (Ed25519PrivateKeyParameters)EdDsaKey.KeyParameter;
var signer = new Ed25519Signer();
signer.Init(forSigning: true, privateKey);
signer.BlockUpdate(input, off: 0, len: input.Length);
return(signer.GenerateSignature());
}
throw new ArgumentException($"Unsupported EdDSA curve: \"{EdDsaKey.Curve}\".");
}
private static void EdDsaWithBouncyCastle()
{
// message to sign & verify
var message = Encoding.UTF8.GetBytes("Bob Loblaw");
// private/public key generation
var keyPairGenerator = new Ed25519KeyPairGenerator();
keyPairGenerator.Init(new Ed25519KeyGenerationParameters(new SecureRandom()));
var keyPair = keyPairGenerator.GenerateKeyPair();
var privateKey = (Ed25519PrivateKeyParameters)keyPair.Private;
var publicKey = (Ed25519PublicKeyParameters)keyPair.Public;
// keys are 32-bytes each
var privateKeyBytes = privateKey.GetEncoded();
var publicKeyBytes = publicKey.GetEncoded();
Console.WriteLine("Private key = " + Convert.ToBase64String(privateKeyBytes));
Console.WriteLine("Public key = " + Convert.ToBase64String(publicKeyBytes));
// signature generation
var signer = new Ed25519Signer();
signer.Init(true, privateKey);
signer.BlockUpdate(message, 0, message.Length);
byte[] signature = signer.GenerateSignature();
Console.WriteLine("Signature = " + Convert.ToBase64String(signature));
// signature validation
var validator = new Ed25519Signer();
validator.Init(false, publicKey);
validator.BlockUpdate(message, 0, message.Length);
bool isValidSignature = validator.VerifySignature(signature);
Console.WriteLine("Signature is valid: " + isValidSignature);
}
/// <summary>
/// Gets the signature for file.
/// </summary>
/// <param name="file">The file.</param>
/// <returns>System.String.</returns>
public string GetSignatureForFile(FileInfo file)
{
if (!KeysExist())
{
Console.WriteLine("Keys do not exist");
return(null);
}
if (!file.Exists)
{
Console.Error.WriteLine("Target binary " + file.FullName + " does not exists");
return(null);
}
var data = File.ReadAllBytes(file.FullName);
var signer = new Ed25519Signer();
signer.Init(true, new Ed25519PrivateKeyParameters(GetPrivateKey(), 0));
signer.BlockUpdate(data, 0, data.Length);
return(Convert.ToBase64String(signer.GenerateSignature()));
}
private byte[] Sign(byte[] bytesToBeSigned)
{
string alg = null; // Get the set algorithm or infer one
try {
alg = FindAttribute("alg").AsString();
}
catch (Exception) {
;
}
if (alg == null)
{
switch (keyToSign.AsString("kty"))
{
case "RSA":
alg = "PS256";
break;
case "EC":
switch (keyToSign.AsString("crv"))
{
case "P-256":
alg = "ES256";
break;
case "P-384":
alg = "ES384";
break;
case "P-521":
alg = "ES512";
break;
default:
throw new JOSE_Exception("Unknown curve");
}
break;
default:
throw new JOSE_Exception("Unknown or unsupported key type " + keyToSign.AsString("kty"));
}
objUnprotected.Add("alg", alg);
}
IDigest digest;
IDigest digest2;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JOSE_Exception("Unknown signature algorithm");
}
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")),
ConvertBigNum(keyToSign.AsBytes("e")),
ConvertBigNum(keyToSign.AsBytes("d")),
ConvertBigNum(keyToSign.AsBytes("p")),
ConvertBigNum(keyToSign.AsBytes("q")),
ConvertBigNum(keyToSign.AsBytes("dp")),
ConvertBigNum(keyToSign.AsBytes("dq")),
ConvertBigNum(keyToSign.AsBytes("qi")));
signer.Init(true, prv);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(keyToSign.AsBytes("n")),
ConvertBigNum(keyToSign.AsBytes("e")),
ConvertBigNum(keyToSign.AsBytes("d")),
ConvertBigNum(keyToSign.AsBytes("p")),
ConvertBigNum(keyToSign.AsBytes("q")),
ConvertBigNum(keyToSign.AsBytes("dp")),
ConvertBigNum(keyToSign.AsBytes("dq")),
ConvertBigNum(keyToSign.AsBytes("qi")));
ParametersWithRandom rnd = new ParametersWithRandom(prv, Message.s_PRNG);
signer.Init(true, rnd);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case "ES256":
case "ES384":
case "ES512": {
X9ECParameters p = NistNamedCurves.GetByName(keyToSign.AsString("crv"));
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey =
new ECPrivateKeyParameters("ECDSA", ConvertBigNum(keyToSign.AsBytes("d")), parameters);
ParametersWithRandom param = new ParametersWithRandom(privKey, Message.s_PRNG);
ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest()));
ecdsa.Init(true, param);
BigInteger[] sig = ecdsa.GenerateSignature(bytesToBeSigned);
byte[] r = sig[0].ToByteArrayUnsigned();
byte[] s = sig[1].ToByteArrayUnsigned();
byte[] sigs = new byte[r.Length + s.Length];
Array.Copy(r, sigs, r.Length);
Array.Copy(s, 0, sigs, r.Length, s.Length);
return(sigs);
}
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter key = new KeyParameter(keyToSign.AsBytes("k"));
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.Init(key);
hmac.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
hmac.DoFinal(resBuf, 0);
return(resBuf);
}
case "EdDSA":
switch (keyToSign.AsString("crv"))
{
case "Ed25519": {
ISigner eddsa;
Ed25519PrivateKeyParameters privKey =
new Ed25519PrivateKeyParameters(keyToSign.AsBytes("d"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(true, privKey);
eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(eddsa.GenerateSignature());
}
}
break;
}
return(null);
}
internal byte[] ComputeMac(byte[] bytesToBeSigned, string alg)
{
IDigest digest;
IDigest digest2;
byte[] signature;
switch (alg)
{
case "RS256":
case "ES256":
case "PS256":
case "HS256":
digest = new Sha256Digest();
digest2 = new Sha256Digest();
break;
case "RS384":
case "ES384":
case "PS384":
case "HS384":
digest = new Sha384Digest();
digest2 = new Sha384Digest();
break;
case "RS512":
case "ES512":
case "PS512":
case "HS512":
digest = new Sha512Digest();
digest2 = new Sha512Digest();
break;
case "EdDSA":
digest = null;
digest2 = null;
break;
default:
throw new JoseException("Unknown signature algorithm");
}
switch (alg)
{
case "RS256":
case "RS384":
case "RS512": {
RsaDigestSigner signer = new RsaDigestSigner(digest);
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(this.AsString("n")),
ConvertBigNum(this.AsString("e")),
ConvertBigNum(this.AsString("d")),
ConvertBigNum(this.AsString("p")),
ConvertBigNum(this.AsString("q")),
ConvertBigNum(this.AsString("dp")),
ConvertBigNum(this.AsString("dq")),
ConvertBigNum(this.AsString("qi")));
signer.Init(true, prv);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case "PS256":
case "PS384":
case "PS512": {
PssSigner signer = new PssSigner(new RsaEngine(), digest, digest2, digest.GetDigestSize());
RsaKeyParameters prv = new RsaPrivateCrtKeyParameters(ConvertBigNum(this.AsString("n")),
ConvertBigNum(this.AsString("e")),
ConvertBigNum(this.AsString("d")),
ConvertBigNum(this.AsString("p")),
ConvertBigNum(this.AsString("q")),
ConvertBigNum(this.AsString("dp")),
ConvertBigNum(this.AsString("dq")),
ConvertBigNum(this.AsString("qi")));
ParametersWithRandom rnd = new ParametersWithRandom(prv, Message.s_PRNG);
signer.Init(true, rnd);
signer.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
return(signer.GenerateSignature());
}
case "ES256":
case "ES384":
case "ES512": {
digest.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
byte[] o1 = new byte[digest.GetDigestSize()];
digest.DoFinal(o1, 0);
X9ECParameters p = NistNamedCurves.GetByName(this.AsString("crv"));
ECDomainParameters parameters = new ECDomainParameters(p.Curve, p.G, p.N, p.H);
ECPrivateKeyParameters privKey =
new ECPrivateKeyParameters("ECDSA", ConvertBigNum(this.AsString("d")), parameters);
ParametersWithRandom param = new ParametersWithRandom(privKey, Message.s_PRNG);
ECDsaSigner ecdsa = new ECDsaSigner(new HMacDsaKCalculator(new Sha256Digest()));
ecdsa.Init(true, param);
BigInteger[] sig = ecdsa.GenerateSignature(o1);
byte[] r = sig[0].ToByteArrayUnsigned();
byte[] s = sig[1].ToByteArrayUnsigned();
int cbR = (p.Curve.FieldSize + 7) / 8;
byte[] sigs = new byte[cbR * 2];
Array.Copy(r, 0, sigs, cbR - r.Length, r.Length);
Array.Copy(s, 0, sigs, cbR + cbR - s.Length, s.Length);
signature = sigs;
return(sigs);
}
case "HS256":
case "HS384":
case "HS512": {
HMac hmac = new HMac(digest);
KeyParameter key = new KeyParameter(this.AsBytes("k"));
byte[] resBuf = new byte[hmac.GetMacSize()];
hmac.Init(key);
hmac.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
hmac.DoFinal(resBuf, 0);
signature = resBuf;
return(resBuf);
}
case "EdDSA":
switch (this.AsString("crv"))
{
case "Ed25519": {
ISigner eddsa;
Ed25519PrivateKeyParameters privKey =
new Ed25519PrivateKeyParameters(this.AsBytes("d"), 0);
eddsa = new Ed25519Signer();
eddsa.Init(true, privKey);
eddsa.BlockUpdate(bytesToBeSigned, 0, bytesToBeSigned.Length);
signature = eddsa.GenerateSignature();
return(signature);
}
}
break;
}
return(null);
}
