public KekRecipientInfo(KekIdentifier kekID, AlgorithmIdentifier keyEncryptionAlgorithm, Asn1OctetString encryptedKey)
{
version = new DerInteger(4);
this.kekID = kekID;
this.keyEncryptionAlgorithm = keyEncryptionAlgorithm;
this.encryptedKey = encryptedKey;
}
public KekRecipientInfo(Asn1Sequence seq)
{
version = (DerInteger)seq[0];
kekID = KekIdentifier.GetInstance(seq[1]);
keyEncryptionAlgorithm = AlgorithmIdentifier.GetInstance(seq[2]);
encryptedKey = (Asn1OctetString)seq[3];
}
internal KekRecipientInformation(KekRecipientInfo info, CmsSecureReadable secureReadable) : base(info.KeyEncryptionAlgorithm, secureReadable)
{
this.info = info;
this.rid = new RecipientID();
KekIdentifier kekID = info.KekID;
this.rid.KeyIdentifier = kekID.KeyIdentifier.GetOctets();
}
public void AddKekRecipient(string keyAlgorithm, KeyParameter key, KekIdentifier kekIdentifier)
{
KekRecipientInfoGenerator kekRecipientInfoGenerator = new KekRecipientInfoGenerator();
kekRecipientInfoGenerator.KekIdentifier = kekIdentifier;
kekRecipientInfoGenerator.KeyEncryptionKeyOID = keyAlgorithm;
kekRecipientInfoGenerator.KeyEncryptionKey = key;
recipientInfoGenerators.Add(kekRecipientInfoGenerator);
}
internal RecipientInf(
string secKeyAlgorithm, // TODO Can get this from secKey?
KeyParameter secKey,
KekIdentifier secKeyId)
{
this.secKeyAlgorithm = secKeyAlgorithm;
this.secKey = secKey;
this.secKeyId = secKeyId;
if (secKeyAlgorithm.StartsWith("DES"))
{
keyEncAlg = new AlgorithmIdentifier(
PkcsObjectIdentifiers.IdAlgCms3DesWrap,
DerNull.Instance);
}
else if (secKeyAlgorithm.StartsWith("RC2"))
{
keyEncAlg = new AlgorithmIdentifier(
PkcsObjectIdentifiers.IdAlgCmsRC2Wrap,
new DerInteger(58));
}
else if (secKeyAlgorithm.StartsWith("AES"))
{
byte[] secKeyEncoded = secKey.GetKey();
int length = secKeyEncoded.Length * 8;
DerObjectIdentifier wrapOid;
if (length == 128)
{
wrapOid = NistObjectIdentifiers.IdAes128Wrap;
}
else if (length == 192)
{
wrapOid = NistObjectIdentifiers.IdAes192Wrap;
}
else if (length == 256)
{
wrapOid = NistObjectIdentifiers.IdAes256Wrap;
}
else
{
throw new ArgumentException("illegal keysize in AES");
}
keyEncAlg = new AlgorithmIdentifier(wrapOid, DerNull.Instance);
}
else
{
throw new ArgumentException("unknown algorithm");
}
}
/**
* add a KEK recipient.
* @param key the secret key to use for wrapping
* @param keyIdentifier the byte string that identifies the key
*/
public void AddKekRecipient(
string keyAlgorithm, // TODO Remove need for this parameter
KeyParameter key,
KekIdentifier kekIdentifier)
{
KekRecipientInfoGenerator kekrig = new KekRecipientInfoGenerator();
kekrig.KekIdentifier = kekIdentifier;
kekrig.KeyEncryptionKeyOID = keyAlgorithm;
kekrig.KeyEncryptionKey = key;
recipientInfoGenerators.Add(kekrig);
}
// private AlgorithmIdentifier _encAlg;
public KekRecipientInformation(
KekRecipientInfo info,
AlgorithmIdentifier encAlg,
Stream data)
: base(encAlg, AlgorithmIdentifier.GetInstance(info.KeyEncryptionAlgorithm), data)
{
this._info = info;
this._encAlg = encAlg;
this._rid = new RecipientID();
KekIdentifier kekId = info.KekID;
_rid.KeyIdentifier = kekId.KeyIdentifier.GetOctets();
}
public KekRecipientInformation(
KekRecipientInfo info,
AlgorithmIdentifier encAlg,
AlgorithmIdentifier macAlg,
AlgorithmIdentifier authEncAlg,
Stream data)
: base(encAlg, macAlg, authEncAlg, info.KeyEncryptionAlgorithm, data)
{
this.info = info;
this.rid = new RecipientID();
KekIdentifier kekId = info.KekID;
rid.KeyIdentifier = kekId.KeyIdentifier.GetOctets();
}
internal RecipientInf(
string secKeyAlgorithm, // TODO Can get this from secKey?
KeyParameter secKey,
KekIdentifier secKeyId)
{
this.secKeyAlgorithm = secKeyAlgorithm;
this.secKey = secKey;
this.secKeyId = secKeyId;
if (secKeyAlgorithm.StartsWith("DES"))
{
keyEncAlg = new AlgorithmIdentifier(
PkcsObjectIdentifiers.IdAlgCms3DesWrap,
DerNull.Instance);
}
else if (secKeyAlgorithm.StartsWith("RC2"))
{
keyEncAlg = new AlgorithmIdentifier(
PkcsObjectIdentifiers.IdAlgCmsRC2Wrap,
new DerInteger(58));
}
else if (secKeyAlgorithm.StartsWith("AES"))
{
int length = secKey.GetKey().Length * 8;
DerObjectIdentifier wrapOid;
if (length == 128)
{
wrapOid = NistObjectIdentifiers.IdAes128Wrap;
}
else if (length == 192)
{
wrapOid = NistObjectIdentifiers.IdAes192Wrap;
}
else if (length == 256)
{
wrapOid = NistObjectIdentifiers.IdAes256Wrap;
}
else
{
throw new ArgumentException("illegal keysize in AES");
}
keyEncAlg = new AlgorithmIdentifier(wrapOid); // parameters absent
}
else if (secKeyAlgorithm.StartsWith("SEED"))
{
// parameters absent
keyEncAlg = new AlgorithmIdentifier(KisaObjectIdentifiers.IdNpkiAppCmsSeedWrap);
}
else if (secKeyAlgorithm.StartsWith("CAMELLIA"))
{
int length = secKey.GetKey().Length * 8;
DerObjectIdentifier wrapOid;
if (length == 128)
{
wrapOid = NttObjectIdentifiers.IdCamellia128Wrap;
}
else if (length == 192)
{
wrapOid = NttObjectIdentifiers.IdCamellia192Wrap;
}
else if (length == 256)
{
wrapOid = NttObjectIdentifiers.IdCamellia256Wrap;
}
else
{
throw new ArgumentException("illegal keysize in Camellia");
}
keyEncAlg = new AlgorithmIdentifier(wrapOid); // parameters must be absent
}
else
{
throw new ArgumentException("unknown algorithm");
}
}
