} // End Function ReadPublicKey
public static Org.BouncyCastle.Crypto.AsymmetricKeyParameter ReadPrivateKey(string privateKey)
{
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = null;
using (System.IO.TextReader reader = new System.IO.StringReader(privateKey))
{
Org.BouncyCastle.OpenSsl.PemReader pemReader =
new Org.BouncyCastle.OpenSsl.PemReader(reader);
object obj = pemReader.ReadObject();
if (obj is Org.BouncyCastle.Crypto.AsymmetricKeyParameter)
{
throw new System.ArgumentException("The given privateKey is a public key, not a privateKey...", "privateKey");
}
if (!(obj is Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair))
{
throw new System.ArgumentException("The given privateKey is not a valid assymetric key.", "privateKey");
}
keyPair = (Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair)obj;
} // End using reader
// Org.BouncyCastle.Crypto.AsymmetricKeyParameter priv = keyPair.Private;
// Org.BouncyCastle.Crypto.AsymmetricKeyParameter pub = keyPair.Public;
// Note:
// cipher.Init(false, key);
// !!!
return(keyPair.Private);
} // End Function ReadPrivateKey
} // End Function VerifySignature
// https://stackoverflow.com/questions/18244630/elliptic-curve-with-digital-signature-algorithm-ecdsa-implementation-on-bouncy
public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateEcdsaKeyPair()
{
Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator gen =
new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator();
Org.BouncyCastle.Security.SecureRandom secureRandom =
new Org.BouncyCastle.Security.SecureRandom();
// https://github.com/bcgit/bc-csharp/blob/master/crypto/src/asn1/sec/SECNamedCurves.cs#LC1096
Org.BouncyCastle.Asn1.X9.X9ECParameters ps =
Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1");
Org.BouncyCastle.Crypto.Parameters.ECDomainParameters ecParams =
new Org.BouncyCastle.Crypto.Parameters.ECDomainParameters(ps.Curve, ps.G, ps.N, ps.H);
Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters keyGenParam =
new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(ecParams, secureRandom);
gen.Init(keyGenParam);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gen.GenerateKeyPair();
// Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters priv =
// (Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters)kp.Private;
return(kp);
} // End Function GenerateEcdsaKeyPair
} // End Sub GenerateSslCertificate
public static void Test(
Org.BouncyCastle.X509.X509Certificate sslCertificate,
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair sslCertificateKeyPair
)
{
string pemCert = ToPem(sslCertificate);
// SSL
(string Private, string Public)certKeys = KeyPairToPem(sslCertificateKeyPair);
System.ReadOnlySpan <char> certSpan = System.MemoryExtensions.AsSpan(pemCert);
System.ReadOnlySpan <char> keySpan = System.MemoryExtensions.AsSpan(certKeys.Private);
System.Security.Cryptography.X509Certificates.X509Certificate2 certSslLoaded = System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPem(certSpan, keySpan);
System.Console.WriteLine(sslCertificate);
System.Console.WriteLine(certSslLoaded);
Org.BouncyCastle.X509.X509Certificate certly = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certSslLoaded);
// bool b = certly.Equals(rootCertificate);
// System.Console.WriteLine(b);
// certly.GetPublicKey()
Org.BouncyCastle.X509.X509Certificate cert = ReadCertificate("obelix.pem");
System.Console.WriteLine(cert);
} // End Sub Test
} // End Function GenerateRsaKeyPair
public static void WritePrivatePublic(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair)
{
string privateKey = null;
string publicKey = null;
// id_rsa
using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
{
Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);
pemWriter.WriteObject(keyPair.Private);
pemWriter.Writer.Flush();
privateKey = textWriter.ToString();
} // End Using textWriter
// id_rsa.pub
using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
{
Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);
pemWriter.WriteObject(keyPair.Public);
pemWriter.Writer.Flush();
publicKey = textWriter.ToString();
} // End Using textWriter
System.Console.WriteLine(privateKey);
System.Console.WriteLine(publicKey);
} // End Sub WritePrivatePublic
} // End Sub Test
public static (string Private, string Public) KeyPairToPem(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair)
{
string k1 = KeyToPemString(keyPair.Private);
string k2 = KeyToPemString(keyPair.Public);
return(new System.ValueTuple <string, string>(k1, k2));
}
public static byte[] CreateSelfSignedCertificate(string[] alternativeNames, string password)
{
string pemKey = SecretManager.GetSecret <string>("skynet_key");
string pemCert = SecretManager.GetSecret <string>("skynet_cert");
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair rootKey = ReadAsymmetricKeyParameter(pemKey);
Org.BouncyCastle.X509.X509Certificate rootCert = PemStringToX509(pemCert);
Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create());
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateRsaKeyPair(2048, random);
Org.BouncyCastle.X509.X509Certificate sslCertificate = SelfSignSslCertificate(
random
, rootCert
, certKeyPair.Public
, rootKey.Private
, alternativeNames
);
bool val = CerGenerator.ValidateSelfSignedCert(sslCertificate, rootCert.GetPublicKey());
if (val == false)
{
throw new System.InvalidOperationException("SSL certificate does NOT validate successfully.");
}
byte[] pfx = CreatePfxBytes(sslCertificate, certKeyPair.Private, password);
return(pfx);
} // End Function CreateSelfSignedCertificate
GenerateBadGost3410KeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength)
{
// Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen1 = Org.BouncyCastle.Security.GeneratorUtilities.GetKeyPairGenerator("DSA");
// NID_id_GostR3410_2001_CryptoPro_A_ParamSet
Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen = new Org.BouncyCastle.Crypto.Generators.Gost3410KeyPairGenerator();
Org.BouncyCastle.Crypto.Generators.Gost3410ParametersGenerator pGen = new Org.BouncyCastle.Crypto.Generators.Gost3410ParametersGenerator();
pGen.Init(keystrength, 2, random); //TODO:
Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters kgp = new Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters(
random
// , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x94CryptoProA
// , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001CryptoProA
// , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94
// , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet
, Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001
);
Org.BouncyCastle.Crypto.Parameters.Gost3410Parameters parameters = pGen.GenerateParameters();
Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters(random, parameters);
keypairGen.Init(genParam);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = keypairGen.GenerateKeyPair();
return(kp);
}
// https://social.msdn.microsoft.com/Forums/vstudio/en-US/80ccc76f-bf98-4cda-9583-f651013b24a5/extract-private-key-as-string-from-pfx-file?forum=csharpgeneral
// One of my collegues actually found the solution and I thought I'd share it.
// Extract Private Key as String from PFX File
public static void GetPrivateKey(string pfxLocation, string password)
{
// Windows's PFX files are just renamed PKCS#12 files,
// Load your certificate from file
System.Security.Cryptography.X509Certificates.X509Certificate2 certificate =
new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxLocation, password
, System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable
| System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet);
// Private Key
if (certificate.HasPrivateKey)
{
throw new System.IO.InvalidDataException("no private key in pfx file.");
}
System.Security.Cryptography.RSACryptoServiceProvider rsa = (System.Security.Cryptography.RSACryptoServiceProvider)certificate.PrivateKey;
System.IO.MemoryStream memoryStream = new System.IO.MemoryStream();
System.IO.TextWriter streamWriter = new System.IO.StreamWriter(memoryStream);
Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(streamWriter);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = Org.BouncyCastle.Security.DotNetUtilities.GetRsaKeyPair(rsa);
pemWriter.WriteObject(keyPair.Private);
streamWriter.Flush();
string output = System.Text.Encoding.ASCII.GetString(memoryStream.GetBuffer()).Trim();
int index_of_footer = output.IndexOf("-----END RSA PRIVATE KEY-----");
memoryStream.Close();
streamWriter.Close();
string PrivKey = output.Substring(0, index_of_footer + 29);
}
public static void GenerateSslCertificate(PfxData pfx, Org.BouncyCastle.Security.SecureRandom random)
{
string curveName = "curve25519"; curveName = "secp256k1";
// IIS does not support Elliptic Curve...
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateEcKeyPair(curveName, random);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateRsaKeyPair(2048, random);
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateDsaKeyPair(1024, random);
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateDHKeyPair(1024, random);
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateGostKeyPair(4096, random);
Org.BouncyCastle.X509.X509Certificate sslCertificate = SelfSignSslCertificate(random, pfx.Certificate, certKeyPair.Public, pfx.PrivateKey);
bool val = CerGenerator.ValidateSelfSignedCert(sslCertificate, pfx.Certificate.GetPublicKey());
// SSL
(string Private, string Public)certKeys = KeyPairToPem(certKeyPair);
PfxFile.Create(@"obelix.pfx", sslCertificate, certKeyPair.Private, "");
WriteCerAndCrt(sslCertificate, @"obelix");
System.IO.File.WriteAllText(@"obelix_private.key", certKeys.Private, System.Text.Encoding.ASCII);
// System.IO.File.WriteAllText(@"obelix_public.key", certKeys.Public, System.Text.Encoding.ASCII);
string pemCert = ToPem(sslCertificate);
System.IO.File.WriteAllText(@"obelix.pem", pemCert, System.Text.Encoding.ASCII);
} // End Sub GenerateSslCertificate
private static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateDsaKeys()
{
DSACryptoServiceProvider DSA = new DSACryptoServiceProvider();
DSAParameters dsaParams = DSA.ExportParameters(true);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keys =
Org.BouncyCastle.Security.DotNetUtilities.GetDsaKeyPair(dsaParams);
return(keys);
}
public BouncyRsa(string privateKey)
{
using (System.IO.StringReader txtreader = new System.IO.StringReader(privateKey))
{
m_keyPair = (Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair) new Org.BouncyCastle.OpenSsl.PemReader(txtreader).ReadObject();
}
m_keyParameter = m_keyPair.Public;
}
} // End Sub GenerateRootCertificate
public static Org.BouncyCastle.X509.X509Certificate SelfSignSslCertificate(
Org.BouncyCastle.Security.SecureRandom random
, Org.BouncyCastle.X509.X509Certificate caRoot
, Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey
, Org.BouncyCastle.Crypto.AsymmetricKeyParameter rootCertPrivateKey
) // PrivatePublicPemKeyPair subjectKeyPair)
{
Org.BouncyCastle.X509.X509Certificate caSsl = null;
string countryIso2Characters = "GA";
string stateOrProvince = "Aremorica";
string localityOrCity = "Erquy, Bretagne";
string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA";
string division = "Neanderthal Technology Group (NT)";
string domainName = "localhost";
domainName = "*.sql.guru";
domainName = "localhost";
string email = "webmaster@localhost";
CertificateInfo ci = new CertificateInfo(
countryIso2Characters, stateOrProvince
, localityOrCity, companyName
, division, domainName, email
, System.DateTime.UtcNow
, System.DateTime.UtcNow.AddYears(5)
);
ci.AddAlternativeNames("localhost", System.Environment.MachineName, "127.0.0.1",
"sql.guru", "*.sql.guru", "example.int", "foo.int", "bar.int", "foobar.int", "*.com");
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, random);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, random);
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, random);
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, random);
caSsl = CerGenerator.GenerateSslCertificate(
ci
, subjectPublicKey
, rootCertPrivateKey
, caRoot
, random
);
/*
* PfxGenerator.CreatePfxFile(@"obelix.pfx", caSsl, kp1.Private, "");
* CerGenerator.WritePrivatePublicKey("obelix", ci.SubjectKeyPair);
*
*
* CerGenerator.WriteCerAndCrt(@"ca", caRoot);
* CerGenerator.WriteCerAndCrt(@"obelix", caSsl);
*/
return(caSsl);
} // End Sub SelfSignSslCertificate
} // End Sub GenerateRsaKeyPair
public BouncyRsa() : base()
{
int keySize = 2048;
m_keyPair = GenerateRsaKeyPair(keySize);
//m_keyParameter = m_keyPair.Public;
m_keyParameter = m_keyPair.Private;
this.KeySizeValue = keySize;
}
public static byte[] GenerateDsaCertificateAsPkcs12(
string friendlyName,
string subjectName,
string country,
System.DateTime validStartDate,
System.DateTime validEndDate,
string password,
Org.BouncyCastle.X509.X509Certificate caCert,
Org.BouncyCastle.Crypto.AsymmetricKeyParameter caPrivateKey)
{
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keys = GenerateDsaKeys();
#region build certificate
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
// build name attributes
System.Collections.ArrayList nameOids = new System.Collections.ArrayList();
nameOids.Add(Org.BouncyCastle.Asn1.X509.X509Name.CN);
nameOids.Add(X509Name.O);
nameOids.Add(X509Name.C);
System.Collections.ArrayList nameValues = new System.Collections.ArrayList();
nameValues.Add(friendlyName);
nameValues.Add(subjectName);
nameValues.Add(country);
X509Name subjectDN = new X509Name(nameOids, nameValues);
// certificate fields
certGen.SetSerialNumber(Org.BouncyCastle.Math.BigInteger.ValueOf(1));
certGen.SetIssuerDN(caCert.SubjectDN);
certGen.SetNotBefore(validStartDate);
certGen.SetNotAfter(validEndDate);
certGen.SetSubjectDN(subjectDN);
certGen.SetPublicKey(keys.Public);
certGen.SetSignatureAlgorithm("SHA1withDSA");
// extended information
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.GetPublicKey()));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keys.Public));
#endregion
// generate x509 certificate
X509Certificate cert = certGen.Generate(caPrivateKey);
//ert.Verify(caCert.GetPublicKey());
System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate> chain =
new System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate>();
//chain.Add("CertiFirmas CA", caCert);
// string caCn = caCert.SubjectDN.GetValues(X509Name.CN)[0].ToString();
string caCn = caCert.SubjectDN.GetValueList(X509Name.CN)[0].ToString();
chain.Add(caCn, caCert);
// store the file
return(GeneratePkcs12(keys, cert, friendlyName, password, chain));
}
} // End Sub WritePrivatePublic
public static void SignVerifyData(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair)
{
string msg = "Hello world";
msg = null;
string signature = SignData(msg, keyPair.Private);
bool verificationResult = VerifySignature(keyPair.Public, signature, msg);
System.Console.WriteLine(verificationResult);
}
} // End Function ReadAsymmetricKeyParameter
private static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair ReadAsymmetricKeyParameter(string pemString)
{
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair para = null;
using (System.IO.TextReader tr = new System.IO.StringReader(pemString))
{
para = ReadAsymmetricKeyParameter(tr);
} // End Using tr
return(para);
} // End Function ReadAsymmetricKeyParameter
} // End Function GetAlternativeNames
public static byte[] GetRootCertPfx(string password)
{
string pemKey = SecretManager.GetSecret <string>("skynet_key");
string pemCert = SecretManager.GetSecret <string>("skynet_cert");
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair rootKey = ReadAsymmetricKeyParameter(pemKey);
Org.BouncyCastle.X509.X509Certificate rootCert = PemStringToX509(pemCert);
byte[] pfx = CreatePfxBytes(rootCert, rootKey.Private, password);
return(pfx);
}
// GenerateRsaKeyPair(1024)
public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateRsaKeyPair(int strength)
{
Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator gen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator();
Org.BouncyCastle.Security.SecureRandom secureRandom = new Org.BouncyCastle.Security.SecureRandom(new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator());
Org.BouncyCastle.Crypto.KeyGenerationParameters keyGenParam = new Org.BouncyCastle.Crypto.KeyGenerationParameters(secureRandom, strength);
gen.Init(keyGenParam);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gen.GenerateKeyPair();
return(kp);
} // End Function GenerateRsaKeyPair
} // End Sub ExportKeyPair
// https://stackoverflow.com/questions/22008337/generating-keypair-using-bouncy-castle
// https://stackoverflow.com/questions/14052485/converting-a-public-key-in-subjectpublickeyinfo-format-to-rsapublickey-format-ja
// https://stackoverflow.com/questions/10963756/get-der-encoded-public-key
// http://www.programcreek.com/java-api-examples/index.php?api=org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory
public static void CerKeyInfo(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair)
{
Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo pkInfo = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
string privateKey = System.Convert.ToBase64String(pkInfo.GetDerEncoded());
// and following for public:
Org.BouncyCastle.Asn1.X509.SubjectPublicKeyInfo info = Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);
string publicKey = System.Convert.ToBase64String(info.GetDerEncoded());
System.Console.WriteLine(privateKey);
System.Console.WriteLine(publicKey);
} // End Sub CerKeyInfo
private static byte[] GeneratePkcs12(
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keys,
Org.BouncyCastle.X509.X509Certificate cert,
string friendlyName,
string password,
System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate> chain)
{
System.Collections.Generic.List <X509CertificateEntry> chainCerts =
new System.Collections.Generic.List <X509CertificateEntry>();
// Create the PKCS12 store
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
// Add a Certificate entry
X509CertificateEntry certEntry = new X509CertificateEntry(cert);
store.SetCertificateEntry(friendlyName, certEntry); // use DN as the Alias.
//chainCerts.Add(certEntry);
// Add chain entries
System.Collections.Generic.List <byte[]> additionalCertsAsBytes =
new System.Collections.Generic.List <byte[]>();
if (chain != null && chain.Count > 0)
{
foreach (System.Collections.Generic.KeyValuePair <string, X509Certificate> additionalCert in chain)
{
additionalCertsAsBytes.Add(additionalCert.Value.GetEncoded());
}
}
if (chain != null && chain.Count > 0)
{
System.Collections.Generic.IEnumerable <X509Certificate> addicionalCertsAsX09Chain =
BuildCertificateChainBC(cert.GetEncoded(), additionalCertsAsBytes);
foreach (X509Certificate addCertAsX09 in addicionalCertsAsX09Chain)
{
chainCerts.Add(new X509CertificateEntry(addCertAsX09));
}
}
// Add a key entry
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(keys.Private);
// no chain
store.SetKeyEntry(friendlyName, keyEntry, new X509CertificateEntry[] { certEntry });
using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream())
{
store.Save(memoryStream, password.ToCharArray(), new Org.BouncyCastle.Security.SecureRandom());
return(memoryStream.ToArray());
}
}
public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateRsaKeyPair(Org.BouncyCastle.Security.SecureRandom random, int strength)
{
Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator gen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator();
Org.BouncyCastle.Crypto.KeyGenerationParameters keyGenParam =
new Org.BouncyCastle.Crypto.KeyGenerationParameters(random, strength);
gen.Init(keyGenParam);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gen.GenerateKeyPair();
return(kp);
} // End Sub GenerateRsaKeyPair
// https://stackoverflow.com/questions/6029937/net-private-key-rsa-encryption
public static void DotNetRsaParamtersFromPemFile()
{
using (System.IO.StreamReader sr = new System.IO.StreamReader("../../privatekey.pem"))
{
Org.BouncyCastle.OpenSsl.PemReader pr = new Org.BouncyCastle.OpenSsl.PemReader(sr);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair KeyPair = (Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair)pr.ReadObject();
System.Security.Cryptography.RSAParameters rsa = Org.BouncyCastle.Security.DotNetUtilities.ToRSAParameters(
(Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)KeyPair.Private
);
}
}
GenerateGost3410KeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength)
{
Org.BouncyCastle.Crypto.Parameters.ECDomainParameters gostEcDomainParameters =
Org.BouncyCastle.Asn1.CryptoPro.ECGost3410NamedCurves.GetByOid(
Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001CryptoProA);
Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator gostKeyGen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator();
Org.BouncyCastle.Crypto.KeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(gostEcDomainParameters, random);
gostKeyGen.Init(genParam);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gostKeyGen.GenerateKeyPair();
return(kp);
}
GenerateDsaKeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength)
{
Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen = new Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator();
Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator pGen = new Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator();
pGen.Init(keystrength, 80, random); //TODO:
Org.BouncyCastle.Crypto.Parameters.DsaParameters parameters = pGen.GenerateParameters();
Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters(random, parameters);
keypairGen.Init(genParam);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = keypairGen.GenerateKeyPair();
return(kp);
}
} // End Sub GenerateRsaKeyPair
public static void WritePrivatePublic(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair)
{
string privateKey = null;
string publicKey = null;
string bothKeys = null;
// id_rsa
using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
{
Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);
pemWriter.WriteObject(keyPair.Private);
pemWriter.Writer.Flush();
privateKey = textWriter.ToString();
} // End Using textWriter
// id_rsa.pub
using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
{
Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);
pemWriter.WriteObject(keyPair.Public);
pemWriter.Writer.Flush();
publicKey = textWriter.ToString();
} // End Using textWriter
// // This writes the same as private key, not both
//using (System.IO.TextWriter textWriter = new System.IO.StringWriter())
//{
// Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter);
// pemWriter.WriteObject(keyPair);
// pemWriter.Writer.Flush();
// bothKeys = textWriter.ToString();
//} // End Using textWriter
System.Console.WriteLine(privateKey);
System.Console.WriteLine(publicKey);
//System.Console.WriteLine(bothKeys);
// Org.BouncyCastle.Crypto.AsymmetricKeyParameter pk = ReadPrivateKey(privateKey);
// Org.BouncyCastle.Crypto.AsymmetricKeyParameter pubKey = ReadPublicKey(publicKey);
// ReadPublicKey(privateKey); // Cannot read this
// ReadPrivateKey(publicKey); // Cannot read this either...
// CerKeyInfo(keyPair);
} // End Sub WritePrivatePublic
} // End Sub GenerateRsaKeyPair
public static RSA GetMsRsaProvider()
{
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair m_keyPair = GenerateRsaKeyPair(2048);
// Org.BouncyCastle.Crypto.AsymmetricKeyParameter m_keyParameter = m_keyPair.Public;
// Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters pub = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)m_keyPair.Public;
Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters priv = (Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)m_keyPair.Private;
var dnPriv = ToRSAParameters(priv);
//var dnPub = ToRSAParameters(pub);
return(CreateRSAProvider(dnPriv));
}
public static System.Security.Cryptography.ECDsa GetMsEcdsaProvider()
{
string namedCurve = "prime256v1";
Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator pGen =
new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator();
Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters genParam =
new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(
Org.BouncyCastle.Asn1.X9.X962NamedCurves.GetOid(namedCurve),
new Org.BouncyCastle.Security.SecureRandom()
);
pGen.Init(genParam);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = pGen.GenerateKeyPair();
Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters pub =
(Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)keyPair.Public;
Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters priv =
(Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters)keyPair.Private;
System.Security.Cryptography.ECParameters pars = new ECParameters();
//string str = priv.Parameters.Curve.ToString();
//System.Console.WriteLine(str);
//pars.Curve = new ECCurve();
//pars.D = priv.D.ToByteArray();
//pars.Q = new System.Security.Cryptography.ECPoint();
//pars.Q.X = pub.Q.X.GetEncoded();
//pars.Q.Y = pub.Q.Y.GetEncoded();
//System.Security.Cryptography.ECDsa.Create(pars);
// The CngKey can be created by importing the key using the Der encoded bytes:
Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo bcKeyInfo =
Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private)
;
byte[] pkcs8Blob = bcKeyInfo.GetDerEncoded();
CngKey importedKey = CngKey.Import(pkcs8Blob, CngKeyBlobFormat.Pkcs8PrivateBlob);
return(new System.Security.Cryptography.ECDsaCng(importedKey));
}
public BouncyRsa(string privateKey) : base()
{
using (System.IO.StringReader txtreader = new System.IO.StringReader(privateKey))
{
m_keyPair =
(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair) new Org.BouncyCastle.OpenSsl.PemReader(txtreader)
.ReadObject();
}
m_keyParameter = m_keyPair.Private;
// var x = (Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)m_keyPair.Public;
// var x = (Org.BouncyCastle.Crypto.Parameters.RsaKeyGenerationParameters)m_keyPair.Public;
var x = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters) this.m_keyParameter;
this.KeySizeValue = x.Modulus.BitLength;
}
} // End Constructor
public BouncyECDSA(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp)
: base()
{
this.m_privKey = (Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters)kp.Private;
this.m_pubKey = (Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)kp.Public;
//this.KeySizeValue = keySize;
//var x = (Org.BouncyCastle.Crypto.Parameters.ECKeyParameters)kp.Public;
// var x = (Org.BouncyCastle.Crypto.Parameters.DsaPublicKeyParameters)kp.Public;
// var y = (Org.BouncyCastle.Crypto.Parameters.DsaPrivateKeyParameters)kp.Private;
// this.KeySizeValue = x.Y.BitCount;
// this.KeySizeValue = y.X.BitCount;
this.KeySizeValue = this.m_privKey.Parameters.Curve.FieldSize;
} // End Constructor
} // End Sub SelfSignSslCertificate
// https://stackoverflow.com/questions/51703109/nginx-the-ssl-directive-is-deprecated-use-the-listen-ssl
public static Org.BouncyCastle.X509.X509Certificate GenerateRootCertificate()
{
string countryIso2Characters = "EA";
string stateOrProvince = "Europe";
string localityOrCity = "NeutralZone";
string companyName = "Skynet Earth Inc.";
string division = "Skynet mbH";
string domainName = "Skynet";
string email = "*****@*****.**";
Org.BouncyCastle.Security.SecureRandom sr = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create());
Org.BouncyCastle.X509.X509Certificate caRoot = null;
Org.BouncyCastle.X509.X509Certificate caSsl = null;
// string curveName = "curve25519"; curveName = "secp256k1";
CertificateInfo caCertInfo = new CertificateInfo(
countryIso2Characters, stateOrProvince
, localityOrCity, companyName
, division, domainName, email
, System.DateTime.UtcNow
, System.DateTime.UtcNow.AddYears(5)
);
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, sr);
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, sr);
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, sr);
// Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, sr);
// kp1 = KeyGenerator.GenerateGhostKeyPair(4096, s_secureRandom.Value);
caCertInfo.SubjectKeyPair = KeyImportExport.GetPemKeyPair(kp1);
caCertInfo.IssuerKeyPair = KeyImportExport.GetPemKeyPair(kp1);
caRoot = CerGenerator.GenerateRootCertificate(caCertInfo, sr);
PfxGenerator.CreatePfxFile(@"ca.pfx", caRoot, kp1.Private, null);
CerGenerator.WritePrivatePublicKey("issuer", caCertInfo.IssuerKeyPair);
return(caRoot);
} // End Sub GenerateRootCertificate
