public static void CreateSignature(System.Security.Cryptography.X509Certificates.X509Certificate2 mycert)
{
// https://www.programcreek.com/java-api-examples/?api=org.bouncycastle.x509.X509V3CertificateGenerator
// https://forums.asp.net/t/2154987.aspx?Create+Self+Signed+Certificate+programatically+uisng+C+
// System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromCertFile()
// https://overcoder.net/q/429916/bouncycastle-privatekey-to-x509%D1%81%D0%B5%D1%80%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%822-privatekey
// https://www.csharpcodi.com/csharp-examples/Org.BouncyCastle.X509.X509Certificate.GetPublicKey()/
Org.BouncyCastle.Crypto.AsymmetricKeyParameter Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(mycert.PrivateKey).Private;
// if(mycert.HasPrivateKey)
Org.BouncyCastle.Crypto.AsymmetricKeyParameter bouncyCastlePrivateKey = TransformRSAPrivateKey(mycert.PrivateKey);
Org.BouncyCastle.X509.X509CertificateParser certParser = new Org.BouncyCastle.X509.X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate bouncyCertificate = certParser.ReadCertificate(mycert.GetRawCertData());
Org.BouncyCastle.Crypto.AsymmetricKeyParameter pubKey = bouncyCertificate.GetPublicKey();
Org.BouncyCastle.Crypto.IDigest algorithm = Org.BouncyCastle.Security.DigestUtilities.GetDigest(bouncyCertificate.SigAlgOid);
// X509Certificate2Signature signature = new X509Certificate2Signature(mycert, algorithm);
// https://github.com/kusl/itextsharp/blob/master/tags/iTextSharp_5_4_5/src/core/iTextSharp/text/pdf/security/X509Certificate2Signature.cs
// Sign
// PemReader pem = new PemReader();
// pem.ReadPemObject().Headers
// RSACryptoServiceProvider rsa = pem.ReadPrivateKeyFromFile("PrivateKey.pem");
}
public WindowsPrng()
{
// this.m_rnd = new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator();
const string digestName = "SHA256";
Org.BouncyCastle.Crypto.IDigest digest = Org.BouncyCastle.Security.DigestUtilities.GetDigest(digestName);
if (digest == null)
{
return;
}
Org.BouncyCastle.Crypto.Prng.DigestRandomGenerator prng =
new Org.BouncyCastle.Crypto.Prng.DigestRandomGenerator(digest);
const bool autoSeed = true;
if (autoSeed)
{
// prng.AddSeedMaterial(NextCounterValue());
// prng.AddSeedMaterial(GetNextBytes(Master, digest.GetDigestSize()));
}
this.m_rnd = prng;
}
public static byte[] Digest(Org.BouncyCastle.Crypto.IDigest d, byte[] b, int offset, int len)
{
d.BlockUpdate(b, offset, len);
byte[] r = new byte[d.GetDigestSize()];
d.DoFinal(r, 0);
return(r);
}
private byte[] SignHashInternal(
byte[] hash
, Org.BouncyCastle.Crypto.IDigest digest
, bool asOaep
)
{
byte[] derEncoded = this.DerEncode(hash, digest);
Org.BouncyCastle.Crypto.IAsymmetricBlockCipher rsaEngine = null;
if (asOaep) // PSS:
{
rsaEngine =
new Org.BouncyCastle.Crypto.Encodings.OaepEncoding(
new Org.BouncyCastle.Crypto.Engines.RsaBlindedEngine()
);
}
else // Pkcs1
{
rsaEngine =
new Org.BouncyCastle.Crypto.Encodings.Pkcs1Encoding(
new Org.BouncyCastle.Crypto.Engines.RsaBlindedEngine()
);
}
rsaEngine.Init(true, this.m_keyPair.Private);
byte[] encoded = rsaEngine.ProcessBlock(derEncoded, 0, derEncoded.Length);
return(encoded);
} // End Function SignHashInternal
} // End Function Decrypt
// Ignored
//public override byte[] DecryptValue(byte[] rgb)
//{
// System.Security.Cryptography.RSACryptoServiceProvider rs;
// return null;
//}
// call this.SignHash in effect
// public virtual byte[] SignData(byte[] data, int offset, int count, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding);
// public virtual byte[] SignData(Stream data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding);
// public byte[] SignData(byte[] data, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding);
public override byte[] SignHash(byte[] hash
, System.Security.Cryptography.HashAlgorithmName hashAlgorithm
, System.Security.Cryptography.RSASignaturePadding padding)
{
if (hash == null)
{
throw new System.ArgumentNullException(nameof(hash));
}
if (hashAlgorithm == null)
{
throw new System.ArgumentNullException(nameof(hashAlgorithm));
}
if (padding == null)
{
throw new System.ArgumentNullException(nameof(padding));
}
Org.BouncyCastle.Crypto.IDigest digest = GetBouncyAlgorithm(hashAlgorithm);
if (padding == System.Security.Cryptography.RSASignaturePadding.Pkcs1)
{
return(SignHashInternal(hash, digest, false));
}
if (padding == System.Security.Cryptography.RSASignaturePadding.Pss)
{
return(SignHashInternal(hash, digest, true));
}
throw new System.Security.Cryptography.CryptographicException($"Unknown padding mode \"{padding}\".");
} // End Function SignHash
} // End Function GetBouncyAlgorithm
protected override byte[] HashData(byte[] data, int offset, int count,
System.Security.Cryptography.HashAlgorithmName hashAlgorithm)
{
Org.BouncyCastle.Crypto.IDigest digest = GetBouncyAlgorithm(hashAlgorithm);
byte[] retValue = new byte[digest.GetDigestSize()];
digest.BlockUpdate(data, offset, count);
digest.DoFinal(retValue, 0);
return(retValue);
} // End Function HashData
public static byte[] Digest(System.IO.Stream data, Org.BouncyCastle.Crypto.IDigest messageDigest)
{
byte[] buf = new byte[8192];
int n;
while ((n = data.Read(buf, 0, buf.Length)) > 0)
{
messageDigest.BlockUpdate(buf, 0, n);
}
byte[] r = new byte[messageDigest.GetDigestSize()];
messageDigest.DoFinal(r, 0);
return(r);
}
} // End Function SignHashInternal
private byte[] DerEncode(byte[] hash,
Org.BouncyCastle.Crypto.IDigest digest
)
{
Org.BouncyCastle.Asn1.DerObjectIdentifier digestOid = this.m_oidMap[digest.AlgorithmName];
Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier algid =
new Org.BouncyCastle.Asn1.X509.AlgorithmIdentifier(
digestOid, Org.BouncyCastle.Asn1.DerNull.Instance
);
Org.BouncyCastle.Asn1.X509.DigestInfo di =
new Org.BouncyCastle.Asn1.X509.DigestInfo(algid, hash);
return(di.GetDerEncoded());
} // End Function DerEncode
} // End Function HashData
protected override byte[] HashData(System.IO.Stream data,
System.Security.Cryptography.HashAlgorithmName hashAlgorithm)
{
Org.BouncyCastle.Crypto.IDigest digest = GetBouncyAlgorithm(hashAlgorithm);
byte[] buffer = new byte[4096];
int cbSize;
while ((cbSize = data.Read(buffer, 0, buffer.Length)) > 0)
{
digest.BlockUpdate(buffer, 0, cbSize);
}
byte[] hash = new byte[digest.GetDigestSize()];
digest.DoFinal(hash, 0);
return(hash);
} // End Function HashData
public BouncyCastlePaddingHash(int keyBits)
{
if (keyBits >= 2048)
{
_digest = new Org.BouncyCastle.Crypto.Digests.Sha512Digest();
return;
}
if (keyBits < 1024)
{
_digest = new Org.BouncyCastle.Crypto.Digests.MD5Digest();
return;
}
if (keyBits < 2048)
{
_digest = new Org.BouncyCastle.Crypto.Digests.Sha256Digest();
return;
}
}
public WindowsPrng()
{
// Don't use the bugged CryptoAPI
// this.m_rnd = new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator();
Org.BouncyCastle.Crypto.IDigest digest = Org.BouncyCastle.Security.DigestUtilities.GetDigest("SHA256");
if (digest == null)
{
return;
}
Org.BouncyCastle.Crypto.Prng.DigestRandomGenerator prng =
new Org.BouncyCastle.Crypto.Prng.DigestRandomGenerator(digest);
prng.AddSeedMaterial(NextCounterValue());
prng.AddSeedMaterial(GetNextBytes(digest.GetDigestSize()));
this.m_rnd = prng;
}
private static byte[] GetByteRangeDigest(PdfDocument document, PdfPKCS7 pkcs7, PdfSignature signature, string digestAlg)
{
Org.BouncyCastle.Crypto.IDigest digest = Org.BouncyCastle.Security.DigestUtilities.GetDigest(digestAlg);
iText.Kernel.Pdf.PdfArray b = signature.GetByteRange();
iText.IO.Source.RandomAccessFileOrArray rf = document.GetReader().GetSafeFile();
Stream rg = null;
try
{
rg = new iText.IO.Source.RASInputStream(new iText.IO.Source.RandomAccessSourceFactory().CreateRanged(rf.CreateSourceView(), b.ToLongArray(
)));
byte[] buf = new byte[8192];
int rd;
while ((rd = rg.Read(buf, 0, buf.Length)) > 0)
{
digest.BlockUpdate(buf, 0, rd);
}
byte[] dig = new byte[digest.GetDigestSize()];
digest.DoFinal(dig, 0);
return(dig);
}
catch (Exception e)
{
throw new iText.Kernel.PdfException(e);
}
finally
{
try
{
if (rg != null)
{
rg.Dispose();
}
}
catch (System.IO.IOException e)
{
// this really shouldn't ever happen - the source view we use is based on a Safe view, which is a no-op anyway
throw new iText.Kernel.PdfException(e);
}
}
}
/// <summary>
/// Wrap the bouncy castle digest.
/// </summary>
public BouncyDigest(Org.BouncyCastle.Crypto.IDigest digest)
{
this.digest = digest;
}
public static byte[] Digest(Org.BouncyCastle.Crypto.IDigest d, byte[] b)
{
return(Digest(d, b, 0, b.Length));
}
/**
* Creates a hash using a specific digest algorithm and a provider.
* @param data the message of which you want to create a hash
* @param hashAlgorithm the algorithm used to create the hash
* @param provider the provider used to create the hash
* @return the hash
* @throws GeneralSecurityException
* @throws IOException
*/
public static byte[] Digest(System.IO.Stream data, string hashAlgorithm)
{
Org.BouncyCastle.Crypto.IDigest messageDigest = GetMessageDigest(hashAlgorithm);
return(Digest(data, messageDigest));
}
private bool VerifyHashInternal(
byte[] hash
, byte[] signature
, Org.BouncyCastle.Crypto.IDigest digest
, bool asOaep)
{
Org.BouncyCastle.Crypto.IAsymmetricBlockCipher rsaEngine = null;
if (asOaep) // PSS:
{
rsaEngine =
new Org.BouncyCastle.Crypto.Encodings.OaepEncoding(
new Org.BouncyCastle.Crypto.Engines.RsaBlindedEngine()
);
}
else // Pkcs1
{
rsaEngine =
new Org.BouncyCastle.Crypto.Encodings.Pkcs1Encoding(
new Org.BouncyCastle.Crypto.Engines.RsaBlindedEngine()
);
}
rsaEngine.Init(false, this.m_keyPair.Public);
byte[] a = null;
byte[] b = null;
try
{
a = rsaEngine.ProcessBlock(signature, 0, signature.Length);
b = this.DerEncode(hash, digest);
}
catch
{
return(false);
}
if (a.Length == b.Length)
{
return(Org.BouncyCastle.Utilities.Arrays.ConstantTimeAreEqual(a, b));
}
if (a.Length != b.Length - 2)
{
return(false);
}
int num1 = a.Length - hash.Length - 2;
int num2 = b.Length - hash.Length - 2;
b[1] -= (byte)2;
b[3] -= (byte)2;
int num3 = 0;
for (int index = 0; index < hash.Length; ++index)
{
num3 |= (int)a[num1 + index] ^ (int)b[num2 + index];
}
for (int index = 0; index < num1; ++index)
{
num3 |= (int)a[index] ^ (int)b[index];
}
return(num3 == 0);
} // End Function VerifyHashInternal
