public static byte[] CreateSignature(byte[] data, CngKey key)
{
// 创建签名
byte[] signature;
using(var signingAlg = new ECDsaCng(key))
{
signature = signingAlg.SignData(data);
signingAlg.Clear();
}
return signature;
}
public MtbContainer Sign(MtbContainer mtb)
{
mtb.IssuerSignedTicketBundle.Header = new IssuerSignatureHeader(SignatureAlgorithm.ES256, _keyRepository.SigningIssuerId, _keyRepository.SigningKeyId);
var signingInput = CreateCoseSigningInput(mtb.IssuerSignedTicketBundle.Header.GetBytes(), mtb.IssuerSignedTicketBundle.TicketBundle.GetBytes());
var privateKey = _keyRepository.GetPrivateKey();
using (var dsa = new ECDsaCng(privateKey))
{
mtb.IssuerSignedTicketBundle.Signature = dsa.SignData(signingInput);
}
return mtb;
}
private static byte[] Sign(byte[] message, byte[] prikey)
{
var Secp256r1_G = HexString2Bytes("04" + "6B17D1F2E12C4247F8BCE6E563A440F277037D812DEB33A0F4A13945D898C296" + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E162BCE33576B315ECECBB6406837BF51F5");
var PublicKey = Neo.Cryptography.ECC.ECCurve.Secp256r1.G * prikey;
var pubkey = PublicKey.EncodePoint(false).Skip(1).ToArray();
//#if NET461
const int ECDSA_PRIVATE_P256_MAGIC = 0x32534345;
prikey = BitConverter.GetBytes(ECDSA_PRIVATE_P256_MAGIC).Concat(BitConverter.GetBytes(32)).Concat(pubkey).Concat(prikey).ToArray();
using (System.Security.Cryptography.CngKey key = System.Security.Cryptography.CngKey.Import(prikey, System.Security.Cryptography.CngKeyBlobFormat.EccPrivateBlob))
using (System.Security.Cryptography.ECDsaCng ecdsa = new System.Security.Cryptography.ECDsaCng(key))
//#else
// using (var ecdsa = System.Security.Cryptography.ECDsa.Create(new System.Security.Cryptography.ECParameters
// {
// Curve = System.Security.Cryptography.ECCurve.NamedCurves.nistP256,
// D = prikey,
// Q = new System.Security.Cryptography.ECPoint
// {
// X = pubkey.Take(32).ToArray(),
// Y = pubkey.Skip(32).ToArray()
// }
// }))
//#endif
{
return(ecdsa.SignData(message, System.Security.Cryptography.HashAlgorithmName.SHA256));
}
}
private byte[] CreateSignature(byte[] data, CngKey key)
{
byte[] signature;
using (var signingAlg = new ECDsaCng(key))
{
#if NET46
signature = signingAlg.SignData(data);
signingAlg.Clear();
#else
signature = signingAlg.SignData(data, HashAlgorithmName.SHA512);
#endif
}
return signature;
}
public byte[] GetSignature(string claimString)
{
CngKey key = _keyProvider.GetKey();
using (_keyProvider.GetKey())
using(var dsa = new ECDsaCng(key))
{
var bytes = Encoding.UTF8.GetBytes(claimString);
return dsa.SignData(bytes);
}
}
public static byte[] Sign(byte[] privateKey, Stream stream)
{
#if Mono
throw new NotSupportedException();
#else
using (CngKey ck = CngKey.Import(privateKey, CngKeyBlobFormat.Pkcs8PrivateBlob))
using (ECDsaCng ecdsa = new ECDsaCng(ck))
{
ecdsa.HashAlgorithm = CngAlgorithm.Sha256;
return ecdsa.SignData(stream);
}
#endif
}
/// <summary>
/// 使用私钥签名
/// </summary>
public static byte[] SignData(byte[] data, byte[] privateKey)
{
///是否能够完全的释放using,在return以后
// 打开密钥
using (CngKey cngKey = CngKey.Import(privateKey, CngKeyBlobFormat.EccPrivateBlob))
{
// 签名
using (ECDsaCng ecdsa = new ECDsaCng(cngKey))
{
byte[] signature = ecdsa.SignData(data);
return signature;
}
}
}
public byte[] Sign(byte[] securedInput, object key)
{
var privateKey = Ensure.Type<CngKey>(key, "EcdsaUsingSha alg expects key to be of CngKey type.");
Ensure.BitSize(privateKey.KeySize, keySize, string.Format("ECDSA algorithm expected key of size {0} bits, but was given {1} bits", keySize, privateKey.KeySize));
try
{
using (var signer = new ECDsaCng(privateKey))
{
#if NET40
signer.HashAlgorithm = Hash;
return signer.SignData(securedInput);
#elif NETSTANDARD1_4
return signer.SignData(securedInput, Hash);
#endif
}
}
catch (CryptographicException e)
{
throw new JoseException("Unable to sign content.", e);
}
}
static void Main(string[] args)
{
if (args.Length != 1 && args[0].Length != 8)
{
Console.WriteLine("Use a valid MachineID as the argument.");
return;
}
else
{
Console.WriteLine("MachineID: " + args[0]);
}
// The data to sign.
byte[] data = new byte[8];
// Convert MachineID to byte array
for (int i = 0; i < 8; i++)
{
data[i] = Byte.Parse(args[0][i].ToString());
}
// Load the key from system store
// This key was created by key gen
CngKey cngKey = CngKey.Open("PA ECDSA Key");
using (ECDsaCng dsa = new ECDsaCng(cngKey))
{
dsa.HashAlgorithm = CngAlgorithm.MD5;
byte[] signature = dsa.SignData(data);
dsa.Clear();
// Print signature
Console.WriteLine("\nSignature:\n" + Debugger.BytesToString(signature));
// Base64
Console.WriteLine("\nSignature in Base64:\n" + CodeConverter.ToBase64(signature));
// Big numbers
Console.WriteLine("\nSignature in Codes:");
ulong[] a = CodeConverter.ToInt64Array(signature);
foreach (ulong i in a) Console.WriteLine(i.ToString());
// Formated Base32
Console.WriteLine("\nSignature in Formated Base32:\n" + CodeConverter.ToFormatedBase32Code(signature));
Console.WriteLine("\nPress any key to continue");
Console.ReadKey();
}
}
public void TestMethod1()
{
string stringSignature;
Bob bob = new Bob();
using (ECDsaCng dsa = new ECDsaCng(100))
{
dsa.HashAlgorithm = CngAlgorithm.MD5;
bob.key = dsa.Key.Export(CngKeyBlobFormat.EccPublicBlob);
byte[] data = new byte[] { 21, 5, 8, 12, 207 };
byte[] signature = dsa.SignData(data);
stringSignature = Convert.ToBase64String(signature);
bob.Receive(data, signature);
}
}
public static string createJcs(ECDsaCng ecKey, Dictionary<String,Object> document)
{
// Add signature object
Dictionary<String,Object> signature = new Dictionary<String,Object>();
document[SIGNATURE_JSON] = signature;
signature[ALGORITHM_JSON] = ES256_ALG;
Dictionary<String,Object> publicKey = new Dictionary<String,Object>();
signature[PUBLIC_KEY_JSON] = publicKey;
publicKey[TYPE_JSON] = EC_PUBLIC_KEY;
publicKey[CURVE_JSON] = P_521_CRV;
byte[] rawKey = ecKey.Key.Export(CngKeyBlobFormat.EccPublicBlob);
byte[] coordinate = new byte[66];
Buffer.BlockCopy(rawKey, 8, coordinate, 0, 66);
publicKey[X_JSON] = base64urlencode(coordinate);
Buffer.BlockCopy(rawKey, 74, coordinate, 0, 66);
publicKey[Y_JSON] = base64urlencode(coordinate);
ecKey.HashAlgorithm = CngAlgorithm.Sha256;
signature[VALUE_JSON] = base64urlencode(ecKey.SignData(Encoding.UTF8.GetBytes(new JavaScriptSerializer().Serialize(document))));
return new JavaScriptSerializer().Serialize(document);
}
public async Task ECAsymmetricSigningAndEncryption()
{
var bob = new ECDsaCng(521);
var bobPublic = CngKey.Import(bob.Key.Export(CngKeyBlobFormat.EccPublicBlob), CngKeyBlobFormat.EccPublicBlob);
var alice = new ECDsaCng(521);
var alicePublic = CngKey.Import(alice.Key.Export(CngKeyBlobFormat.EccPublicBlob), CngKeyBlobFormat.EccPublicBlob);
// Bob formulates request.
var bobRequest = new MemoryStream();
var bobDH = ECDiffieHellman.Create();
{
byte[] bobPublicDH = bobDH.PublicKey.ToByteArray();
byte[] bobSignedDH = bob.SignData(bobPublicDH);
await bobRequest.WriteSizeAndBufferAsync(bobPublicDH, CancellationToken.None);
await bobRequest.WriteSizeAndBufferAsync(bobSignedDH, CancellationToken.None);
bobRequest.Position = 0;
}
// Alice reads request.
var aliceResponse = new MemoryStream();
byte[] aliceKeyMaterial;
var aliceDH = new ECDiffieHellmanCng();
{
byte[] bobPublicDH = await bobRequest.ReadSizeAndBufferAsync(CancellationToken.None);
byte[] bobSignedDH = await bobRequest.ReadSizeAndBufferAsync(CancellationToken.None);
var bobDsa = new ECDsaCng(bobPublic);
Assert.IsTrue(bobDsa.VerifyData(bobPublicDH, bobSignedDH));
var bobDHPK = ECDiffieHellmanCngPublicKey.FromByteArray(bobPublicDH, CngKeyBlobFormat.EccPublicBlob);
aliceKeyMaterial = aliceDH.DeriveKeyMaterial(bobDHPK);
await aliceResponse.WriteSizeAndBufferAsync(aliceDH.PublicKey.ToByteArray(), CancellationToken.None);
await aliceResponse.WriteSizeAndBufferAsync(alice.SignData(aliceDH.PublicKey.ToByteArray()), CancellationToken.None);
// Alice also adds a secret message.
using (var aes = SymmetricAlgorithm.Create())
{
using (var encryptor = aes.CreateEncryptor(aliceKeyMaterial, new byte[aes.BlockSize / 8]))
{
var cipherText = new MemoryStream();
using (var cryptoStream = new CryptoStream(cipherText, encryptor, CryptoStreamMode.Write))
{
cryptoStream.Write(new byte[] { 0x1, 0x3, 0x2 }, 0, 3);
cryptoStream.FlushFinalBlock();
cipherText.Position = 0;
await aliceResponse.WriteSizeAndStreamAsync(cipherText, CancellationToken.None);
}
}
}
aliceResponse.Position = 0;
}
// Bob reads response
byte[] bobKeyMaterial;
{
byte[] alicePublicDH = await aliceResponse.ReadSizeAndBufferAsync(CancellationToken.None);
byte[] aliceSignedDH = await aliceResponse.ReadSizeAndBufferAsync(CancellationToken.None);
var aliceDsa = new ECDsaCng(alicePublic);
Assert.IsTrue(aliceDsa.VerifyData(alicePublicDH, aliceSignedDH));
var aliceDHPK = ECDiffieHellmanCngPublicKey.FromByteArray(alicePublicDH, CngKeyBlobFormat.EccPublicBlob);
bobKeyMaterial = bobDH.DeriveKeyMaterial(aliceDHPK);
// And Bob reads Alice's secret message.
using (var aes = SymmetricAlgorithm.Create())
{
using (var decryptor = aes.CreateDecryptor(aliceKeyMaterial, new byte[aes.BlockSize / 8]))
{
var plaintext = new MemoryStream();
var substream = await aliceResponse.ReadSizeAndStreamAsync(CancellationToken.None);
using (var cryptoStream = new CryptoStream(substream, decryptor, CryptoStreamMode.Read))
{
await cryptoStream.CopyToAsync(plaintext);
plaintext.Position = 0;
byte[] secretMessage = new byte[1024];
int readBytes = plaintext.Read(secretMessage, 0, secretMessage.Length);
}
}
}
}
CollectionAssert.AreEqual(aliceKeyMaterial, bobKeyMaterial);
}
/// <inheritdoc />
protected internal override byte[] Sign(byte[] data)
{
using (var cng = new ECDsaCng(this.key))
{
return cng.SignData(data);
}
}
public void Sign(TransactionOutput output, byte[] privateKey)
{
var signature = new InputSignature
{
Address = output.Address,
Value = output.Value,
Transaction = this.Transaction,
Index = this.Index
};
using (var key = CngKey.Import(privateKey, CngKeyBlobFormat.EccPrivateBlob))
using (var encryption = new ECDsaCng(key))
{
this.Signature = encryption.SignData(signature.Bytes);
}
}
public static void TestVerify521_EcdhKey()
{
byte[] keyBlob = (byte[])TestData.s_ecdsa521KeyBlob.Clone();
// Rewrite the dwMagic value to be ECDH
// ECDSA prefix: 45 43 53 36
// ECDH prefix : 45 43 4b 36
keyBlob[2] = 0x4b;
using (CngKey ecdh521 = CngKey.Import(keyBlob, CngKeyBlobFormat.EccPrivateBlob))
{
// Preconditions:
Assert.Equal(CngAlgorithmGroup.ECDiffieHellman, ecdh521.AlgorithmGroup);
Assert.Equal(CngAlgorithm.ECDiffieHellmanP521, ecdh521.Algorithm);
using (ECDsa ecdsaFromEcdsaKey = new ECDsaCng(TestData.s_ECDsa521Key))
using (ECDsa ecdsaFromEcdhKey = new ECDsaCng(ecdh521))
{
byte[] ecdhKeySignature = ecdsaFromEcdhKey.SignData(keyBlob, HashAlgorithmName.SHA512);
byte[] ecdsaKeySignature = ecdsaFromEcdsaKey.SignData(keyBlob, HashAlgorithmName.SHA512);
Assert.True(
ecdsaFromEcdhKey.VerifyData(keyBlob, ecdsaKeySignature, HashAlgorithmName.SHA512),
"ECDsaCng(ECDHKey) validates ECDsaCng(ECDsaKey)");
Assert.True(
ecdsaFromEcdsaKey.VerifyData(keyBlob, ecdhKeySignature, HashAlgorithmName.SHA512),
"ECDsaCng(ECDsaKey) validates ECDsaCng(ECDHKey)");
}
}
}
public static string Sign(string privateKey, string message)
{
string signature = null;
using (CngKey k = CngKey.Import(Convert.FromBase64String(privateKey), CngKeyBlobFormat.EccPrivateBlob))
using (ECDsaCng dsa = new ECDsaCng(k))
{
byte[] sigData = dsa.SignData(Encoding.Unicode.GetBytes(message));
signature = Convert.ToBase64String(sigData);
}
return signature;
}
