public static void SignCert(string tbsfile, string tbssig) { AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha256WithRsaEncryption); var t1 = GenerateJcaObject( TbsCertificateStructure.GetInstance(Asn1Sequence.FromByteArray(File.ReadAllBytes(tbsfile))), sigAlgId, System.IO.File.ReadAllBytes(tbssig).Take(256).ToArray()); System.IO.File.WriteAllBytes("cert.cer", t1.GetEncoded()); Console.WriteLine("saved as cert.cer"); }
private ProtectedPkiMessage FinalizeMessage(PkiHeader header, DerBitString protection) { if (extraCerts.Count > 0) { CmpCertificate[] cmpCertificates = new CmpCertificate[extraCerts.Count]; for (int i = 0; i < cmpCertificates.Length; i++) { byte[] cert = ((X509Certificate)extraCerts[i]).GetEncoded(); cmpCertificates[i] = CmpCertificate.GetInstance((Asn1Sequence.FromByteArray(cert))); } return(new ProtectedPkiMessage(new PkiMessage(header, body, protection, cmpCertificates))); } return(new ProtectedPkiMessage(new PkiMessage(header, body, protection))); }
public static string DecodeEncryptionParamSet(byte[] data) { if (data == null) { throw ExceptionUtility.ArgumentNull("data"); } string encryptionParamSet; try { var s = Asn1Sequence.FromByteArray(data) as Asn1Sequence; encryptionParamSet = (s[0] as DerObjectIdentifier).Id; } catch (Exception exception) { throw ExceptionUtility.CryptographicException(exception, Resources.Asn1DecodeError, "Gost2814789BlobParametersDecode"); } return(encryptionParamSet); }
public void Decode(byte[] data) { if (data == null) { throw ExceptionUtility.ArgumentNull("data"); } try { var s = Asn1Sequence.FromByteArray(data) as Asn1Sequence; var key = s[0] as Asn1Sequence; var parms = s[1] as Asn1Sequence; EncryptionParamSet = (parms[0] as DerObjectIdentifier).Id; Ukm = (parms[1] as DerOctetString).GetOctets(); EncryptedKey = (key[0] as DerOctetString).GetOctets(); Mac = (key[1] as DerOctetString).GetOctets(); } catch (Exception exception) { throw ExceptionUtility.CryptographicException(exception, Resources.Asn1DecodeError, "DecodeGostR3410Key"); } }
public void Decode(byte[] data) { if (data == null) { throw ExceptionUtility.ArgumentNull("data"); } try { var s = Asn1Sequence.FromByteArray(data) as Asn1Sequence; var s0 = s[0] as Asn1Sequence; var s1 = (s[1] as Asn1TaggedObject).GetObject() as Asn1Sequence; var s11 = (s1[1] as Asn1TaggedObject).GetObject() as Asn1Sequence; var s1101 = (s11[0] as Asn1Sequence)[1] as Asn1Sequence; SessionEncryptedKey = new GostKeyExchangeInfo { EncryptionParamSet = (s1[0] as DerObjectIdentifier).Id, EncryptedKey = (s0[0] as DerOctetString).GetOctets(), Mac = (s0[1] as DerOctetString).GetOctets(), Ukm = (s1[2] as DerOctetString).GetOctets() }; TransportParameters = new GostKeyExchangeParameters { PublicKeyParamSet = (s1101[0] as DerObjectIdentifier).Id, DigestParamSet = (s1101[1] as DerObjectIdentifier).Id, EncryptionParamSet = s1101.Count > 2 ? (s1101[2] as DerObjectIdentifier).Id : null, PublicKey = (DerOctetString.FromByteArray((s11[1] as DerBitString).GetBytes()) as DerOctetString).GetOctets(), PrivateKey = null }; } catch (Exception exception) { throw ExceptionUtility.CryptographicException(exception, Resources.Asn1DecodeError, "GostR3410KeyTransportDecode"); } }
internal static void GetCertStatus( DateTime validDate, X509Crl crl, Object cert, CertStatus certStatus) { X509Crl bcCRL = null; try { bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded()))); } catch (Exception exception) { throw new Exception("Bouncy Castle X509Crl could not be created.", exception); } X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert)); if (crl_entry == null) { return; } X509Name issuer = GetIssuerPrincipal(cert); if (issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) || issuer.Equivalent(crl.IssuerDN, true)) { DerEnumerated reasonCode = null; if (crl_entry.HasExtensions) { try { reasonCode = DerEnumerated.GetInstance( GetExtensionValue(crl_entry, X509Extensions.ReasonCode)); } catch (Exception e) { throw new Exception( "Reason code CRL entry extension could not be decoded.", e); } } // for reason keyCompromise, caCompromise, aACompromise or // unspecified if (!(validDate.Ticks < crl_entry.RevocationDate.Ticks) || reasonCode == null || reasonCode.Value.TestBit(0) || reasonCode.Value.TestBit(1) || reasonCode.Value.TestBit(2) || reasonCode.Value.TestBit(8)) { if (reasonCode != null) // (i) or (j) (1) { certStatus.Status = reasonCode.Value.SignValue; } else // (i) or (j) (2) { certStatus.Status = CrlReason.Unspecified; } certStatus.RevocationDate = new DateTimeObject(crl_entry.RevocationDate); } } }
/// <summary> /// /// </summary> /// <param name="x509_certificate2"></param> /// <param name="encrypted_data"></param> /// <returns></returns> public byte[] GetDecryptedContent(X509Certificate2 x509_certificate2, byte[] encrypted_data) { Org.BouncyCastle.Asn1.Cms.ContentInfo _content = Org.BouncyCastle.Asn1.Cms.ContentInfo.GetInstance(Asn1Sequence.FromByteArray(encrypted_data)); EnvelopedData _envelopedData = EnvelopedData.GetInstance(_content.Content); EncryptedContentInfo _encryptedContentInfo = _envelopedData.EncryptedContentInfo; byte[] _encrypt = _encryptedContentInfo.EncryptedContent.GetOctets(); RecipientInfo _recipientInfo = RecipientInfo.GetInstance(_envelopedData.RecipientInfos[0]); KeyTransRecipientInfo _keyTransRecipientInfo = KeyTransRecipientInfo.GetInstance(_recipientInfo.Info); byte[] _byteEncryptedKey = _keyTransRecipientInfo.EncryptedKey.GetOctets(); RSACryptoServiceProvider _rsaCrypto = (RSACryptoServiceProvider)x509_certificate2.PrivateKey; byte[] _randomKey = _rsaCrypto.Decrypt(_byteEncryptedKey, false); AlgorithmIdentifier _contentEncryptionAlgorithm = _encryptedContentInfo.ContentEncryptionAlgorithm; Asn1OctetString _paramIV = Asn1OctetString.GetInstance(_contentEncryptionAlgorithm.Parameters); byte[] _initVector = _paramIV.GetOctets(); tDESCrypto _cryptoService = new tDESCrypto(_randomKey, _initVector); return(_cryptoService.Decrypt(_encrypt)); }
internal static void GetCertStatus( DateTime validDate, X509Crl crl, Object cert, CertStatus certStatus) { X509Crl bcCRL = null; try { bcCRL = new X509Crl(CertificateList.GetInstance((Asn1Sequence)Asn1Sequence.FromByteArray(crl.GetEncoded()))); } catch (Exception exception) { throw new Exception("Bouncy Castle X509Crl could not be created.", exception); } X509CrlEntry crl_entry = (X509CrlEntry)bcCRL.GetRevokedCertificate(GetSerialNumber(cert)); if (crl_entry == null) { return; } X509Name issuer = GetIssuerPrincipal(cert); if (!issuer.Equivalent(crl_entry.GetCertificateIssuer(), true) && !issuer.Equivalent(crl.IssuerDN, true)) { return; } int reasonCodeValue = CrlReason.Unspecified; if (crl_entry.HasExtensions) { try { Asn1Object extValue = GetExtensionValue(crl_entry, X509Extensions.ReasonCode); DerEnumerated reasonCode = DerEnumerated.GetInstance(extValue); if (null != reasonCode) { reasonCodeValue = reasonCode.IntValueExact; } } catch (Exception e) { throw new Exception("Reason code CRL entry extension could not be decoded.", e); } } DateTime revocationDate = crl_entry.RevocationDate; if (validDate.Ticks < revocationDate.Ticks) { switch (reasonCodeValue) { case CrlReason.Unspecified: case CrlReason.KeyCompromise: case CrlReason.CACompromise: case CrlReason.AACompromise: break; default: return; } } // (i) or (j) certStatus.Status = reasonCodeValue; certStatus.RevocationDate = new DateTimeObject(revocationDate); }