private string CreateJwk(RSAParameters rsaKeyInfo, out string keyId)
{
string modulus = Base64UrlHelper.Encode(rsaKeyInfo.Modulus);
string exp = Base64UrlHelper.Encode(rsaKeyInfo.Exponent);
SHA256 sha256 = SHA256.Create();
byte[] hash = sha256.ComputeHash(Encoding.UTF8.GetBytes(modulus + exp));
StringBuilder hex = new StringBuilder(hash.Length * 2);
for (int i = 0; i < hash.Length; ++i)
{
hex.AppendFormat("{0:x2}", hash[i]);
}
keyId = hex.ToString();
Dictionary <string, object> jwk = new Dictionary <string, object>
{
{ "kty", "RSA" },
{ "kid", keyId },
{ "n", modulus },
{ "e", exp }
};
return(JsonConvert.SerializeObject(jwk));
}
public string EncodeCompact()
{
string ret = encoded_header + ".";
if (encrypted_key != null)
{
ret += Base64UrlHelper.Encode(encrypted_key);
}
ret += ".";
if (init_vector != null)
{
ret += Base64UrlHelper.Encode(init_vector);
}
ret += ".";
if (ciphertext != null)
{
ret += Base64UrlHelper.Encode(ciphertext);
}
ret += ".";
if (auth_tag != null)
{
ret += Base64UrlHelper.Encode(auth_tag);
}
return(ret);
}
/// <summary>
/// Encrypt SD data with exchange key.
/// </summary>
/// <param name="plaintextList"></param>
/// <param name="cert">Exchange key</param>
/// <returns></returns>
public SecurityDomainRestoreData EncryptForRestore(PlaintextList plaintextList, X509Certificate2 cert)
{
try
{
SecurityDomainRestoreData securityDomainRestoreData = new SecurityDomainRestoreData();
securityDomainRestoreData.EncData.kdf = "sp108_kdf";
byte[] master_key = Utils.GetRandom(32);
foreach (Plaintext p in plaintextList.list)
{
Datum datum = new Datum();
HMACSHA512 hmac = new HMACSHA512();
byte[] enc_key = KDF.sp800_108(master_key, p.tag, "", hmac, 512);
datum.tag = p.tag;
JWE jwe = new JWE();
jwe.Encrypt(enc_key, p.plaintext, "A256CBC-HS512", p.tag);
datum.compact_jwe = jwe.EncodeCompact();
securityDomainRestoreData.EncData.data.Add(datum);
}
// Now go make the wrapped key
JWE jwe_wrapped = new JWE();
jwe_wrapped.Encrypt(cert, master_key);
securityDomainRestoreData.WrappedKey.enc_key = jwe_wrapped.EncodeCompact();
securityDomainRestoreData.WrappedKey.x5t_256 = Base64UrlHelper.Encode(Utils.Sha256Thumbprint(cert));
return(securityDomainRestoreData);
}
catch (Exception ex)
{
throw new Exception("Failed to encrypt security domain data for restoring.", ex);
}
}
public void LoadKey(KeyPath path)
{
CertKey certKey = new CertKey();
certKey.Load(path);
string encodedThumbprint = Base64UrlHelper.Encode(certKey.GetThumbprint());
_keys.Add(encodedThumbprint, certKey);
}
public void EncodeHeader()
{
string header_json = JsonConvert.SerializeObject(
protected_header,
Formatting.None,
new JsonSerializerSettings {
NullValueHandling = NullValueHandling.Ignore
});
encoded_header = Base64UrlHelper.Encode(header_json);
}
void SetX5t256(X509Certificate2 cert)
{
x5t_S256 = Base64UrlHelper.Encode(Utils.Sha256Thumbprint(cert));
}
void SetX5t(X509Certificate2 cert)
{
x5t = Base64UrlHelper.Encode(ToByteArray(cert.Thumbprint));
}
void SetModulus(byte[] modulus)
{
n = Base64UrlHelper.Encode(modulus);
}
void SetExponent(byte[] exp)
{
e = Base64UrlHelper.Encode(exp);
}