public DigestAlgorithmAndValueModel(DigestAlgorithm digest, byte[] value) { Value = value; if (value != null) { HexValue = string.Join("", value.Select(b => b.ToString("X2"))); } if (digest == DigestAlgorithm.MD5) { Algorithm = DigestAlgorithms.MD5; } else if (digest == DigestAlgorithm.SHA1) { Algorithm = DigestAlgorithms.SHA1; } else if (digest == DigestAlgorithm.SHA256) { Algorithm = DigestAlgorithms.SHA256; } else if (digest == DigestAlgorithm.SHA384) { Algorithm = DigestAlgorithms.SHA384; } else if (digest == DigestAlgorithm.SHA512) { Algorithm = DigestAlgorithms.SHA512; } }
public SignatureAlgorithm(int id, ContentDigestAlgorithm contentDigestAlgorithm, string jcaKeyAlgorithm, DigestAlgorithm digestAlgorithm) { Id = id; JcaKeyAlgorithm = jcaKeyAlgorithm; ContentDigestAlgorithm = contentDigestAlgorithm; DigestAlgorithm = digestAlgorithm; }
/// <summary> /// Get the string name of the digest algorithm for use with the micalg parameter of a multipart/signed part. /// </summary> /// <remarks> /// <para>Maps the <see cref="DigestAlgorithm"/> to the appropriate string identifier /// as used by the micalg parameter value of a multipart/signed Content-Type /// header. For example:</para> /// <list type="table"> /// <listheader><term>Algorithm</term><description>Name</description></listheader> /// <item><term><see cref="DigestAlgorithm.MD2"/></term><description>md2</description></item> /// <item><term><see cref="DigestAlgorithm.MD4"/></term><description>md4</description></item> /// <item><term><see cref="DigestAlgorithm.MD5"/></term><description>md5</description></item> /// <item><term><see cref="DigestAlgorithm.Sha1"/></term><description>sha-1</description></item> /// <item><term><see cref="DigestAlgorithm.Sha224"/></term><description>sha-224</description></item> /// <item><term><see cref="DigestAlgorithm.Sha256"/></term><description>sha-256</description></item> /// <item><term><see cref="DigestAlgorithm.Sha384"/></term><description>sha-384</description></item> /// <item><term><see cref="DigestAlgorithm.Sha512"/></term><description>sha-512</description></item> /// <item><term><see cref="DigestAlgorithm.Tiger192"/></term><description>tiger-192</description></item> /// <item><term><see cref="DigestAlgorithm.RipeMD160"/></term><description>ripemd160</description></item> /// <item><term><see cref="DigestAlgorithm.Haval5160"/></term><description>haval-5-160</description></item> /// </list> /// </remarks> /// <returns>The micalg value.</returns> /// <param name="micalg">The digest algorithm.</param> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="micalg"/> is out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified <see cref="DigestAlgorithm"/> is not supported by this context. /// </exception> public override string GetDigestAlgorithmName(DigestAlgorithm micalg) { switch (micalg) { case DigestAlgorithm.MD5: return("md5"); case DigestAlgorithm.Sha1: return("sha-1"); case DigestAlgorithm.RipeMD160: return("ripemd160"); case DigestAlgorithm.MD2: return("md2"); case DigestAlgorithm.Tiger192: return("tiger192"); case DigestAlgorithm.Haval5160: return("haval-5-160"); case DigestAlgorithm.Sha256: return("sha-256"); case DigestAlgorithm.Sha384: return("sha-384"); case DigestAlgorithm.Sha512: return("sha-512"); case DigestAlgorithm.Sha224: return("sha-224"); case DigestAlgorithm.MD4: return("md4"); case DigestAlgorithm.DoubleSha: throw new NotSupportedException(string.Format("{0} is not supported.", micalg)); default: throw new ArgumentOutOfRangeException(nameof(micalg), micalg, string.Format("Unknown DigestAlgorithm: {0}", micalg)); } }
/// <summary> /// Gets the <see cref="CmsSigner"/> for the specified mailbox. /// </summary> /// <returns>A <see cref="CmsSigner"/>.</returns> /// <param name="mailbox">The mailbox.</param> /// <param name="digestAlgo">The preferred digest algorithm.</param> /// <exception cref="CertificateNotFoundException"> /// A certificate for the specified <paramref name="mailbox"/> could not be found. /// </exception> protected override CmsSigner GetCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo) { var now = DateTime.Now; foreach (var certificate in certificates) { AsymmetricKeyParameter key; if (certificate.NotBefore > now || certificate.NotAfter < now) { continue; } var keyUsage = certificate.GetKeyUsageFlags(); if (keyUsage != 0 && (keyUsage & SecureMimeContext.DigitalSignatureKeyUsageFlags) == 0) { continue; } if (!keys.TryGetValue(certificate, out key)) { continue; } if (certificate.GetSubjectEmailAddress() == mailbox.Address) { var signer = new CmsSigner(certificate, key); signer.DigestAlgorithm = digestAlgo; return(signer); } } throw new CertificateNotFoundException(mailbox, "A valid signing certificate could not be found."); }
/// <summary> /// Initializes an instance, specifying the encryption and digest algorithm to use. /// </summary> /// <param name="encryptionAlgorithm">The <see cref="EncryptionAlgorithm"/> to use in this cryptographer</param> /// <param name="digestAlgorithm">The <see cref="DigestAlgorithm"/> to use in this cryptographer</param> public SMIMECryptographer(EncryptionAlgorithm encryptionAlgorithm, DigestAlgorithm digestAlgorithm) { EncryptionAlgorithm = encryptionAlgorithm; DigestAlgorithm = digestAlgorithm; IncludeMultipartEpilogueInSignature = true; IncludeCertChainInSignature = X509IncludeOption.EndCertOnly; }
/// <summary> /// Gets the string name of the digest algorithm for use with the micalg parameter of a multipart/signed part. /// </summary> /// <returns>The micalg value.</returns> /// <param name="micalg">The digest algorithm.</param> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="micalg"/> is out of range. /// </exception> public override string GetMicAlgorithmName(DigestAlgorithm micalg) { switch (micalg) { case DigestAlgorithm.MD5: return("md5"); case DigestAlgorithm.Sha1: return("sha1"); case DigestAlgorithm.RipeMD160: return("ripemd160"); case DigestAlgorithm.MD2: return("md2"); case DigestAlgorithm.Tiger192: return("tiger192"); case DigestAlgorithm.Haval5160: return("haval-5-160"); case DigestAlgorithm.Sha256: return("sha256"); case DigestAlgorithm.Sha384: return("sha384"); case DigestAlgorithm.Sha512: return("sha512"); case DigestAlgorithm.Sha224: return("sha224"); case DigestAlgorithm.MD4: return("md4"); default: throw new ArgumentOutOfRangeException("micalg"); } }
protected static string GetOid(DigestAlgorithm digestAlgo) { switch (digestAlgo) { case DigestAlgorithm.MD5: return(PkcsObjectIdentifiers.MD5.Id); case DigestAlgorithm.Sha1: return(PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id); case DigestAlgorithm.MD2: return(PkcsObjectIdentifiers.MD2.Id); case DigestAlgorithm.Sha256: return(PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id); case DigestAlgorithm.Sha384: return(PkcsObjectIdentifiers.Sha384WithRsaEncryption.Id); case DigestAlgorithm.Sha512: return(PkcsObjectIdentifiers.Sha512WithRsaEncryption.Id); case DigestAlgorithm.Sha224: return(PkcsObjectIdentifiers.Sha224WithRsaEncryption.Id); case DigestAlgorithm.MD4: return(PkcsObjectIdentifiers.MD4.Id); case DigestAlgorithm.RipeMD160: case DigestAlgorithm.DoubleSha: case DigestAlgorithm.Tiger192: case DigestAlgorithm.Haval5160: throw new NotSupportedException(); default: throw new ArgumentOutOfRangeException(); } }
/// <summary> /// Gets the <see cref="CmsSigner"/> for the specified mailbox. /// </summary> /// <remarks> /// <para>Constructs a <see cref="CmsSigner"/> with the appropriate signing certificate /// for the specified mailbox.</para> /// <para>If the mailbox is a <see cref="SecureMailboxAddress"/>, the /// <see cref="SecureMailboxAddress.Fingerprint"/> property will be used instead of /// the mailbox address for database lookups.</para> /// </remarks> /// <returns>A <see cref="CmsSigner"/>.</returns> /// <param name="mailbox">The signer's mailbox address.</param> /// <param name="digestAlgo">The preferred digest algorithm.</param> /// <exception cref="CertificateNotFoundException"> /// A certificate for the specified <paramref name="mailbox"/> could not be found. /// </exception> protected override CmsSigner GetCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo) { AsymmetricKeyParameter privateKey = null; X509Certificate certificate = null; foreach (var record in dbase.Find(mailbox, DateTime.UtcNow, true, CmsSignerFields)) { if (record.KeyUsage != X509KeyUsageFlags.None && (record.KeyUsage & DigitalSignatureKeyUsageFlags) == 0) { continue; } certificate = record.Certificate; privateKey = record.PrivateKey; break; } if (certificate != null && privateKey != null) { var signer = new CmsSigner(BuildCertificateChain(certificate), privateKey); signer.DigestAlgorithm = digestAlgo; return(signer); } throw new CertificateNotFoundException(mailbox, "A valid signing certificate could not be found."); }
/// <summary> /// Gets the cms signer for the specified <see cref="MimeKit.MailboxAddress"/>. /// </summary> /// <returns>The cms signer.</returns> /// <param name="mailbox">The mailbox.</param> /// <param name="digestAlgo">The preferred digest algorithm.</param> /// <exception cref="CertificateNotFoundException"> /// A certificate for the specified <paramref name="mailbox"/> could not be found. /// </exception> protected override CmsSigner GetCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo) { var certificates = CertificateStore.Certificates; //.Find (X509FindType.FindByKeyUsage, flags, true); foreach (var certificate in certificates) { if (certificate.GetNameInfo(X509NameType.EmailName, false) != mailbox.Address) { continue; } if (!certificate.HasPrivateKey) { continue; } var pair = DotNetUtilities.GetKeyPair(certificate.PrivateKey); var cert = DotNetUtilities.FromX509Certificate(certificate); var signer = new CmsSigner(cert, pair.Private); signer.DigestAlgorithm = digestAlgo; return(signer); } throw new CertificateNotFoundException(mailbox, "A valid signing certificate could not be found."); }
public DefaultApkSignerEngine(X509Certificate2 certificate, int minSdkVersion, bool v1SigningEnabled, bool v2SigningEnabled, DigestAlgorithm digestAlgorithm) { _v1SigningEnabled = v1SigningEnabled; _v2SigningEnabled = v2SigningEnabled; _v1SignaturePending = v1SigningEnabled; _v2SignaturePending = v2SigningEnabled; if (v1SigningEnabled) { var v1SignerName = V1SchemeSigner.GetSafeSignerName(certificate.FriendlyName); // Check whether the signer's name is unique among all v1 signers var v1SignatureDigestAlgorithm = digestAlgorithm ?? V1SchemeSigner.GetSuggestedSignatureDigestAlgorithm( certificate.PublicKey, minSdkVersion); var v1SignerConfig = new V1SchemeSigner.SignerConfig(); v1SignerConfig.Name = v1SignerName; v1SignerConfig.Certificate = certificate; v1SignerConfig.SignatureDigestAlgorithm = v1SignatureDigestAlgorithm; _v1SignerConfigs = v1SignerConfig; _v1ContentDigestAlgorithm = v1SignatureDigestAlgorithm; _signatureExpectedOutputJarEntryNames = V1SchemeSigner.GetOutputEntryNames(_v1SignerConfigs, minSdkVersion); _v1ContentDigestAlgorithm = V1SchemeSigner.GetSuggestedSignatureDigestAlgorithm(certificate.PublicKey, minSdkVersion); } if (v2SigningEnabled) { var v2SignerConfig = new V2SchemeSigner.SignerConfig(); v2SignerConfig.Certificates = certificate; v2SignerConfig.SignatureAlgorithm = V2SchemeSigner.GetSuggestedSignatureAlgorithms(certificate.PublicKey, minSdkVersion, digestAlgorithm); _v2SignerConfigs = v2SignerConfig; } }
internal static bool TryGetDigestAlgorithm(string id, out DigestAlgorithm algorithm) { if (id == CmsSignedGenerator.DigestSha1) { algorithm = DigestAlgorithm.Sha1; return(true); } if (id == CmsSignedGenerator.DigestSha224) { algorithm = DigestAlgorithm.Sha224; return(true); } if (id == CmsSignedGenerator.DigestSha256) { algorithm = DigestAlgorithm.Sha256; return(true); } if (id == CmsSignedGenerator.DigestSha384) { algorithm = DigestAlgorithm.Sha384; return(true); } if (id == CmsSignedGenerator.DigestSha512) { algorithm = DigestAlgorithm.Sha512; return(true); } if (id == CmsSignedGenerator.DigestRipeMD160) { algorithm = DigestAlgorithm.RipeMD160; return(true); } if (id == CmsSignedGenerator.DigestMD5) { algorithm = DigestAlgorithm.MD5; return(true); } if (id == PkcsObjectIdentifiers.MD4.Id) { algorithm = DigestAlgorithm.MD4; return(true); } if (id == PkcsObjectIdentifiers.MD2.Id) { algorithm = DigestAlgorithm.MD2; return(true); } algorithm = DigestAlgorithm.None; return(false); }
/// <summary> /// Signs the provided APK using JAR signing (aka v1 signature scheme) and returns the list of /// JAR entries which need to be added to the APK as part of the signature. /// </summary> /// <param name="signerConfig"></param> /// <param name="digestAlgorithm"></param> /// <param name="apkSigningSchemeIds"></param> /// <param name="manifest"></param> /// <returns></returns> public static List <Tuple <string, byte[]> > SignManifest(SignerConfig signerConfig, DigestAlgorithm digestAlgorithm, IList <int> apkSigningSchemeIds, OutputManifestFile manifest) { // For each signer output .SF and .(RSA|DSA|EC) file, then output MANIFEST.MF. var signatureJarEntries = new List <Tuple <string, byte[]> >(2 * 1 + 1); var sfBytes = GenerateSignatureFile(apkSigningSchemeIds, digestAlgorithm, manifest); var signerName = signerConfig.Name; var signatureBlock = GenerateSignatureBlock(signerConfig, sfBytes); signatureJarEntries.Add(Tuple.Create("META-INF/" + signerName + ".SF", sfBytes)); var publicKey = signerConfig.Certificate.PublicKey; var signatureBlockFileName = "META-INF/" + signerName + "."; if (publicKey.Key is RSACryptoServiceProvider) { signatureBlockFileName += "RSA"; } else if (publicKey.Key is DSACryptoServiceProvider) { signatureBlockFileName += "DSA"; } signatureJarEntries.Add( Tuple.Create(signatureBlockFileName, signatureBlock)); signatureJarEntries.Add(Tuple.Create(ManifestEntryName, manifest.Contents)); return(signatureJarEntries); }
Stream Sign(Certificate certificate, IList <Certificate> chain, DigestAlgorithm digestAlgo, Stream content, bool detach) { var signerInfo = new CmsSignerInfo(); var signers = new CmsSignerInfo[1]; byte[] signedData; IBuffer buffer; signerInfo.HashAlgorithmName = GetHashAlgorithmName(digestAlgo); signerInfo.Certificate = certificate; signers[0] = signerInfo; if (detach) { using (var input = content.AsInputStream()) buffer = CmsDetachedSignature.GenerateSignatureAsync(input, signers, chain).GetResults(); } else { buffer = CryptographicBuffer.CreateFromByteArray(ReadAllBytes(content)); buffer = CmsAttachedSignature.GenerateSignatureAsync(buffer, signers, chain).GetResults(); } CryptographicBuffer.CopyToByteArray(buffer, out signedData); return(new MemoryStream(signedData, false)); }
/// <summary> /// Returns implementation of specified digest algorithm /// </summary> /// <param name="algorithm">Digest algorithm</param> /// <returns>Implementation of specified digest algorithm</returns> private static IDigest GetHashGenerator(DigestAlgorithm algorithm) { IDigest digest; switch (algorithm) { default: throw new NotSupportedException("Unsupported hash algorithm"); case DigestAlgorithm.SHA1: digest = new Sha1Digest(); break; case DigestAlgorithm.SHA256: digest = new Sha256Digest(); break; case DigestAlgorithm.SHA384: digest = new Sha384Digest(); break; case DigestAlgorithm.SHA512: digest = new Sha512Digest(); break; } return(digest); }
/// <summary> /// Get the OID for the digest algorithm. /// </summary> /// <remarks> /// Gets the OID for the digest algorithm. /// </remarks> /// <returns>The digest oid.</returns> /// <param name="digestAlgo">The digest algorithm.</param> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="digestAlgo"/> is out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified <see cref="DigestAlgorithm"/> is not supported by this context. /// </exception> internal protected static string GetDigestOid(DigestAlgorithm digestAlgo) { switch (digestAlgo) { case DigestAlgorithm.MD5: return(CmsSignedGenerator.DigestMD5); case DigestAlgorithm.Sha1: return(CmsSignedGenerator.DigestSha1); case DigestAlgorithm.MD2: return(PkcsObjectIdentifiers.MD2.Id); case DigestAlgorithm.Sha256: return(CmsSignedGenerator.DigestSha256); case DigestAlgorithm.Sha384: return(CmsSignedGenerator.DigestSha384); case DigestAlgorithm.Sha512: return(CmsSignedGenerator.DigestSha512); case DigestAlgorithm.Sha224: return(CmsSignedGenerator.DigestSha224); case DigestAlgorithm.MD4: return(PkcsObjectIdentifiers.MD4.Id); case DigestAlgorithm.RipeMD160: return(CmsSignedGenerator.DigestRipeMD160); case DigestAlgorithm.DoubleSha: case DigestAlgorithm.Tiger192: case DigestAlgorithm.Haval5160: throw new NotSupportedException(string.Format("{0} is not supported.", digestAlgo)); default: throw new ArgumentOutOfRangeException(nameof(digestAlgo), digestAlgo, string.Format("Unknown DigestAlgorithm: {0}", digestAlgo)); } }
internal AsymmetricSphincsKey(Algorithm algorithm, Sphincs256KeyParams parameters) { this.approvedModeOnly = CryptoServicesRegistrar.IsInApprovedOnlyMode(); this.algorithm = algorithm; this.parameters = parameters; this.treeAlgorithm = parameters.TreeDigest.Algorithm.Equals(NistObjectIdentifiers.IdSha3_256) ? FipsShs.Sha3_256 : FipsShs.Sha512_256; }
/// <summary> /// Computes an attribute containing a time-stamp token of the provided data, from the provided TSA using the /// provided. /// </summary> /// <remarks> /// Computes an attribute containing a time-stamp token of the provided data, from the provided TSA using the /// provided. The hashing is performed by the method using the specified algorithm and a BouncyCastle provider. /// </remarks> /// <param name="signedData"></param> /// <exception cref="System.Exception">System.Exception</exception> protected internal virtual BcCms.Attribute GetTimeStampAttribute(DerObjectIdentifier oid , ITspSource tsa, AlgorithmIdentifier digestAlgorithm, byte[] messageImprint) { try { //jbonilla Hack para obtener el digest del TSA IDigest digest = null; string algorithmName = null; digest = DigestUtilities.GetDigest(DigestAlgorithm.SHA1.GetName()); algorithmName = DigestAlgorithm.SHA1.GetName(); digest.BlockUpdate(messageImprint, 0, messageImprint.Length); byte[] r = new byte[digest.GetDigestSize()]; digest.DoFinal(r, 0); byte[] toTimeStamp = r; TimeStampResponse tsresp = tsa.GetTimeStampResponse(DigestAlgorithm.GetByName(algorithmName) , toTimeStamp); TimeStampToken tstoken = tsresp.TimeStampToken; if (tstoken == null) { throw new ArgumentNullException("The TimeStampToken returned for the signature time stamp was empty." ); } BcCms.Attribute signatureTimeStamp = new BcCms.Attribute(oid, new DerSet(Asn1Object.FromByteArray (tstoken.GetEncoded()))); return(signatureTimeStamp); } catch (IOException e) { throw new RuntimeException(e); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } }
/// <summary> /// Create the ContentType MIME header for a Signed MIME entity /// </summary> /// <param name="digestAlgorithm">Digest algorithm being used, such as SHA1</param> /// <returns>ContentType header</returns> public static ContentType CreateContentType(DigestAlgorithm digestAlgorithm) { ContentType contentType = new ContentType(SMIMEStandard.MultiPartTypeSigned); contentType.Parameters.Add(SMIMEStandard.ProtocolParameterKey, SMIMEStandard.SignatureProtocol); contentType.Parameters.Add(SMIMEStandard.MICAlgorithmKey, SMIMEStandard.ToString(digestAlgorithm)); return(contentType); }
internal PbkdParameters(DigestAlgorithm digestAlgorithm, PasswordConverter converter, byte[] password, int iterationCount, byte[] salt) : base(ALGORITHM_PKCS12) { this.digestAlgorithm = digestAlgorithm; this.converter = converter; this.password = password; this.iterationCount = iterationCount; this.salt = salt; }
internal Pkcs12DeriverBuilder(byte[] password, PasswordConverter converter, DigestAlgorithm digestAlgorithm, byte[] salt, int iterationCount) { this.digestAlgorithm = digestAlgorithm; this.converter = converter; this.password = password; this.iterationCount = iterationCount; this.salt = salt; }
RealCmsSigner GetRealCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo) { var signer = new RealCmsSigner(GetCmsSignerCertificate(mailbox)); signer.DigestAlgorithm = new Oid(GetDigestOid(digestAlgo)); signer.IncludeOption = X509IncludeOption.ExcludeRoot; return(signer); }
RealCmsSigner GetRealCmsSigner (MailboxAddress mailbox, DigestAlgorithm digestAlgo) { var signer = new RealCmsSigner (GetCmsSignerCertificate (mailbox)); signer.DigestAlgorithm = new Oid (GetDigestOid (digestAlgo)); signer.SignedAttributes.Add (new Pkcs9SigningTime ()); signer.IncludeOption = X509IncludeOption.ExcludeRoot; return signer; }
/// <summary> /// Verify the Data packet using the digest algorithm. This does not check the /// digest algorithm against the type of SignatureInfo in the Data packet such /// as DigestSha256Signature. /// </summary> /// /// <param name="data">The Data packet to verify.</param> /// <param name="digestAlgorithm">The digest algorithm, such as DigestAlgorithm.SHA256.</param> /// <param name="wireFormat">A WireFormat object used to encode the Data packet.</param> /// <returns>True if verification succeeds, false if verification fails.</returns> /// <exception cref="System.ArgumentException">for an invalid digestAlgorithm.</exception> public static bool verifyDataDigest(Data data, DigestAlgorithm digestAlgorithm, WireFormat wireFormat) { SignedBlob encoding = data.wireEncode(wireFormat); return(verifyDigest(encoding.signedBuf(), data.getSignature() .getSignature(), digestAlgorithm)); }
public static IDigest GetDigest( string algorithm) { //TODO: SUSTITUIDO //string upper = algorithm.ToUpper(CultureInfo.InvariantCulture); string upper = algorithm.ToUpper(); string mechanism = (string)algorithms[upper]; if (mechanism == null) { mechanism = upper; } try { DigestAlgorithm digestAlgorithm = (DigestAlgorithm)Enums.GetEnumValue( typeof(DigestAlgorithm), mechanism); switch (digestAlgorithm) { case DigestAlgorithm.GOST3411: return(new Gost3411Digest()); case DigestAlgorithm.MD2: return(new MD2Digest()); case DigestAlgorithm.MD4: return(new MD4Digest()); case DigestAlgorithm.MD5: return(new MD5Digest()); case DigestAlgorithm.RIPEMD128: return(new RipeMD128Digest()); case DigestAlgorithm.RIPEMD160: return(new RipeMD160Digest()); case DigestAlgorithm.RIPEMD256: return(new RipeMD256Digest()); case DigestAlgorithm.RIPEMD320: return(new RipeMD320Digest()); case DigestAlgorithm.SHA_1: return(new Sha1Digest()); case DigestAlgorithm.SHA_224: return(new Sha224Digest()); case DigestAlgorithm.SHA_256: return(new Sha256Digest()); case DigestAlgorithm.SHA_384: return(new Sha384Digest()); case DigestAlgorithm.SHA_512: return(new Sha512Digest()); case DigestAlgorithm.TIGER: return(new TigerDigest()); case DigestAlgorithm.WHIRLPOOL: return(new WhirlpoolDigest()); } } catch (ArgumentException) { } throw new SecurityUtilityException("Digest " + mechanism + " not recognised."); }
/// <summary> /// Gets the hash code /// </summary> /// <returns>Hash code</returns> public override int GetHashCode() { unchecked // Overflow is fine, just wrap { var hashCode = 41; // Suitable nullity checks etc, of course :) if (Name != null) { hashCode = hashCode * 59 + Name.GetHashCode(); } if (Type != null) { hashCode = hashCode * 59 + Type.GetHashCode(); } if (FormatTarget != null) { hashCode = hashCode * 59 + FormatTarget.GetHashCode(); } if (TempFsFolder != null) { hashCode = hashCode * 59 + TempFsFolder.GetHashCode(); } if (FileThreshold != null) { hashCode = hashCode * 59 + FileThreshold.GetHashCode(); } if (MemoryUnit != null) { hashCode = hashCode * 59 + MemoryUnit.GetHashCode(); } if (UseOffHeapMemory != null) { hashCode = hashCode * 59 + UseOffHeapMemory.GetHashCode(); } if (DigestAlgorithm != null) { hashCode = hashCode * 59 + DigestAlgorithm.GetHashCode(); } if (MonitoringQueueSize != null) { hashCode = hashCode * 59 + MonitoringQueueSize.GetHashCode(); } if (CleanupDelay != null) { hashCode = hashCode * 59 + CleanupDelay.GetHashCode(); } if (PackageFilters != null) { hashCode = hashCode * 59 + PackageFilters.GetHashCode(); } if (PropertyFilters != null) { hashCode = hashCode * 59 + PropertyFilters.GetHashCode(); } return(hashCode); } }
/// <summary> /// Gets the cms signer for the specified <see cref="MimeKit.MailboxAddress"/>. /// </summary> /// <remarks> /// Gets the cms signer for the specified <see cref="MimeKit.MailboxAddress"/>. /// </remarks> /// <returns>The cms signer.</returns> /// <param name="mailbox">The mailbox.</param> /// <param name="digestAlgo">The preferred digest algorithm.</param> /// <exception cref="CertificateNotFoundException"> /// A certificate for the specified <paramref name="mailbox"/> could not be found. /// </exception> protected override CmsSigner GetCmsSigner (MailboxAddress mailbox, DigestAlgorithm digestAlgo) { var certificate = GetCmsSignerCertificate (mailbox); var pair = DotNetUtilities.GetKeyPair (certificate.PrivateKey); var cert = DotNetUtilities.FromX509Certificate (certificate); var signer = new CmsSigner (cert, pair.Private); signer.DigestAlgorithm = digestAlgo; return signer; }
/// <summary> /// Verify the Data packet using the public key. This does not check the /// type of public key or digest algorithm against the type of SignatureInfo in /// the Data packet such as Sha256WithRsaSignature. /// If the public key can't be decoded, this returns false instead of throwing /// a decoding exception. If you want to get a decoding exception then use /// the PublicKey constructor to decode and call verifyDataSignature with the /// PublicKey object. /// </summary> /// /// <param name="data">The Data packet to verify.</param> /// <param name="publicKeyDer">The DER-encoded public key.</param> /// <param name="digestAlgorithm">The digest algorithm.</param> /// <param name="wireFormat">A WireFormat object used to encode the Data packet.</param> /// <returns>True if verification succeeds, false if verification fails or for /// an error decoding the public key.</returns> /// <exception cref="System.ArgumentException">for an invalid public key type ordigestAlgorithm.</exception> public static bool verifyDataSignature(Data data, Blob publicKeyDer, DigestAlgorithm digestAlgorithm, WireFormat wireFormat) { try { return(verifyDataSignature(data, new PublicKey(publicKeyDer), digestAlgorithm)); } catch (UnrecognizedKeyFormatException ex) { return(false); } }
/// <summary> /// Create a SafeBag with given private key and a new self-signed certificate /// for the given public key. /// Use getDefaultWireFormat() to encode the self-signed certificate in order /// to sign it. /// </summary> /// /// <param name="keyName">This copies the Name.</param> /// <param name="privateKeyBag">PKCS #8 PrivateKeyInfo.</param> /// <param name="publicKeyEncoding">The encoded public key for the certificate.</param> /// <param name="password">of 1 to 127. If the password is supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If the password is null, privateKeyBag is an unencrypted PKCS #8 PrivateKeyInfo.</param> /// <param name="digestAlgorithm"></param> public SafeBag(Name keyName, Blob privateKeyBag, Blob publicKeyEncoding, ByteBuffer password, DigestAlgorithm digestAlgorithm) { this.certificate_ = null; this.privateKeyBag_ = new Blob(); certificate_ = makeSelfSignedCertificate(keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm, net.named_data.jndn.encoding.WireFormat.getDefaultWireFormat()); privateKeyBag_ = privateKeyBag; }
/// <summary> /// Gets the cms signer for the specified <see cref="MimeKit.MailboxAddress"/>. /// </summary> /// <remarks> /// Gets the cms signer for the specified <see cref="MimeKit.MailboxAddress"/>. /// </remarks> /// <returns>The cms signer.</returns> /// <param name="mailbox">The mailbox.</param> /// <param name="digestAlgo">The preferred digest algorithm.</param> /// <exception cref="CertificateNotFoundException"> /// A certificate for the specified <paramref name="mailbox"/> could not be found. /// </exception> protected override CmsSigner GetCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo) { var certificate = GetCmsSignerCertificate(mailbox); var pair = CmsSigner.GetBouncyCastleKeyPair(certificate.PrivateKey); var cert = GetBouncyCastleCertificate(certificate); var signer = new CmsSigner(cert, pair.Private); signer.DigestAlgorithm = digestAlgo; return(signer); }
/// <summary> /// Create a SafeBag with given private key and a new self-signed certificate /// for the given public key. /// </summary> /// /// <param name="keyName">This copies the Name.</param> /// <param name="privateKeyBag">PKCS #8 PrivateKeyInfo.</param> /// <param name="publicKeyEncoding">The encoded public key for the certificate.</param> /// <param name="password">of 1 to 127. If the password is supplied, use it to decrypt the PKCS #8 EncryptedPrivateKeyInfo. If the password is null, privateKeyBag is an unencrypted PKCS #8 PrivateKeyInfo.</param> /// <param name="digestAlgorithm"></param> /// <param name="wireFormat"></param> public SafeBag(Name keyName, Blob privateKeyBag, Blob publicKeyEncoding, ByteBuffer password, DigestAlgorithm digestAlgorithm, WireFormat wireFormat) { this.certificate_ = null; this.privateKeyBag_ = new Blob(); certificate_ = makeSelfSignedCertificate(keyName, privateKeyBag, publicKeyEncoding, password, digestAlgorithm, wireFormat); privateKeyBag_ = privateKeyBag; }
/// <summary> /// Creates an entity consisting of the content and signature. /// </summary> /// <param name="algorithm">The digest algorithm used in the signature, used for the <c>micalg</c> parameter</param> /// <param name="content">The content entity that was signed.</param> /// <param name="signature">The signature entity</param> public SignedEntity(DigestAlgorithm algorithm, MimeEntity content, MimeEntity signature) : base(CreateContentType(algorithm)) { if (content == null) { throw new ArgumentNullException("content"); } Content = content; Signature = signature; }
public void TestSignatureOIDs(DigestAlgorithm algo) { string messageText = m_tester.ReadMessageText("simple.eml"); m_cryptographer.DigestAlgorithm = algo; SignedCms signedData = null; Assert.DoesNotThrow(() => signedData = m_cryptographer.CreateSignature(Encoding.ASCII.GetBytes(messageText), m_cert)); Assert.True(signedData.SignerInfos.Count == 1); Assert.True(signedData.SignerInfos[0].DigestAlgorithm.Value == SMIMECryptographer.ToDigestAlgorithmOid(algo).Value); }
public virtual TlsCipher CreateCipher(TlsClientContext context, EncryptionAlgorithm encryptionAlgorithm, DigestAlgorithm digestAlgorithm) { switch (encryptionAlgorithm) { case EncryptionAlgorithm.cls_3DES_EDE_CBC: return CreateDesEdeCipher(context, 24, digestAlgorithm); case EncryptionAlgorithm.AES_128_CBC: return CreateAesCipher(context, 16, digestAlgorithm); case EncryptionAlgorithm.AES_256_CBC: return CreateAesCipher(context, 32, digestAlgorithm); default: throw new TlsFatalAlert(AlertDescription.internal_error); } }
/// <exception cref="IOException"></exception> protected virtual IDigest CreateDigest(DigestAlgorithm digestAlgorithm) { switch (digestAlgorithm) { case DigestAlgorithm.MD5: return new MD5Digest(); case DigestAlgorithm.SHA: return new Sha1Digest(); case DigestAlgorithm.SHA256: return new Sha256Digest(); case DigestAlgorithm.SHA384: return new Sha384Digest(); default: throw new TlsFatalAlert(AlertDescription.internal_error); } }
/// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> /// <exception cref="System.IO.IOException"></exception> public virtual byte[] Sign(Stream stream, DigestAlgorithm digestAlgo, IDssPrivateKeyEntry keyEntry) { if (SignatureAlgorithm.RSA == keyEntry.GetSignatureAlgorithm()) { IDigest digester = DigestUtilities.GetDigest(digestAlgo.GetName()); byte[] buffer = new byte[4096]; int count = 0; while ((count = stream.Read(buffer, 0, buffer.Length)) > 0) { digester.BlockUpdate(buffer, 0, count); } byte[] digestValue = DigestUtilities.DoFinal(digester); return EncryptDigest(digestValue, digestAlgo, keyEntry); } else { //jbonilla throw new System.NotImplementedException("Implementar cuando no es RSA"); //Sharpen.Signature signature = Sharpen.Signature.GetInstance(keyEntry.GetSignatureAlgorithm // ().GetJavaSignatureAlgorithm(digestAlgo)); //try //{ // signature.InitSign(((KSPrivateKeyEntry)keyEntry).GetPrivateKey()); // byte[] buffer = new byte[4096]; // int count = 0; // while ((count = stream.Read(buffer)) > 0) // { // signature.Update(buffer, 0, count); // } // byte[] signValue = signature.Sign(); // return signValue; //} //catch (SignatureException e) //{ // throw new RuntimeException(e); //} //catch (InvalidKeyException e) //{ // throw new RuntimeException(e); //} } }
/// <summary> /// Sign and encapsulate the content using the specified signer. /// </summary> /// <returns>A new <see cref="MimeKit.Cryptography.ApplicationPkcs7Mime"/> instance /// containing the detached signature data.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="digestAlgo"/> is out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified <see cref="DigestAlgorithm"/> is not supported by this context. /// </exception> /// <exception cref="CertificateNotFoundException"> /// A signing certificate could not be found for <paramref name="signer"/>. /// </exception> /// <exception cref="Org.BouncyCastle.Cms.CmsException"> /// An error occurred in the cryptographic message syntax subsystem. /// </exception> public virtual ApplicationPkcs7Mime EncapsulatedSign(MailboxAddress signer, DigestAlgorithm digestAlgo, Stream content) { if (signer == null) throw new ArgumentNullException ("signer"); if (content == null) throw new ArgumentNullException ("content"); var cmsSigner = GetCmsSigner (signer, digestAlgo); return EncapsulatedSign (cmsSigner, content); }
/// <summary> /// Gets the string name of the digest algorithm for use with the micalg parameter of a multipart/signed part. /// </summary> /// <returns>The micalg value.</returns> /// <param name="micalg">The digest algorithm.</param> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="micalg"/> is out of range. /// </exception> public override string GetMicAlgorithmName(DigestAlgorithm micalg) { switch (micalg) { case DigestAlgorithm.MD5: return "md5"; case DigestAlgorithm.Sha1: return "sha1"; case DigestAlgorithm.RipeMD160: return "ripemd160"; case DigestAlgorithm.MD2: return "md2"; case DigestAlgorithm.Tiger192: return "tiger192"; case DigestAlgorithm.Haval5160: return "haval-5-160"; case DigestAlgorithm.Sha256: return "sha256"; case DigestAlgorithm.Sha384: return "sha384"; case DigestAlgorithm.Sha512: return "sha512"; case DigestAlgorithm.Sha224: return "sha224"; case DigestAlgorithm.MD4: return "md4"; default: throw new ArgumentOutOfRangeException ("micalg"); } }
public Digest(DigestAlgorithm algorithm, byte[] value) : base() { this.algorithm = algorithm; this.value = value; }
/// <param name="algorithm">the algorithm to set</param> public virtual void SetAlgorithm(DigestAlgorithm algorithm) { this.algorithm = algorithm; }
/// <summary> /// Creates a new <see cref="MultipartEncrypted"/>. /// </summary> /// <remarks> /// Signs the entity using the supplied signer and digest algorithm and then encrypts to /// the specified recipients, encapsulating the result in a new multipart/encrypted part. /// </remarks> /// <returns>A new <see cref="MimeKit.Cryptography.MultipartEncrypted"/> instance containing /// the signed and encrypted version of the specified entity.</returns> /// <param name="ctx">The OpenPGP cryptography context to use for singing and encrypting.</param> /// <param name="signer">The signer to use to sign the entity.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="recipients">The recipients for the encrypted entity.</param> /// <param name="entity">The entity to sign and encrypt.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="ctx"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="recipients"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="entity"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentException"> /// <para><paramref name="signer"/> cannot be used for signing.</para> /// <para>-or-</para> /// <para>One or more of the recipient keys cannot be used for encrypting.</para> /// <para>-or-</para> /// <para>No recipients were specified.</para> /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// The <paramref name="digestAlgo"/> was out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The <paramref name="digestAlgo"/> is not supported. /// </exception> /// <exception cref="System.OperationCanceledException"> /// The user chose to cancel the password prompt. /// </exception> /// <exception cref="System.UnauthorizedAccessException"> /// 3 bad attempts were made to unlock the secret key. /// </exception> public static MultipartEncrypted Create (OpenPgpContext ctx, PgpSecretKey signer, DigestAlgorithm digestAlgo, IEnumerable<PgpPublicKey> recipients, MimeEntity entity) { if (ctx == null) throw new ArgumentNullException ("ctx"); if (signer == null) throw new ArgumentNullException ("signer"); if (recipients == null) throw new ArgumentNullException ("recipients"); if (entity == null) throw new ArgumentNullException ("entity"); using (var memory = new MemoryStream ()) { var options = FormatOptions.Default.Clone (); options.NewLineFormat = NewLineFormat.Dos; PrepareEntityForEncrypting (entity); entity.WriteTo (options, memory); memory.Position = 0; var encrypted = new MultipartEncrypted (); encrypted.ContentType.Parameters["protocol"] = ctx.EncryptionProtocol; // add the protocol version part encrypted.Add (new ApplicationPgpEncrypted ()); // add the encrypted entity as the second part encrypted.Add (ctx.SignAndEncrypt (signer, digestAlgo, recipients, memory)); return encrypted; } }
/// <summary> /// Cryptographically signs and encrypts the specified content for the specified recipients. /// </summary> /// <remarks> /// Cryptographically signs and encrypts the specified content for the specified recipients. /// </remarks> /// <returns>A new <see cref="MimeKit.MimePart"/> instance /// containing the encrypted data.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="recipients">The recipients.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="recipients"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="digestAlgo"/> is out of range. /// </exception> /// <exception cref="System.ArgumentException"> /// <para>One or more of the recipient keys cannot be used for encrypting.</para> /// <para>-or-</para> /// <para>No recipients were specified.</para> /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified <see cref="DigestAlgorithm"/> is not supported by this context. /// </exception> /// <exception cref="PrivateKeyNotFoundException"> /// The private key could not be found for <paramref name="signer"/>. /// </exception> /// <exception cref="PublicKeyNotFoundException"> /// A public key could not be found for one or more of the <paramref name="recipients"/>. /// </exception> /// <exception cref="System.OperationCanceledException"> /// The user chose to cancel the password prompt. /// </exception> /// <exception cref="System.UnauthorizedAccessException"> /// 3 bad attempts were made to unlock the secret key. /// </exception> public MimePart SignAndEncrypt (MailboxAddress signer, DigestAlgorithm digestAlgo, IEnumerable<MailboxAddress> recipients, Stream content) { if (signer == null) throw new ArgumentNullException ("signer"); if (recipients == null) throw new ArgumentNullException ("recipients"); if (content == null) throw new ArgumentNullException ("content"); var key = GetSigningKey (signer); return SignAndEncrypt (key, digestAlgo, GetPublicKeys (recipients), content); }
/// <summary> /// Gets the <see cref="CmsSigner"/> for the specified mailbox. /// </summary> /// <returns>A <see cref="CmsSigner"/>.</returns> /// <param name="mailbox">The mailbox.</param> /// <param name="digestAlgo">The preferred digest algorithm.</param> /// <exception cref="CertificateNotFoundException"> /// A certificate for the specified <paramref name="mailbox"/> could not be found. /// </exception> protected override CmsSigner GetCmsSigner (MailboxAddress mailbox, DigestAlgorithm digestAlgo) { var now = DateTime.Now; foreach (var certificate in certificates) { AsymmetricKeyParameter key; if (certificate.NotBefore > now || certificate.NotAfter < now) continue; var keyUsage = certificate.GetKeyUsageFlags (); if (keyUsage != 0 && (keyUsage & SecureMimeContext.DigitalSignatureKeyUsageFlags) == 0) continue; if (!keys.TryGetValue (certificate, out key)) continue; if (certificate.GetSubjectEmailAddress () == mailbox.Address) { var signer = new CmsSigner (certificate, key); signer.DigestAlgorithm = digestAlgo; return signer; } } throw new CertificateNotFoundException (mailbox, "A valid signing certificate could not be found."); }
/// <summary> /// Gets the <see cref="CmsSigner"/> for the specified mailbox. /// </summary> /// <returns>A <see cref="CmsSigner"/>.</returns> /// <param name="mailbox">The mailbox.</param> /// <param name="digestAlgo">The preferred digest algorithm.</param> /// <exception cref="CertificateNotFoundException"> /// A certificate for the specified <paramref name="mailbox"/> could not be found. /// </exception> protected abstract CmsSigner GetCmsSigner(MailboxAddress mailbox, DigestAlgorithm digestAlgo);
/// <exception cref="IOException"></exception> protected virtual TlsCipher CreateRC4Cipher(TlsClientContext context, int cipherKeySize, DigestAlgorithm digestAlgorithm) { return new TlsStreamCipher(context, CreateRC4StreamCipher(), CreateRC4StreamCipher(), CreateDigest(digestAlgorithm), CreateDigest(digestAlgorithm), cipherKeySize); }
/// <summary> /// Cryptographically signs the content. /// </summary> /// <remarks> /// Cryptographically signs the content using the specified signer and digest algorithm. /// </remarks> /// <returns>A new <see cref="MimeKit.MimePart"/> instance /// containing the detached signature data.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentException"> /// <paramref name="signer"/> cannot be used for signing. /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// The <paramref name="digestAlgo"/> was out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The <paramref name="digestAlgo"/> is not supported. /// </exception> /// <exception cref="System.OperationCanceledException"> /// The user chose to cancel the password prompt. /// </exception> /// <exception cref="System.UnauthorizedAccessException"> /// 3 bad attempts were made to unlock the secret key. /// </exception> public ApplicationPgpSignature Sign (PgpSecretKey signer, DigestAlgorithm digestAlgo, Stream content) { if (signer == null) throw new ArgumentNullException ("signer"); if (!signer.IsSigningKey) throw new ArgumentException ("The specified secret key cannot be used for signing.", "signer"); if (content == null) throw new ArgumentNullException ("content"); var hashAlgorithm = GetHashAlgorithm (digestAlgo); var memory = new MemoryBlockStream (); using (var armored = new ArmoredOutputStream (memory)) { var compresser = new PgpCompressedDataGenerator (CompressionAlgorithmTag.ZLib); using (var compressed = compresser.Open (armored)) { var signatureGenerator = new PgpSignatureGenerator (signer.PublicKey.Algorithm, hashAlgorithm); var buf = new byte[4096]; int nread; signatureGenerator.InitSign (PgpSignature.CanonicalTextDocument, GetPrivateKey (signer)); while ((nread = content.Read (buf, 0, buf.Length)) > 0) signatureGenerator.Update (buf, 0, nread); var signature = signatureGenerator.Generate (); signature.Encode (compressed); compressed.Flush (); } armored.Flush (); } memory.Position = 0; return new ApplicationPgpSignature (memory); }
/// <summary> /// Creates a new <see cref="MultipartSigned"/>. /// </summary> /// <remarks> /// Cryptographically signs the entity using the supplied signer and digest algorithm in /// order to generate a detached signature and then adds the entity along with the /// detached signature data to a new multipart/signed part. /// </remarks> /// <returns>A new <see cref="MultipartSigned"/> instance.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="entity">The entity to sign.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="entity"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentException"> /// <paramref name="signer"/> cannot be used for signing. /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// The <paramref name="digestAlgo"/> was out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// <para>A cryptography context suitable for signing could not be found.</para> /// <para>-or-</para> /// <para>The <paramref name="digestAlgo"/> is not supported.</para> /// </exception> /// <exception cref="Org.BouncyCastle.Bcpg.OpenPgp.PgpException"> /// An error occurred in the OpenPGP subsystem. /// </exception> public static MultipartSigned Create (PgpSecretKey signer, DigestAlgorithm digestAlgo, MimeEntity entity) { using (var ctx = (OpenPgpContext) CryptographyContext.Create ("application/pgp-signature")) { return Create (ctx, signer, digestAlgo, entity); } }
/// <summary> /// Creates a new <see cref="MultipartSigned"/>. /// </summary> /// <remarks> /// Cryptographically signs the entity using the supplied signer and digest algorithm in /// order to generate a detached signature and then adds the entity along with the /// detached signature data to a new multipart/signed part. /// </remarks> /// <returns>A new <see cref="MultipartSigned"/> instance.</returns> /// <param name="ctx">The OpenPGP context to use for signing.</param> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="entity">The entity to sign.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="ctx"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="entity"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentException"> /// <paramref name="signer"/> cannot be used for signing. /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// The <paramref name="digestAlgo"/> was out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The <paramref name="digestAlgo"/> is not supported. /// </exception> /// <exception cref="Org.BouncyCastle.Bcpg.OpenPgp.PgpException"> /// An error occurred in the OpenPGP subsystem. /// </exception> public static MultipartSigned Create (OpenPgpContext ctx, PgpSecretKey signer, DigestAlgorithm digestAlgo, MimeEntity entity) { if (ctx == null) throw new ArgumentNullException ("ctx"); if (signer == null) throw new ArgumentNullException ("signer"); if (entity == null) throw new ArgumentNullException ("entity"); PrepareEntityForSigning (entity); using (var memory = new MemoryBlockStream ()) { using (var filtered = new FilteredStream (memory)) { // Note: see rfc3156, section 3 - second note filtered.Add (new ArmoredFromFilter ()); // Note: see rfc3156, section 5.4 (this is the main difference between rfc2015 and rfc3156) filtered.Add (new TrailingWhitespaceFilter ()); // Note: see rfc2015 or rfc3156, section 5.1 filtered.Add (new Unix2DosFilter ()); entity.WriteTo (filtered); filtered.Flush (); } memory.Position = 0; // Note: we need to parse the modified entity structure to preserve any modifications var parser = new MimeParser (memory, MimeFormat.Entity); var parsed = parser.ParseEntity (); memory.Position = 0; // sign the cleartext content var micalg = ctx.GetDigestAlgorithmName (digestAlgo); var signature = ctx.Sign (signer, digestAlgo, memory); var signed = new MultipartSigned (); // set the protocol and micalg Content-Type parameters signed.ContentType.Parameters["protocol"] = ctx.SignatureProtocol; signed.ContentType.Parameters["micalg"] = micalg; // add the modified/parsed entity as our first part signed.Add (parsed); // add the detached signature as the second part signed.Add (signature); return signed; } }
/// <summary> /// Sign the content using the specified signer. /// </summary> /// <remarks> /// Sign the content using the specified signer. /// </remarks> /// <returns>A new <see cref="MimeKit.MimePart"/> instance /// containing the detached signature data.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="digestAlgo"/> is out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified <see cref="DigestAlgorithm"/> is not supported by this context. /// </exception> /// <exception cref="CertificateNotFoundException"> /// A signing certificate could not be found for <paramref name="signer"/>. /// </exception> /// <exception cref="System.Security.Cryptography.CryptographicException"> /// An error occurred in the cryptographic message syntax subsystem. /// </exception> public override MimePart Sign (MailboxAddress signer, DigestAlgorithm digestAlgo, Stream content) { if (signer == null) throw new ArgumentNullException ("signer"); if (content == null) throw new ArgumentNullException ("content"); var contentInfo = new ContentInfo (ReadAllBytes (content)); var cmsSigner = GetRealCmsSigner (signer, digestAlgo); var signed = new SignedCms (contentInfo, true); signed.ComputeSignature (cmsSigner); var signedData = signed.Encode (); return new ApplicationPkcs7Signature (new MemoryStream (signedData, false)); }
/// <summary> /// Sign the content using the specified signer. /// </summary> /// <returns>A new <see cref="MimeKit.MimePart"/> instance /// containing the detached signature data.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="digestAlgo"/> is out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified <see cref="DigestAlgorithm"/> is not supported by this context. /// </exception> /// <exception cref="CertificateNotFoundException"> /// A signing certificate could not be found for <paramref name="signer"/>. /// </exception> /// <exception cref="Org.BouncyCastle.Cms.CmsException"> /// An error occurred in the cryptographic message syntax subsystem. /// </exception> public override MimePart Sign(MailboxAddress signer, DigestAlgorithm digestAlgo, Stream content) { if (signer == null) throw new ArgumentNullException ("signer"); if (content == null) throw new ArgumentNullException ("content"); var cmsSigner = GetCmsSigner (signer, digestAlgo); return Sign (cmsSigner, content); }
/// <summary> /// Cryptographically signs and encrypts the specified content for the specified recipients. /// </summary> /// <remarks> /// Cryptographically signs and encrypts the specified content for the specified recipients. /// </remarks> /// <returns>A new <see cref="MimeKit.MimePart"/> instance /// containing the encrypted data.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="cipherAlgo">The encryption algorithm.</param> /// <param name="recipients">The recipients.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="recipients"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentException"> /// <para><paramref name="signer"/> cannot be used for signing.</para> /// <para>-or-</para> /// <para>One or more of the recipient keys cannot be used for encrypting.</para> /// <para>-or-</para> /// <para>No recipients were specified.</para> /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified encryption algorithm is not supported. /// </exception> /// <exception cref="System.OperationCanceledException"> /// The user chose to cancel the password prompt. /// </exception> /// <exception cref="System.UnauthorizedAccessException"> /// 3 bad attempts were made to unlock the secret key. /// </exception> public MimePart SignAndEncrypt (PgpSecretKey signer, DigestAlgorithm digestAlgo, EncryptionAlgorithm cipherAlgo, IEnumerable<PgpPublicKey> recipients, Stream content) { // TODO: document the exceptions that can be thrown by BouncyCastle if (signer == null) throw new ArgumentNullException ("signer"); if (!signer.IsSigningKey) throw new ArgumentException ("The specified secret key cannot be used for signing.", "signer"); if (recipients == null) throw new ArgumentNullException ("recipients"); if (content == null) throw new ArgumentNullException ("content"); var encrypter = new PgpEncryptedDataGenerator (GetSymmetricKeyAlgorithm (cipherAlgo), true); var hashAlgorithm = GetHashAlgorithm (digestAlgo); int count = 0; foreach (var recipient in recipients) { if (!recipient.IsEncryptionKey) throw new ArgumentException ("One or more of the recipient keys cannot be used for encrypting.", "recipients"); encrypter.AddMethod (recipient); count++; } if (count == 0) throw new ArgumentException ("No recipients specified.", "recipients"); var compresser = new PgpCompressedDataGenerator (CompressionAlgorithmTag.ZLib); using (var compressed = new MemoryBlockStream ()) { using (var signed = compresser.Open (compressed)) { var signatureGenerator = new PgpSignatureGenerator (signer.PublicKey.Algorithm, hashAlgorithm); signatureGenerator.InitSign (PgpSignature.CanonicalTextDocument, GetPrivateKey (signer)); var subpacket = new PgpSignatureSubpacketGenerator (); foreach (string userId in signer.PublicKey.GetUserIds ()) { subpacket.SetSignerUserId (false, userId); break; } signatureGenerator.SetHashedSubpackets (subpacket.Generate ()); var onepass = signatureGenerator.GenerateOnePassVersion (false); onepass.Encode (signed); var literalGenerator = new PgpLiteralDataGenerator (); using (var literal = literalGenerator.Open (signed, 't', "mime.txt", content.Length, DateTime.Now)) { var buf = new byte[4096]; int nread; while ((nread = content.Read (buf, 0, buf.Length)) > 0) { signatureGenerator.Update (buf, 0, nread); literal.Write (buf, 0, nread); } literal.Flush (); } var signature = signatureGenerator.Generate (); signature.Encode (signed); signed.Flush (); } compressed.Position = 0; var memory = new MemoryBlockStream (); using (var armored = new ArmoredOutputStream (memory)) { using (var encrypted = encrypter.Open (armored, compressed.Length)) { compressed.CopyTo (encrypted, 4096); encrypted.Flush (); } armored.Flush (); } memory.Position = 0; return new MimePart ("application", "octet-stream") { ContentDisposition = new ContentDisposition ("attachment"), ContentObject = new ContentObject (memory) }; } }
/// <summary> /// Gets the digest oid. /// </summary> /// <returns>The digest oid.</returns> /// <param name="digestAlgo">The digest algorithm.</param> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="digestAlgo"/> is out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The specified <see cref="DigestAlgorithm"/> is not supported by this context. /// </exception> protected static string GetDigestOid(DigestAlgorithm digestAlgo) { switch (digestAlgo) { case DigestAlgorithm.MD5: return PkcsObjectIdentifiers.MD5.Id; case DigestAlgorithm.Sha1: return PkcsObjectIdentifiers.Sha1WithRsaEncryption.Id; case DigestAlgorithm.MD2: return PkcsObjectIdentifiers.MD2.Id; case DigestAlgorithm.Sha256: return PkcsObjectIdentifiers.Sha256WithRsaEncryption.Id; case DigestAlgorithm.Sha384: return PkcsObjectIdentifiers.Sha384WithRsaEncryption.Id; case DigestAlgorithm.Sha512: return PkcsObjectIdentifiers.Sha512WithRsaEncryption.Id; case DigestAlgorithm.Sha224: return PkcsObjectIdentifiers.Sha224WithRsaEncryption.Id; case DigestAlgorithm.MD4: return PkcsObjectIdentifiers.MD4.Id; case DigestAlgorithm.RipeMD160: case DigestAlgorithm.DoubleSha: case DigestAlgorithm.Tiger192: case DigestAlgorithm.Haval5160: throw new NotSupportedException (); default: throw new ArgumentOutOfRangeException (); } }
/// <summary> /// Sign the message using the specified cryptography context and digest algorithm. /// </summary> /// <remarks> /// If either of the Resent-Sender or Resent-From headers are set, then the message /// will be signed using the Resent-Sender (or first mailbox in the Resent-From) /// address as the signer address, otherwise the Sender or From address will be /// used instead. /// </remarks> /// <param name="ctx">The cryptography context.</param> /// <param name="digestAlgo">The digest algorithm.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="ctx"/> is <c>null</c>. /// </exception> /// <exception cref="System.InvalidOperationException"> /// <para>The <see cref="Body"/> has not been set.</para> /// <para>-or-</para> /// <para>A sender has not been specified.</para> /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// The <paramref name="digestAlgo"/> was out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// The <paramref name="digestAlgo"/> is not supported. /// </exception> /// <exception cref="CertificateNotFoundException"> /// A signing certificate could not be found for the sender. /// </exception> /// <exception cref="PrivateKeyNotFoundException"> /// The private key could not be found for the sender. /// </exception> public void Sign (CryptographyContext ctx, DigestAlgorithm digestAlgo) { if (ctx == null) throw new ArgumentNullException ("ctx"); if (Body == null) throw new InvalidOperationException ("No message body has been set."); var signer = GetMessageSigner (); if (signer == null) throw new InvalidOperationException ("The sender has not been set."); Body = MultipartSigned.Create (ctx, signer, digestAlgo, Body); }
/// <summary> /// Cryptographically signs and encrypts the specified content for the specified recipients. /// </summary> /// <remarks> /// Cryptographically signs and encrypts the specified content for the specified recipients. /// </remarks> /// <returns>A new <see cref="MimeKit.MimePart"/> instance /// containing the encrypted data.</returns> /// <param name="signer">The signer.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="recipients">The recipients.</param> /// <param name="content">The content.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="recipients"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="content"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentException"> /// <para><paramref name="signer"/> cannot be used for signing.</para> /// <para>-or-</para> /// <para>One or more of the recipient keys cannot be used for encrypting.</para> /// <para>-or-</para> /// <para>No recipients were specified.</para> /// </exception> /// <exception cref="System.OperationCanceledException"> /// The user chose to cancel the password prompt. /// </exception> /// <exception cref="System.UnauthorizedAccessException"> /// 3 bad attempts were made to unlock the secret key. /// </exception> public MimePart SignAndEncrypt (PgpSecretKey signer, DigestAlgorithm digestAlgo, IEnumerable<PgpPublicKey> recipients, Stream content) { return SignAndEncrypt (signer, digestAlgo, defaultAlgorithm, recipients, content); }
/// <summary> /// Sign and encrypt the message to the sender and all of the recipients using /// the specified cryptography context and the specified digest algorithm. /// </summary> /// <remarks> /// <para>If either of the Resent-Sender or Resent-From headers are set, then the message /// will be signed using the Resent-Sender (or first mailbox in the Resent-From) /// address as the signer address, otherwise the Sender or From address will be /// used instead.</para> /// <para>Likewise, if either of the Resent-Sender or Resent-From headers are set, then the /// message will be encrypted to all of the addresses specified in the Resent headers /// (Resent-Sender, Resent-From, Resent-To, Resent-Cc, and Resent-Bcc), /// otherwise the message will be encrypted to all of the addresses specified in /// the standard address headers (Sender, From, To, Cc, and Bcc).</para> /// </remarks> /// <param name="ctx">The cryptography context.</param> /// <param name="digestAlgo">The digest algorithm.</param> /// <exception cref="System.ArgumentNullException"> /// <paramref name="ctx"/> is <c>null</c>. /// </exception> /// <exception cref="System.ArgumentException"> /// An unknown type of cryptography context was used. /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// The <paramref name="digestAlgo"/> was out of range. /// </exception> /// <exception cref="System.InvalidOperationException"> /// <para>The <see cref="Body"/> has not been set.</para> /// <para>-or-</para> /// <para>The sender has been specified.</para> /// <para>-or-</para> /// <para>No recipients have been specified.</para> /// </exception> /// <exception cref="System.NotSupportedException"> /// The <paramref name="digestAlgo"/> is not supported. /// </exception> /// <exception cref="CertificateNotFoundException"> /// A certificate could not be found for the signer or one or more of the recipients. /// </exception> /// <exception cref="PrivateKeyNotFoundException"> /// The private key could not be found for the sender. /// </exception> /// <exception cref="PublicKeyNotFoundException"> /// The public key could not be found for one or more of the recipients. /// </exception> public void SignAndEncrypt (CryptographyContext ctx, DigestAlgorithm digestAlgo) { if (ctx == null) throw new ArgumentNullException ("ctx"); if (Body == null) throw new InvalidOperationException ("No message body has been set."); var signer = GetMessageSigner (); if (signer == null) throw new InvalidOperationException ("The sender has not been set."); var recipients = GetMessageRecipients (true); if (recipients.Count == 0) throw new InvalidOperationException ("No recipients have been set."); if (ctx is SecureMimeContext) { Body = ApplicationPkcs7Mime.SignAndEncrypt ((SecureMimeContext) ctx, signer, digestAlgo, recipients, Body); } else if (ctx is OpenPgpContext) { Body = MultipartEncrypted.SignAndEncrypt ((OpenPgpContext) ctx, signer, digestAlgo, recipients, Body); } else { throw new ArgumentException ("Unknown type of cryptography context.", "ctx"); } }
/// <summary>The encryption of a digest it the atomic operation done by the SSCD.</summary> /// <remarks> /// The encryption of a digest it the atomic operation done by the SSCD. This encryption (RSA, DSA, ...) create the /// signature value. /// </remarks> /// <param name="digestValue"></param> /// <param name="digestAlgo"></param> /// <param name="keyEntry"></param> /// <returns></returns> /// <exception cref="Sharpen.NoSuchAlgorithmException"></exception> public abstract byte[] EncryptDigest(byte[] digestValue, DigestAlgorithm digestAlgo , IDssPrivateKeyEntry keyEntry);
/// <exception cref="IOException"></exception> protected virtual TlsCipher CreateDesEdeCipher(TlsClientContext context, int cipherKeySize, DigestAlgorithm digestAlgorithm) { return new TlsBlockCipher(context, CreateDesEdeBlockCipher(), CreateDesEdeBlockCipher(), CreateDigest(digestAlgorithm), CreateDigest(digestAlgorithm), cipherKeySize); }
/// <summary> /// Creates a new <see cref="MultipartEncrypted"/>. /// </summary> /// <remarks> /// Signs the entity using the supplied signer and digest algorithm and then encrypts to /// the specified recipients, encapsulating the result in a new multipart/encrypted part. /// </remarks> /// <returns>A new <see cref="MimeKit.Cryptography.MultipartEncrypted"/> instance containing /// the signed and encrypted version of the specified entity.</returns> /// <param name="signer">The signer to use to sign the entity.</param> /// <param name="digestAlgo">The digest algorithm to use for signing.</param> /// <param name="recipients">The recipients for the encrypted entity.</param> /// <param name="entity">The entity to sign and encrypt.</param> /// <exception cref="System.ArgumentNullException"> /// <para><paramref name="signer"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="recipients"/> is <c>null</c>.</para> /// <para>-or-</para> /// <para><paramref name="entity"/> is <c>null</c>.</para> /// </exception> /// <exception cref="System.ArgumentException"> /// <para><paramref name="signer"/> cannot be used for signing.</para> /// <para>-or-</para> /// <para>One or more of the recipient keys cannot be used for encrypting.</para> /// <para>-or-</para> /// <para>No recipients were specified.</para> /// </exception> /// <exception cref="System.ArgumentOutOfRangeException"> /// The <paramref name="digestAlgo"/> was out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// <para>A default <see cref="OpenPgpContext"/> has not been registered.</para> /// <para>-or-</para> /// <para>The <paramref name="digestAlgo"/> is not supported.</para> /// </exception> /// <exception cref="System.OperationCanceledException"> /// The user chose to cancel the password prompt. /// </exception> /// <exception cref="System.UnauthorizedAccessException"> /// 3 bad attempts were made to unlock the secret key. /// </exception> public static MultipartEncrypted Create (PgpSecretKey signer, DigestAlgorithm digestAlgo, IEnumerable<PgpPublicKey> recipients, MimeEntity entity) { if (signer == null) throw new ArgumentNullException ("signer"); if (recipients == null) throw new ArgumentNullException ("recipients"); if (entity == null) throw new ArgumentNullException ("entity"); using (var ctx = (OpenPgpContext) CryptographyContext.Create ("application/pgp-encrypted")) { return Create (ctx, signer, digestAlgo, recipients, entity); } }
/// <summary> /// Gets the equivalent <see cref="Org.BouncyCastle.Bcpg.HashAlgorithmTag"/> for the /// specified <see cref="DigestAlgorithm"/>. /// </summary> /// <remarks> /// Maps a <see cref="DigestAlgorithm"/> to the equivalent <see cref="Org.BouncyCastle.Bcpg.HashAlgorithmTag"/>. /// </remarks> /// <returns>The hash algorithm.</returns> /// <param name="digestAlgo">The digest algorithm.</param> /// <exception cref="System.ArgumentOutOfRangeException"> /// <paramref name="digestAlgo"/> is out of range. /// </exception> /// <exception cref="System.NotSupportedException"> /// <paramref name="digestAlgo"/> does not have an equivalent /// <see cref="Org.BouncyCastle.Bcpg.HashAlgorithmTag"/> value. /// </exception> public static HashAlgorithmTag GetHashAlgorithm (DigestAlgorithm digestAlgo) { switch (digestAlgo) { case DigestAlgorithm.MD5: return HashAlgorithmTag.MD5; case DigestAlgorithm.Sha1: return HashAlgorithmTag.Sha1; case DigestAlgorithm.RipeMD160: return HashAlgorithmTag.RipeMD160; case DigestAlgorithm.DoubleSha: return HashAlgorithmTag.DoubleSha; case DigestAlgorithm.MD2: return HashAlgorithmTag.MD2; case DigestAlgorithm.Tiger192: return HashAlgorithmTag.Tiger192; case DigestAlgorithm.Haval5160: return HashAlgorithmTag.Haval5pass160; case DigestAlgorithm.Sha256: return HashAlgorithmTag.Sha256; case DigestAlgorithm.Sha384: return HashAlgorithmTag.Sha384; case DigestAlgorithm.Sha512: return HashAlgorithmTag.Sha512; case DigestAlgorithm.Sha224: return HashAlgorithmTag.Sha224; case DigestAlgorithm.MD4: throw new NotSupportedException ("The MD4 digest algorithm is not supported."); default: throw new ArgumentOutOfRangeException ("digestAlgo"); } }