public static Tuple <string, string> CreateKeyPair()
{
var algorithm = SignatureAlgorithm.Ed25519;
var kp = new KeyCreationParameters
{
ExportPolicy = KeyExportPolicies.AllowPlaintextExport
};
using (var key = Key.Create(algorithm, kp))
{
var publicKeyBytes = key.Export(KeyBlobFormat.PkixPublicKeyText);
var publicKey = Encoding.UTF8.GetString(publicKeyBytes);
publicKey = publicKey.Replace("-----BEGIN PUBLIC KEY-----", "");
publicKey = publicKey.Replace("-----END PUBLIC KEY-----", "");
publicKey = publicKey.Replace(Environment.NewLine, "");
var privateKeyBytes = key.Export(KeyBlobFormat.PkixPrivateKeyText);
var privateKey = Encoding.UTF8.GetString(privateKeyBytes);
privateKey = privateKey.Replace("-----BEGIN PRIVATE KEY-----", "");
privateKey = privateKey.Replace("-----END PRIVATE KEY-----", "");
privateKey = privateKey.Replace(Environment.NewLine, "");
return(new Tuple <string, string>(publicKey, privateKey));
}
}
public static Key getAgreeKeyFromPrivate(string agreePrivateKey)
{
var signAlgorithm = KeyAgreementAlgorithm.X25519;
var parameters = new KeyCreationParameters();
parameters.ExportPolicy = KeyExportPolicies.AllowPlaintextExport;
return(Key.Import(signAlgorithm, Convert.FromBase64String(agreePrivateKey), KeyBlobFormat.NSecPrivateKey, parameters));
}
public static string getSignPublicKeyStringFromPrivate(string signPrivateKey)
{
var signAlgorithm = SignatureAlgorithm.Ed25519;
var parameters = new KeyCreationParameters();
parameters.ExportPolicy = KeyExportPolicies.AllowPlaintextExport;
var signPrivKey = Key.Import(signAlgorithm, Convert.FromBase64String(signPrivateKey), KeyBlobFormat.NSecPrivateKey, parameters);
return(Convert.ToBase64String(signPrivKey.PublicKey.Export(KeyBlobFormat.NSecPublicKey)));
}
/// <summary>
/// Outputs hash and salt as <see cref="string"/> based on user password in <see cref="HMACSHA512"/> format to store in DB.
/// </summary>
private void CreatePasswordHash(ReadOnlySpan <byte> data, out string salt, out string hashedPassword)
{
var algorithm = MacAlgorithm.HmacSha512;
var keyCreationParameters = new KeyCreationParameters()
{
ExportPolicy = KeyExportPolicies.AllowPlaintextArchiving
};
using var key = Key.Create(algorithm, keyCreationParameters);
salt = Convert.ToBase64String(key.Export(KeyBlobFormat.NSecSymmetricKey));
hashedPassword = Convert.ToBase64String(algorithm.Mac(key, data));
}
public static void getNewBlockchainUser(out string signPrivateKey, out string signPublicKey,
out string agreePrivateKey, out string agreePublicKey)
{
var signAlgorithm = SignatureAlgorithm.Ed25519;
var agreeAlgorithm = KeyAgreementAlgorithm.X25519;
var parameters = new KeyCreationParameters();
parameters.ExportPolicy = KeyExportPolicies.AllowPlaintextExport;
var signKey = Key.Create(signAlgorithm, parameters);
var agreeKey = Key.Create(agreeAlgorithm, parameters);
signPrivateKey = Convert.ToBase64String(signKey.Export(KeyBlobFormat.NSecPrivateKey));
signPublicKey = Convert.ToBase64String(signKey.PublicKey.Export(KeyBlobFormat.NSecPublicKey));
agreePrivateKey = Convert.ToBase64String(agreeKey.Export(KeyBlobFormat.NSecPrivateKey));
agreePublicKey = Convert.ToBase64String(agreeKey.PublicKey.Export(KeyBlobFormat.NSecPublicKey));
}
public static byte[] Sign(string privateKey, byte[] data)
{
var algorithm = SignatureAlgorithm.Ed25519;
var kp = new KeyCreationParameters
{
ExportPolicy = KeyExportPolicies.AllowPlaintextExport
};
var privateKeyBytes = Encoding.UTF8.GetBytes(privateKey);
using (Key key = Key.Import(algorithm, new ReadOnlySpan <byte>(privateKeyBytes), KeyBlobFormat.PkixPrivateKeyText, kp))
{
var signature = algorithm.Sign(key, data);
return(signature);
}
}
public static string getEncryptedEncryptionKey(string encryptionKey, string senderAgreePrivateKey, string recieverAgreePublicKey)
{
var algorithm = KeyAgreementAlgorithm.X25519;
var parameters = new KeyCreationParameters();
var byteData = Convert.FromBase64String(encryptionKey);
parameters.ExportPolicy = KeyExportPolicies.AllowPlaintextExport;
Key senderKey = getAgreeKeyFromPrivate(senderAgreePrivateKey);
PublicKey recieverKey = getAgreePublicKeyFromString(recieverAgreePublicKey);
var secret = algorithm.Agree(senderKey, recieverKey);
var derivedKey = KeyDerivationAlgorithm.HkdfSha256.DeriveKey(secret, null, null, AeadAlgorithm.Aes256Gcm, parameters);
var nonce = new Nonce(0, 12);
var encryptedByteData = AeadAlgorithm.Aes256Gcm.Encrypt(derivedKey, nonce, null, byteData);
var encryptedData = Convert.ToBase64String(encryptedByteData);
return(encryptedData + "|" + getAgreePublicKeyStringFromPrivate(senderAgreePrivateKey));
}
public static void ExportImportNSecPrivateKey()
{
// fake System.IO.File
var File = new Dictionary <string, byte[]>();
{
#region ExportImport: Export
var algorithm = SignatureAlgorithm.Ed25519;
var creationParameters = new KeyCreationParameters
{
ExportPolicy = KeyExportPolicies.AllowPlaintextArchiving
};
// create a new key
using (var key = new Key(algorithm, creationParameters))
{
// export it
var blob = key.Export(KeyBlobFormat.NSecPrivateKey);
File.WriteAllBytes("myprivatekey.nsec", blob);
}
#endregion
}
{
#region ExportImport: Import
var algorithm = SignatureAlgorithm.Ed25519;
var blob = File.ReadAllBytes("myprivatekey.nsec");
// re-import it
using (var key = Key.Import(algorithm, blob, KeyBlobFormat.NSecPrivateKey))
{
var signature = algorithm.Sign(key, /*{*/ new byte[0] /*}*/);
}
#endregion
}
}
public static string getDecryptedEncryptionKey(string hashedData, string recieverAgreePrivateKey)
{
var origHashedParts = hashedData.Split('|');
var encryptedByteData = Convert.FromBase64String(origHashedParts[0]);
var senderPublicKey = origHashedParts[1];
var algorithm = KeyAgreementAlgorithm.X25519;
var parameters = new KeyCreationParameters();
parameters.ExportPolicy = KeyExportPolicies.AllowPlaintextExport;
Key recieverKey = getAgreeKeyFromPrivate(recieverAgreePrivateKey);
PublicKey senderKey = getAgreePublicKeyFromString(senderPublicKey);
var secret = algorithm.Agree(recieverKey, senderKey);
var derivedKey = KeyDerivationAlgorithm.HkdfSha256.DeriveKey(secret, null, null, AeadAlgorithm.Aes256Gcm, parameters);
var nonce = new Nonce(0, 12);
byte[] decryptedByteData = new byte[encryptedByteData.Length - AeadAlgorithm.Aes256Gcm.TagSize];
AeadAlgorithm.Aes256Gcm.Decrypt(derivedKey, nonce, null, encryptedByteData, decryptedByteData);
var decryptedData = Convert.ToBase64String(decryptedByteData);
return(decryptedData);
}
public static byte[] Sign(string privateKey, byte[] data)
{
var algorithm = SignatureAlgorithm.Ed25519;
var kp = new KeyCreationParameters
{
ExportPolicy = KeyExportPolicies.AllowPlaintextExport
};
var pk = privateKey;
if (!privateKey.StartsWith("-----"))
{
pk = String.Format("{0}\n{1}\n{2}", "-----BEGIN PRIVATE KEY-----", privateKey, "-----END PRIVATE KEY-----");
}
var privateKeyBytes = Encoding.UTF8.GetBytes(pk);
using (Key key = Key.Import(algorithm, new ReadOnlySpan <byte>(privateKeyBytes), KeyBlobFormat.PkixPrivateKeyText, kp))
{
var signature = algorithm.Sign(key, data);
return(signature);
}
}