private KeyTransRecipientInfoAsn MakeKtri(
byte[] cek,
CmsRecipient recipient,
out bool v0Recipient)
{
KeyTransRecipientInfoAsn ktri = new KeyTransRecipientInfoAsn();
if (recipient.RecipientIdentifierType == SubjectIdentifierType.SubjectKeyIdentifier)
{
ktri.Version = 2;
ktri.Rid.SubjectKeyIdentifier = GetSubjectKeyIdentifier(recipient.Certificate);
}
else if (recipient.RecipientIdentifierType == SubjectIdentifierType.IssuerAndSerialNumber)
{
byte[] serial = recipient.Certificate.GetSerialNumber();
Array.Reverse(serial);
IssuerAndSerialNumberAsn iasn = new IssuerAndSerialNumberAsn
{
Issuer = recipient.Certificate.IssuerName.RawData,
SerialNumber = serial,
};
ktri.Rid.IssuerAndSerialNumber = iasn;
}
else
{
throw new CryptographicException(
SR.Cryptography_Cms_Invalid_Subject_Identifier_Type,
recipient.RecipientIdentifierType.ToString());
}
RSAEncryptionPadding padding;
switch (recipient.Certificate.GetKeyAlgorithm())
{
case Oids.RsaOaep:
padding = RSAEncryptionPadding.OaepSHA1;
ktri.KeyEncryptionAlgorithm.Algorithm = new Oid(Oids.RsaOaep, Oids.RsaOaep);
ktri.KeyEncryptionAlgorithm.Parameters = s_rsaOaepSha1Parameters;
break;
default:
padding = RSAEncryptionPadding.Pkcs1;
ktri.KeyEncryptionAlgorithm.Algorithm = new Oid(Oids.Rsa, Oids.Rsa);
ktri.KeyEncryptionAlgorithm.Parameters = s_rsaPkcsParameters;
break;
}
using (RSA rsa = recipient.Certificate.GetRSAPublicKey())
{
ktri.EncryptedKey = rsa.Encrypt(cek, padding);
}
v0Recipient = (ktri.Version == 0);
return(ktri);
}
internal ManagedKeyTransPal(KeyTransRecipientInfoAsn asn)
{
_asn = asn;
}
private KeyTransRecipientInfoAsn MakeKtri(
byte[] cek,
CmsRecipient recipient,
out bool v0Recipient)
{
KeyTransRecipientInfoAsn ktri = default;
if (recipient.RecipientIdentifierType == SubjectIdentifierType.SubjectKeyIdentifier)
{
ktri.Version = 2;
ktri.Rid.SubjectKeyIdentifier = GetSubjectKeyIdentifier(recipient.Certificate);
}
else if (recipient.RecipientIdentifierType == SubjectIdentifierType.IssuerAndSerialNumber)
{
byte[] serial = recipient.Certificate.GetSerialNumber();
Array.Reverse(serial);
IssuerAndSerialNumberAsn iasn = new IssuerAndSerialNumberAsn
{
Issuer = recipient.Certificate.IssuerName.RawData,
SerialNumber = serial,
};
ktri.Rid.IssuerAndSerialNumber = iasn;
}
else
{
throw new CryptographicException(
SR.Cryptography_Cms_Invalid_Subject_Identifier_Type,
recipient.RecipientIdentifierType.ToString());
}
RSAEncryptionPadding padding = recipient.RSAEncryptionPadding ?? RSAEncryptionPadding.Pkcs1;
if (padding == RSAEncryptionPadding.Pkcs1)
{
ktri.KeyEncryptionAlgorithm.Algorithm = Oids.Rsa;
ktri.KeyEncryptionAlgorithm.Parameters = s_rsaPkcsParameters;
}
else if (padding == RSAEncryptionPadding.OaepSHA1)
{
ktri.KeyEncryptionAlgorithm.Algorithm = Oids.RsaOaep;
ktri.KeyEncryptionAlgorithm.Parameters = s_rsaOaepSha1Parameters;
}
else if (padding == RSAEncryptionPadding.OaepSHA256)
{
ktri.KeyEncryptionAlgorithm.Algorithm = Oids.RsaOaep;
ktri.KeyEncryptionAlgorithm.Parameters = s_rsaOaepSha256Parameters;
}
else if (padding == RSAEncryptionPadding.OaepSHA384)
{
ktri.KeyEncryptionAlgorithm.Algorithm = Oids.RsaOaep;
ktri.KeyEncryptionAlgorithm.Parameters = s_rsaOaepSha384Parameters;
}
else if (padding == RSAEncryptionPadding.OaepSHA512)
{
ktri.KeyEncryptionAlgorithm.Algorithm = Oids.RsaOaep;
ktri.KeyEncryptionAlgorithm.Parameters = s_rsaOaepSha512Parameters;
}
else
{
throw new CryptographicException(SR.Cryptography_Cms_UnknownAlgorithm);
}
using (RSA rsa = recipient.Certificate.GetRSAPublicKey() !)
{
ktri.EncryptedKey = rsa.Encrypt(cek, padding);
}
v0Recipient = (ktri.Version == 0);
return(ktri);
}
