} // End Function ReadPublicKey public static Org.BouncyCastle.Crypto.AsymmetricKeyParameter ReadPrivateKey(string privateKey) { Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = null; using (System.IO.TextReader reader = new System.IO.StringReader(privateKey)) { Org.BouncyCastle.OpenSsl.PemReader pemReader = new Org.BouncyCastle.OpenSsl.PemReader(reader); object obj = pemReader.ReadObject(); if (obj is Org.BouncyCastle.Crypto.AsymmetricKeyParameter) { throw new System.ArgumentException("The given privateKey is a public key, not a privateKey...", "privateKey"); } if (!(obj is Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair)) { throw new System.ArgumentException("The given privateKey is not a valid assymetric key.", "privateKey"); } keyPair = (Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair)obj; } // End using reader // Org.BouncyCastle.Crypto.AsymmetricKeyParameter priv = keyPair.Private; // Org.BouncyCastle.Crypto.AsymmetricKeyParameter pub = keyPair.Public; // Note: // cipher.Init(false, key); // !!! return(keyPair.Private); } // End Function ReadPrivateKey
} // End Function VerifySignature // https://stackoverflow.com/questions/18244630/elliptic-curve-with-digital-signature-algorithm-ecdsa-implementation-on-bouncy public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateEcdsaKeyPair() { Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator gen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); Org.BouncyCastle.Security.SecureRandom secureRandom = new Org.BouncyCastle.Security.SecureRandom(); // https://github.com/bcgit/bc-csharp/blob/master/crypto/src/asn1/sec/SECNamedCurves.cs#LC1096 Org.BouncyCastle.Asn1.X9.X9ECParameters ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); Org.BouncyCastle.Crypto.Parameters.ECDomainParameters ecParams = new Org.BouncyCastle.Crypto.Parameters.ECDomainParameters(ps.Curve, ps.G, ps.N, ps.H); Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters keyGenParam = new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(ecParams, secureRandom); gen.Init(keyGenParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gen.GenerateKeyPair(); // Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters priv = // (Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters)kp.Private; return(kp); } // End Function GenerateEcdsaKeyPair
} // End Sub GenerateSslCertificate public static void Test( Org.BouncyCastle.X509.X509Certificate sslCertificate, Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair sslCertificateKeyPair ) { string pemCert = ToPem(sslCertificate); // SSL (string Private, string Public)certKeys = KeyPairToPem(sslCertificateKeyPair); System.ReadOnlySpan <char> certSpan = System.MemoryExtensions.AsSpan(pemCert); System.ReadOnlySpan <char> keySpan = System.MemoryExtensions.AsSpan(certKeys.Private); System.Security.Cryptography.X509Certificates.X509Certificate2 certSslLoaded = System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPem(certSpan, keySpan); System.Console.WriteLine(sslCertificate); System.Console.WriteLine(certSslLoaded); Org.BouncyCastle.X509.X509Certificate certly = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(certSslLoaded); // bool b = certly.Equals(rootCertificate); // System.Console.WriteLine(b); // certly.GetPublicKey() Org.BouncyCastle.X509.X509Certificate cert = ReadCertificate("obelix.pem"); System.Console.WriteLine(cert); } // End Sub Test
} // End Function GenerateRsaKeyPair public static void WritePrivatePublic(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair) { string privateKey = null; string publicKey = null; // id_rsa using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(keyPair.Private); pemWriter.Writer.Flush(); privateKey = textWriter.ToString(); } // End Using textWriter // id_rsa.pub using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(keyPair.Public); pemWriter.Writer.Flush(); publicKey = textWriter.ToString(); } // End Using textWriter System.Console.WriteLine(privateKey); System.Console.WriteLine(publicKey); } // End Sub WritePrivatePublic
} // End Sub Test public static (string Private, string Public) KeyPairToPem(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair) { string k1 = KeyToPemString(keyPair.Private); string k2 = KeyToPemString(keyPair.Public); return(new System.ValueTuple <string, string>(k1, k2)); }
public static byte[] CreateSelfSignedCertificate(string[] alternativeNames, string password) { string pemKey = SecretManager.GetSecret <string>("skynet_key"); string pemCert = SecretManager.GetSecret <string>("skynet_cert"); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair rootKey = ReadAsymmetricKeyParameter(pemKey); Org.BouncyCastle.X509.X509Certificate rootCert = PemStringToX509(pemCert); Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create()); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateRsaKeyPair(2048, random); Org.BouncyCastle.X509.X509Certificate sslCertificate = SelfSignSslCertificate( random , rootCert , certKeyPair.Public , rootKey.Private , alternativeNames ); bool val = CerGenerator.ValidateSelfSignedCert(sslCertificate, rootCert.GetPublicKey()); if (val == false) { throw new System.InvalidOperationException("SSL certificate does NOT validate successfully."); } byte[] pfx = CreatePfxBytes(sslCertificate, certKeyPair.Private, password); return(pfx); } // End Function CreateSelfSignedCertificate
GenerateBadGost3410KeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength) { // Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen1 = Org.BouncyCastle.Security.GeneratorUtilities.GetKeyPairGenerator("DSA"); // NID_id_GostR3410_2001_CryptoPro_A_ParamSet Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen = new Org.BouncyCastle.Crypto.Generators.Gost3410KeyPairGenerator(); Org.BouncyCastle.Crypto.Generators.Gost3410ParametersGenerator pGen = new Org.BouncyCastle.Crypto.Generators.Gost3410ParametersGenerator(); pGen.Init(keystrength, 2, random); //TODO: Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters kgp = new Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters( random // , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x94CryptoProA // , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001CryptoProA // , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94 // , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001 ); Org.BouncyCastle.Crypto.Parameters.Gost3410Parameters parameters = pGen.GenerateParameters(); Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters(random, parameters); keypairGen.Init(genParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = keypairGen.GenerateKeyPair(); return(kp); }
// https://social.msdn.microsoft.com/Forums/vstudio/en-US/80ccc76f-bf98-4cda-9583-f651013b24a5/extract-private-key-as-string-from-pfx-file?forum=csharpgeneral // One of my collegues actually found the solution and I thought I'd share it. // Extract Private Key as String from PFX File public static void GetPrivateKey(string pfxLocation, string password) { // Windows's PFX files are just renamed PKCS#12 files, // Load your certificate from file System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxLocation, password , System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable | System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet); // Private Key if (certificate.HasPrivateKey) { throw new System.IO.InvalidDataException("no private key in pfx file."); } System.Security.Cryptography.RSACryptoServiceProvider rsa = (System.Security.Cryptography.RSACryptoServiceProvider)certificate.PrivateKey; System.IO.MemoryStream memoryStream = new System.IO.MemoryStream(); System.IO.TextWriter streamWriter = new System.IO.StreamWriter(memoryStream); Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(streamWriter); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = Org.BouncyCastle.Security.DotNetUtilities.GetRsaKeyPair(rsa); pemWriter.WriteObject(keyPair.Private); streamWriter.Flush(); string output = System.Text.Encoding.ASCII.GetString(memoryStream.GetBuffer()).Trim(); int index_of_footer = output.IndexOf("-----END RSA PRIVATE KEY-----"); memoryStream.Close(); streamWriter.Close(); string PrivKey = output.Substring(0, index_of_footer + 29); }
public static void GenerateSslCertificate(PfxData pfx, Org.BouncyCastle.Security.SecureRandom random) { string curveName = "curve25519"; curveName = "secp256k1"; // IIS does not support Elliptic Curve... // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateDHKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateGostKeyPair(4096, random); Org.BouncyCastle.X509.X509Certificate sslCertificate = SelfSignSslCertificate(random, pfx.Certificate, certKeyPair.Public, pfx.PrivateKey); bool val = CerGenerator.ValidateSelfSignedCert(sslCertificate, pfx.Certificate.GetPublicKey()); // SSL (string Private, string Public)certKeys = KeyPairToPem(certKeyPair); PfxFile.Create(@"obelix.pfx", sslCertificate, certKeyPair.Private, ""); WriteCerAndCrt(sslCertificate, @"obelix"); System.IO.File.WriteAllText(@"obelix_private.key", certKeys.Private, System.Text.Encoding.ASCII); // System.IO.File.WriteAllText(@"obelix_public.key", certKeys.Public, System.Text.Encoding.ASCII); string pemCert = ToPem(sslCertificate); System.IO.File.WriteAllText(@"obelix.pem", pemCert, System.Text.Encoding.ASCII); } // End Sub GenerateSslCertificate
private static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateDsaKeys() { DSACryptoServiceProvider DSA = new DSACryptoServiceProvider(); DSAParameters dsaParams = DSA.ExportParameters(true); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keys = Org.BouncyCastle.Security.DotNetUtilities.GetDsaKeyPair(dsaParams); return(keys); }
public BouncyRsa(string privateKey) { using (System.IO.StringReader txtreader = new System.IO.StringReader(privateKey)) { m_keyPair = (Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair) new Org.BouncyCastle.OpenSsl.PemReader(txtreader).ReadObject(); } m_keyParameter = m_keyPair.Public; }
} // End Sub GenerateRootCertificate public static Org.BouncyCastle.X509.X509Certificate SelfSignSslCertificate( Org.BouncyCastle.Security.SecureRandom random , Org.BouncyCastle.X509.X509Certificate caRoot , Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey , Org.BouncyCastle.Crypto.AsymmetricKeyParameter rootCertPrivateKey ) // PrivatePublicPemKeyPair subjectKeyPair) { Org.BouncyCastle.X509.X509Certificate caSsl = null; string countryIso2Characters = "GA"; string stateOrProvince = "Aremorica"; string localityOrCity = "Erquy, Bretagne"; string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA"; string division = "Neanderthal Technology Group (NT)"; string domainName = "localhost"; domainName = "*.sql.guru"; domainName = "localhost"; string email = "webmaster@localhost"; CertificateInfo ci = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); ci.AddAlternativeNames("localhost", System.Environment.MachineName, "127.0.0.1", "sql.guru", "*.sql.guru", "example.int", "foo.int", "bar.int", "foobar.int", "*.com"); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, random); caSsl = CerGenerator.GenerateSslCertificate( ci , subjectPublicKey , rootCertPrivateKey , caRoot , random ); /* * PfxGenerator.CreatePfxFile(@"obelix.pfx", caSsl, kp1.Private, ""); * CerGenerator.WritePrivatePublicKey("obelix", ci.SubjectKeyPair); * * * CerGenerator.WriteCerAndCrt(@"ca", caRoot); * CerGenerator.WriteCerAndCrt(@"obelix", caSsl); */ return(caSsl); } // End Sub SelfSignSslCertificate
} // End Sub GenerateRsaKeyPair public BouncyRsa() : base() { int keySize = 2048; m_keyPair = GenerateRsaKeyPair(keySize); //m_keyParameter = m_keyPair.Public; m_keyParameter = m_keyPair.Private; this.KeySizeValue = keySize; }
public static byte[] GenerateDsaCertificateAsPkcs12( string friendlyName, string subjectName, string country, System.DateTime validStartDate, System.DateTime validEndDate, string password, Org.BouncyCastle.X509.X509Certificate caCert, Org.BouncyCastle.Crypto.AsymmetricKeyParameter caPrivateKey) { Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keys = GenerateDsaKeys(); #region build certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); // build name attributes System.Collections.ArrayList nameOids = new System.Collections.ArrayList(); nameOids.Add(Org.BouncyCastle.Asn1.X509.X509Name.CN); nameOids.Add(X509Name.O); nameOids.Add(X509Name.C); System.Collections.ArrayList nameValues = new System.Collections.ArrayList(); nameValues.Add(friendlyName); nameValues.Add(subjectName); nameValues.Add(country); X509Name subjectDN = new X509Name(nameOids, nameValues); // certificate fields certGen.SetSerialNumber(Org.BouncyCastle.Math.BigInteger.ValueOf(1)); certGen.SetIssuerDN(caCert.SubjectDN); certGen.SetNotBefore(validStartDate); certGen.SetNotAfter(validEndDate); certGen.SetSubjectDN(subjectDN); certGen.SetPublicKey(keys.Public); certGen.SetSignatureAlgorithm("SHA1withDSA"); // extended information certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.GetPublicKey())); certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keys.Public)); #endregion // generate x509 certificate X509Certificate cert = certGen.Generate(caPrivateKey); //ert.Verify(caCert.GetPublicKey()); System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate> chain = new System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate>(); //chain.Add("CertiFirmas CA", caCert); // string caCn = caCert.SubjectDN.GetValues(X509Name.CN)[0].ToString(); string caCn = caCert.SubjectDN.GetValueList(X509Name.CN)[0].ToString(); chain.Add(caCn, caCert); // store the file return(GeneratePkcs12(keys, cert, friendlyName, password, chain)); }
} // End Sub WritePrivatePublic public static void SignVerifyData(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair) { string msg = "Hello world"; msg = null; string signature = SignData(msg, keyPair.Private); bool verificationResult = VerifySignature(keyPair.Public, signature, msg); System.Console.WriteLine(verificationResult); }
} // End Function ReadAsymmetricKeyParameter private static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair ReadAsymmetricKeyParameter(string pemString) { Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair para = null; using (System.IO.TextReader tr = new System.IO.StringReader(pemString)) { para = ReadAsymmetricKeyParameter(tr); } // End Using tr return(para); } // End Function ReadAsymmetricKeyParameter
} // End Function GetAlternativeNames public static byte[] GetRootCertPfx(string password) { string pemKey = SecretManager.GetSecret <string>("skynet_key"); string pemCert = SecretManager.GetSecret <string>("skynet_cert"); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair rootKey = ReadAsymmetricKeyParameter(pemKey); Org.BouncyCastle.X509.X509Certificate rootCert = PemStringToX509(pemCert); byte[] pfx = CreatePfxBytes(rootCert, rootKey.Private, password); return(pfx); }
// GenerateRsaKeyPair(1024) public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateRsaKeyPair(int strength) { Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator gen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator(); Org.BouncyCastle.Security.SecureRandom secureRandom = new Org.BouncyCastle.Security.SecureRandom(new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator()); Org.BouncyCastle.Crypto.KeyGenerationParameters keyGenParam = new Org.BouncyCastle.Crypto.KeyGenerationParameters(secureRandom, strength); gen.Init(keyGenParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gen.GenerateKeyPair(); return(kp); } // End Function GenerateRsaKeyPair
} // End Sub ExportKeyPair // https://stackoverflow.com/questions/22008337/generating-keypair-using-bouncy-castle // https://stackoverflow.com/questions/14052485/converting-a-public-key-in-subjectpublickeyinfo-format-to-rsapublickey-format-ja // https://stackoverflow.com/questions/10963756/get-der-encoded-public-key // http://www.programcreek.com/java-api-examples/index.php?api=org.bouncycastle.crypto.util.SubjectPublicKeyInfoFactory public static void CerKeyInfo(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair) { Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo pkInfo = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private); string privateKey = System.Convert.ToBase64String(pkInfo.GetDerEncoded()); // and following for public: Org.BouncyCastle.Asn1.X509.SubjectPublicKeyInfo info = Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public); string publicKey = System.Convert.ToBase64String(info.GetDerEncoded()); System.Console.WriteLine(privateKey); System.Console.WriteLine(publicKey); } // End Sub CerKeyInfo
private static byte[] GeneratePkcs12( Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keys, Org.BouncyCastle.X509.X509Certificate cert, string friendlyName, string password, System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate> chain) { System.Collections.Generic.List <X509CertificateEntry> chainCerts = new System.Collections.Generic.List <X509CertificateEntry>(); // Create the PKCS12 store Pkcs12Store store = new Pkcs12StoreBuilder().Build(); // Add a Certificate entry X509CertificateEntry certEntry = new X509CertificateEntry(cert); store.SetCertificateEntry(friendlyName, certEntry); // use DN as the Alias. //chainCerts.Add(certEntry); // Add chain entries System.Collections.Generic.List <byte[]> additionalCertsAsBytes = new System.Collections.Generic.List <byte[]>(); if (chain != null && chain.Count > 0) { foreach (System.Collections.Generic.KeyValuePair <string, X509Certificate> additionalCert in chain) { additionalCertsAsBytes.Add(additionalCert.Value.GetEncoded()); } } if (chain != null && chain.Count > 0) { System.Collections.Generic.IEnumerable <X509Certificate> addicionalCertsAsX09Chain = BuildCertificateChainBC(cert.GetEncoded(), additionalCertsAsBytes); foreach (X509Certificate addCertAsX09 in addicionalCertsAsX09Chain) { chainCerts.Add(new X509CertificateEntry(addCertAsX09)); } } // Add a key entry AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(keys.Private); // no chain store.SetKeyEntry(friendlyName, keyEntry, new X509CertificateEntry[] { certEntry }); using (System.IO.MemoryStream memoryStream = new System.IO.MemoryStream()) { store.Save(memoryStream, password.ToCharArray(), new Org.BouncyCastle.Security.SecureRandom()); return(memoryStream.ToArray()); } }
public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateRsaKeyPair(Org.BouncyCastle.Security.SecureRandom random, int strength) { Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator gen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator(); Org.BouncyCastle.Crypto.KeyGenerationParameters keyGenParam = new Org.BouncyCastle.Crypto.KeyGenerationParameters(random, strength); gen.Init(keyGenParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gen.GenerateKeyPair(); return(kp); } // End Sub GenerateRsaKeyPair
// https://stackoverflow.com/questions/6029937/net-private-key-rsa-encryption public static void DotNetRsaParamtersFromPemFile() { using (System.IO.StreamReader sr = new System.IO.StreamReader("../../privatekey.pem")) { Org.BouncyCastle.OpenSsl.PemReader pr = new Org.BouncyCastle.OpenSsl.PemReader(sr); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair KeyPair = (Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair)pr.ReadObject(); System.Security.Cryptography.RSAParameters rsa = Org.BouncyCastle.Security.DotNetUtilities.ToRSAParameters( (Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)KeyPair.Private ); } }
GenerateGost3410KeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength) { Org.BouncyCastle.Crypto.Parameters.ECDomainParameters gostEcDomainParameters = Org.BouncyCastle.Asn1.CryptoPro.ECGost3410NamedCurves.GetByOid( Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001CryptoProA); Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator gostKeyGen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); Org.BouncyCastle.Crypto.KeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(gostEcDomainParameters, random); gostKeyGen.Init(genParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gostKeyGen.GenerateKeyPair(); return(kp); }
GenerateDsaKeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength) { Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen = new Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator(); Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator pGen = new Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator(); pGen.Init(keystrength, 80, random); //TODO: Org.BouncyCastle.Crypto.Parameters.DsaParameters parameters = pGen.GenerateParameters(); Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters(random, parameters); keypairGen.Init(genParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = keypairGen.GenerateKeyPair(); return(kp); }
} // End Sub GenerateRsaKeyPair public static void WritePrivatePublic(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair) { string privateKey = null; string publicKey = null; string bothKeys = null; // id_rsa using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(keyPair.Private); pemWriter.Writer.Flush(); privateKey = textWriter.ToString(); } // End Using textWriter // id_rsa.pub using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(keyPair.Public); pemWriter.Writer.Flush(); publicKey = textWriter.ToString(); } // End Using textWriter // // This writes the same as private key, not both //using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) //{ // Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); // pemWriter.WriteObject(keyPair); // pemWriter.Writer.Flush(); // bothKeys = textWriter.ToString(); //} // End Using textWriter System.Console.WriteLine(privateKey); System.Console.WriteLine(publicKey); //System.Console.WriteLine(bothKeys); // Org.BouncyCastle.Crypto.AsymmetricKeyParameter pk = ReadPrivateKey(privateKey); // Org.BouncyCastle.Crypto.AsymmetricKeyParameter pubKey = ReadPublicKey(publicKey); // ReadPublicKey(privateKey); // Cannot read this // ReadPrivateKey(publicKey); // Cannot read this either... // CerKeyInfo(keyPair); } // End Sub WritePrivatePublic
} // End Sub GenerateRsaKeyPair public static RSA GetMsRsaProvider() { Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair m_keyPair = GenerateRsaKeyPair(2048); // Org.BouncyCastle.Crypto.AsymmetricKeyParameter m_keyParameter = m_keyPair.Public; // Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters pub = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)m_keyPair.Public; Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters priv = (Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)m_keyPair.Private; var dnPriv = ToRSAParameters(priv); //var dnPub = ToRSAParameters(pub); return(CreateRSAProvider(dnPriv)); }
public static System.Security.Cryptography.ECDsa GetMsEcdsaProvider() { string namedCurve = "prime256v1"; Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator pGen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters( Org.BouncyCastle.Asn1.X9.X962NamedCurves.GetOid(namedCurve), new Org.BouncyCastle.Security.SecureRandom() ); pGen.Init(genParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = pGen.GenerateKeyPair(); Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters pub = (Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)keyPair.Public; Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters priv = (Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters)keyPair.Private; System.Security.Cryptography.ECParameters pars = new ECParameters(); //string str = priv.Parameters.Curve.ToString(); //System.Console.WriteLine(str); //pars.Curve = new ECCurve(); //pars.D = priv.D.ToByteArray(); //pars.Q = new System.Security.Cryptography.ECPoint(); //pars.Q.X = pub.Q.X.GetEncoded(); //pars.Q.Y = pub.Q.Y.GetEncoded(); //System.Security.Cryptography.ECDsa.Create(pars); // The CngKey can be created by importing the key using the Der encoded bytes: Org.BouncyCastle.Asn1.Pkcs.PrivateKeyInfo bcKeyInfo = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private) ; byte[] pkcs8Blob = bcKeyInfo.GetDerEncoded(); CngKey importedKey = CngKey.Import(pkcs8Blob, CngKeyBlobFormat.Pkcs8PrivateBlob); return(new System.Security.Cryptography.ECDsaCng(importedKey)); }
public BouncyRsa(string privateKey) : base() { using (System.IO.StringReader txtreader = new System.IO.StringReader(privateKey)) { m_keyPair = (Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair) new Org.BouncyCastle.OpenSsl.PemReader(txtreader) .ReadObject(); } m_keyParameter = m_keyPair.Private; // var x = (Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)m_keyPair.Public; // var x = (Org.BouncyCastle.Crypto.Parameters.RsaKeyGenerationParameters)m_keyPair.Public; var x = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters) this.m_keyParameter; this.KeySizeValue = x.Modulus.BitLength; }
} // End Constructor public BouncyECDSA(Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp) : base() { this.m_privKey = (Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters)kp.Private; this.m_pubKey = (Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)kp.Public; //this.KeySizeValue = keySize; //var x = (Org.BouncyCastle.Crypto.Parameters.ECKeyParameters)kp.Public; // var x = (Org.BouncyCastle.Crypto.Parameters.DsaPublicKeyParameters)kp.Public; // var y = (Org.BouncyCastle.Crypto.Parameters.DsaPrivateKeyParameters)kp.Private; // this.KeySizeValue = x.Y.BitCount; // this.KeySizeValue = y.X.BitCount; this.KeySizeValue = this.m_privKey.Parameters.Curve.FieldSize; } // End Constructor
} // End Sub SelfSignSslCertificate // https://stackoverflow.com/questions/51703109/nginx-the-ssl-directive-is-deprecated-use-the-listen-ssl public static Org.BouncyCastle.X509.X509Certificate GenerateRootCertificate() { string countryIso2Characters = "EA"; string stateOrProvince = "Europe"; string localityOrCity = "NeutralZone"; string companyName = "Skynet Earth Inc."; string division = "Skynet mbH"; string domainName = "Skynet"; string email = "*****@*****.**"; Org.BouncyCastle.Security.SecureRandom sr = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create()); Org.BouncyCastle.X509.X509Certificate caRoot = null; Org.BouncyCastle.X509.X509Certificate caSsl = null; // string curveName = "curve25519"; curveName = "secp256k1"; CertificateInfo caCertInfo = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, sr); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, sr); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, sr); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, sr); // kp1 = KeyGenerator.GenerateGhostKeyPair(4096, s_secureRandom.Value); caCertInfo.SubjectKeyPair = KeyImportExport.GetPemKeyPair(kp1); caCertInfo.IssuerKeyPair = KeyImportExport.GetPemKeyPair(kp1); caRoot = CerGenerator.GenerateRootCertificate(caCertInfo, sr); PfxGenerator.CreatePfxFile(@"ca.pfx", caRoot, kp1.Private, null); CerGenerator.WritePrivatePublicKey("issuer", caCertInfo.IssuerKeyPair); return(caRoot); } // End Sub GenerateRootCertificate