public void Initialize() { TCPClient = new TcpClient(); TCPClient.Connect(Endpoint, Port); NetStream = TCPClient.GetStream(); Org.BouncyCastle.Security.SecureRandom sr = new Org.BouncyCastle.Security.SecureRandom(); TlsProtocolHandler handler = new TlsProtocolHandler(NetStream, sr); handler.Connect(new TrustAllCertificatePolicy()); Writer = new StreamWriter(NetStream); Writer.Write(GetHeader()); Writer.Flush(); byte[] buffer = new byte[1024]; int bytesRead = NetStream.Read(buffer, 0, buffer.Length); byte[] decompressBuffer = new byte[1024]; Zlib.DecompressData(buffer, out decompressBuffer); string response = Encoding.ASCII.GetString(buffer, 0, bytesRead); string responseDecompressed = Encoding.ASCII.GetString(decompressBuffer, 0, bytesRead); Console.WriteLine("=== RESPONSE ==="); Console.WriteLine(response); Console.WriteLine("=== DECOMPRESSED ==="); Console.WriteLine(responseDecompressed); Bytes.ByteArrayToFile("out.raw", buffer); byte frameByte = Convert.ToByte("10000001", 2); }
/// <summary> /// Create a X509Certificate2 with a private key by combining /// a bouncy castle X509Certificate and private key parameters. /// </summary> private static X509Certificate2 CreateCertificateWithPrivateKey( Org.BouncyCastle.X509.X509Certificate certificate, string friendlyName, Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey, Org.BouncyCastle.Security.SecureRandom random) { // create pkcs12 store for cert and private key using (MemoryStream pfxData = new MemoryStream()) { var builder = new Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder(); builder.SetUseDerEncoding(true); var pkcsStore = builder.Build(); var chain = new Org.BouncyCastle.Pkcs.X509CertificateEntry[1]; string passcode = Guid.NewGuid().ToString(); chain[0] = new Org.BouncyCastle.Pkcs.X509CertificateEntry(certificate); if (string.IsNullOrEmpty(friendlyName)) { friendlyName = GetCertificateCommonName(certificate); } pkcsStore.SetKeyEntry(friendlyName, new Org.BouncyCastle.Pkcs.AsymmetricKeyEntry(privateKey), chain); pkcsStore.Save(pfxData, passcode.ToCharArray(), random); // merge into X509Certificate2 return(CertificateFactory.CreateCertificateFromPKCS12(pfxData.ToArray(), passcode)); } }
GenerateBadGost3410KeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength) { // Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen1 = Org.BouncyCastle.Security.GeneratorUtilities.GetKeyPairGenerator("DSA"); // NID_id_GostR3410_2001_CryptoPro_A_ParamSet Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen = new Org.BouncyCastle.Crypto.Generators.Gost3410KeyPairGenerator(); Org.BouncyCastle.Crypto.Generators.Gost3410ParametersGenerator pGen = new Org.BouncyCastle.Crypto.Generators.Gost3410ParametersGenerator(); pGen.Init(keystrength, 2, random); //TODO: Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters kgp = new Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters( random // , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x94CryptoProA // , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001CryptoProA // , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3411x94WithGostR3410x94 // , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3411x94CryptoProParamSet , Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001 ); Org.BouncyCastle.Crypto.Parameters.Gost3410Parameters parameters = pGen.GenerateParameters(); Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.Gost3410KeyGenerationParameters(random, parameters); keypairGen.Init(genParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = keypairGen.GenerateKeyPair(); return(kp); }
/// <summary> /// 加密并签名 /// 使用接受方的公钥进行加密 /// 使用发送方的私钥进行签名 /// 先压缩,再加密,再签名 /// </summary> /// <param name="kp"></param> /// <param name="cfg"></param> /// <param name="inputFile"></param> /// <param name="outputStream">普通的stream,或者Org.BouncyCastle.Bcpg.ArmoredOutputStream(如果使用加密文件使用ASCII)</param> public static void EncryptAndSign(System.IO.FileInfo inputFile, System.IO.Stream outputStream, GpgKeyPair kp, GpgEncryptSignCfg cfg) { var sr = new Org.BouncyCastle.Security.SecureRandom(); var pgpEncryptedDataGenerator = new Org.BouncyCastle.Bcpg.OpenPgp.PgpEncryptedDataGenerator(cfg.SymmetricKeyAlgorithmTag, cfg.IntegrityProtected, sr); pgpEncryptedDataGenerator.AddMethod(kp.PublickKey); var pgpCompressedDataGenerator = new Org.BouncyCastle.Bcpg.OpenPgp.PgpCompressedDataGenerator(cfg.CompressionAlgorithmTag); var pgpLiteralDataGenerator = new Org.BouncyCastle.Bcpg.OpenPgp.PgpLiteralDataGenerator(); using (var fs = inputFile.OpenRead()) using (var outputStreamEncrypted = pgpEncryptedDataGenerator.Open(outputStream, new byte[cfg.BufferSize])) using (var outputStreamEncryptedCompressed = pgpCompressedDataGenerator.Open(outputStreamEncrypted)) using (var outputStreamEncryptedCompressedLiteral = pgpLiteralDataGenerator.Open(outputStreamEncryptedCompressed, Org.BouncyCastle.Bcpg.OpenPgp.PgpLiteralData.Binary, inputFile.Name, inputFile.Length, inputFile.LastWriteTime)) { var pgpSignatureGenerator = new Org.BouncyCastle.Bcpg.OpenPgp.PgpSignatureGenerator(kp.PrivateKeySecreted.PublicKey.Algorithm, Org.BouncyCastle.Bcpg.HashAlgorithmTag.Sha256); pgpSignatureGenerator.InitSign(Org.BouncyCastle.Bcpg.OpenPgp.PgpSignature.BinaryDocument, kp.PrivateKey); var userId = kp.PrivateKeySecreted.PublicKey.GetUserIds().Cast <string>().First(); var pgpSignatureSubpacketGenerator = new Org.BouncyCastle.Bcpg.OpenPgp.PgpSignatureSubpacketGenerator(); pgpSignatureSubpacketGenerator.SetSignerUserId(cfg.IsCritical, userId); pgpSignatureGenerator.SetHashedSubpackets(pgpSignatureSubpacketGenerator.Generate()); pgpSignatureGenerator.GenerateOnePassVersion(cfg.IsNested).Encode(outputStreamEncryptedCompressedLiteral); int dataLenght = 0; var buffer = new byte[cfg.BufferSize]; while ((dataLenght = fs.Read(buffer, 0, buffer.Length)) > 0) { outputStreamEncryptedCompressedLiteral.Write(buffer, 0, dataLenght); pgpSignatureGenerator.Update(buffer, 0, dataLenght); } pgpSignatureGenerator.Generate().Encode(outputStreamEncryptedCompressedLiteral); } }
} // End Function VerifySignature // https://stackoverflow.com/questions/18244630/elliptic-curve-with-digital-signature-algorithm-ecdsa-implementation-on-bouncy public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateEcdsaKeyPair() { Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator gen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); Org.BouncyCastle.Security.SecureRandom secureRandom = new Org.BouncyCastle.Security.SecureRandom(); // https://github.com/bcgit/bc-csharp/blob/master/crypto/src/asn1/sec/SECNamedCurves.cs#LC1096 Org.BouncyCastle.Asn1.X9.X9ECParameters ps = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); Org.BouncyCastle.Crypto.Parameters.ECDomainParameters ecParams = new Org.BouncyCastle.Crypto.Parameters.ECDomainParameters(ps.Curve, ps.G, ps.N, ps.H); Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters keyGenParam = new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(ecParams, secureRandom); gen.Init(keyGenParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gen.GenerateKeyPair(); // Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters priv = // (Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters)kp.Private; return(kp); } // End Function GenerateEcdsaKeyPair
public ECDiffieHellmanBc(Int32 keySize) { Org.BouncyCastle.Asn1.X9.X9ECParameters ecParams; switch (keySize) { case 256: ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256r1"); break; case 384: ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp384r1"); break; case 521: ecParams = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp521r1"); break; default: throw new ArgumentException("ECDiffieHellman key size " + keySize + " not supported"); } _keySize = keySize; _domainParameters = new ECDomainParameters(ecParams.Curve, ecParams.G, ecParams.N, ecParams.H, ecParams.GetSeed()); // Initialize key generation parameters with new SecureRandom Org.BouncyCastle.Security.SecureRandom secureRandom = new Org.BouncyCastle.Security.SecureRandom(); ECKeyGenerationParameters keyGenParams = new ECKeyGenerationParameters(_domainParameters, secureRandom); // Generate key pair from domain parameters Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator generator = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); generator.Init(keyGenParams); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair(); // Save the private and public key parameters _privateKeyParameters = (ECPrivateKeyParameters) keyPair.Private; _publicKeyParameters = (ECPublicKeyParameters) keyPair.Public; _kdf = ECDiffieHellmanKeyDerivationFunction.Hash; _hashAlgorithm = CngAlgorithm.Sha256; }
public static byte[] CreateSelfSignedCertificate(string[] alternativeNames, string password) { string pemKey = SecretManager.GetSecret <string>("skynet_key"); string pemCert = SecretManager.GetSecret <string>("skynet_cert"); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair rootKey = ReadAsymmetricKeyParameter(pemKey); Org.BouncyCastle.X509.X509Certificate rootCert = PemStringToX509(pemCert); Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create()); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateRsaKeyPair(2048, random); Org.BouncyCastle.X509.X509Certificate sslCertificate = SelfSignSslCertificate( random , rootCert , certKeyPair.Public , rootKey.Private , alternativeNames ); bool val = CerGenerator.ValidateSelfSignedCert(sslCertificate, rootCert.GetPublicKey()); if (val == false) { throw new System.InvalidOperationException("SSL certificate does NOT validate successfully."); } byte[] pfx = CreatePfxBytes(sslCertificate, certKeyPair.Private, password); return(pfx); } // End Function CreateSelfSignedCertificate
public SecureRandom(Org.BouncyCastle.Security.SecureRandom secureRandom = null) { if (secureRandom != null) { SecureRandomInstance = secureRandom; } }
} // End Function GenerateElGamalKeyPair public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateDHKeyPair( int length , Org.BouncyCastle.Security.SecureRandom secureRandom ) { // Org.BouncyCastle.Math.BigInteger p = new BigInteger("123", 10); // Org.BouncyCastle.Math.BigInteger g = new BigInteger("456", 10); // Org.BouncyCastle.Crypto.Parameters.DHParameters dhParams = // new Org.BouncyCastle.Crypto.Parameters.DHParameters(p, g); Org.BouncyCastle.Crypto.Generators.DHParametersGenerator pg = new Org.BouncyCastle.Crypto.Generators.DHParametersGenerator(); pg.Init(length, 100, secureRandom); Org.BouncyCastle.Crypto.Parameters.DHParameters dhp = pg.GenerateParameters(); Org.BouncyCastle.Crypto.Parameters.DHKeyGenerationParameters pars = new Org.BouncyCastle.Crypto.Parameters.DHKeyGenerationParameters(secureRandom, dhp); Org.BouncyCastle.Crypto.Generators.DHKeyPairGenerator keyGenerator = new Org.BouncyCastle.Crypto.Generators.DHKeyPairGenerator(); keyGenerator.Init(pars); return(keyGenerator.GenerateKeyPair()); } // End Function GenerateDHKeyPair
public static X509Certificate2 ConvertCertificate(this X509Certificate certificate, AsymmetricCipherKeyPair subjectKeyPair, Org.BouncyCastle.Security.SecureRandom random) { // Now to convert the Bouncy Castle certificate to a .NET certificate. // See http://web.archive.org/web/20100504192226/http://www.fkollmann.de/v2/post/Creating-certificates-using-BouncyCastle.aspx // ...but, basically, we create a PKCS12 store (a .PFX file) in memory, and add the public and private key to that. var store = new Pkcs12Store(); // What Bouncy Castle calls "alias" is the same as what Windows terms the "friendly name". string friendlyName = certificate.SubjectDN.ToString(); // Add the certificate. var certificateEntry = new X509CertificateEntry(certificate); store.SetCertificateEntry(friendlyName, certificateEntry); // Add the private key. store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry }); // ConvertToEnvironmentType it to an X509Certificate2 object by saving/loading it from a MemoryStream. // It needs a password. Since we'll remove this later, it doesn't particularly matter what we use. const string password = "******"; var stream = new MemoryStream(); store.Save(stream, password.ToCharArray(), random); var convertedCertificate = new X509Certificate2(stream.ToArray(), password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); return(convertedCertificate); }
public static void GenerateSslCertificate(PfxData pfx, Org.BouncyCastle.Security.SecureRandom random) { string curveName = "curve25519"; curveName = "secp256k1"; // IIS does not support Elliptic Curve... // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateDHKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateGostKeyPair(4096, random); Org.BouncyCastle.X509.X509Certificate sslCertificate = SelfSignSslCertificate(random, pfx.Certificate, certKeyPair.Public, pfx.PrivateKey); bool val = CerGenerator.ValidateSelfSignedCert(sslCertificate, pfx.Certificate.GetPublicKey()); // SSL (string Private, string Public)certKeys = KeyPairToPem(certKeyPair); PfxFile.Create(@"obelix.pfx", sslCertificate, certKeyPair.Private, ""); WriteCerAndCrt(sslCertificate, @"obelix"); System.IO.File.WriteAllText(@"obelix_private.key", certKeys.Private, System.Text.Encoding.ASCII); // System.IO.File.WriteAllText(@"obelix_public.key", certKeys.Public, System.Text.Encoding.ASCII); string pemCert = ToPem(sslCertificate); System.IO.File.WriteAllText(@"obelix.pem", pemCert, System.Text.Encoding.ASCII); } // End Sub GenerateSslCertificate
/// <summary> /// Generates secure random byte array of set length /// </summary> /// <param name="len">length of return byte array</param> /// <returns>secure random byte array of set length</returns> private static byte[] GenSecRandomBytes(int len) { var rand = new Org.BouncyCastle.Security.SecureRandom(); var bytes = new byte[len]; rand.NextBytes(bytes); return(bytes); }
public static byte[] AESGenerateIV(int vectorSize) { var ivBytes = new byte[vectorSize]; var secRandom = new Org.BouncyCastle.Security.SecureRandom(); secRandom.NextBytes(ivBytes); return(ivBytes); }
} // End Sub GenerateRootCertificate public static Org.BouncyCastle.X509.X509Certificate SelfSignSslCertificate( Org.BouncyCastle.Security.SecureRandom random , Org.BouncyCastle.X509.X509Certificate caRoot , Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey , Org.BouncyCastle.Crypto.AsymmetricKeyParameter rootCertPrivateKey ) // PrivatePublicPemKeyPair subjectKeyPair) { Org.BouncyCastle.X509.X509Certificate caSsl = null; string countryIso2Characters = "GA"; string stateOrProvince = "Aremorica"; string localityOrCity = "Erquy, Bretagne"; string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA"; string division = "Neanderthal Technology Group (NT)"; string domainName = "localhost"; domainName = "*.sql.guru"; domainName = "localhost"; string email = "webmaster@localhost"; CertificateInfo ci = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); ci.AddAlternativeNames("localhost", System.Environment.MachineName, "127.0.0.1", "sql.guru", "*.sql.guru", "example.int", "foo.int", "bar.int", "foobar.int", "*.com"); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, random); caSsl = CerGenerator.GenerateSslCertificate( ci , subjectPublicKey , rootCertPrivateKey , caRoot , random ); /* * PfxGenerator.CreatePfxFile(@"obelix.pfx", caSsl, kp1.Private, ""); * CerGenerator.WritePrivatePublicKey("obelix", ci.SubjectKeyPair); * * * CerGenerator.WriteCerAndCrt(@"ca", caRoot); * CerGenerator.WriteCerAndCrt(@"obelix", caSsl); */ return(caSsl); } // End Sub SelfSignSslCertificate
// GenerateRsaKeyPair(1024) public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateRsaKeyPair(int strength) { Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator gen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator(); Org.BouncyCastle.Security.SecureRandom secureRandom = new Org.BouncyCastle.Security.SecureRandom(new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator()); Org.BouncyCastle.Crypto.KeyGenerationParameters keyGenParam = new Org.BouncyCastle.Crypto.KeyGenerationParameters(secureRandom, strength); gen.Init(keyGenParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gen.GenerateKeyPair(); return(kp); } // End Function GenerateRsaKeyPair
/// <summary> /// Create a X509Certificate2 with a private key by combining /// the new certificate with a private key from an RSA key. /// </summary> public static X509Certificate2 CreateCertificateWithPrivateKey( X509Certificate2 certificate, RSA privatekey) { using (var cfrg = new CertificateFactoryRandomGenerator()) { var random = new Org.BouncyCastle.Security.SecureRandom(cfrg); Org.BouncyCastle.X509.X509Certificate x509 = new Org.BouncyCastle.X509.X509CertificateParser().ReadCertificate(certificate.RawData); return(CreateCertificateWithPrivateKey(x509, certificate.FriendlyName, GetPrivateKeyParameter(privatekey), random)); } }
GenerateGost3410KeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength) { Org.BouncyCastle.Crypto.Parameters.ECDomainParameters gostEcDomainParameters = Org.BouncyCastle.Asn1.CryptoPro.ECGost3410NamedCurves.GetByOid( Org.BouncyCastle.Asn1.CryptoPro.CryptoProObjectIdentifiers.GostR3410x2001CryptoProA); Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator gostKeyGen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); Org.BouncyCastle.Crypto.KeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(gostEcDomainParameters, random); gostKeyGen.Init(genParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = gostKeyGen.GenerateKeyPair(); return(kp); }
GenerateDsaKeyPair(Org.BouncyCastle.Security.SecureRandom random, int keystrength) { Org.BouncyCastle.Crypto.IAsymmetricCipherKeyPairGenerator keypairGen = new Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator(); Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator pGen = new Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator(); pGen.Init(keystrength, 80, random); //TODO: Org.BouncyCastle.Crypto.Parameters.DsaParameters parameters = pGen.GenerateParameters(); Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters genParam = new Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters(random, parameters); keypairGen.Init(genParam); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp = keypairGen.GenerateKeyPair(); return(kp); }
public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateGostKeyPair( int length , Org.BouncyCastle.Security.SecureRandom secureRandom ) { Org.BouncyCastle.Crypto.KeyGenerationParameters keygenParam = new Org.BouncyCastle.Crypto.KeyGenerationParameters(secureRandom, length); Org.BouncyCastle.Crypto.Generators.Gost3410KeyPairGenerator keyGenerator = new Org.BouncyCastle.Crypto.Generators.Gost3410KeyPairGenerator(); keyGenerator.Init(keygenParam); return(keyGenerator.GenerateKeyPair()); } // End Function GenerateGostKeyPair
} // End Sub AddExtensions public static Org.BouncyCastle.X509.X509Certificate GenerateSslCertificate( CertificateInfo certificateInfo , Org.BouncyCastle.Security.SecureRandom secureRandom , Org.BouncyCastle.X509.X509Certificate rootCertificate ) { Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey = KeyImportExport.ReadPublicKey(certificateInfo.SubjectKeyPair.PublicKey); Org.BouncyCastle.Crypto.AsymmetricKeyParameter issuerPrivateKey = KeyImportExport.ReadPrivateKey(certificateInfo.IssuerKeyPair.PrivateKey); return GenerateSslCertificate(certificateInfo, subjectPublicKey, issuerPrivateKey, rootCertificate, secureRandom); }
} // End Function GenerateEcKeyPair public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateEcKeyPair( string curveName , Org.BouncyCastle.Security.SecureRandom secureRandom ) { Org.BouncyCastle.Asn1.X9.X9ECParameters ecParam = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName(curveName); if (ecParam == null) { ecParam = Org.BouncyCastle.Crypto.EC.CustomNamedCurves.GetByName(curveName); } return(GenerateEcKeyPair(ecParam, secureRandom)); } // End Function GenerateEcKeyPair
static public Org.BouncyCastle.Math.BigInteger GenerateBigIntegerPrimes(int bits) { Org.BouncyCastle.Security.SecureRandom ran = new Org.BouncyCastle.Security.SecureRandom(); Org.BouncyCastle.Math.BigInteger c = new Org.BouncyCastle.Math.BigInteger(bits, ran); for (; ;) { if (c.IsProbablePrime(100) == true) { break; } c = c.Subtract(new Org.BouncyCastle.Math.BigInteger("1")); } return(c); }
public void RsaFuzzTest() { // Create many RSA keys, encode them in PKCS8, verify the Pkcs8 class can decode them correctly. // This test does take a few (possibly 10s of) seconds, longer than most unit tests. for (int i = 0; i < 1000; i++) { // This SecureRandom constructor is deprecated, // but is the easiest way to create a deterministic SecureRandom. #pragma warning disable CS0618 var rnd = new Org.BouncyCastle.Security.SecureRandom(new byte[] { (byte)(i & 0xff), (byte)((i >> 8) & 0xff) }); #pragma warning restore CS0618 var rsa = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator(); // 384 is the shortest valid key length. Use this for speed. rsa.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters(rnd, 384)); var keys = rsa.GenerateKeyPair(); var pkcs8Generator = new Org.BouncyCastle.OpenSsl.Pkcs8Generator(keys.Private); var pem = pkcs8Generator.Generate(); var ms = new System.IO.MemoryStream(); var stWriter = new System.IO.StreamWriter(ms); var pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(stWriter); pemWriter.WriteObject(pem); stWriter.Close(); var pkcs8 = System.Text.Encoding.ASCII.GetString(ms.ToArray()); var rsaParameters = Pkcs8.DecodeRsaParameters(pkcs8); var key = RSA.Create(); try { // Test that the parameters can be imported. // Throws CryptographicException if the rsaParameters is invalid key.ImportParameters(rsaParameters); } catch (CryptographicException e) { // Fails in iteration 8 without the Pkcs8 fix in PR#937 Assert.True(false, $"Failed in iteration {i}: {e}"); } // Check that all the parameters exported are equal to the originally created parameters var exportedParams = key.ExportParameters(true); var privateKey = (Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)keys.Private; Assert.Equal(privateKey.P.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.P, false)); Assert.Equal(privateKey.Q.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.Q, false)); Assert.Equal(privateKey.DP.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.DP, false)); Assert.Equal(privateKey.DQ.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.DQ, false)); var publicKey = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)keys.Public; Assert.Equal(publicKey.Exponent.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.Exponent, false)); Assert.Equal(publicKey.Modulus.ToByteArrayUnsigned(), Pkcs8.TrimLeadingZeroes(exportedParams.Modulus, false)); } }
} // End Sub SetRegistry public static void CreateSslCertificate() { Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create()); // 1. Root certificate to pfx // 2. Read root certificate // 3. Sign SSL certificate // chrome://settings/certificates?search=certifi PfxData pfx = GenerateRootCertificate(random); // PfxData pfx = PfxFile.Read("skynet.pfx"); GenerateSslCertificate(pfx, random); }
public void CompareSecp256k1KeyGenerationRuntimes() { int num_runs = 100; long openecc_time_sum = 0L; long bc_time_sum = 0L; for (int i = 0; i < num_runs; i++) { /// /// OpenECC /// var openecc_curve = CurveFactory.secp256k1; var openecc_keygen_timer = Stopwatch.StartNew(); var openecc_encoder = new ProbabilisticWeierstrassMessageEncoder(openecc_curve, new BigInteger(7)); var openecc_encryptor = new ElGamalEncryptor(openecc_curve, openecc_encoder); var openecc_keys = openecc_encryptor.GenerateKeyPair(); openecc_keygen_timer.Stop(); openecc_time_sum += openecc_keygen_timer.Elapsed.Milliseconds; } for (int i = 0; i < num_runs; i++) { /// ///Bouncy Castle /// var bc_stuff = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); var bc_keygen_timer = Stopwatch.StartNew(); var bc_keygen = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); var bc_domain_params = new Org.BouncyCastle.Crypto.Parameters.ECDomainParameters(bc_stuff.Curve, bc_stuff.G, bc_stuff.N); var bc_random = new Org.BouncyCastle.Security.SecureRandom(); var bc_keygen_params = new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(bc_domain_params, bc_random); bc_keygen.Init(bc_keygen_params); var bc_keys = bc_keygen.GenerateKeyPair(); bc_keygen_timer.Stop(); bc_time_sum += bc_keygen_timer.Elapsed.Milliseconds; } throw new NotImplementedException("BC: " + (bc_time_sum/(double)num_runs) + "; OpenECC: " + (openecc_time_sum/(double)num_runs)); //RuntimeAssert.LessThan(bc_time_sum / (double)num_runs, openecc_time_sum / (double)num_runs); }
// DumpPfx(ee25519Cert, subject, caKey25519); public static void DumpPfx( Org.BouncyCastle.X509.X509Certificate bouncyCert , Org.BouncyCastle.Asn1.X509.X509Name subject , Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair pair) { Org.BouncyCastle.Pkcs.Pkcs12Store store = new Org.BouncyCastle.Pkcs.Pkcs12Store(); Org.BouncyCastle.Pkcs.X509CertificateEntry certificateEntry = new Org.BouncyCastle.Pkcs.X509CertificateEntry(bouncyCert); store.SetCertificateEntry(subject.ToString(), certificateEntry); store.SetKeyEntry(subject.ToString(), new Org.BouncyCastle.Pkcs.AsymmetricKeyEntry(pair.Private) , new[] { certificateEntry } ); Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom( new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator() ); using (System.IO.MemoryStream stream = new System.IO.MemoryStream()) { string tempPassword = "******"; store.Save(stream, tempPassword.ToCharArray(), random); using (System.Security.Cryptography.X509Certificates.X509Certificate2 cert = new System.Security.Cryptography.X509Certificates.X509Certificate2( stream.ToArray() , tempPassword , System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.PersistKeySet | System.Security.Cryptography.X509Certificates.X509KeyStorageFlags.Exportable) ) { System.Text.StringBuilder builder = new System.Text.StringBuilder(); builder.AppendLine("-----BEGIN CERTIFICATE-----"); builder.AppendLine(System.Convert.ToBase64String( cert.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert) , System.Base64FormattingOptions.InsertLineBreaks) ); builder.AppendLine("-----END CERTIFICATE-----"); // PFX //builder.ToString().Dump("Self-signed Certificate"); } // End Using cert } // End Using stream } // End Sub DumpPfx
} // End Sub SelfSignSslCertificate // https://stackoverflow.com/questions/51703109/nginx-the-ssl-directive-is-deprecated-use-the-listen-ssl public static Org.BouncyCastle.X509.X509Certificate GenerateRootCertificate() { string countryIso2Characters = "EA"; string stateOrProvince = "Europe"; string localityOrCity = "NeutralZone"; string companyName = "Skynet Earth Inc."; string division = "Skynet mbH"; string domainName = "Skynet"; string email = "*****@*****.**"; Org.BouncyCastle.Security.SecureRandom sr = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create()); Org.BouncyCastle.X509.X509Certificate caRoot = null; Org.BouncyCastle.X509.X509Certificate caSsl = null; // string curveName = "curve25519"; curveName = "secp256k1"; CertificateInfo caCertInfo = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, sr); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, sr); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, sr); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, sr); // kp1 = KeyGenerator.GenerateGhostKeyPair(4096, s_secureRandom.Value); caCertInfo.SubjectKeyPair = KeyImportExport.GetPemKeyPair(kp1); caCertInfo.IssuerKeyPair = KeyImportExport.GetPemKeyPair(kp1); caRoot = CerGenerator.GenerateRootCertificate(caCertInfo, sr); PfxGenerator.CreatePfxFile(@"ca.pfx", caRoot, kp1.Private, null); CerGenerator.WritePrivatePublicKey("issuer", caCertInfo.IssuerKeyPair); return(caRoot); } // End Sub GenerateRootCertificate
} // End Function GenerateRsaKeyPair public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateDsaKeyPair( int length , Org.BouncyCastle.Security.SecureRandom secureRandom ) { Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator paramgen = new Org.BouncyCastle.Crypto.Generators.DsaParametersGenerator(); paramgen.Init(length, 100, secureRandom); Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters param = new Org.BouncyCastle.Crypto.Parameters.DsaKeyGenerationParameters(secureRandom, paramgen.GenerateParameters()); Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator keyGenerator = new Org.BouncyCastle.Crypto.Generators.DsaKeyPairGenerator(); keyGenerator.Init(param); return(keyGenerator.GenerateKeyPair()); } // End Function GenerateDsaKeyPair
private static Org.BouncyCastle.X509.X509Certificate SelfSignSslCertificate( Org.BouncyCastle.Security.SecureRandom random , Org.BouncyCastle.X509.X509Certificate caRoot , Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey , Org.BouncyCastle.Crypto.AsymmetricKeyParameter rootCertPrivateKey , string[] alternativeNames ) { Org.BouncyCastle.X509.X509Certificate caSsl = null; string countryIso2Characters = "GA"; string stateOrProvince = "Aremorica"; string localityOrCity = "Erquy, Bretagne"; string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA"; string division = "Neanderthal Technology Group (NT)"; string domainName = "localhost"; string email = "webmaster@localhost"; CertificateInfo ci = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(50) ); ci.AddAlternativeNames(alternativeNames); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, random); caSsl = CerGenerator.GenerateSslCertificate( ci , subjectPublicKey , rootCertPrivateKey , caRoot , random ); return(caSsl); } // End Sub SelfSignSslCertificate
} // End Function GenerateDHKeyPair public static Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair GenerateEcKeyPair( Org.BouncyCastle.Asn1.X9.X9ECParameters ecParam , Org.BouncyCastle.Security.SecureRandom secureRandom ) { Org.BouncyCastle.Crypto.Parameters.ECDomainParameters ecDomain = new Org.BouncyCastle.Crypto.Parameters.ECDomainParameters(ecParam.Curve, ecParam.G, ecParam.N); Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters keygenParam = new Org.BouncyCastle.Crypto.Parameters.ECKeyGenerationParameters(ecDomain, secureRandom); Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator keyGenerator = new Org.BouncyCastle.Crypto.Generators.ECKeyPairGenerator(); keyGenerator.Init(keygenParam); return(keyGenerator.GenerateKeyPair()); } // End Function GenerateEcKeyPair
} // End Sub Main public static void Test() { // https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04 // Many times nginx -s reload does not work as expected. // On many systems(Debian, etc.), you would need to use /etc/init.d/nginx reload. Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create()); Org.BouncyCastle.X509.X509Certificate rootCertificate = GenerateRootCertificate(); PrivatePublicPemKeyPair kpk = new PrivatePublicPemKeyPair(); kpk.PrivateKey = @"issuer_priv.pem"; kpk.PrivateKey = System.IO.File.ReadAllText(kpk.PrivateKey); // SelfSignSslCertificate(random, rootCertificate, kpk); System.Security.Cryptography.X509Certificates.X509Certificate2 c0 = new System.Security.Cryptography.X509Certificates.X509Certificate2("obelix.pfx", ""); // c0.PrivateKey // c0.PublicKey; System.Security.Cryptography.X509Certificates.X509Certificate2 c1 = System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPemFile(@"obelix.crt", @"obelix_priv.pem"); // System.Security.Cryptography.X509Certificates.X509Certificate2 c1 = System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromPemFile(@"obelix.cer", @"obelix_priv.pem"); // Wrong! Doesn't work // https://stackoverflow.com/questions/50227580/create-x509certificate2-from-pem-file-in-net-core // https://stackoverflow.com/questions/48905438/digital-signature-in-c-sharp-without-using-bouncycastle // Org.BouncyCastle.X509.X509Certificate // Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(cert); // Org.BouncyCastle.X509.X509CertificateParser x509 = new Org.BouncyCastle.X509.X509CertificateParser(); // x509.ReadCertificate() // https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.createfrompem?view=net-5.0 // https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.x509certificates.x509certificate2.createfrompemfile?view=net-5.0 // https://github.com/dotnet/runtime/issues/19581 } // End Sub Test
public static void GenerateKeypair(DnsSecAlgorithm algo, out byte[] privateKey, out byte[] publicKey) { Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keyPair = null; Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator()); switch (algo) { case DnsSecAlgorithm.RsaMd5: case DnsSecAlgorithm.RsaSha1: case DnsSecAlgorithm.RsaSha256: case DnsSecAlgorithm.RsaSha512: case DnsSecAlgorithm.RsaSha1Nsec3Sha1: keyPair = GenerateRsaKeyPair(random, 4096); break; case DnsSecAlgorithm.DiffieHellman: keyPair = GenerateDiffieHellmanKeyPair(random, 256); break; case DnsSecAlgorithm.Dsa: case DnsSecAlgorithm.DsaNsec3Sha1: keyPair = GenerateDsaKeyPair(random, 1024); // size must be from 512 - 1024 and a multiple of 64 break; case DnsSecAlgorithm.EcDsaP256Sha256: case DnsSecAlgorithm.EcDsaP384Sha384: keyPair = GenerateEcdsaKeyPair(random); // TODO: Pass curve break; case DnsSecAlgorithm.EccGost: keyPair = GenerateGost3410KeyPair(random, 512); // 512 or 1024 break; case DnsSecAlgorithm.Indirect: case DnsSecAlgorithm.PrivateDns: case DnsSecAlgorithm.PrivateOid: throw new System.NotImplementedException("Indirect | PrivateDns | PrivateOid"); } publicKey = Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public).GetEncoded(); privateKey = Org.BouncyCastle.Pkcs.PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private).GetEncoded(); }
/// <summary> /// Generates secure random byte array of set length /// </summary> /// <param name="len">length of return byte array</param> /// <returns>secure random byte array of set length</returns> private static byte[] GenSecRandomBytes(int len) { var rand = new Org.BouncyCastle.Security.SecureRandom(); var bytes = new byte[len]; rand.NextBytes(bytes); return bytes; }