} // End Sub WritePrivatePublicKey public static void WriteCerAndCrt( string fileName , Org.BouncyCastle.X509.X509Certificate certificate ) { using (System.IO.Stream fs = System.IO.File.Open(fileName + ".cer", System.IO.FileMode.Create)) { byte[] buf = certificate.GetEncoded(); fs.Write(buf, 0, buf.Length); fs.Flush(); } // End Using fs // new System.Text.ASCIIEncoding(false) // new System.Text.UTF8Encoding(false) using (System.IO.Stream fs = System.IO.File.Open(fileName + ".crt", System.IO.FileMode.Create)) { using (System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, System.Text.Encoding.ASCII)) { byte[] buf = certificate.GetEncoded(); string pem = ToPem(buf); sw.Write(pem); sw.Flush(); fs.Flush(); } // End Using sw } // End Using fs } // End Sub WriteCerAndCrt
public static X509Certificate2 GetCertificateWithPrivateKey(X509Certificate bcCertificate, AsymmetricCipherKeyPair keyPair) { Assert.IsType <RsaPrivateCrtKeyParameters>(keyPair.Private); var privateKeyParameters = (RsaPrivateCrtKeyParameters)keyPair.Private; #if IS_DESKTOP RSA privateKey = DotNetUtilities.ToRSA(privateKeyParameters); var certificate = new X509Certificate2(bcCertificate.GetEncoded()); certificate.PrivateKey = privateKey; #else RSAParameters rsaParameters = DotNetUtilities.ToRSAParameters(privateKeyParameters); var privateKey = new RSACryptoServiceProvider(); privateKey.ImportParameters(rsaParameters); X509Certificate2 certificate; using (var certificateTmp = new X509Certificate2(bcCertificate.GetEncoded())) { certificate = RSACertificateExtensions.CopyWithPrivateKey(certificateTmp, privateKey); } #endif return(certificate); }
/// <param name="issuerCertificate"></param> /// <inheritdoc /> public async Task <X509Certificate[]> GetChain(X509Certificate issuerCertificate) { var dotNetCertificate = new X509Certificate2(issuerCertificate.GetEncoded()); var certificates = await OcspResponderRepository.GetChain(dotNetCertificate); return(certificates.Select(DotNetUtilities.FromX509Certificate).ToArray()); }
/// <inheritdoc /> public async Task <AsymmetricKeyParameter> GetResponderPublicKey(X509Certificate caCertificate) { var dotNetCertificate = new X509Certificate2(caCertificate.GetEncoded()); var privateKey = await OcspResponderRepository.GetResponderPrivateKey(dotNetCertificate); return(DotNetUtilities.GetKeyPair(privateKey).Public); }
public static void CertificateToDerPem(Org.BouncyCastle.X509.X509Certificate caSsl) { System.Security.Cryptography.X509Certificates.X509Certificate inputCert1 = null; inputCert1 = Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(caSsl); System.Security.Cryptography.X509Certificates.X509Certificate2 inputCert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(inputCert1); string pemOrDerFile = "foo.derpem"; string foo = CerGenerator.ToPem(caSsl.GetEncoded()); System.IO.File.WriteAllText(pemOrDerFile, foo, System.Text.Encoding.ASCII); Org.BouncyCastle.X509.X509CertificateParser kpp = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate cert = kpp.ReadCertificate(System.IO.File.OpenRead(pemOrDerFile)); System.Console.WriteLine(cert); System.Security.Cryptography.X509Certificates.X509Certificate dotCert1 = null; dotCert1 = Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(cert); System.Security.Cryptography.X509Certificates.X509Certificate2 dotCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(dotCert1); System.Console.WriteLine(dotCert.PublicKey); System.Console.WriteLine(dotCert.PrivateKey); }
private void init(string aPfxFilePath, string aPassword) { FileStream fin = new FileStream(aPfxFilePath, FileMode.Open, FileAccess.Read); Pkcs12StoreBuilder storeBuilder = new Pkcs12StoreBuilder(); Pkcs12Store pkcs12Store = storeBuilder.Build(); pkcs12Store.Load(fin, aPassword.ToCharArray()); fin.Close(); IEnumerable aliases = pkcs12Store.Aliases; IEnumerator aliasesEnumerator = aliases.GetEnumerator(); while (aliasesEnumerator.MoveNext()) { string alias = (string)aliasesEnumerator.Current; signingBouncyCert = pkcs12Store.GetCertificate(alias); X509Certificate x509Certificate = signingBouncyCert.Certificate; ECertificate cert = new ECertificate(x509Certificate.GetEncoded()); EKeyUsage eKeyUsage = cert.getExtensions().getKeyUsage(); bool isDigitalSignature = eKeyUsage.isDigitalSignature(); if (isDigitalSignature) { signingBouncyKeyEntry = pkcs12Store.GetKey(alias); signingCertificate = cert; break; } } }
internal static string GenerateFingerprint(X509Certificate certificate) { using (var hashAlgorithm = NuGet.Common.HashAlgorithmName.SHA256.GetHashProvider()) { var hash = hashAlgorithm.ComputeHash(certificate.GetEncoded()); return(BitConverter.ToString(hash).Replace("-", "")); } }
internal static string GenerateFingerprint(X509Certificate certificate) { using (var hashAlgorithm = CryptoHashUtility.GetSha1HashProvider()) { var hash = hashAlgorithm.ComputeHash(certificate.GetEncoded()); return(BitConverter.ToString(hash).Replace("-", "")); } }
public async Task GetTimestampCertificateChain_WithMismatchedEssCertIdCertificateHash_ReturnsChain( SigningCertificateUsage signingCertificateUsage) { ISigningTestServer testServer = await _fixture.GetSigningTestServerAsync(); CertificateAuthority rootCa = await _fixture.GetDefaultTrustedCertificateAuthorityAsync(); var options = new TimestampServiceOptions() { SigningCertificateUsage = signingCertificateUsage, SigningCertificateV1Hash = new byte[SHA1HashLength] }; TimestampService timestampService = TimestampService.Create(rootCa, options); using (testServer.RegisterResponder(timestampService)) { var nupkg = new SimpleTestPackageContext(); using (var certificate = new X509Certificate2(_fixture.TrustedTestCertificate.Source.Cert)) using (var directory = TestDirectory.Create()) { var signedPackagePath = await SignedArchiveTestUtility.AuthorSignPackageAsync( certificate, nupkg, directory, timestampService.Url); using (FileStream stream = File.OpenRead(signedPackagePath)) using (var reader = new PackageArchiveReader(stream)) { PrimarySignature signature = await reader.GetPrimarySignatureAsync(CancellationToken.None); using (IX509CertificateChain actualChain = SignatureUtility.GetTimestampCertificateChain(signature)) { Assert.NotEmpty(actualChain); IReadOnlyList <Org.BouncyCastle.X509.X509Certificate> expectedChain = GetExpectedCertificateChain(timestampService); Assert.Equal(expectedChain.Count, actualChain.Count); for (var i = 0; i < expectedChain.Count; ++i) { Org.BouncyCastle.X509.X509Certificate expectedCertificate = expectedChain[i]; X509Certificate2 actualCertificate = actualChain[i]; Assert.True( expectedCertificate.GetEncoded().SequenceEqual(actualCertificate.RawData), $"The certificate at index {i} in the chain is unexpected."); } } } } } }
public Signature(string signatureFieldName, FileFormat fileFormat, Org.BouncyCastle.X509.X509Certificate certificateBC, DateTime signDate) { SignatureFieldName = signatureFieldName; FileFormat = fileFormat; Certificate = new X509Certificate2(certificateBC.GetEncoded()); CertificateBouncyCastle = certificateBC; SignDate = signDate; Chain = new X509Chain(); Chain.ChainPolicy.UrlRetrievalTimeout = new TimeSpan(0, 1, 30); Chain.ChainPolicy.VerificationFlags = X509VerificationFlags.IgnoreWrongUsage; Chain.ChainPolicy.RevocationFlag = X509RevocationFlag.EntireChain; Chain.ChainPolicy.RevocationMode = X509RevocationMode.Online; }
public void writeCertificate(Org.BouncyCastle.X509.X509Certificate cert, long enrollmentID) { // converting from bouncycastle X509Certificate to System.Security.Cryptography.X509Certificates.X509Certificate2 System.Security.Cryptography.X509Certificates.X509Certificate2 certificate = new System.Security.Cryptography.X509Certificates.X509Certificate2(); certificate.Import(cert.GetEncoded()); // Finding the corresponding privatekey from windows keystore using the container-name RSACryptoServiceProvider rsaPrivate = retrievePrivateKey(enrollmentID); // linking the retrieved private key to the certificate certificate.PrivateKey = rsaPrivate; // opening up the windows cert store because thats where I want to save it. System.Security.Cryptography.X509Certificates.X509Store store = new System.Security.Cryptography.X509Certificates.X509Store(System.Security.Cryptography.X509Certificates.StoreName.My, System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser); store.Open(System.Security.Cryptography.X509Certificates.OpenFlags.MaxAllowed); store.Add(certificate); store.Close(); }
/// <summary>Gets the SHA-256 Thumbprint of the certificate.</summary> /// <remarks> /// A Thumbprint is a SHA-256 hash of the raw certificate data and is often used /// as a unique identifier for a particular certificate in a certificate store. /// </remarks> /// <returns>The SHA-256 Thumbprint.</returns> /// <param name="certificate">The certificate.</param> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="certificate" /> is <c>null</c>. /// </exception> public static string GetSha256Thumbprint(this X509Certificate certificate) { if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } var encoded = certificate.GetEncoded(); byte[] hashBytes; using (var hasher = new SHA256Managed()) { hashBytes = hasher.ComputeHash(encoded); } string result = BitConverter.ToString(hashBytes) // this will remove all the dashes in between each two characters .Replace("-", string.Empty).ToLower(); return(result); }
public void verify(byte[] byte_pdfData, X509Certificate2 trustCert, string signatureName) { PdfReader pdfReader = new PdfReader(byte_pdfData); AcroFields acroField = pdfReader.AcroFields; if (signatureName == null || "".CompareTo(signatureName) != 0) { signatureName = acroField.GetSignatureNames().Last(); } PdfPKCS7 pdfP7 = acroField.VerifySignature(signatureName); if (pdfP7 == null) { throw new NullReferenceException("Invalid signatureName:" + signatureName); } if (!pdfP7.Verify()) { throw new PdfException("Unable to verify specified signature field, specify signature invalid"); } byte[] pkcs7Signatue = pdfP7.GetEncodedPKCS7(); CmsSignedData signedData = new CmsSignedData(pkcs7Signatue); // Get signer certificate from CMSSignedData IX509Store x509Certs = signedData.GetCertificates("Collection"); ICollection cerlist = x509Certs.GetMatches(null); IEnumerator cEnum = cerlist.GetEnumerator(); ArrayList _chain = new ArrayList(); while (cEnum.MoveNext()) { Org.BouncyCastle.X509.X509Certificate cer = (Org.BouncyCastle.X509.X509Certificate)cEnum.Current; X509Certificate2 cer2 = new X509Certificate2(cer.GetEncoded()); _chain.Add(cer2); } X509Certificate2[] certChain = (X509Certificate2[])_chain.ToArray(typeof(X509Certificate2)); validateSignature(signedData, certChain[0]); }
public static void RootVerifyUserCA() { try { X509Certificate2 userCert2 = new X509Certificate2(CAUserPfx, PIN, X509KeyStorageFlags.Exportable); X509Certificate userCert = DotNetUtilities.FromX509Certificate(userCert2); userCert2.p var userKeyPair = userCert.GetPublicKey(); //var publicKey = userCert2.PublicKey; X509Certificate2 rootCert2 = new X509Certificate2(CARootPfx, PIN, X509KeyStorageFlags.Exportable); //var rootKeyPair = Cert2.ReadPrivateKey(rootCert2); var add = Cert2.AddCertToStore(rootCert2, StoreName.Root, StoreLocation.LocalMachine); var rootCert = DotNetUtilities.FromX509Certificate(userCert2); var rootKeyPair = rootCert.GetPublicKey(); //rootCert.Verify(userKeyPair); var a = Cert2.VerifySha2(rootCert2, userCert.GetEncoded(), userCert.GetSignature()); } catch (Exception ex) { //throw; } }
/// <inheritdoc /> public Task <bool> SerialExists(BigInteger serial, X509Certificate issuerCertificate) { var dotNetCertificate = new X509Certificate2(issuerCertificate.GetEncoded()); return(OcspResponderRepository.SerialExists(serial.ToString(), dotNetCertificate)); }
/// <inheritdoc /> public Task <CertificateRevocationStatus> SerialIsRevoked(BigInteger serial, X509Certificate issuerCertificate) { var dotNetCertificate = new X509Certificate2(issuerCertificate.GetEncoded()); return(OcspResponderRepository.SerialIsRevoked(serial.ToString(), dotNetCertificate)); }
static byte[] CalculateThumbprint(Org.BouncyCastle.X509.X509Certificate certificate) { var der = certificate.GetEncoded(); return(DigestUtilities.CalculateDigest("SHA1", der)); }
// http://stackoverflow.com/questions/36942094/how-can-i-generate-a-self-signed-cert-without-using-obsolete-bouncycastle-1-7-0 public static System.Security.Cryptography.X509Certificates.X509Certificate2 CreateX509Cert2(string certName) { var keypairgen = new Org.BouncyCastle.Crypto.Generators.RsaKeyPairGenerator(); keypairgen.Init(new Org.BouncyCastle.Crypto.KeyGenerationParameters( new Org.BouncyCastle.Security.SecureRandom( new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator() ) , 1024 ) ); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keypair = keypairgen.GenerateKeyPair(); // --- Until here we generate a keypair var random = new Org.BouncyCastle.Security.SecureRandom( new Org.BouncyCastle.Crypto.Prng.CryptoApiRandomGenerator() ); // SHA1WITHRSA // SHA256WITHRSA // SHA384WITHRSA // SHA512WITHRSA // SHA1WITHECDSA // SHA224WITHECDSA // SHA256WITHECDSA // SHA384WITHECDSA // SHA512WITHECDSA Org.BouncyCastle.Crypto.ISignatureFactory signatureFactory = new Org.BouncyCastle.Crypto.Operators.Asn1SignatureFactory("SHA512WITHRSA", keypair.Private, random) ; var gen = new Org.BouncyCastle.X509.X509V3CertificateGenerator(); var CN = new Org.BouncyCastle.Asn1.X509.X509Name("CN=" + certName); var SN = Org.BouncyCastle.Math.BigInteger.ProbablePrime(120, new Random()); gen.SetSerialNumber(SN); gen.SetSubjectDN(CN); gen.SetIssuerDN(CN); gen.SetNotAfter(DateTime.Now.AddYears(1)); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetPublicKey(keypair.Public); // -- Are these necessary ? // public static readonly DerObjectIdentifier AuthorityKeyIdentifier = new DerObjectIdentifier("2.5.29.35"); // OID value: 2.5.29.35 // OID description: id-ce-authorityKeyIdentifier // This extension may be used either as a certificate or CRL extension. // It identifies the public key to be used to verify the signature on this certificate or CRL. // It enables distinct keys used by the same CA to be distinguished (e.g., as key updating occurs). // http://stackoverflow.com/questions/14930381/generating-x509-certificate-using-bouncy-castle-java gen.AddExtension( Org.BouncyCastle.Asn1.X509.X509Extensions.AuthorityKeyIdentifier.Id, false, new Org.BouncyCastle.Asn1.X509.AuthorityKeyIdentifier( Org.BouncyCastle.X509.SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keypair.Public), new Org.BouncyCastle.Asn1.X509.GeneralNames(new Org.BouncyCastle.Asn1.X509.GeneralName(CN)), SN )); // OID value: 1.3.6.1.5.5.7.3.1 // OID description: Indicates that a certificate can be used as an SSL server certificate. gen.AddExtension( Org.BouncyCastle.Asn1.X509.X509Extensions.ExtendedKeyUsage.Id, false, new Org.BouncyCastle.Asn1.X509.ExtendedKeyUsage(new ArrayList() { new Org.BouncyCastle.Asn1.DerObjectIdentifier("1.3.6.1.5.5.7.3.1") })); // -- End are these necessary ? Org.BouncyCastle.X509.X509Certificate bouncyCert = gen.Generate(signatureFactory); byte[] ba = bouncyCert.GetEncoded(); System.Security.Cryptography.X509Certificates.X509Certificate2 msCert = new System.Security.Cryptography.X509Certificates.X509Certificate2(ba); return(msCert); }
public static System.Security.Cryptography.X509Certificates.X509Certificate2 tox(Org.BouncyCastle.X509.X509Certificate bouncyCert) { byte[] ba = bouncyCert.GetEncoded(); //return new System.Security.Cryptography.X509Certificates.X509Certificate(ba); return(new System.Security.Cryptography.X509Certificates.X509Certificate2(ba)); }
} // End Function ToPem public static string ToPem(Org.BouncyCastle.X509.X509Certificate cert) { byte[] buf = cert.GetEncoded(); return(ToPem(buf)); }
private static X509Certificate2 ConvertToCertificate2(X509Certificate cert) { return new X509Certificate2(cert.GetEncoded()); }
public static X509Certificate2 ToX509Certificate2(this BCCertificate certificate) { return(new X509Certificate2(certificate.GetEncoded())); }
private static void WriteCert(ISession session, byte[] encodedCert, X509Certificate2 cert, X509Certificate bCert) { RSAParameters privateKeyParamsNet; privateKeyParamsNet = cert.GetRSAPrivateKey().ExportParameters(true); //Org.BouncyCastle.Security.DotNetUtilities.ToRSA(privateKeyParamsNet) var cn = cert.Subject.ToString(); //var cn2 = cert.SubjectName.Name; byte[] thumbPrint = null; using (SHA1Managed sha1Managed = new SHA1Managed()) thumbPrint = sha1Managed.ComputeHash(cert.RawData); //var pair = DotNetUtilities.GetRsaKeyPair(privateKeyParamsNet); //var pair2 = DotNetUtilities.GetRsaPublicKey(privateKeyParamsNet); //AsymmetricKeyParameter pairPrivate; //pairPrivate = pair.Private; var privateKeyParams = new RsaPrivateCrtKeyParameters( new BigInteger(1, privateKeyParamsNet.Modulus), new BigInteger(1, privateKeyParamsNet.Exponent), new BigInteger(1, privateKeyParamsNet.D), new BigInteger(1, privateKeyParamsNet.P), new BigInteger(1, privateKeyParamsNet.Q), new BigInteger(1, privateKeyParamsNet.DP), new BigInteger(1, privateKeyParamsNet.DQ), new BigInteger(1, privateKeyParamsNet.InverseQ)); var unencryptedPrivateKey = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKeyParams) .GetEncoded(); //var privateKeyParams = pairPrivate; //var result = new MemoryStream(); //byte[] iv={0,0,0,0}; //List<IObjectAttribute> privateKeyAttributes = new List<IObjectAttribute>(); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_DATA)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, thumbPrint)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, cn)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_RSA)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SENSITIVE, true));//true //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXTRACTABLE, true)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true));//true //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SIGN, true)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SIGN_RECOVER, true)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_UNWRAP, true)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODULUS, privateKeyParamsNet.Modulus)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PUBLIC_EXPONENT, privateKeyParamsNet.Exponent)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE_EXPONENT, privateKeyParamsNet.D)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIME_1, privateKeyParamsNet.P)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIME_2, privateKeyParamsNet.Q)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXPONENT_1, privateKeyParamsNet.DP)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXPONENT_2, privateKeyParamsNet.DQ)); //privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_COEFFICIENT, privateKeyParamsNet.InverseQ)); var privateKeyAttributes = new List <IObjectAttribute>() { session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODIFIABLE, true), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, cn), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, thumbPrint), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_RSA), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODULUS, privateKeyParams.Modulus.ToByteArrayUnsigned()), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PUBLIC_EXPONENT, privateKeyParams.PublicExponent.ToByteArrayUnsigned()), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE_EXPONENT, privateKeyParams.Exponent.ToByteArrayUnsigned()), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIME_1, privateKeyParams.P.ToByteArrayUnsigned()), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIME_2, privateKeyParams.Q.ToByteArrayUnsigned()), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXPONENT_1, privateKeyParams.DP.ToByteArrayUnsigned()), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXPONENT_2, privateKeyParams.DQ.ToByteArrayUnsigned()), session.Factories.ObjectAttributeFactory.Create(CKA.CKA_COEFFICIENT, privateKeyParams.QInv.ToByteArrayUnsigned()) }; List <IObjectAttribute> certificateAttributes = new List <IObjectAttribute>(); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE)); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true)); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, false)); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODIFIABLE, true)); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, cn));// privKeyAttributes[0].GetValueAsString())); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TRUSTED, false)); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SUBJECT, bCert.SubjectDN.GetDerEncoded())); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, thumbPrint));//Encoding.ASCII.GetBytes(cn)));// privKeyAttributes[1].GetValueAsByteArray())); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ISSUER, bCert.IssuerDN.GetDerEncoded())); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SERIAL_NUMBER, new DerInteger(bCert.SerialNumber).GetDerEncoded())); certificateAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VALUE, bCert.GetEncoded())); IMechanism mechanism1 = session.Factories.MechanismFactory.Create(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN); // Generate key pair session.GenerateKeyPair(mechanism1, certificateAttributes, privateKeyAttributes, out var publicKeyHandle, out var privateKeyHandle1); //var privateKeyHandle2 = session.CreateObject(privateKeyAttributes); // Generate random initialization vector //// Create temporary DES3 key for wrapping/unwrapping //var tempKeyAttributes = new List<IObjectAttribute>(); //tempKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY)); //tempKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_DES3)); //tempKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true)); //tempKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_UNWRAP, true)); //var tempKey = session.GenerateKey(session.Factories.MechanismFactory.Create(CKM.CKM_DES3_KEY_GEN), tempKeyAttributes); IObjectHandle generatedKey = GenerateKey(session); byte[] iv = session.GenerateRandom(8); //IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_DES3_CBC, iv); IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_RSA_PKCS); byte[] wrappedKey = session.WrapKey(mechanism, generatedKey, privateKeyHandle1); // Define attributes for unwrapped key List <IObjectAttribute> objectAttributes = new List <IObjectAttribute>(); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY)); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_RSA)); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true)); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true)); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "unwrapped_private")); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SENSITIVE, true)); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true)); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SIGN, true)); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SIGN_RECOVER, true)); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_UNWRAP, true)); objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXTRACTABLE, true)); // Unwrap private key var unwrappedKey = session.UnwrapKey(mechanism, generatedKey, wrappedKey, objectAttributes); //byte[] encryptedPrivateKey = session.Encrypt(mechanism, generatedKey, unencryptedPrivateKey); //session.WrapKey(mechanism, , generatedKey); //var result = new MemoryStream(); ////session.Encrypt(session.Factories.MechanismFactory.Create(CKM.CKM_DES3_CBC_PAD, iv), tempKey, new MemoryStream(unencryptedPrivateKey), result); //var encryptedPrivateKey = result.ToArray(); //var privateKeyHandle = session.CreateObject(privateKeyAttributes); //var privateKeyHandle = session.UnwrapKey(session.Factories.MechanismFactory.Create(CKM.CKM_DES3_CBC_PAD, iv), generatedKey, encryptedPrivateKey, privateKeyAttributes); }
private byte[] CreateSignatureElemente(string TheHash, Org.BouncyCastle.X509.X509Certificate cert) { string sCert = Convert.ToBase64String(cert.GetEncoded()); sCert = sCert.Replace("\r\n", "\n"); XmlElement XmlDsigSignature = m_doc.CreateElement(ns_dsig_prefix, "Signature", ns_dsig_uri); XmlDsigSignature.SetAttribute("Id", "signature-" + m_SignatureId.ToString()); XmlElement XmlDsigSignedInfo = m_doc.CreateElement(ns_dsig_prefix, "SignedInfo", ns_dsig_uri); XmlDsigSignedInfo.SetAttribute("Id", "signedinfo-" + m_SignatureId.ToString()); XmlDsigSignature.AppendChild(XmlDsigSignedInfo); XmlElement XmlDsigCanonicalizationMethod = m_doc.CreateElement(ns_dsig_prefix, "CanonicalizationMethod", ns_dsig_uri); XmlDsigSignedInfo.AppendChild(XmlDsigCanonicalizationMethod); XmlAttribute algo1 = m_doc.CreateAttribute("Algorithm"); algo1.Value = "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; XmlDsigCanonicalizationMethod.Attributes.Append(algo1); XmlElement XmlDsigSignatureMethod = m_doc.CreateElement(ns_dsig_prefix, "SignatureMethod", ns_dsig_uri); XmlDsigSignedInfo.AppendChild(XmlDsigSignatureMethod); XmlAttribute algo2 = m_doc.CreateAttribute("Algorithm"); algo2.Value = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"; XmlDsigSignatureMethod.Attributes.Append(algo2); AddReferenceDoc(TheHash, XmlDsigSignedInfo); AddReferenceXades(XmlDsigSignedInfo); m_root.AppendChild(XmlDsigSignature); m_XmlDsigSignatureValue = m_doc.CreateElement(ns_dsig_prefix, "SignatureValue", ns_dsig_uri); XmlDsigSignature.AppendChild(m_XmlDsigSignatureValue); //set value after signing // x509 XmlElement XmlDsigKeyInfo = m_doc.CreateElement(ns_dsig_prefix, "KeyInfo", ns_dsig_uri); XmlDsigSignature.AppendChild(XmlDsigKeyInfo); XmlElement XmlDsigX509Data = m_doc.CreateElement(ns_dsig_prefix, "X509Data", ns_dsig_uri); XmlDsigKeyInfo.AppendChild(XmlDsigX509Data); XmlElement XmlDsigX509Certificate = m_doc.CreateElement(ns_dsig_prefix, "X509Certificate", ns_dsig_uri); XmlDsigX509Data.AppendChild(XmlDsigX509Certificate); XmlDsigX509Certificate.AppendChild(m_doc.CreateTextNode(sCert)); XmlElement ele = CreateXadesObject(cert); XmlDsigSignature.AppendChild(ele); byte[] tohash = DoC14N_Xades(m_doc); //string xml = System.Text.Encoding.UTF8.GetString(tohash); HashAlgorithm hash = new SHA256Managed(); byte[] TheHash2 = hash.ComputeHash(tohash); XADES_DsigDigestValue.AppendChild(m_doc.CreateTextNode(Convert.ToBase64String(TheHash2))); byte[] toBeSigned = DoC14N(m_doc, "//*[@Id='signedinfo-" + m_SignatureId.ToString() + "'] /descendant-or-self::node()|//*[@Id='signedinfo-" + m_SignatureId.ToString() + "']//@*"); //string xml = System.Text.Encoding.UTF8.GetString(toBeSigned); return(toBeSigned); }
BouncyCertToNetCert(Org.BouncyCastle.X509.X509Certificate bouncyCert) { byte[] derEncoded = bouncyCert.GetEncoded(); return(new System.Security.Cryptography.X509Certificates.X509Certificate2(derEncoded)); }
/// <param name="caCertificate"></param> /// <inheritdoc /> public Task <CaCompromisedStatus> IsCaCompromised(X509Certificate caCertificate) { var dotNetCertificate = new X509Certificate2(caCertificate.GetEncoded()); return(OcspResponderRepository.IsCaCompromised(dotNetCertificate)); }
} // End Sub WriteCerAndCrt public static void Test() { Org.BouncyCastle.Asn1.X509.X509Name caName = new Org.BouncyCastle.Asn1.X509.X509Name("CN=TestCA"); Org.BouncyCastle.Asn1.X509.X509Name eeName = new Org.BouncyCastle.Asn1.X509.X509Name("CN=TestEE"); Org.BouncyCastle.Asn1.X509.X509Name eeName25519 = new Org.BouncyCastle.Asn1.X509.X509Name("CN=TestEE25519"); string countryIso2Characters = "EA"; string stateOrProvince = "ERA"; string localityOrCity = "NeutralZone"; string companyName = "Skynet Earth Inc."; string division = "Skynet mbH"; string domainName = "sky.net"; string email = "*****@*****.**"; Org.BouncyCastle.Asn1.X509.X509Name subj = CertificateInfo.CreateSubject( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email); System.Console.WriteLine(subj); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair caKey25519 = KeyGenerator.GenerateEcKeyPair("curve25519", s_secureRandom.Value); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair caKey = KeyGenerator.GenerateEcKeyPair("secp256r1", s_secureRandom.Value); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair eeKey = KeyGenerator.GenerateRsaKeyPair(2048, s_secureRandom.Value); string publicKey = null; // id_rsa.pub using (System.IO.TextWriter textWriter = new System.IO.StringWriter()) { Org.BouncyCastle.OpenSsl.PemWriter pemWriter = new Org.BouncyCastle.OpenSsl.PemWriter(textWriter); pemWriter.WriteObject(eeKey); pemWriter.Writer.Flush(); publicKey = textWriter.ToString(); } // End Using textWriter System.Console.WriteLine(publicKey); // https://social.msdn.microsoft.com/Forums/vstudio/de-DE/8d49a681-22c6-417f-af3c-8daebd6f10dd/signierung-eines-hashs-mit-ellipticcurve-crypto?forum=visualcsharpde // https://stackoverflow.com/questions/22963581/reading-elliptic-curve-private-key-from-file-with-bouncycastle/41947163 // PKCS8EncodedKeySpec spec = new PKCS8EncodedKeySpec(pkcs8key); // The EC PARAMETERS block in your file is an accident of the way openssl ecparam - genkey works by default; // it is not needed or used as part of the actual key and you can omit it by specifying - noout // which is admittedly somewhat unobvious. // The actual key structure('hidden' in the base64/ DER data) for EC(DSA / DH) // does contain some parameter info which RSA doesn't but DSA does. PrivatePublicPemKeyPair keyPair = KeyImportExport.GetPemKeyPair(caKey25519); // PrivatePublicPemKeyPair keyPair = PrivatePublicPemKeyPair.ImportFrom("", ""); Org.BouncyCastle.X509.X509Certificate caCert = GenerateCertificate(caName, caName, caKey.Private, caKey.Public, s_secureRandom.Value); Org.BouncyCastle.X509.X509Certificate eeCert = GenerateCertificate(caName, eeName, caKey.Private, eeKey.Public, s_secureRandom.Value); Org.BouncyCastle.X509.X509Certificate ee25519Cert = GenerateCertificate(caName, eeName25519, caKey25519.Private, caKey25519.Public, s_secureRandom.Value); bool caOk = ValidateSelfSignedCert(caCert, caKey.Public); bool eeOk = ValidateSelfSignedCert(eeCert, caKey.Public); bool ee25519 = ValidateSelfSignedCert(eeCert, caKey.Public); PfxGenerator.CreatePfxFile("example.pfx", caCert, caKey.Private, null); // System.IO.File.WriteAllBytes("fileName", caCert.Export(X509ContentType.Pkcs12, PfxPassword)); // https://info.ssl.com/how-to-der-vs-crt-vs-cer-vs-pem-certificates-and-how-to-conver-them/ // The file extensions .CRT and .CER are interchangeable. // If your server requires that you use the .CER file extension, you can change the extension // http://www.networksolutions.com/support/what-is-the-difference-between-a-crt-and-a-cer-file/ // https://stackoverflow.com/questions/642284/apache-with-ssl-how-to-convert-cer-to-crt-certificates // File extensions for cryptographic certificates aren't really as standardized as you'd expect. // Windows by default treats double - clicking a.crt file as a request to import the certificate // So, they're different in that sense, at least, that Windows has some inherent different meaning // for what happens when you double click each type of file. // One is a "binary" X.509 encoding, and the other is a "text" base64 encoding that usually starts with "-----BEGIN CERTIFICATE-----". // into the Windows Root Certificate store, but treats a.cer file as a request just to view the certificate. // CER is an X.509 certificate in binary form, DER encoded // CRT is a binary X.509 certificate, encapsulated in text (base-64) encoding // Most systems accept both formats, but if you need to you can convert one to the other via openssl // Certificate file should be PEM-encoded X.509 Certificate file: // openssl x509 -inform DER -in certificate.cer -out certificate.pem using (System.IO.Stream f = System.IO.File.Open("ca.cer", System.IO.FileMode.Create)) { byte[] buf = caCert.GetEncoded(); f.Write(buf, 0, buf.Length); f.Flush(); } using (System.IO.Stream fs = System.IO.File.Open("ee.cer", System.IO.FileMode.Create)) { byte[] buf = eeCert.GetEncoded(); fs.Write(buf, 0, buf.Length); fs.Flush(); } // End Using fs using (System.IO.Stream fs = System.IO.File.Open("ee25519.cer", System.IO.FileMode.Create)) { byte[] buf = ee25519Cert.GetEncoded(); fs.Write(buf, 0, buf.Length); fs.Flush(); } // End Using fs // new System.Text.ASCIIEncoding(false) // new System.Text.UTF8Encoding(false) using (System.IO.Stream fs = System.IO.File.Open("ee.crt", System.IO.FileMode.Create)) { using (System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, System.Text.Encoding.ASCII)) { byte[] buf = eeCert.GetEncoded(); string pem = ToPem(buf); sw.Write(pem); } // End Using sw } // End Using fs using (System.IO.Stream fs = System.IO.File.Open("ee25519.crt", System.IO.FileMode.Create)) { using (System.IO.StreamWriter sw = new System.IO.StreamWriter(fs, System.Text.Encoding.ASCII)) { byte[] buf = ee25519Cert.GetEncoded(); string pem = ToPem(buf); sw.Write(pem); } // End Using sw } // End Using fs Org.BouncyCastle.Asn1.X509.X509Name subject = eeName25519; } // End Sub Test
private static X509Certificate2 ConvertToCertificate2(X509Certificate cert) { return(new X509Certificate2(cert.GetEncoded())); }