/// <summary> /// Validates the certificate using OCSP server /// </summary> /// <param name="eecert">End entity certificate to be validated</param> /// <param name="issuerCert">Issuer of the end entity certificate to be used in validating</param> /// <param name="proxy">Optional if a web proxy is required</param> /// <returns>Validation status of the end entity certificate</returns> /// <exception cref="OCSPExpection">Thrown when there is no OCSP URL in certificate or the OCSP URL in unreachable<exception> public static bool ValidateCertificateWithOCSP(X509Certificate2 eecert, X509Certificate2 issuerCert, WebProxy proxy = null) { Org.BouncyCastle.X509.X509Certificate bouncyeecert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(eecert); Org.BouncyCastle.X509.X509Certificate bouncyissuercert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCert); if (!bouncyeecert.IssuerDN.Equivalent(bouncyissuercert.SubjectDN)) { return(false); //Not the same issuer. } try { bouncyeecert.CheckValidity(); bouncyeecert.Verify(bouncyissuercert.GetPublicKey()); OCSPVerifier crypto = new OCSPVerifier(); return(crypto.Query(bouncyeecert, bouncyissuercert, proxy) == OCSPVerifier.CertificateStatus.Good); } catch (OCSPExpection ocspe) { throw ocspe;//send to API user. } catch (WebException webx) { throw new OCSPExpection("Exception in accessing OCSP web server. Error: " + webx.Message); } catch (Exception) { //If any general exception is raised then there is a problem in validation, so return false. return(false); } }
public static void CreateSignature(System.Security.Cryptography.X509Certificates.X509Certificate2 mycert) { // https://www.programcreek.com/java-api-examples/?api=org.bouncycastle.x509.X509V3CertificateGenerator // https://forums.asp.net/t/2154987.aspx?Create+Self+Signed+Certificate+programatically+uisng+C+ // System.Security.Cryptography.X509Certificates.X509Certificate2.CreateFromCertFile() // https://overcoder.net/q/429916/bouncycastle-privatekey-to-x509%D1%81%D0%B5%D1%80%D1%82%D0%B8%D1%84%D0%B8%D0%BA%D0%B0%D1%822-privatekey // https://www.csharpcodi.com/csharp-examples/Org.BouncyCastle.X509.X509Certificate.GetPublicKey()/ Org.BouncyCastle.Crypto.AsymmetricKeyParameter Akp = Org.BouncyCastle.Security.DotNetUtilities.GetKeyPair(mycert.PrivateKey).Private; // if(mycert.HasPrivateKey) Org.BouncyCastle.Crypto.AsymmetricKeyParameter bouncyCastlePrivateKey = TransformRSAPrivateKey(mycert.PrivateKey); Org.BouncyCastle.X509.X509CertificateParser certParser = new Org.BouncyCastle.X509.X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate bouncyCertificate = certParser.ReadCertificate(mycert.GetRawCertData()); Org.BouncyCastle.Crypto.AsymmetricKeyParameter pubKey = bouncyCertificate.GetPublicKey(); Org.BouncyCastle.Crypto.IDigest algorithm = Org.BouncyCastle.Security.DigestUtilities.GetDigest(bouncyCertificate.SigAlgOid); // X509Certificate2Signature signature = new X509Certificate2Signature(mycert, algorithm); // https://github.com/kusl/itextsharp/blob/master/tags/iTextSharp_5_4_5/src/core/iTextSharp/text/pdf/security/X509Certificate2Signature.cs // Sign // PemReader pem = new PemReader(); // pem.ReadPemObject().Headers // RSACryptoServiceProvider rsa = pem.ReadPrivateKeyFromFile("PrivateKey.pem"); }
public static byte[] CreateSelfSignedCertificate(string[] alternativeNames, string password) { string pemKey = SecretManager.GetSecret <string>("skynet_key"); string pemCert = SecretManager.GetSecret <string>("skynet_cert"); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair rootKey = ReadAsymmetricKeyParameter(pemKey); Org.BouncyCastle.X509.X509Certificate rootCert = PemStringToX509(pemCert); Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create()); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateRsaKeyPair(2048, random); Org.BouncyCastle.X509.X509Certificate sslCertificate = SelfSignSslCertificate( random , rootCert , certKeyPair.Public , rootKey.Private , alternativeNames ); bool val = CerGenerator.ValidateSelfSignedCert(sslCertificate, rootCert.GetPublicKey()); if (val == false) { throw new System.InvalidOperationException("SSL certificate does NOT validate successfully."); } byte[] pfx = CreatePfxBytes(sslCertificate, certKeyPair.Private, password); return(pfx); } // End Function CreateSelfSignedCertificate
// https://www.csharpcodi.com/csharp-examples/Org.BouncyCastle.X509.X509Certificate.GetPublicKey()/ public static bool CheckRequestSignature( byte[] serializedSpeechletRequest , string expectedSignature , Org.BouncyCastle.X509.X509Certificate cert) { byte[] expectedSig = null; try { expectedSig = System.Convert.FromBase64String(expectedSignature); } catch (System.FormatException) { return(false); } Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters publicKey = (Org.BouncyCastle.Crypto.Parameters.RsaKeyParameters)cert.GetPublicKey(); Org.BouncyCastle.Crypto.ISigner signer = Org.BouncyCastle.Security.SignerUtilities.GetSigner("Sdk.SIGNATURE_ALGORITHM"); signer.Init(false, publicKey); signer.BlockUpdate(serializedSpeechletRequest, 0, serializedSpeechletRequest.Length); return(signer.VerifySignature(expectedSig)); }
public static (AsymmetricKeyParameter PubKey, AsymmetricKeyParameter PrivKey, X509Certificate Certificate) PEMToAsymmetricCipherKeyPairAndCert(string pemKey) { if (string.IsNullOrEmpty(pemKey)) { throw new CryptoException("private key cannot be null"); } AsymmetricKeyParameter privkey = null; AsymmetricKeyParameter pubkey = null; X509Certificate cert = null; using (StringReader ms = new StringReader(pemKey)) { PemReader pemReader = new PemReader(ms); object o; while ((o = pemReader.ReadObject()) != null) { if (o is AsymmetricKeyParameter) { AsymmetricKeyParameter par = (AsymmetricKeyParameter)o; if (par.IsPrivate) { privkey = par; } else { pubkey = par; } } if (o is AsymmetricCipherKeyPair) { privkey = ((AsymmetricCipherKeyPair)o).Private; pubkey = ((AsymmetricCipherKeyPair)o).Public; } if (o is X509Certificate) { X509Certificate cc = (X509Certificate)o; pubkey = cc.GetPublicKey(); cert = cc; } } } if (pubkey != null || privkey != null) { if (privkey != null && pubkey == null) { pubkey = DerivePublicKey(privkey); } } if (pubkey == null && privkey == null && cert == null) { throw new CryptoException("Invalid Certificate"); } return(pubkey, privkey, cert); }
/// <summary> /// Validates the certificate using CRL /// </summary> /// <param name="eeCert">End entity certificate to be validated</param> /// <param name="issuerCert">Issuer of the end entity certificate to be used in validating</param> /// <param name="online">CRL validation should be on-line or by using a file</param> /// <param name="CRLfilepath">Optional CRL file path required if the on-line parameters is false</param> /// <param name="proxy">Optional if a web proxy is required</param> /// <returns>Validation status of the end entity certificate</returns> /// <exception cref="CRLExpection">Thrown when there problem with the CRL</exception> public static bool ValidateCertificateWithCRL(X509Certificate2 eeCert, X509Certificate2 issuerCert, bool online, string CRLfilepath = null, WebProxy proxy = null) { Org.BouncyCastle.X509.X509Certificate bouncyeecert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(eeCert); Org.BouncyCastle.X509.X509Certificate bouncyissuercert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(issuerCert); if (!bouncyeecert.IssuerDN.Equivalent(bouncyissuercert.SubjectDN)) { return(false); //Not the same issuer. } try { bouncyeecert.CheckValidity(); bouncyeecert.Verify(bouncyissuercert.GetPublicKey()); } catch (Exception) { return(false); /*The issuer public key does not match the signature in the certificate.*/ } try { CRLVerifier crl = null; crlDictionary.TryGetValue(issuerCert.GetCertHashString(), out crl); if (crl == null) { crl = new CRLVerifier(issuerCert); crlDictionary.Add(issuerCert.GetCertHashString(), crl); } bool IsInCRL = false; if (online) { IsInCRL = crl.IsCertificateInOnlineCRL(eeCert, crl.GetBaseCrlUrl(eeCert), proxy); } else { IsInCRL = crl.IsCertificateInCrlFile(eeCert, CRLfilepath); } return(!IsInCRL); } catch (CRLExpection crle) { throw crle;//send to API user. } catch (WebException webx) { throw new CRLExpection("Exception in accessing CRL web server. Error: " + webx.Message); } catch (IOException iox) { throw new CRLExpection("Exception in accessing CRL file. Error: " + iox.Message); } catch (Exception) { return(false); } }
public static void Test() { string pfxLocation = @"D:\lol\certificate.pfx"; pfxLocation = @"D:\username\Desktop\DesktopArchiv\20180329_Desktop\CORMailService\CORMailService\CORMailService\CORMailService_TemporaryKey.pfx"; Org.BouncyCastle.Pkcs.Pkcs12Store store = null; using (System.IO.Stream pfxStream = System.IO.File.OpenRead(pfxLocation)) { store = new Org.BouncyCastle.Pkcs.Pkcs12Store(pfxStream, "".ToCharArray()); } System.Console.WriteLine(store); foreach (string alias in store.Aliases) { System.Console.WriteLine(alias); // https://7thzero.com/blog/bouncy-castle-convert-a-bouncycastle-asymmetrickeyentry-to-a-.ne if (store.IsKeyEntry((string)alias)) { Org.BouncyCastle.Pkcs.AsymmetricKeyEntry keyEntry = store.GetKey(alias); System.Console.WriteLine(keyEntry); Org.BouncyCastle.Crypto.AsymmetricKeyParameter privateKey = keyEntry.Key; System.Console.WriteLine(privateKey.IsPrivate); } // End if (store.IsKeyEntry((string)alias)) Org.BouncyCastle.Pkcs.X509CertificateEntry certEntry = store.GetCertificate(alias); Org.BouncyCastle.X509.X509Certificate cert = certEntry.Certificate; System.Console.WriteLine(cert); Org.BouncyCastle.Crypto.AsymmetricKeyParameter publicKey = cert.GetPublicKey(); System.Console.WriteLine(publicKey); // Org.BouncyCastle.Pkcs.X509CertificateEntry[] chain = store.GetCertificateChain(alias); // System.Security.Cryptography.X509Certificates.X509Certificate2 cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(cert.GetEncoded()); // Org.BouncyCastle.Security.DotNetUtilities.ToX509Certificate(cert); System.Security.Cryptography.X509Certificates.X509Certificate2 cert2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(pfxLocation); // cert2.PrivateKey = null; if (cert2.HasPrivateKey) { System.Console.WriteLine(cert2.PrivateKey); } } }
/// <summary> /// Checks whether certificate is self-signed /// </summary> /// <param name="certificate">Certificate to be checked</param> /// <returns>True if certificate is self-signed; false otherwise</returns> public static bool IsSelfSigned(Org.BouncyCastle.X509.X509Certificate certificate) { if (certificate == null) { throw new ArgumentNullException("certificate"); } try { certificate.Verify(certificate.GetPublicKey()); return(true); } catch (Org.BouncyCastle.Security.InvalidKeyException) { return(false); } }
public string Encrypt(string plainText) { byte[] plainBytes = Encoding.UTF8.GetBytes(plainText); CmsProcessableByteArray cpba = new CmsProcessableByteArray(plainBytes); CmsEnvelopedDataGenerator envelopedGen = new CmsEnvelopedDataGenerator(); foreach (X509Certificate2 cert in publicCerts) { Org.BouncyCastle.X509.X509Certificate bouncyCert = DotNetUtilities.FromX509Certificate(cert); AsymmetricKeyParameter keyParameter = bouncyCert.GetPublicKey(); envelopedGen.AddKeyTransRecipient(bouncyCert); } CmsEnvelopedData envelopedData = envelopedGen.Generate(cpba, CmsEnvelopedGenerator.Aes256Cbc); string cipherString = Convert.ToBase64String(envelopedData.GetEncoded()); return(cipherString); }
// https://twitter.com/HackerNewsOnion/status/740228588520247296?lang=en // Announcing Let’s Decrypt, A SSL Certificate Authority Backed By The NSA // Talk about throwing a skunk in the jury pool! I feel like now we need proof this is fiction! // ok this activated my paranoia. // Announcing Let’s Decrypt, A SSL Certificate Authority Backed By The NSA < It’s totes secure. Promise. public static async System.Threading.Tasks.Task Main(string[] args) { // CreateSslCertificate(); // SetRegistry(); // SelfSignedCertificateGenerator.Test.MonitoringTest.TestMonitorChanges(); string pemKey = SecretManager.GetSecret <string>("skynet_key"); string pemCert = SecretManager.GetSecret <string>("skynet_cert"); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair rootKey = ReadAsymmetricKeyParameter(pemKey); System.Console.WriteLine(rootKey.Private); Org.BouncyCastle.X509.X509Certificate rootCert = PemStringToX509(pemCert); System.Console.WriteLine(rootCert); Org.BouncyCastle.Security.SecureRandom random = new Org.BouncyCastle.Security.SecureRandom(NonBackdooredPrng.Create()); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair certKeyPair = KeyGenerator.GenerateRsaKeyPair(2048, random); Org.BouncyCastle.X509.X509Certificate sslCertificate = SelfSignSslCertificate( random , rootCert , certKeyPair.Public , rootKey.Private ); bool val = CerGenerator.ValidateSelfSignedCert(sslCertificate, rootCert.GetPublicKey()); if (val == false) { throw new System.InvalidOperationException("SSL certificate does NOT validate successfully."); } CreatePfxBytes(sslCertificate, certKeyPair.Private, ""); System.Console.WriteLine(" --- Press any key to continue --- "); System.Console.ReadKey(); await System.Threading.Tasks.Task.CompletedTask; }
public void ReadPublic() { try { System.IO.StringWriter stWrite = new System.IO.StringWriter(); Certificado = new X509Certificate2(CertificateBytes); Org.BouncyCastle.X509.X509Certificate cert = DotNetUtilities.FromX509Certificate(Certificado); PubliceyParameter = cert.GetPublicKey(); MemoryStream ms = new MemoryStream(); TextWriter writer = new StreamWriter(ms); Org.BouncyCastle.OpenSsl.PemWriter pmw = new Org.BouncyCastle.OpenSsl.PemWriter(stWrite); pmw.WriteObject(PubliceyParameter); stWrite.Close(); PublicKeyRSA = stWrite.ToString(); Datos = DatosCert.GetDatosCert(CertificateBytes); } catch (Exception exe) { throw new Exception(Resource.ErrorCertificado); } }
public static void RootVerifyUserCA() { try { X509Certificate2 userCert2 = new X509Certificate2(CAUserPfx, PIN, X509KeyStorageFlags.Exportable); X509Certificate userCert = DotNetUtilities.FromX509Certificate(userCert2); userCert2.p var userKeyPair = userCert.GetPublicKey(); //var publicKey = userCert2.PublicKey; X509Certificate2 rootCert2 = new X509Certificate2(CARootPfx, PIN, X509KeyStorageFlags.Exportable); //var rootKeyPair = Cert2.ReadPrivateKey(rootCert2); var add = Cert2.AddCertToStore(rootCert2, StoreName.Root, StoreLocation.LocalMachine); var rootCert = DotNetUtilities.FromX509Certificate(userCert2); var rootKeyPair = rootCert.GetPublicKey(); //rootCert.Verify(userKeyPair); var a = Cert2.VerifySha2(rootCert2, userCert.GetEncoded(), userCert.GetSignature()); } catch (Exception ex) { //throw; } }
} // End Sub Test public static void SelfSignSslCertificate(Org.BouncyCastle.Security.SecureRandom random, Org.BouncyCastle.X509.X509Certificate caRoot, Org.BouncyCastle.Crypto.AsymmetricKeyParameter rootCertPrivateKey) // PrivatePublicPemKeyPair subjectKeyPair) { Org.BouncyCastle.X509.X509Certificate caSsl = null; string countryIso2Characters = "GA"; string stateOrProvince = "Aremorica"; string localityOrCity = "Erquy, Bretagne"; string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA"; string division = "NT (Neanderthal Technology)"; string domainName = "localhost"; domainName = "*.sql.guru"; domainName = "localhost"; string email = "webmaster@localhost"; CertificateInfo ci = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); ci.AddAlternativeNames("localhost", System.Environment.MachineName, "127.0.0.1", "sql.guru", "*.sql.guru"); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, random); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, random); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, random); ci.SubjectKeyPair = KeyImportExport.GetPemKeyPair(kp1); // ci.IssuerKeyPair.PrivateKey = rootCert.PrivateKey; // caSsl = CerGenerator.GenerateSslCertificate(ci, random, caRoot); Org.BouncyCastle.Crypto.AsymmetricKeyParameter subjectPublicKey = null; // This is the private key of the root certificate Org.BouncyCastle.Crypto.AsymmetricKeyParameter issuerPrivateKey = null; caSsl = CerGenerator.GenerateSslCertificate( ci , subjectPublicKey , issuerPrivateKey , caRoot , random ); CertificateToDerPem(caSsl); // Just to clarify, an X.509 certificate does not contain the private key // The whole point of using certificates is to send them more or less openly, // without sending the private key, which must be kept secret. // An X509Certificate2 object may have a private key associated with it (via its PrivateKey property), // but that's only a convenience as part of the design of this class. // System.Security.Cryptography.X509Certificates.X509Certificate2 = new System.Security.Cryptography.X509Certificates.X509Certificate2(caRoot.GetEncoded()); // System.Console.WriteLine(cc.PublicKey); // System.Console.WriteLine(cc.PrivateKey); bool val = CerGenerator.ValidateSelfSignedCert(caSsl, caRoot.GetPublicKey()); System.Console.WriteLine(val); PfxGenerator.CreatePfxFile(@"obelix.pfx", caSsl, kp1.Private, ""); CerGenerator.WritePrivatePublicKey("obelix", ci.SubjectKeyPair); CerGenerator.WriteCerAndCrt(@"ca", caRoot); CerGenerator.WriteCerAndCrt(@"obelix", caSsl); } // End Sub SelfSignSslCertificate
} // End Function ReadPrivateKey public static void TestSignature() { System.Console.WriteLine("Attempting to load cert..."); System.Security.Cryptography.X509Certificates.X509Certificate2 thisCert = null; // LoadCertificate(); System.Console.WriteLine(thisCert.IssuerName.Name); System.Console.WriteLine("Signing the text - Mary had a nuclear bomb"); byte[] pkcs12Bytes = thisCert.Export(System.Security.Cryptography.X509Certificates.X509ContentType.Pkcs12, "dummy"); Org.BouncyCastle.Pkcs.Pkcs12Store pkcs12 = new Org.BouncyCastle.Pkcs.Pkcs12StoreBuilder().Build(); pkcs12.Load(new System.IO.MemoryStream(pkcs12Bytes, false), "dummy".ToCharArray()); Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters privKey = null; foreach (string alias in pkcs12.Aliases) { if (pkcs12.IsKeyEntry(alias)) { privKey = (Org.BouncyCastle.Crypto.Parameters.ECPrivateKeyParameters)pkcs12.GetKey(alias).Key; break; } // End if (pkcs12.IsKeyEntry(alias)) } // Next alias string signature = SignData("Mary had a nuclear bomb", privKey); System.Console.WriteLine("Signature: " + signature); System.Console.WriteLine("Verifying Signature"); Org.BouncyCastle.X509.X509Certificate bcCert = Org.BouncyCastle.Security.DotNetUtilities.FromX509Certificate(thisCert); if (VerifySignature((Org.BouncyCastle.Crypto.Parameters.ECPublicKeyParameters)bcCert.GetPublicKey(), signature, "Mary had a nuclear bomb.")) { System.Console.WriteLine("Valid Signature!"); } else { System.Console.WriteLine("Signature NOT valid!"); } } // End Sub TestSignature
} // End Function ValidateSelfSignedCert // https://stackoverflow.com/questions/51703109/nginx-the-ssl-directive-is-deprecated-use-the-listen-ssl public static void Test2() { Org.BouncyCastle.X509.X509Certificate caRoot = null; Org.BouncyCastle.X509.X509Certificate caSsl = null; CertificateInfo caCertInfo = null; string curveName = "curve25519"; curveName = "secp256k1"; { string countryIso2Characters = "EA"; string stateOrProvince = "Europe"; string localityOrCity = "NeutralZone"; string companyName = "Skynet Earth Inc."; string division = "Skynet mbH"; string domainName = "Skynet"; string email = "*****@*****.**"; caCertInfo = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, s_secureRandom.Value); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, s_secureRandom.Value); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, s_secureRandom.Value); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, s_secureRandom.Value); // kp1 = KeyGenerator.GenerateGhostKeyPair(4096, s_secureRandom.Value); caCertInfo.SubjectKeyPair = KeyImportExport.GetPemKeyPair(kp1); caCertInfo.IssuerKeyPair = KeyImportExport.GetPemKeyPair(kp1); caRoot = GenerateRootCertificate(caCertInfo, s_secureRandom.Value); PfxGenerator.CreatePfxFile(@"ca.pfx", caRoot, kp1.Private, null); WritePrivatePublicKey("issuer", caCertInfo.IssuerKeyPair); } { string countryIso2Characters = "GA"; string stateOrProvince = "Aremorica"; string localityOrCity = "Erquy, Bretagne"; string companyName = "Coopérative Ménhir Obelix Gmbh & Co. KGaA"; string division = "NT (Neanderthal Technology)"; string domainName = "localhost"; domainName = "*.sql.guru"; domainName = "localhost"; string email = "webmaster@localhost"; CertificateInfo ci = new CertificateInfo( countryIso2Characters, stateOrProvince , localityOrCity, companyName , division, domainName, email , System.DateTime.UtcNow , System.DateTime.UtcNow.AddYears(5) ); ci.AddAlternativeNames("localhost", System.Environment.MachineName, "127.0.0.1", "sql.guru", "*.sql.guru"); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateEcKeyPair(curveName, s_secureRandom.Value); Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateRsaKeyPair(2048, s_secureRandom.Value); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDsaKeyPair(1024, s_secureRandom.Value); // Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair kp1 = KeyGenerator.GenerateDHKeyPair(1024, s_secureRandom.Value); ci.SubjectKeyPair = KeyImportExport.GetPemKeyPair(kp1); ci.IssuerKeyPair = caCertInfo.SubjectKeyPair; caSsl = GenerateSslCertificate(ci, s_secureRandom.Value, caRoot); // Just to clarify, an X.509 certificate does not contain the private key // The whole point of using certificates is to send them more or less openly, // without sending the private key, which must be kept secret. // An X509Certificate2 object may have a private key associated with it (via its PrivateKey property), // but that's only a convenience as part of the design of this class. // var cc = new System.Security.Cryptography.X509Certificates.X509Certificate2(caRoot.GetEncoded()); // System.Console.WriteLine(cc.PublicKey); // System.Console.WriteLine(cc.PrivateKey); bool val = ValidateSelfSignedCert(caSsl, caRoot.GetPublicKey()); System.Console.WriteLine(val); PfxGenerator.CreatePfxFile(@"obelix.pfx", caSsl, kp1.Private, ""); WritePrivatePublicKey("obelix", ci.SubjectKeyPair); } WriteCerAndCrt(@"ca", caRoot); WriteCerAndCrt(@"obelix", caSsl); } // End Sub Test2
internal void ValidateResponse(BasicOcspResp or, X509Certificate issuerCert) { ValidateResponseSignature(or, issuerCert.GetPublicKey()); ValidateSignerAuthorization(issuerCert, or.GetCerts()[0]); }