示例#1
0
        public PemObject Generate()
        {
            if (algorithm == null)
            {
                PrivateKeyInfo pki = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey);

                return(new PemObject("PRIVATE KEY", pki.GetEncoded()));
            }

            // TODO Theoretically, the amount of salt needed depends on the algorithm
            byte[] salt = new byte[20];
            if (random == null)
            {
                random = new SecureRandom();
            }
            random.NextBytes(salt);

            try
            {
                EncryptedPrivateKeyInfo epki = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
                    algorithm, password, salt, iterationCount, privKey);

                return(new PemObject("ENCRYPTED PRIVATE KEY", epki.GetEncoded()));
            }
            catch (Exception e)
            {
                throw new PemGenerationException("Couldn't encrypt private key", e);
            }
        }
        /// <summary>
        /// Returns the specified XML RSA key <c>string</c> converted to the PEM format.
        /// </summary>
        /// <param name="xml">The XML <c>string</c> containing the RSA key.</param>
        /// <returns>System.String.</returns>
        /// <exception cref="InvalidKeyException">Invalid XML RSA Key</exception>
        public static string XmlToPem(this string xml)
        {
            using (var rsa = RSA.Create())
            {
                rsa.FromXmlStringNetCore(xml);

                // Try to get the private and public key pair first.
                AsymmetricCipherKeyPair keyPair = DotNetUtilities.GetRsaKeyPair(rsa);
                if (keyPair != null)
                {
                    PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
                    return(FormatPem(Convert.ToBase64String(privateKeyInfo.GetEncoded()), "RSA PRIVATE KEY"));
                }

                // At this point, the XML RSA key contains only the public key.
                RsaKeyParameters publicKey = DotNetUtilities.GetRsaPublicKey(rsa);
                if (publicKey != null)
                {
                    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
                    return(FormatPem(Convert.ToBase64String(publicKeyInfo.GetEncoded()), "PUBLIC KEY"));
                }
            }

            throw new InvalidKeyException("Invalid XML RSA Key");
        }
        public static string XmlStringToPem(this string xml)
        {
            try
            {
                using (RSA rsa = RSA.Create())
                {
                    rsa.FromXmlString(xml);

                    var keyPair = DotNetUtilities.GetRsaKeyPair(rsa);
                    if (keyPair != null)
                    {
                        PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
                        return(FormatPem(Convert.ToBase64String(privateKeyInfo.GetEncoded()), "RSA PRIVATE KEY"));
                    }

                    var publicKey = DotNetUtilities.GetRsaPublicKey(rsa);
                    if (publicKey != null)
                    {
                        SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
                        return(FormatPem(Convert.ToBase64String(publicKeyInfo.GetEncoded()), "PUBLIC KEY"));
                    }
                }
            }
            catch (Exception e)
            {
                throw new InvalidKeyException("Invalid RSA Xml Key", e);
            }

            throw new InvalidKeyException("Keys were not found");
        }
        public static EncryptedPrivateKeyInfo CreateEncryptedPrivateKeyInfo(
            string algorithm,
            char[]                      passPhrase,
            byte[]                      salt,
            int iterationCount,
            PrivateKeyInfo keyInfo)
        {
            IBufferedCipher cipher = PbeUtilities.CreateEngine(algorithm) as IBufferedCipher;

            if (cipher == null)
            {
                throw new Exception("Unknown encryption algorithm: " + algorithm);
            }

            Asn1Encodable pbeParameters = PbeUtilities.GenerateAlgorithmParameters(
                algorithm, salt, iterationCount);
            ICipherParameters cipherParameters = PbeUtilities.GenerateCipherParameters(
                algorithm, passPhrase, pbeParameters);

            cipher.Init(true, cipherParameters);
            byte[] encoding = cipher.DoFinal(keyInfo.GetEncoded());

            DerObjectIdentifier oid   = PbeUtilities.GetObjectIdentifier(algorithm);
            AlgorithmIdentifier algID = new AlgorithmIdentifier(oid, pbeParameters);

            return(new EncryptedPrivateKeyInfo(algID, encoding));
        }
        public static EncryptedPrivateKeyInfo CreateEncryptedPrivateKeyInfo(
            DerObjectIdentifier cipherAlgorithm,
            DerObjectIdentifier prfAlgorithm,
            char[] passPhrase,
            byte[] salt,
            int iterationCount,
            SecureRandom random,
            PrivateKeyInfo keyInfo)
        {
            IBufferedCipher cipher = CipherUtilities.GetCipher(cipherAlgorithm) as IBufferedCipher;

            if (cipher == null)
            {
                throw new Exception("Unknown encryption algorithm: " + cipherAlgorithm);
            }

            Asn1Encodable pbeParameters = PbeUtilities.GenerateAlgorithmParameters(
                cipherAlgorithm, prfAlgorithm, salt, iterationCount, random);
            ICipherParameters cipherParameters = PbeUtilities.GenerateCipherParameters(
                PkcsObjectIdentifiers.IdPbeS2, passPhrase, pbeParameters);

            cipher.Init(true, cipherParameters);
            byte[] encoding = cipher.DoFinal(keyInfo.GetEncoded());

            AlgorithmIdentifier algID = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdPbeS2, pbeParameters);

            return(new EncryptedPrivateKeyInfo(algID, encoding));
        }
示例#6
0
        public string Encode(bool Private, bool Public)
        {
            string derPublicKey;
            string derPrivateKey;
            string retval;

            derPrivateKey = "";
            derPublicKey  = "";
            switch (this.Type)
            {
            case "RSA":
                if (this._containsprivatekey == true && Private == true)
                {
                    PrivateKeyInfo infoPrivate = PrivateKeyInfoFactory.CreatePrivateKeyInfo(this.PrivateKey);
                    derPrivateKey = Convert.ToBase64String(infoPrivate.GetEncoded());
                }
                if (this._containspublickey = true && Public == true)
                {
                    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(this.PublicKey);
                    derPublicKey = Convert.ToBase64String(publicKeyInfo.GetEncoded());
                }
                retval = this.UUID.ToString() + "!RSA!" + this.Length.ToString() + "!" + derPublicKey + "!" + derPrivateKey;
                break;

            default:
                retval = this.UUID.ToString() + "!NONE!!!";
                break;
            }
            return(retval);
        }
示例#7
0
        public PemObject Generate()
        {
            if (this.algorithm == null)
            {
                PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(this.privKey);
                return(new PemObject("PRIVATE KEY", privateKeyInfo.GetEncoded()));
            }
            byte[] array = new byte[20];
            if (this.random == null)
            {
                this.random = new SecureRandom();
            }
            this.random.NextBytes(array);
            PemObject result;

            try
            {
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(this.algorithm, this.password, array, this.iterationCount, this.privKey);
                result = new PemObject("ENCRYPTED PRIVATE KEY", encryptedPrivateKeyInfo.GetEncoded());
            }
            catch (Exception exception)
            {
                throw new PemGenerationException("Couldn't encrypt private key", exception);
            }
            return(result);
        }
示例#8
0
        private void checkCertReqMsgWithArchiveControl(AsymmetricCipherKeyPair kp, CertificateRequestMessage certReqMessage)
        {
            var archiveControl =
                (PkiArchiveControl)certReqMessage.GetControl(CrmfObjectIdentifiers.id_regCtrl_pkiArchiveOptions);

            IsEquals("Archive type", PkiArchiveControl.encryptedPrivKey, archiveControl.ArchiveType);

            IsTrue(archiveControl.EnvelopedData);
            RecipientInformationStore recips = archiveControl.GetEnvelopedData().GetRecipientInfos();

            ArrayList collection = (ArrayList)recips.GetRecipients();

            IsTrue(collection.Count == 1);
            KeyTransRecipientInformation info = (KeyTransRecipientInformation)collection[0];

            EncKeyWithID encKeyWithId = EncKeyWithID.GetInstance(info.GetContent(kp.Private));


            IsTrue(encKeyWithId.HasIdentifier);
            IsTrue(!encKeyWithId.IsIdentifierUtf8String); // GeneralName at this point.

            IsTrue("Name", X509Name.GetInstance(GeneralName.GetInstance(encKeyWithId.Identifier).Name).Equivalent(new X509Name("CN=Test")));

            PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(kp.Private);

            IsTrue("Private Key", Arrays.AreEqual(privateKeyInfo.GetEncoded(), encKeyWithId.PrivateKey.GetEncoded()));
        }
示例#9
0
        public static EncryptedPrivateKeyInfo CreateEncryptedPrivateKeyInfo(
            string algorithm,
            char[]                      passPhrase,
            byte[]                      salt,
            int iterationCount,
            PrivateKeyInfo keyInfo)
        {
            if (!PbeUtilities.IsPbeAlgorithm(algorithm))
            {
                throw new ArgumentException("attempt to use non-PBE algorithm with PBE EncryptedPrivateKeyInfo generation");
            }

            IBufferedCipher cipher = PbeUtilities.CreateEngine(algorithm) as IBufferedCipher;

            if (cipher == null)
            {
                // TODO Throw exception?
            }

            Asn1Encodable parameters = PbeUtilities.GenerateAlgorithmParameters(
                algorithm, salt, iterationCount);

            ICipherParameters keyParameters = PbeUtilities.GenerateCipherParameters(
                algorithm, passPhrase, parameters);

            cipher.Init(true, keyParameters);

            byte[] keyBytes = keyInfo.GetEncoded();
            byte[] encoding = cipher.DoFinal(keyBytes);

            DerObjectIdentifier oid   = PbeUtilities.GetObjectIdentifier(algorithm);
            AlgorithmIdentifier algID = new AlgorithmIdentifier(oid, parameters);

            return(new EncryptedPrivateKeyInfo(algID, encoding));
        }
示例#10
0
        private void EncodePrivateKey()
        {
            X9ECParameters ecP = X962NamedCurves.GetByOid(X9ObjectIdentifiers.Prime239v3);

            //
            // named curve
            //
            X962Parameters _params = new X962Parameters(X9ObjectIdentifiers.Prime192v1);

            X9ECPoint pPoint = new X9ECPoint(
                new FPPoint(ecP.Curve, new FPFieldElement(BigInteger.Two, BigInteger.One),
                            new FPFieldElement(BigInteger.ValueOf(4), BigInteger.ValueOf(3)),
                            true));

            Asn1OctetString p = (Asn1OctetString)pPoint.ToAsn1Object();

            if (p == null)
            {
                Fail("failed to convert to ASN.1");
            }

            PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, _params), new ECPrivateKeyStructure(BigInteger.Ten).ToAsn1Object());

            if (!Arrays.AreEqual(info.GetEncoded(), namedPriv))
            {
                Fail("failed private named generation");
            }

            Asn1Object o = Asn1Object.FromByteArray(namedPriv);

            if (!info.Equals(o))
            {
                Fail("failed private named equality");
            }

            //
            // explicit curve parameters
            //
            _params = new X962Parameters(ecP);

            info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, _params), new ECPrivateKeyStructure(BigInteger.ValueOf(20)).ToAsn1Object());

            if (!Arrays.AreEqual(info.GetEncoded(), expPriv))
            {
                Fail("failed private explicit generation");
            }

            o = Asn1Object.FromByteArray(expPriv);

            if (!info.Equals(o))
            {
                Fail("failed private explicit equality");
            }
        }
示例#11
0
        /// <summary>
        ///
        /// </summary>
        /// <param name="forPubKey"></param>
        /// <param name="forPrivKey"></param>
        /// <param name="keyStrength">1024, 2048,4096</param>
        /// <param name="exponent">Typically a fermat number 3, 5, 17, 257, 65537, 4294967297, 18446744073709551617,</param>
        /// <param name="certaninty">Should be 80 or higher depending on Key strength number (exponent)</param>
        public static void GenerateKeys(out string forPubKey, out string forPrivKey, int keyStrength, int exponent, int certaninty)
        {
            // Create key
            RsaKeyPairGenerator generator = new RsaKeyPairGenerator();

            /*
             * This value should be a Fermat number. 0x10001 (F4) is current recommended value. 3 (F1) is known to be safe also.
             * 3, 5, 17, 257, 65537, 4294967297, 18446744073709551617,
             *
             * Practically speaking, Windows does not tolerate public exponents which do not fit in a 32-bit unsigned integer. Using e=3 or e=65537 works "everywhere".
             */
            BigInteger exponentBigInt = new BigInteger(exponent.ToString());

            var param = new RsaKeyGenerationParameters(
                exponentBigInt,     // new BigInteger("10001", 16)  publicExponent
                new SecureRandom(), // SecureRandom.getInstance("SHA1PRNG"),//prng
                keyStrength,        //strength
                certaninty);        //certainty

            generator.Init(param);
            AsymmetricCipherKeyPair keyPair = generator.GenerateKeyPair();

            // Save to export format
            SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(keyPair.Public);

            byte[] ret = info.GetEncoded();
            forPubKey = Convert.ToBase64String(ret);

            //  EncryptedPrivateKeyInfo asdf = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(
            //    DerObjectIdentifier.Ber,,,keyPair.Private);

            //TextWriter textWriter = new StringWriter();
            //PemWriter pemWriter = new PemWriter(textWriter);
            //pemWriter.WriteObject(keyPair);
            //pemWriter.Writer.Flush();
            //string ret2 = textWriter.ToString();

            //// demonstration: how to serialise option 1
            //TextReader tr = new StringReader(ret2);
            //PemReader read = new PemReader(tr);
            //AsymmetricCipherKeyPair something = (AsymmetricCipherKeyPair)read.ReadObject();

            //// demonstration: how to serialise option 2 (don't know how to deserailize)
            //PrivateKeyInfo pKinfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
            //byte[] privRet = pKinfo.GetEncoded();
            //string forPrivKey2Test = Convert.ToBase64String(privRet);

            PrivateKeyInfo pKinfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);

            byte[] privRet         = pKinfo.GetEncoded();
            string forPrivKey2Test = Convert.ToBase64String(privRet);

            forPrivKey = forPrivKey2Test;
        }
示例#12
0
        private static byte[] EncodePrivateKey(
            AsymmetricKeyParameter akp,
            out string keyType)
        {
            PrivateKeyInfo      info  = PrivateKeyInfoFactory.CreatePrivateKeyInfo(akp);
            AlgorithmIdentifier algID = info.PrivateKeyAlgorithm;
            DerObjectIdentifier oid   = algID.Algorithm;

            if (oid.Equals(X9ObjectIdentifiers.IdDsa))
            {
                keyType = "DSA PRIVATE KEY";

                DsaParameter p = DsaParameter.GetInstance(algID.Parameters);

                BigInteger x = ((DsaPrivateKeyParameters)akp).X;
                BigInteger y = p.G.ModPow(x, p.P);

                // TODO Create an ASN1 object somewhere for this?
                return(new DerSequence(
                           new DerInteger(0),
                           new DerInteger(p.P),
                           new DerInteger(p.Q),
                           new DerInteger(p.G),
                           new DerInteger(y),
                           new DerInteger(x)).GetEncoded());
            }

            if (oid.Equals(PkcsObjectIdentifiers.RsaEncryption))
            {
                keyType = "RSA PRIVATE KEY";

                return(info.ParsePrivateKey().GetEncoded());
            }
            else if (oid.Equals(CryptoProObjectIdentifiers.GostR3410x2001) ||
                     oid.Equals(X9ObjectIdentifiers.IdECPublicKey))
            {
                keyType = "EC PRIVATE KEY";

                return(info.ParsePrivateKey().GetEncoded());
            }
            else
            {
                keyType = "PRIVATE KEY";

                return(info.GetEncoded());
            }
        }
示例#13
0
文件: X9Test.cs 项目: 894880010/MP
        private void EncodePrivateKey()
        {
            X9ECParameters ecP = X962NamedCurves.GetByOid(X9ObjectIdentifiers.Prime192v1);

            //
            // named curve
            //
            X962Parameters _params = new X962Parameters(X9ObjectIdentifiers.Prime192v1);

            PrivateKeyInfo info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, _params),
                                                     new ECPrivateKeyStructure(ecP.N.BitLength, BigInteger.Ten).ToAsn1Object());

            if (!Arrays.AreEqual(info.GetEncoded(), namedPriv))
            {
                Fail("failed private named generation");
            }

            Asn1Object o = Asn1Object.FromByteArray(namedPriv);

            if (!info.Equals(o))
            {
                Fail("failed private named equality");
            }

            //
            // explicit curve parameters
            //
            ecP = X962NamedCurves.GetByOid(X9ObjectIdentifiers.Prime239v3);

            _params = new X962Parameters(ecP);

            info = new PrivateKeyInfo(new AlgorithmIdentifier(X9ObjectIdentifiers.IdECPublicKey, _params),
                                      new ECPrivateKeyStructure(ecP.N.BitLength, BigInteger.ValueOf(20)).ToAsn1Object());

            if (!Arrays.AreEqual(info.GetEncoded(), expPriv))
            {
                Fail("failed private explicit generation");
            }

            o = Asn1Object.FromByteArray(expPriv);

            if (!info.Equals(o))
            {
                Fail("failed private explicit equality");
            }
        }
示例#14
0
 /// <summary>
 /// onvert RSA xml private key to pem private xml
 /// </summary>
 /// <param name="privatePem"></param>
 /// <returns></returns>
 public static string PrivateXmlToPem(string privateXml)
 {
     using (RSA rsa = RSA.Create())
     {
         rsa.FromXmlString(privateXml);
         var            keyPair        = DotNetUtilities.GetRsaKeyPair(rsa);
         PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
         var            base64         = Convert.ToBase64String(privateKeyInfo.GetEncoded());
         StringBuilder  b = new StringBuilder();
         b.Append("-----BEGIN PRIVATE KEY-----\n");
         for (int i = 0; i < base64.Length; i += 64)
         {
             b.Append($"{ base64.Substring(i, Math.Min(64, base64.Length - i)) }\n");
         }
         b.Append("-----END PRIVATE KEY-----\n");
         return(b.ToString());
     }
 }
示例#15
0
        public static EncryptedPrivateKeyInfo CreateEncryptedPrivateKeyInfo(string algorithm, char[] passPhrase, byte[] salt, int iterationCount, PrivateKeyInfo keyInfo)
        {
            IBufferedCipher bufferedCipher = PbeUtilities.CreateEngine(algorithm) as IBufferedCipher;

            if (bufferedCipher == null)
            {
                throw new global::System.Exception("Unknown encryption algorithm: " + algorithm);
            }
            Asn1Encodable     asn1Encodable = PbeUtilities.GenerateAlgorithmParameters(algorithm, salt, iterationCount);
            ICipherParameters parameters    = PbeUtilities.GenerateCipherParameters(algorithm, passPhrase, asn1Encodable);

            bufferedCipher.Init(forEncryption: true, parameters);
            byte[] encoding = bufferedCipher.DoFinal(keyInfo.GetEncoded());
            DerObjectIdentifier objectIdentifier = PbeUtilities.GetObjectIdentifier(algorithm);
            AlgorithmIdentifier algId            = new AlgorithmIdentifier(objectIdentifier, asn1Encodable);

            return(new EncryptedPrivateKeyInfo(algId, encoding));
        }
示例#16
0
        public override void PerformTest()
        {
            PrivateKeyInfo privInfo1 = PrivateKeyInfo.GetInstance(priv);

            IsTrue(!privInfo1.HasPublicKey);

            PrivateKeyInfo privInfo2 = new PrivateKeyInfo(privInfo1.PrivateKeyAlgorithm, privInfo1.ParsePrivateKey());

            IsTrue("enc 1 failed", AreEqual(priv, privInfo2.GetEncoded()));

            privInfo1 = PrivateKeyInfo.GetInstance(privWithPub);

            IsTrue(privInfo1.HasPublicKey);

            privInfo2 = new PrivateKeyInfo(privInfo1.PrivateKeyAlgorithm, privInfo1.ParsePrivateKey(), privInfo1.Attributes, privInfo1.PublicKeyData.GetOctets());

            IsTrue("enc 2 failed", AreEqual(privWithPub, privInfo2.GetEncoded()));
        }
        /// <summary>
        /// Create the encrypted private key info using the passed in encryptor.
        /// </summary>
        /// <param name="encryptor">The encryptor to use.</param>
        /// <returns>An encrypted private key info containing the original private key info.</returns>
        public Pkcs8EncryptedPrivateKeyInfo Build(
            ICipherBuilder encryptor)
        {
            try
            {
                MemoryStream bOut    = new MemoryOutputStream();
                ICipher      cOut    = encryptor.BuildCipher(bOut);
                byte[]       keyData = privateKeyInfo.GetEncoded();

                Stream str = cOut.Stream;
                str.Write(keyData, 0, keyData.Length);
                BestHTTP.SecureProtocol.Org.BouncyCastle.Utilities.Platform.Dispose(str);

                return(new Pkcs8EncryptedPrivateKeyInfo(new EncryptedPrivateKeyInfo((AlgorithmIdentifier)encryptor.AlgorithmDetails, bOut.ToArray())));
            }
            catch (IOException)
            {
                throw new InvalidOperationException("cannot encode privateKeyInfo");
            }
        }
        /// <summary>
        /// Create the encrypted private key info using the passed in encryptor.
        /// </summary>
        /// <param name="encryptor">The encryptor to use.</param>
        /// <returns>An encrypted private key info containing the original private key info.</returns>
        public Pkcs8EncryptedPrivateKeyInfo Build(
            ICipherBuilder encryptor)
        {
            try
            {
                MemoryStream bOut    = new MemoryOutputStream();
                ICipher      cOut    = encryptor.BuildCipher(bOut);
                byte[]       keyData = privateKeyInfo.GetEncoded();

                using (var str = cOut.Stream)
                {
                    str.Write(keyData, 0, keyData.Length);
                }

                return(new Pkcs8EncryptedPrivateKeyInfo(new EncryptedPrivateKeyInfo((AlgorithmIdentifier)encryptor.AlgorithmDetails, bOut.ToArray())));
            }
            catch (IOException)
            {
                throw new InvalidOperationException("cannot encode privateKeyInfo");
            }
        }
示例#19
0
 public PemObject Generate()
 {
     if (algorithm == null)
     {
         PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privKey);
         return(new PemObject("PRIVATE KEY", privateKeyInfo.GetEncoded()));
     }
     byte[] array = new byte[20];
     if (random == null)
     {
         random = new SecureRandom();
     }
     ((Random)random).NextBytes(array);
     try
     {
         EncryptedPrivateKeyInfo encryptedPrivateKeyInfo = EncryptedPrivateKeyInfoFactory.CreateEncryptedPrivateKeyInfo(algorithm, password, array, iterationCount, privKey);
         return(new PemObject("ENCRYPTED PRIVATE KEY", encryptedPrivateKeyInfo.GetEncoded()));
     }
     catch (global::System.Exception exception)
     {
         throw new PemGenerationException("Couldn't encrypt private key", exception);
     }
 }
示例#20
0
        public static string XmlToPem(string xml)
        {
            using (RSA rsa = RSA.Create())
            {
                rsa.FromXmlString(xml);

                AsymmetricCipherKeyPair keyPair = Org.BouncyCastle.Security.DotNetUtilities.GetRsaKeyPair(rsa); // try get private and public key pair
                if (keyPair != null)                                                                            // if XML RSA key contains private key
                {
                    PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
                    return(FormatPem(Convert.ToBase64String(privateKeyInfo.GetEncoded()), "PRIVATE KEY"));
                }

                RsaKeyParameters publicKey = Org.BouncyCastle.Security.DotNetUtilities.GetRsaPublicKey(rsa); // try get public key
                if (publicKey != null)                                                                       // if XML RSA key contains public key
                {
                    SubjectPublicKeyInfo publicKeyInfo = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
                    return(FormatPem(Convert.ToBase64String(publicKeyInfo.GetEncoded()), "PUBLIC KEY"));
                }
            }

            throw new InvalidKeyException("Invalid RSA Xml Key");
        }
示例#21
0
        public static string XmlToPem(string xml)
        {
            using (RSA rsa = RSA.Create())
            {
                rsa.FromXmlString(xml);

                AsymmetricCipherKeyPair keyPair = rsa.GetKeyPair(); // try get private and public key pair
                if (keyPair != null)                                // if XML RSA key contains private key
                {
                    PrivateKeyInfo privateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(keyPair.Private);
                    return(FormatPem(privateKeyInfo.GetEncoded().ToBase64(), "RSA PRIVATE KEY"));
                }

                RsaKeyParameters publicKey = rsa.GetPublicKey(); // try get public key
                if (publicKey != null)                           // if XML RSA key contains public key
                {
                    SubjectPublicKeyInfo publicKeyInfo =
                        SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKey);
                    return(FormatPem(publicKeyInfo.GetEncoded().ToBase64(), "PUBLIC KEY"));
                }
            }

            throw new InvalidKeyException("Invalid RSA Xml Key");
        }
示例#22
0
        private PemObject createPemObject(Object o)
        {
            String type;

            byte[] encoding;

            if (o is PemObject)
            {
                return((PemObject)o);
            }
            if (o is PemObjectGenerator)
            {
                return(((PemObjectGenerator)o).Generate());
            }
            if (o is X509Certificate)
            {
                type = "CERTIFICATE";

                encoding = ((X509Certificate)o).GetEncoded();
            }
            else if (o is X509Crl)
            {
                type = "X509 CRL";

                encoding = ((X509Crl)o).GetEncoded();
            }
            else if (o is X509TrustedCertificateBlock)
            {
                type = "TRUSTED CERTIFICATE";

                encoding = ((X509TrustedCertificateBlock)o).GetEncoded();
            }
            else if (o is PrivateKeyInfo)
            {
                PrivateKeyInfo      info   = (PrivateKeyInfo)o;
                DerObjectIdentifier algOID = info.PrivateKeyAlgorithm.Algorithm;

                if (algOID.Equals(PkcsObjectIdentifiers.RsaEncryption))
                {
                    type = "RSA PRIVATE KEY";

                    encoding = info.ParsePrivateKey().ToAsn1Object().GetEncoded();
                }
                else if (algOID.Equals(dsaOids[0]) || algOID.Equals(dsaOids[1]))
                {
                    type = "DSA PRIVATE KEY";

                    DsaParameter        p = DsaParameter.GetInstance(info.PrivateKeyAlgorithm.Parameters);
                    Asn1EncodableVector v = new Asn1EncodableVector();

                    v.Add(new DerInteger(0));
                    v.Add(new DerInteger(p.P));
                    v.Add(new DerInteger(p.Q));
                    v.Add(new DerInteger(p.G));

                    BigInteger x = DerInteger.GetInstance(info.ParsePrivateKey()).Value;
                    BigInteger y = p.G.ModPow(x, p.P);

                    v.Add(new DerInteger(y));
                    v.Add(new DerInteger(x));

                    encoding = new DerSequence(v).GetEncoded();
                }
                else if (algOID.Equals(X9ObjectIdentifiers.IdECPublicKey))
                {
                    type = "EC PRIVATE KEY";

                    encoding = info.ParsePrivateKey().ToAsn1Object().GetEncoded();
                }
                else
                {
                    type = "PRIVATE KEY";

                    encoding = info.GetEncoded();
                }
            }
            else if (o is SubjectPublicKeyInfo)
            {
                type = "PUBLIC KEY";

                encoding = ((SubjectPublicKeyInfo)o).GetEncoded();
            }

            /*
             * else if (o is X509AttributeCertificateHolder)
             * {
             *  type = "ATTRIBUTE CERTIFICATE";
             *  encoding = ((X509AttributeCertificateHolder)o).getEncoded();
             * }
             */
            else if (o is Pkcs8EncryptedPrivateKeyInfo)
            {
                type     = "ENCRYPTED PRIVATE KEY";
                encoding = ((Pkcs8EncryptedPrivateKeyInfo)o).GetEncoded();
            }
            else if (o is Pkcs10CertificationRequest)
            {
                type     = "CERTIFICATE REQUEST";
                encoding = ((Pkcs10CertificationRequest)o).GetEncoded();
            }
            else if (o is ContentInfo)
            {
                type     = "PKCS7";
                encoding = ((ContentInfo)o).GetEncoded();
            }
            else
            {
                throw new PemGenerationException("unknown object passed - can't encode.");
            }

            if (encryptorBuilder != null)
            {
                String dekAlgName = Platform.ToUpperInvariant(encryptorBuilder.AlgorithmDetails.Info);

                // Note: For backward compatibility
                if (dekAlgName.StartsWith("DESEDE"))
                {
                    dekAlgName = "DES-EDE3-CBC";
                }

                MemoryOutputStream bOut      = new MemoryOutputStream();
                ICipher            encryptor = encryptorBuilder.BuildCipher(bOut);

                using (var stream = encryptor.Stream)
                {
                    stream.Write(encoding, 0, encoding.Length);
                }

                byte[] encData = bOut.ToArray();

                IList headers = Platform.CreateArrayList();

                headers.Add(new PemHeader("Proc-Type", "4,ENCRYPTED"));
                headers.Add(new PemHeader("DEK-Info", encryptorBuilder.AlgorithmDetails.Info));

                return(new PemObject(type, headers, encData));
            }

            return(new PemObject(type, encoding));
        }
        private static string EncryptPrivateKey(AsymmetricKeyParameter privateKey, string password)
        {
            // Create salts
            byte[]       aesIv     = new byte[16];
            byte[]       keySalt   = new byte[20];
            SecureRandom randomGen = new SecureRandom();

            randomGen.NextBytes(aesIv);
            randomGen.NextBytes(keySalt);
            try {
                PrivateKeyInfo decryptedPrivateKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(privateKey);

                // Prepare encryption
                Pkcs5S2ParametersGenerator pkcs5S2Gen = new Pkcs5S2ParametersGenerator();
                pkcs5S2Gen.Init(PKCS5PasswordToBytes(password.ToCharArray()), keySalt, hashIterationCount);
                ICipherParameters cipherParams = pkcs5S2Gen.GenerateDerivedParameters(NistObjectIdentifiers.IdAes256Cbc.Id, 256);
                IBufferedCipher   cipher       = CipherUtilities.GetCipher(NistObjectIdentifiers.IdAes256Cbc);
                cipher.Init(true, new ParametersWithIV(cipherParams, aesIv));

                // Generate encrypted private key info
                Asn1OctetString     aesIvOctetString = new DerOctetString(aesIv);
                KeyDerivationFunc   keyFunction      = new KeyDerivationFunc(PkcsObjectIdentifiers.IdPbkdf2, new Pbkdf2Params(keySalt, hashIterationCount));
                EncryptionScheme    encScheme        = new EncryptionScheme(NistObjectIdentifiers.IdAes256Cbc, aesIvOctetString);
                Asn1EncodableVector encryptionInfo   = new Asn1EncodableVector {
                    keyFunction, encScheme
                };
                AlgorithmIdentifier     algIdentifier                   = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdPbeS2, new DerSequence(encryptionInfo));
                EncryptedPrivateKeyInfo encryptedPrivateKeyInfo         = new EncryptedPrivateKeyInfo(algIdentifier, cipher.DoFinal(decryptedPrivateKeyInfo.GetEncoded()));
                Org.BouncyCastle.Utilities.IO.Pem.PemObject pkPemObject = new Org.BouncyCastle.Utilities.IO.Pem.PemObject("ENCRYPTED PRIVATE KEY", encryptedPrivateKeyInfo.GetEncoded());

                // Write the PEM object to a string
                StringWriter txtWriter = new StringWriter();
                PemWriter    pemWriter = new PemWriter(txtWriter);
                pemWriter.WriteObject(pkPemObject);
                pemWriter.Writer.Close();
                return(txtWriter.ToString());
            } catch (Exception e) {
                throw new CryptoException("Could not encrypt private key.", e);
            }
        }
示例#24
0
        /// <summary>
        /// Generates a ca certificate
        /// </summary>
        /// <param name="privateKey">The CA private key used to sign certificates</param>
        /// <param name="base64EncodedCer">The cer file used to configure the browser</param>
        /// <returns></returns>
        public static void GenerateCACert(out string privateKey, out string base64EncodedCer)
        {
            string subjectName = CA_NAME;
            int    keyStrength = 1024;

            // Generating Random Numbers
            var randomGenerator = new CryptoApiRandomGenerator();
            var random          = new SecureRandom(randomGenerator);

            // The Certificate Generator
            var certificateGenerator = new X509V3CertificateGenerator();

            // Serial Number
            var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);

            certificateGenerator.SetSerialNumber(serialNumber);


            // Issuer and Subject Name
            var subjectDN = new X509Name(subjectName);
            var issuerDN  = subjectDN;

            certificateGenerator.SetIssuerDN(issuerDN);
            certificateGenerator.SetSubjectDN(subjectDN);

            // Valid For
            var notBefore = DateTime.UtcNow.Date;
            var notAfter  = notBefore.AddYears(2);

            certificateGenerator.SetNotBefore(notBefore);
            certificateGenerator.SetNotAfter(notAfter);
            certificateGenerator.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0));

            // Subject Public Key
            AsymmetricCipherKeyPair subjectKeyPair;
            var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
            var keyPairGenerator        = new RsaKeyPairGenerator();

            keyPairGenerator.Init(keyGenerationParameters);
            subjectKeyPair = keyPairGenerator.GenerateKeyPair();

            certificateGenerator.SetPublicKey(subjectKeyPair.Public);


            // Generating the Certificate
            var issuerKeyPair = subjectKeyPair;
            ISignatureFactory signatureFactory = new Asn1SignatureFactory("SHA256WithRSA", issuerKeyPair.Private, random);
            var certificate = certificateGenerator.Generate(signatureFactory);


            base64EncodedCer = String.Format("-----BEGIN CERTIFICATE-----\r\n{0}\r\n-----END CERTIFICATE-----",
                                             Convert.ToBase64String(certificate.GetEncoded()));

            //var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
            //System.Security.Cryptography.X509Certificates.X509Certificate dotNetCert = DotNetUtilities.ToX509Certificate(certificate);
            //X509Certificate2 dotNetCert2 = new X509Certificate2(dotNetCert);
            // Add CA certificate to Root store
            //AddCertToStore(dotNetCert2, StoreName.Root, StoreLocation.LocalMachine);

            PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(issuerKeyPair.Private);

            privateKey = Convert.ToBase64String(info.GetEncoded());
        }