/****************
* Test wether the secret key is valid.
* Returns: true if this is a valid key.
*/
private bool CheckKey(RSA_Secret_Key sk)
{
BigInteger temp = new BigInteger();
// - e*d mod (p - 1) = 1
if ((sk.e * sk.d) % (sk.p - 1) != 1)
{
return(false);
}
// - e*d mod (q - 1) = 1
if ((sk.e * sk.d) % (sk.q - 1) != 1)
{
return(false);
}
// - pInv * p (mod q) = 1
if (((sk.p.modInverse(sk.q) * sk.q) % sk.q) != 1)
{
return(false);
}
// - n (from the record of the public key) = p*q
if (sk.p * sk.q != sk.n)
{
return(false);
}
return(true);
}
/// <summary>
/// Returns a 2 dimensional array of BigIntegers, where
/// return[0] are the public key components of an rsa key
/// and return[1] are the secret components.
/// </summary>
/// <remarks>No remarks</remarks>
private BigInteger[][] ParseSecretKey(RSA_Secret_Key rskKey)
{
BigInteger[][] biReturn = new BigInteger[2][];
biReturn[0] = new BigInteger[2];
biReturn[0][0] = rskKey.n;
biReturn[0][1] = rskKey.e;
biReturn[1] = new BigInteger[4];
biReturn[1][0] = rskKey.d;
biReturn[1][1] = rskKey.p;
biReturn[1][2] = rskKey.q;
biReturn[1][3] = rskKey.u;
return(biReturn);
}
private RSA_Secret_Key ParseSecretKey(SecretKeyPacket skpKey, string strPassphrase)
{
RSA_Secret_Key rskKey = new RSA_Secret_Key();
rskKey.n = skpKey.PublicKey.KeyMaterial[0];
rskKey.e = skpKey.PublicKey.KeyMaterial[1];
BigInteger[] biSecretKeyMaterial = skpKey.GetDecryptedKeyMaterial(strPassphrase);
rskKey.d = biSecretKeyMaterial[0];
rskKey.p = biSecretKeyMaterial[1];
rskKey.q = biSecretKeyMaterial[2];
rskKey.u = biSecretKeyMaterial[3];
return(rskKey);
}
/// <summary>
/// Secret key operation. Decrypts biCipher with the keydata
/// in the given secret key packet.
/// </summary>
/// <param name="biCipher">The ciphertext that is about to
/// be decrypted</param>
/// <param name="skpKey">The secret key packet with the key
/// material for the decryption</param>
/// <param name="strPassphrase">The passphrase for the
/// keymaterial</param>
/// <returns>The decrypted ciphertext.</returns>
/// <remarks>No remarks.</remarks>
public override BigInteger Decrypt(BigInteger[] biCipher, SecretKeyPacket skpKey, string strPassphrase)
{
RSA_Secret_Key skey = new RSA_Secret_Key();
skey = ParseSecretKey(skpKey, strPassphrase);
//check if someone mangled with the key
if (!CheckKey(skey))
throw(new Exception("This key does not fullfill the requirements of a valid RSA key. Please check if someone messed with your keys!"));
if ((skey.d == 0) || (skey.n == 0))
throw new System.ArgumentException("This is not a valid secret key");
BigInteger biPlain = biCipher[0].modPow(skey.d, skey.n);
return biPlain;
}
/// <summary>
/// Secret key operation. Decrypts biCipher with the keydata
/// in the given secret key packet.
/// </summary>
/// <param name="biCipher">The ciphertext that is about to
/// be decrypted</param>
/// <param name="skpKey">The secret key packet with the key
/// material for the decryption</param>
/// <param name="strPassphrase">The passphrase for the
/// keymaterial</param>
/// <returns>The decrypted ciphertext.</returns>
/// <remarks>No remarks.</remarks>
public override BigInteger Decrypt(BigInteger[] biCipher, SecretKeyPacket skpKey, string strPassphrase)
{
RSA_Secret_Key skey = new RSA_Secret_Key();
skey = ParseSecretKey(skpKey, strPassphrase);
//check if someone mangled with the key
if (!CheckKey(skey))
{
throw(new Exception("This key does not fullfill the requirements of a valid RSA key. Please check if someone messed with your keys!"));
}
if ((skey.d == 0) || (skey.n == 0))
{
throw new System.ArgumentException("This is not a valid secret key");
}
BigInteger biPlain = biCipher[0].modPow(skey.d, skey.n);
return(biPlain);
}
/// <summary>
/// Creates a new RSA secret key and returns it as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.
/// </summary>
/// <remarks>
/// Creates a new RSA secret key and returns it as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.<br></br>
/// The order of the public components is n, e.
/// The order of the secret components is d, p,
/// q and u.
/// </remarks>
/// <param name="nbits">The size of the key in bits.</param>
/// <returns>A new RSA secret key as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.<br></br>
/// The order of the public components is n, e.
/// The order of the secret components is d, p,
/// q and u.</returns>
/// <exception cref="System.ArgumentException">Throws an
/// Argumentexception if the keysize is not between 768
/// and 4096 bits.</exception>
public override BigInteger[][] Generate(int nbits)
{
BigInteger p, q; /* the two primes */
BigInteger d; /* the private key */
BigInteger u;
BigInteger t1, t2;
BigInteger n = new BigInteger(); /* the public key */
BigInteger e; /* the exponent */
BigInteger phi; /* helper: (p-1)(q-1) */
BigInteger g;
BigInteger f;
Random rand = new Random();
if ((nbits < 768) || (nbits > 4096))
{
throw new ArgumentException("Only keysizes betwen 768 and 4096 bit are allowed!");
}
/* make sure that nbits is even so that we generate p, q of equal size */
if ((nbits & 1) == 1)
{
nbits++;
}
do
{
/* select two (very secret) primes */
p = new BigInteger();
q = new BigInteger();
p = BigInteger.genPseudoPrime(nbits / 2);
q = BigInteger.genPseudoPrime(nbits / 2);
/* p shall be smaller than q (for calc of u)*/
if (q > p)
{
BigInteger tmp = p;
p = q;
q = tmp;
}
/* calculate the modulus */
n = p * q;
} while (n.bitCount() != nbits);
/* calculate Euler totient: phi = (p-1)(q-1) */
t1 = p - new BigInteger(1);
t2 = q - new BigInteger(1);
phi = t1 * t2;
g = t1.gcd(t2);
f = phi / g;
/* find an public exponent.
* We use 41 as this is quite fast and more secure than the
* commonly used 17.
*/
e = new BigInteger(41);
t1 = e.gcd(phi);
if (t1 != new BigInteger(1))
{
e = new BigInteger(257);
t1 = e.gcd(phi);
if (t1 != new BigInteger(1))
{
e = new BigInteger(65537);
t1 = e.gcd(phi);
/* (while gcd is not 1) */
while (t1 != new BigInteger(1))
{
e += 2;
t1 = e.gcd(phi);
}
}
}
/* calculate the secret key d = e^1 mod phi */
d = e.modInverse(f);
/* calculate the inverse of p and q (used for chinese remainder theorem)*/
u = p.modInverse(q);
RSA_Secret_Key sk = new RSA_Secret_Key();
sk.n = n;
sk.e = e;
sk.p = p;
sk.q = q;
sk.d = d;
sk.u = u;
this.biGeneratedKey = ParseSecretKey(sk);
return(this.biGeneratedKey);
/* now we can test our keys (this should never fail!) */
// test_keys( sk, nbits - 64 );
}
/// <summary>
/// Returns a 2 dimensional array of BigIntegers, where
/// return[0] are the public key components of an rsa key
/// and return[1] are the secret components.
/// </summary>
/// <remarks>No remarks</remarks>
private BigInteger[][] ParseSecretKey(RSA_Secret_Key rskKey)
{
BigInteger[][] biReturn = new BigInteger[2][];
biReturn[0] = new BigInteger[2];
biReturn[0][0] = rskKey.n;
biReturn[0][1] = rskKey.e;
biReturn[1] = new BigInteger[4];
biReturn[1][0] = rskKey.d;
biReturn[1][1] = rskKey.p;
biReturn[1][2] = rskKey.q;
biReturn[1][3] = rskKey.u;
return biReturn;
}
private RSA_Secret_Key ParseSecretKey(SecretKeyPacket skpKey, string strPassphrase)
{
RSA_Secret_Key rskKey = new RSA_Secret_Key();
rskKey.n = skpKey.PublicKey.KeyMaterial[0];
rskKey.e = skpKey.PublicKey.KeyMaterial[1];
BigInteger[] biSecretKeyMaterial = skpKey.GetDecryptedKeyMaterial(strPassphrase);
rskKey.d = biSecretKeyMaterial[0];
rskKey.p = biSecretKeyMaterial[1];
rskKey.q = biSecretKeyMaterial[2];
rskKey.u = biSecretKeyMaterial[3];
return rskKey;
}
/****************
* Test wether the secret key is valid.
* Returns: true if this is a valid key.
*/
private bool CheckKey(RSA_Secret_Key sk)
{
BigInteger temp = new BigInteger();
// - e*d mod (p - 1) = 1
if ((sk.e*sk.d) % (sk.p - 1) != 1)
return false;
// - e*d mod (q - 1) = 1
if ((sk.e*sk.d) % (sk.q - 1) != 1)
return false;
// - pInv * p (mod q) = 1
if (((sk.p.modInverse(sk.q) * sk.q) % sk.q) != 1)
return false;
// - n (from the record of the public key) = p*q
if (sk.p * sk.q != sk.n)
return false;
return true;
}
/// <summary>
/// Creates a new RSA secret key and returns it as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.
/// </summary>
/// <remarks>
/// Creates a new RSA secret key and returns it as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.<br></br>
/// The order of the public components is n, e.
/// The order of the secret components is d, p,
/// q and u.
/// </remarks>
/// <param name="nbits">The size of the key in bits.</param>
/// <returns>A new RSA secret key as a
/// 2 dimensional array of biginteger. return[0] holds
/// the public values of the key and return[1] all the
/// secret values.<br></br>
/// The order of the public components is n, e.
/// The order of the secret components is d, p,
/// q and u.</returns>
/// <exception cref="System.ArgumentException">Throws an
/// Argumentexception if the keysize is not between 768
/// and 4096 bits.</exception>
public override BigInteger[][] Generate(int nbits)
{
BigInteger p, q; /* the two primes */
BigInteger d; /* the private key */
BigInteger u;
BigInteger t1, t2;
BigInteger n = new BigInteger(); /* the public key */
BigInteger e; /* the exponent */
BigInteger phi; /* helper: (p-1)(q-1) */
BigInteger g;
BigInteger f;
Random rand = new Random();
if ((nbits < 768) || (nbits > 4096))
throw new ArgumentException("Only keysizes betwen 768 and 4096 bit are allowed!");
/* make sure that nbits is even so that we generate p, q of equal size */
if ( (nbits&1)==1 )
nbits++;
do {
/* select two (very secret) primes */
p = new BigInteger();
q = new BigInteger();
p = BigInteger.genPseudoPrime(nbits / 2);
q = BigInteger.genPseudoPrime(nbits / 2);
/* p shall be smaller than q (for calc of u)*/
if (q > p) {
BigInteger tmp = p;
p = q;
q = tmp;
}
/* calculate the modulus */
n = p * q;
} while ( n.bitCount() != nbits );
/* calculate Euler totient: phi = (p-1)(q-1) */
t1 = p - new BigInteger(1);
t2 = q - new BigInteger(1);
phi = t1 * t2;
g = t1.gcd(t2);
f = phi / g;
/* find an public exponent.
We use 41 as this is quite fast and more secure than the
commonly used 17.
*/
e = new BigInteger(41);
t1 = e.gcd(phi);
if( t1 != new BigInteger(1) ) {
e = new BigInteger(257);
t1 = e.gcd(phi);
if( t1 != new BigInteger(1) ) {
e = new BigInteger(65537);
t1 = e.gcd(phi);
/* (while gcd is not 1) */
while( t1 != new BigInteger(1) ) {
e += 2;
t1 = e.gcd(phi);
}
}
}
/* calculate the secret key d = e^1 mod phi */
d = e.modInverse(f);
/* calculate the inverse of p and q (used for chinese remainder theorem)*/
u = p.modInverse(q);
RSA_Secret_Key sk = new RSA_Secret_Key();
sk.n = n;
sk.e = e;
sk.p = p;
sk.q = q;
sk.d = d;
sk.u = u;
this.biGeneratedKey = ParseSecretKey(sk);
return this.biGeneratedKey;
/* now we can test our keys (this should never fail!) */
// test_keys( sk, nbits - 64 );
}
