private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) { Asn1InputStream asn1inputstream = new Asn1InputStream(new MemoryStream(x509certificate.GetTbsCertificate())); TbsCertificateStructure tbscertificatestructure = TbsCertificateStructure.GetInstance(asn1inputstream.ReadObject()); AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.SubjectPublicKeyInfo.AlgorithmID; Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerandserialnumber = new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber( tbscertificatestructure.Issuer, tbscertificatestructure.SerialNumber.Value); IBufferedCipher cipher = CipherUtilities.GetCipher(algorithmidentifier.ObjectID); cipher.Init(true, x509certificate.GetPublicKey()); byte[] outp = new byte[10000]; int len = cipher.DoFinal(abyte0, outp, 0); byte[] abyte1 = new byte[len]; System.Array.Copy(outp, 0, abyte1, 0, len); DerOctetString deroctetstring = new DerOctetString(abyte1); RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); return(new KeyTransRecipientInfo(recipId, algorithmidentifier, deroctetstring)); }
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random) { byte[] keyBytes = contentEncryptionKey.GetKey(); AlgorithmIdentifier keyEncryptionAlgorithm = info.AlgorithmID; IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.ObjectID.Id); keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random)); byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length); RecipientIdentifier recipId; if (recipientTbsCert != null) { IssuerAndSerialNumber issuerAndSerial = new IssuerAndSerialNumber( recipientTbsCert.Issuer, recipientTbsCert.SerialNumber.Value); recipId = new RecipientIdentifier(issuerAndSerial); } else { recipId = new RecipientIdentifier(subjectKeyIdentifier); } return(new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncryptionAlgorithm, new DerOctetString(encryptedKeyBytes)))); }
private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) { TbsCertificateStructure certificate; using (Asn1InputStream input = new Asn1InputStream(x509certificate.GetTbsCertificate())) { certificate = TbsCertificateStructure.GetInstance(input.ReadObject()); } AlgorithmIdentifier algorithmId = certificate.SubjectPublicKeyInfo.AlgorithmID; var serial = new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber(certificate.Issuer, certificate.SerialNumber.Value); IBufferedCipher cipher; try { cipher = CipherUtilities.GetCipher(algorithmId.Algorithm.Id); } catch (Exception e) { // should never happen, if this happens throw IOException instead throw new Exception("Could not find a suitable javax.crypto provider", e); } cipher.Init(true, x509certificate.GetPublicKey()); DerOctetString octets = new DerOctetString(cipher.DoFinal(abyte0)); RecipientIdentifier recipientId = new RecipientIdentifier(serial); return(new KeyTransRecipientInfo(recipientId, algorithmId, octets)); }
internal KeyTransRecipientInformation(KeyTransRecipientInfo info, CmsSecureReadable secureReadable) : base(info.KeyEncryptionAlgorithm, secureReadable) { this.info = info; this.rid = new RecipientID(); RecipientIdentifier recipientIdentifier = info.RecipientIdentifier; try { if (recipientIdentifier.IsTagged) { Asn1OctetString instance = Asn1OctetString.GetInstance(recipientIdentifier.ID); this.rid.SubjectKeyIdentifier = instance.GetOctets(); } else { Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber instance2 = Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber.GetInstance(recipientIdentifier.ID); this.rid.Issuer = instance2.Name; this.rid.SerialNumber = instance2.SerialNumber.Value; } } catch (IOException) { throw new ArgumentException("invalid rid in KeyTransRecipientInformation"); } }
public KeyTransRecipientInfo(Asn1Sequence seq) { version = (DerInteger)seq[0]; rid = RecipientIdentifier.GetInstance(seq[1]); keyEncryptionAlgorithm = AlgorithmIdentifier.GetInstance(seq[2]); encryptedKey = (Asn1OctetString)seq[3]; }
public KeyTransRecipientInformation( KeyTransRecipientInfo info, AlgorithmIdentifier encAlg, AlgorithmIdentifier macAlg, AlgorithmIdentifier authEncAlg, Stream data) : base(encAlg, macAlg, authEncAlg, info.KeyEncryptionAlgorithm, data) { this.info = info; this.rid = new RecipientID(); RecipientIdentifier r = info.RecipientIdentifier; try { if (r.IsTagged) { Asn1OctetString octs = Asn1OctetString.GetInstance(r.ID); rid.SubjectKeyIdentifier = octs.GetOctets(); } else { IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.GetInstance(r.ID); rid.Issuer = iAnds.Name; rid.SerialNumber = iAnds.SerialNumber.Value; } } catch (IOException) { throw new ArgumentException("invalid rid in KeyTransRecipientInformation"); } }
/// <summary> /// RFC 3852의 EnvelopedData 구조체 중 KeyTransRecipientInfo 항목을 생성하고 /// 이를 이용해 RecipientInfo 구조체를 생성한다. /// </summary> /// <param name="x509_certificate2">키를 암호화하기 위한 공인인증서(국세청 공인인증서)</param> /// <param name="random_key">암호화에 사용된 램덤 키</param> /// <returns></returns> private RecipientInfo GetKeyTransRecipientInfo(X509Certificate2 x509_certificate2, byte[] random_key) { // RecipientIdentifier 필드에는 누구의 공개키를 이용하였는지에 대한 정보가 들어간다. // IssuerAndSerialNumber(ASN.1 형태) 데이터를 생성하기 위하여 파라미터로 전달받은 cert 를 Org.BouncyCastle.X509.X509Certificate 타입으로 변환한다. X509CertificateParser _x509Parser = new X509CertificateParser(); Org.BouncyCastle.X509.X509Certificate _bouncyCert = _x509Parser.ReadCertificate(x509_certificate2.GetRawCertData()); // IssuerAndSerialNumber 데이터를 생성한다. Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber _issuerAndSerial = new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber(_bouncyCert.IssuerDN, new DerInteger(_bouncyCert.SerialNumber)); // IssuerAndSerialNumber 데이터를 이용하여 RecipientIdentifier 형태의 데이터를 생성한다. RecipientIdentifier _rid = new RecipientIdentifier(_issuerAndSerial.ToAsn1Object()); // 대칭키 알고리즘에 사용된 키를 암호화할 때 이용되는 암호화 알고리즘에 대한 OID // 암호화 알고리즘 : RSA (비대칭 알고리즘) // OID : 1.2.840.113549.1.1.1 AlgorithmIdentifier _keyEncryptionAlgorithm = new AlgorithmIdentifier(new DerObjectIdentifier("1.2.840.113549.1.1.1")); // 랜덤키를 공개키를 사용해 암호화 한다. RSACryptoServiceProvider _rsaCrypto = (RSACryptoServiceProvider)x509_certificate2.PublicKey.Key; byte[] _byteEncryptedKey = _rsaCrypto.Encrypt(random_key, false); // 대칭키를 암호화 Asn1OctetString _encryptedKey = new BerOctetString(_byteEncryptedKey); // KeyTransRecipientInfo 구조체를 생성, 설정한다. KeyTransRecipientInfo _keyTransRecipientInfo = new KeyTransRecipientInfo(_rid, _keyEncryptionAlgorithm, _encryptedKey); // KeyTransRecipientInfo 구조체를 이용하여 RecipientInfo를 생성 및 설정한다. return(new RecipientInfo(_keyTransRecipientInfo)); }
public RecipientInfo Generate(ISymmetricKey contentEncryptionKey) { byte[] encryptedKeyBytes; try { encryptedKeyBytes = GenerateWrappedKey(contentEncryptionKey); } catch (Exception e) { throw new CmsException("exception wrapping content key: " + e.Message, e); } RecipientIdentifier recipId; if (issuerAndSerial != null) { recipId = new RecipientIdentifier(issuerAndSerial); } else { recipId = new RecipientIdentifier(new DerOctetString(subjectKeyIdentifier)); } return(new RecipientInfo(new KeyTransRecipientInfo(recipId, AlgorithmDetails, new DerOctetString(encryptedKeyBytes)))); }
public KeyTransRecipientInfo(RecipientIdentifier rid, AlgorithmIdentifier keyEncryptionAlgorithm, Asn1OctetString encryptedKey) { if (rid.ToAsn1Object() is Asn1TaggedObject) { version = new DerInteger(2); } else { version = new DerInteger(0); } this.rid = rid; this.keyEncryptionAlgorithm = keyEncryptionAlgorithm; this.encryptedKey = encryptedKey; }
private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0) { Asn1InputStream asn1inputstream = new Asn1InputStream(new MemoryStream(x509certificate.GetTbsCertificate() )); TbsCertificateStructure tbscertificatestructure = TbsCertificateStructure.GetInstance(asn1inputstream.ReadObject ()); System.Diagnostics.Debug.Assert(tbscertificatestructure != null); AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.SubjectPublicKeyInfo.AlgorithmID; IssuerAndSerialNumber issuerandserialnumber = new IssuerAndSerialNumber(tbscertificatestructure.Issuer, tbscertificatestructure .SerialNumber.Value); byte[] cipheredBytes = EncryptionUtils.CipherBytes(x509certificate, abyte0, algorithmidentifier); DerOctetString deroctetstring = new DerOctetString(cipheredBytes); RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber); return(new KeyTransRecipientInfo(recipId, algorithmidentifier, deroctetstring)); }
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random) { byte[] key = contentEncryptionKey.GetKey(); AlgorithmIdentifier algorithmID = this.info.AlgorithmID; IWrapper wrapper = KeyTransRecipientInfoGenerator.Helper.CreateWrapper(algorithmID.ObjectID.Id); wrapper.Init(true, new ParametersWithRandom(this.recipientPublicKey, random)); byte[] str = wrapper.Wrap(key, 0, key.Length); RecipientIdentifier rid; if (this.recipientTbsCert != null) { IssuerAndSerialNumber id = new IssuerAndSerialNumber(this.recipientTbsCert.Issuer, this.recipientTbsCert.SerialNumber.Value); rid = new RecipientIdentifier(id); } else { rid = new RecipientIdentifier(this.subjectKeyIdentifier); } return(new RecipientInfo(new KeyTransRecipientInfo(rid, algorithmID, new DerOctetString(str)))); }
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random) { AlgorithmIdentifier keyEncryptionAlgorithm = this.AlgorithmDetails; this.random = random; byte[] encryptedKeyBytes = GenerateWrappedKey(contentEncryptionKey); RecipientIdentifier recipId; if (issuerAndSerialNumber != null) { recipId = new RecipientIdentifier(issuerAndSerialNumber); } else { recipId = new RecipientIdentifier(subjectKeyIdentifier); } return(new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncryptionAlgorithm, new DerOctetString(encryptedKeyBytes)))); }
internal KeyTransRecipientInformation( KeyTransRecipientInfo info, AlgorithmIdentifier messageAlgorithm, ICmsSecureReadable secureReadable, IAuthAttributesProvider additionalData) : base(info.KeyEncryptionAlgorithm, messageAlgorithm, secureReadable, additionalData) { this.info = info; RecipientIdentifier r = info.RecipientIdentifier; if (r.IsTagged) { Asn1OctetString octs = Asn1OctetString.GetInstance(r.ID); rid = new KeyTransRecipientID(octs.GetOctets()) as IRecipientID <RecipientInformation>; } else { IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.GetInstance(r.ID); rid = new KeyTransRecipientID(iAnds.Name, iAnds.SerialNumber.Value) as IRecipientID <RecipientInformation>; } }
internal RecipientInfo ToRecipientInfo( KeyParameter key, SecureRandom random) { byte[] keyBytes = key.GetKey(); if (pubKey != null) { IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id); keyWrapper.Init(true, new ParametersWithRandom(pubKey, random)); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); RecipientIdentifier recipId; if (cert != null) { TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance( Asn1Object.FromByteArray(cert.GetTbsCertificate())); Asn1.Cms.IssuerAndSerialNumber encSid = new Asn1.Cms.IssuerAndSerialNumber( tbs.Issuer, tbs.SerialNumber.Value); recipId = new RecipientIdentifier(encSid); } else { recipId = new RecipientIdentifier(subKeyId); } return(new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncAlg, encKey))); } else if (originator != null) { IWrapper keyWrapper = Helper.CreateWrapper( DerObjectIdentifier.GetInstance( Asn1Sequence.GetInstance(keyEncAlg.Parameters)[0]).Id); keyWrapper.Init(true, new ParametersWithRandom(secKey, random)); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); RecipientEncryptedKey rKey = new RecipientEncryptedKey( new KeyAgreeRecipientIdentifier( new Asn1.Cms.IssuerAndSerialNumber( PrincipalUtilities.GetIssuerX509Principal(cert), cert.SerialNumber)), encKey); return(new RecipientInfo( new KeyAgreeRecipientInfo(originator, ukm, keyEncAlg, new DerSequence(rKey)))); } else if (derivationAlg != null) { string rfc3211WrapperName = Helper.GetRfc3211WrapperName(secKeyAlgorithm); IWrapper keyWrapper = Helper.CreateWrapper(rfc3211WrapperName); // Note: In Java build, the IV is automatically generated in JCE layer int ivLength = rfc3211WrapperName.StartsWith("DESEDE") ? 8 : 16; byte[] iv = new byte[ivLength]; random.NextBytes(iv); ICipherParameters parameters = new ParametersWithIV(secKey, iv); keyWrapper.Init(true, new ParametersWithRandom(parameters, random)); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); // byte[] iv = keyWrapper.GetIV(); DerSequence seq = new DerSequence( new DerObjectIdentifier(secKeyAlgorithm), new DerOctetString(iv)); keyEncAlg = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdAlgPwriKek, seq); return(new RecipientInfo(new PasswordRecipientInfo(derivationAlg, keyEncAlg, encKey))); } else { IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id); keyWrapper.Init(true, new ParametersWithRandom(secKey, random)); Asn1OctetString encKey = new DerOctetString( keyWrapper.Wrap(keyBytes, 0, keyBytes.Length)); return(new RecipientInfo(new KekRecipientInfo(secKeyId, keyEncAlg, encKey))); } }