private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
{
Asn1InputStream asn1inputstream =
new Asn1InputStream(new MemoryStream(x509certificate.GetTbsCertificate()));
TbsCertificateStructure tbscertificatestructure =
TbsCertificateStructure.GetInstance(asn1inputstream.ReadObject());
AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.SubjectPublicKeyInfo.AlgorithmID;
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber issuerandserialnumber =
new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber(
tbscertificatestructure.Issuer,
tbscertificatestructure.SerialNumber.Value);
IBufferedCipher cipher = CipherUtilities.GetCipher(algorithmidentifier.ObjectID);
cipher.Init(true, x509certificate.GetPublicKey());
byte[] outp = new byte[10000];
int len = cipher.DoFinal(abyte0, outp, 0);
byte[] abyte1 = new byte[len];
System.Array.Copy(outp, 0, abyte1, 0, len);
DerOctetString deroctetstring = new DerOctetString(abyte1);
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
return(new KeyTransRecipientInfo(recipId, algorithmidentifier, deroctetstring));
}
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
{
byte[] keyBytes = contentEncryptionKey.GetKey();
AlgorithmIdentifier keyEncryptionAlgorithm = info.AlgorithmID;
IWrapper keyWrapper = Helper.CreateWrapper(keyEncryptionAlgorithm.ObjectID.Id);
keyWrapper.Init(true, new ParametersWithRandom(recipientPublicKey, random));
byte[] encryptedKeyBytes = keyWrapper.Wrap(keyBytes, 0, keyBytes.Length);
RecipientIdentifier recipId;
if (recipientTbsCert != null)
{
IssuerAndSerialNumber issuerAndSerial = new IssuerAndSerialNumber(
recipientTbsCert.Issuer, recipientTbsCert.SerialNumber.Value);
recipId = new RecipientIdentifier(issuerAndSerial);
}
else
{
recipId = new RecipientIdentifier(subjectKeyIdentifier);
}
return(new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncryptionAlgorithm,
new DerOctetString(encryptedKeyBytes))));
}
private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
{
TbsCertificateStructure certificate;
using (Asn1InputStream input = new Asn1InputStream(x509certificate.GetTbsCertificate()))
{
certificate = TbsCertificateStructure.GetInstance(input.ReadObject());
}
AlgorithmIdentifier algorithmId = certificate.SubjectPublicKeyInfo.AlgorithmID;
var serial = new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber(certificate.Issuer, certificate.SerialNumber.Value);
IBufferedCipher cipher;
try
{
cipher = CipherUtilities.GetCipher(algorithmId.Algorithm.Id);
}
catch (Exception e)
{
// should never happen, if this happens throw IOException instead
throw new Exception("Could not find a suitable javax.crypto provider", e);
}
cipher.Init(true, x509certificate.GetPublicKey());
DerOctetString octets = new DerOctetString(cipher.DoFinal(abyte0));
RecipientIdentifier recipientId = new RecipientIdentifier(serial);
return(new KeyTransRecipientInfo(recipientId, algorithmId, octets));
}
internal KeyTransRecipientInformation(KeyTransRecipientInfo info, CmsSecureReadable secureReadable) : base(info.KeyEncryptionAlgorithm, secureReadable)
{
this.info = info;
this.rid = new RecipientID();
RecipientIdentifier recipientIdentifier = info.RecipientIdentifier;
try
{
if (recipientIdentifier.IsTagged)
{
Asn1OctetString instance = Asn1OctetString.GetInstance(recipientIdentifier.ID);
this.rid.SubjectKeyIdentifier = instance.GetOctets();
}
else
{
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber instance2 = Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber.GetInstance(recipientIdentifier.ID);
this.rid.Issuer = instance2.Name;
this.rid.SerialNumber = instance2.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid rid in KeyTransRecipientInformation");
}
}
public KeyTransRecipientInfo(Asn1Sequence seq)
{
version = (DerInteger)seq[0];
rid = RecipientIdentifier.GetInstance(seq[1]);
keyEncryptionAlgorithm = AlgorithmIdentifier.GetInstance(seq[2]);
encryptedKey = (Asn1OctetString)seq[3];
}
public KeyTransRecipientInformation(
KeyTransRecipientInfo info,
AlgorithmIdentifier encAlg,
AlgorithmIdentifier macAlg,
AlgorithmIdentifier authEncAlg,
Stream data)
: base(encAlg, macAlg, authEncAlg, info.KeyEncryptionAlgorithm, data)
{
this.info = info;
this.rid = new RecipientID();
RecipientIdentifier r = info.RecipientIdentifier;
try
{
if (r.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(r.ID);
rid.SubjectKeyIdentifier = octs.GetOctets();
}
else
{
IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.GetInstance(r.ID);
rid.Issuer = iAnds.Name;
rid.SerialNumber = iAnds.SerialNumber.Value;
}
}
catch (IOException)
{
throw new ArgumentException("invalid rid in KeyTransRecipientInformation");
}
}
/// <summary>
/// RFC 3852의 EnvelopedData 구조체 중 KeyTransRecipientInfo 항목을 생성하고
/// 이를 이용해 RecipientInfo 구조체를 생성한다.
/// </summary>
/// <param name="x509_certificate2">키를 암호화하기 위한 공인인증서(국세청 공인인증서)</param>
/// <param name="random_key">암호화에 사용된 램덤 키</param>
/// <returns></returns>
private RecipientInfo GetKeyTransRecipientInfo(X509Certificate2 x509_certificate2, byte[] random_key)
{
// RecipientIdentifier 필드에는 누구의 공개키를 이용하였는지에 대한 정보가 들어간다.
// IssuerAndSerialNumber(ASN.1 형태) 데이터를 생성하기 위하여 파라미터로 전달받은 cert 를 Org.BouncyCastle.X509.X509Certificate 타입으로 변환한다.
X509CertificateParser _x509Parser = new X509CertificateParser();
Org.BouncyCastle.X509.X509Certificate _bouncyCert = _x509Parser.ReadCertificate(x509_certificate2.GetRawCertData());
// IssuerAndSerialNumber 데이터를 생성한다.
Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber _issuerAndSerial = new Org.BouncyCastle.Asn1.Cms.IssuerAndSerialNumber(_bouncyCert.IssuerDN, new DerInteger(_bouncyCert.SerialNumber));
// IssuerAndSerialNumber 데이터를 이용하여 RecipientIdentifier 형태의 데이터를 생성한다.
RecipientIdentifier _rid = new RecipientIdentifier(_issuerAndSerial.ToAsn1Object());
// 대칭키 알고리즘에 사용된 키를 암호화할 때 이용되는 암호화 알고리즘에 대한 OID
// 암호화 알고리즘 : RSA (비대칭 알고리즘)
// OID : 1.2.840.113549.1.1.1
AlgorithmIdentifier _keyEncryptionAlgorithm = new AlgorithmIdentifier(new DerObjectIdentifier("1.2.840.113549.1.1.1"));
// 랜덤키를 공개키를 사용해 암호화 한다.
RSACryptoServiceProvider _rsaCrypto = (RSACryptoServiceProvider)x509_certificate2.PublicKey.Key;
byte[] _byteEncryptedKey = _rsaCrypto.Encrypt(random_key, false); // 대칭키를 암호화
Asn1OctetString _encryptedKey = new BerOctetString(_byteEncryptedKey);
// KeyTransRecipientInfo 구조체를 생성, 설정한다.
KeyTransRecipientInfo _keyTransRecipientInfo = new KeyTransRecipientInfo(_rid, _keyEncryptionAlgorithm, _encryptedKey);
// KeyTransRecipientInfo 구조체를 이용하여 RecipientInfo를 생성 및 설정한다.
return(new RecipientInfo(_keyTransRecipientInfo));
}
public RecipientInfo Generate(ISymmetricKey contentEncryptionKey)
{
byte[] encryptedKeyBytes;
try
{
encryptedKeyBytes = GenerateWrappedKey(contentEncryptionKey);
}
catch (Exception e)
{
throw new CmsException("exception wrapping content key: " + e.Message, e);
}
RecipientIdentifier recipId;
if (issuerAndSerial != null)
{
recipId = new RecipientIdentifier(issuerAndSerial);
}
else
{
recipId = new RecipientIdentifier(new DerOctetString(subjectKeyIdentifier));
}
return(new RecipientInfo(new KeyTransRecipientInfo(recipId, AlgorithmDetails,
new DerOctetString(encryptedKeyBytes))));
}
public KeyTransRecipientInfo(RecipientIdentifier rid, AlgorithmIdentifier keyEncryptionAlgorithm, Asn1OctetString encryptedKey)
{
if (rid.ToAsn1Object() is Asn1TaggedObject)
{
version = new DerInteger(2);
}
else
{
version = new DerInteger(0);
}
this.rid = rid;
this.keyEncryptionAlgorithm = keyEncryptionAlgorithm;
this.encryptedKey = encryptedKey;
}
private KeyTransRecipientInfo ComputeRecipientInfo(X509Certificate x509certificate, byte[] abyte0)
{
Asn1InputStream asn1inputstream = new Asn1InputStream(new MemoryStream(x509certificate.GetTbsCertificate()
));
TbsCertificateStructure tbscertificatestructure = TbsCertificateStructure.GetInstance(asn1inputstream.ReadObject
());
System.Diagnostics.Debug.Assert(tbscertificatestructure != null);
AlgorithmIdentifier algorithmidentifier = tbscertificatestructure.SubjectPublicKeyInfo.AlgorithmID;
IssuerAndSerialNumber issuerandserialnumber = new IssuerAndSerialNumber(tbscertificatestructure.Issuer, tbscertificatestructure
.SerialNumber.Value);
byte[] cipheredBytes = EncryptionUtils.CipherBytes(x509certificate, abyte0, algorithmidentifier);
DerOctetString deroctetstring = new DerOctetString(cipheredBytes);
RecipientIdentifier recipId = new RecipientIdentifier(issuerandserialnumber);
return(new KeyTransRecipientInfo(recipId, algorithmidentifier, deroctetstring));
}
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
{
byte[] key = contentEncryptionKey.GetKey();
AlgorithmIdentifier algorithmID = this.info.AlgorithmID;
IWrapper wrapper = KeyTransRecipientInfoGenerator.Helper.CreateWrapper(algorithmID.ObjectID.Id);
wrapper.Init(true, new ParametersWithRandom(this.recipientPublicKey, random));
byte[] str = wrapper.Wrap(key, 0, key.Length);
RecipientIdentifier rid;
if (this.recipientTbsCert != null)
{
IssuerAndSerialNumber id = new IssuerAndSerialNumber(this.recipientTbsCert.Issuer, this.recipientTbsCert.SerialNumber.Value);
rid = new RecipientIdentifier(id);
}
else
{
rid = new RecipientIdentifier(this.subjectKeyIdentifier);
}
return(new RecipientInfo(new KeyTransRecipientInfo(rid, algorithmID, new DerOctetString(str))));
}
public RecipientInfo Generate(KeyParameter contentEncryptionKey, SecureRandom random)
{
AlgorithmIdentifier keyEncryptionAlgorithm = this.AlgorithmDetails;
this.random = random;
byte[] encryptedKeyBytes = GenerateWrappedKey(contentEncryptionKey);
RecipientIdentifier recipId;
if (issuerAndSerialNumber != null)
{
recipId = new RecipientIdentifier(issuerAndSerialNumber);
}
else
{
recipId = new RecipientIdentifier(subjectKeyIdentifier);
}
return(new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncryptionAlgorithm,
new DerOctetString(encryptedKeyBytes))));
}
internal KeyTransRecipientInformation(
KeyTransRecipientInfo info,
AlgorithmIdentifier messageAlgorithm,
ICmsSecureReadable secureReadable,
IAuthAttributesProvider additionalData) : base(info.KeyEncryptionAlgorithm, messageAlgorithm, secureReadable, additionalData)
{
this.info = info;
RecipientIdentifier r = info.RecipientIdentifier;
if (r.IsTagged)
{
Asn1OctetString octs = Asn1OctetString.GetInstance(r.ID);
rid = new KeyTransRecipientID(octs.GetOctets()) as IRecipientID <RecipientInformation>;
}
else
{
IssuerAndSerialNumber iAnds = IssuerAndSerialNumber.GetInstance(r.ID);
rid = new KeyTransRecipientID(iAnds.Name, iAnds.SerialNumber.Value) as IRecipientID <RecipientInformation>;
}
}
internal RecipientInfo ToRecipientInfo(
KeyParameter key,
SecureRandom random)
{
byte[] keyBytes = key.GetKey();
if (pubKey != null)
{
IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id);
keyWrapper.Init(true, new ParametersWithRandom(pubKey, random));
Asn1OctetString encKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
RecipientIdentifier recipId;
if (cert != null)
{
TbsCertificateStructure tbs = TbsCertificateStructure.GetInstance(
Asn1Object.FromByteArray(cert.GetTbsCertificate()));
Asn1.Cms.IssuerAndSerialNumber encSid = new Asn1.Cms.IssuerAndSerialNumber(
tbs.Issuer, tbs.SerialNumber.Value);
recipId = new RecipientIdentifier(encSid);
}
else
{
recipId = new RecipientIdentifier(subKeyId);
}
return(new RecipientInfo(new KeyTransRecipientInfo(recipId, keyEncAlg, encKey)));
}
else if (originator != null)
{
IWrapper keyWrapper = Helper.CreateWrapper(
DerObjectIdentifier.GetInstance(
Asn1Sequence.GetInstance(keyEncAlg.Parameters)[0]).Id);
keyWrapper.Init(true, new ParametersWithRandom(secKey, random));
Asn1OctetString encKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
RecipientEncryptedKey rKey = new RecipientEncryptedKey(
new KeyAgreeRecipientIdentifier(
new Asn1.Cms.IssuerAndSerialNumber(
PrincipalUtilities.GetIssuerX509Principal(cert),
cert.SerialNumber)),
encKey);
return(new RecipientInfo(
new KeyAgreeRecipientInfo(originator, ukm, keyEncAlg, new DerSequence(rKey))));
}
else if (derivationAlg != null)
{
string rfc3211WrapperName = Helper.GetRfc3211WrapperName(secKeyAlgorithm);
IWrapper keyWrapper = Helper.CreateWrapper(rfc3211WrapperName);
// Note: In Java build, the IV is automatically generated in JCE layer
int ivLength = rfc3211WrapperName.StartsWith("DESEDE") ? 8 : 16;
byte[] iv = new byte[ivLength];
random.NextBytes(iv);
ICipherParameters parameters = new ParametersWithIV(secKey, iv);
keyWrapper.Init(true, new ParametersWithRandom(parameters, random));
Asn1OctetString encKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
// byte[] iv = keyWrapper.GetIV();
DerSequence seq = new DerSequence(
new DerObjectIdentifier(secKeyAlgorithm),
new DerOctetString(iv));
keyEncAlg = new AlgorithmIdentifier(PkcsObjectIdentifiers.IdAlgPwriKek, seq);
return(new RecipientInfo(new PasswordRecipientInfo(derivationAlg, keyEncAlg, encKey)));
}
else
{
IWrapper keyWrapper = Helper.CreateWrapper(keyEncAlg.ObjectID.Id);
keyWrapper.Init(true, new ParametersWithRandom(secKey, random));
Asn1OctetString encKey = new DerOctetString(
keyWrapper.Wrap(keyBytes, 0, keyBytes.Length));
return(new RecipientInfo(new KekRecipientInfo(secKeyId, keyEncAlg, encKey)));
}
}
