public static (CertPrivateKey, BcCertificate) GenerateRsaSelfSignedCertificate(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; #pragma warning disable CS0618 // Type or member is obsolete certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); #pragma warning restore CS0618 // Type or member is obsolete // Issuer and Subject Name var subjectDN = new X509Name(subjectName); var issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For var notBefore = DateTime.UtcNow.AddMonths(-1).Date; var notAfter = DateTime.UtcNow.AddMonths(1).Date; certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate var issuerKeyPair = subjectKeyPair; // selfsign certificate #pragma warning disable CS0618 // Type or member is obsolete var certificate = certificateGenerator.Generate(issuerPrivKey, random); #pragma warning restore CS0618 // Type or member is obsolete var key = new CertPrivateKey { KeyPair = subjectKeyPair, }; return(key, certificate); }
public static X509Certificate2 GenerateSelfSignedCert() { var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var certificateGenerator = new X509V3CertificateGenerator(); var serialNumber = BigIntegers.CreateRandomInRange( BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); const string signatureAlgorithm = "SHA1WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); var subjectDN = new X509Name("CN=simpletorrent"); var issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); var notBefore = DateTime.UtcNow.Date.AddHours(-24); var notAfter = notBefore.AddYears(1000); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); const int strength = 4096; var keyGenerationParameters = new KeyGenerationParameters(random, strength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); var issuerKeyPair = subjectKeyPair; var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); var store = new Pkcs12Store(); string friendlyName = certificate.SubjectDN.ToString(); var certificateEntry = new X509CertificateEntry(certificate); store.SetCertificateEntry(friendlyName, certificateEntry); store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry }); string password = "******"; var stream = new MemoryStream(); store.Save(stream, password.ToCharArray(), random); //mono bug #1660 fix -> convert to definite-length encoding byte[] pfx = Pkcs12Utilities.ConvertToDefiniteLength(stream.ToArray(), password.ToCharArray()); var convertedCertificate = new X509Certificate2( pfx, password, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable); return(convertedCertificate); }
static X509Certificate2 GenerateCertificate(string certName) { var keypairgen = new RsaKeyPairGenerator(); keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048)); var keypair = keypairgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); var CN = new X509Name("CN=" + certName); var SN = BigInteger.ProbablePrime(120, new Random()); gen.SetSerialNumber(SN); gen.SetSubjectDN(CN); gen.SetIssuerDN(CN); gen.SetNotAfter(DateTime.MaxValue); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetSignatureAlgorithm("SHA256WithRSA"); gen.SetPublicKey(keypair.Public); var newCert = gen.Generate(keypair.Private); X509Certificate2 cert = new X509Certificate2(DotNetUtilities.ToX509Certificate((Org.BouncyCastle.X509.X509Certificate)newCert)); cert.PrivateKey = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)keypair.Private); return(cert); }
public static void SelfSign(string privateKey, string csrFile) { var pk = ReadAsymmetricKeyParameter(privateKey); var PKKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pk.Private); var reader = new PemReader(File.OpenText(csrFile)); var csr = (Pkcs10CertificationRequest)(reader.ReadObject()); var csrinfo = csr.GetCertificationRequestInfo(); AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha256WithRsaEncryption); AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId); BigInteger serial = new BigInteger(128, new SecureRandom()); DateTime from = new DateTime(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day); DateTime to = from.AddYears(20); X509V3CertificateGenerator tbsGen = new X509V3CertificateGenerator(); tbsGen.SetIssuerDN(csrinfo.Subject); tbsGen.SetSerialNumber(serial); tbsGen.SetNotBefore((from)); tbsGen.SetNotAfter((to)); tbsGen.SetPublicKey(csr.GetPublicKey()); tbsGen.SetSubjectDN(csrinfo.Subject); tbsGen.SetSignatureAlgorithm("SHA256WITHRSA"); var cert = tbsGen.Generate(pk.Private); // save the TBS System.IO.File.WriteAllBytes("cert.cer", cert.GetEncoded()); }
private static X509Certificate GenerateCertificate(Org.BouncyCastle.Security.SecureRandom random, string subjectName, AsymmetricCipherKeyPair subjectKeyPair, BigInteger subjectSerialNumber, string[] subjectAlternativeNames, string issuerName, AsymmetricCipherKeyPair issuerKeyPair, BigInteger issuerSerialNumber, bool isCertificateAuthority, KeyPurposeID[] usages, int expiresIn) { var certificateGenerator = new X509V3CertificateGenerator(); certificateGenerator.SetSerialNumber(subjectSerialNumber); // Set the signature algorithm. This is used to generate the thumbprint which is then signed // with the issuer's private key. We'll use SHA-256, which is (currently) considered fairly strong. const string signatureAlgorithm = "SHA256WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); var issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); // Note: The subject can be omitted if you specify a subject alternative name (SAN). var subjectDN = new X509Name(subjectName); certificateGenerator.SetSubjectDN(subjectDN); // Our certificate needs valid from/to values. var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(expiresIn); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // The subject's public key goes in the certificate. certificateGenerator.SetPublicKey(subjectKeyPair.Public); certificateGenerator.AddAuthorityKeyIdentifier(issuerDN, issuerKeyPair, issuerSerialNumber); certificateGenerator.AddSubjectKeyIdentifier(subjectKeyPair); certificateGenerator.AddBasicConstraints(isCertificateAuthority); if (usages != null && usages.Any()) { certificateGenerator.AddExtendedKeyUsage(usages); } if (subjectAlternativeNames != null && subjectAlternativeNames.Any()) { certificateGenerator.AddSubjectAlternativeNames(subjectAlternativeNames); } // The certificate is signed with the issuer's private key. var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); return(certificate); }
/// <summary> /// Creates a new X509 certificate and returns its data in PEM format /// </summary> public string GenerateNewCertificatePEM() { var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); var certificateGenerator = new X509V3CertificateGenerator(); var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA"); var subjectDN = new X509Name("cn=Unknown"); var issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); certificateGenerator.SetNotBefore(DateTime.UtcNow.Date.AddYears(-10)); certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(50)); var keyGenerationParameters = new KeyGenerationParameters(random, 2048); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); X509Certificate cert = certificateGenerator.Generate(subjectKeyPair.Private); using (var writer = new StringWriter()) { var pemWriter = new OpenSsl.PemWriter(writer); pemWriter.WriteObject(new PemObject("CERTIFICATE", cert.GetEncoded())); pemWriter.WriteObject(subjectKeyPair.Private); return(writer.ToString()); } }
public X509Certificate2 Build() { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA"); // Issuer and Subject Name certificateGenerator.SetIssuerDN(new X509Name(_issuerName ?? _subjectName)); certificateGenerator.SetSubjectDN(new X509Name(_subjectName)); // Authority Key Identifier if (_issuer != null) { var authorityKeyIdentifier = new AuthorityKeyIdentifierStructure( DotNetUtilities.FromX509Certificate(_issuer)); certificateGenerator.AddExtension( X509Extensions.AuthorityKeyIdentifier.Id, false, authorityKeyIdentifier); } // Basic Constraints - certificate is allowed to be used as intermediate. certificateGenerator.AddExtension( X509Extensions.BasicConstraints.Id, true, new BasicConstraints(_intermediate)); // Valid For certificateGenerator.SetNotBefore(_notBefore ?? DateTime.UtcNow.Date); certificateGenerator.SetNotAfter(_notAfter ?? DateTime.UtcNow.Date.AddYears(2)); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, _keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var subjectKeyPair = keyPairGenerator.GenerateKeyPair(); var issuerKeyPair = _issuerPrivateKey == null ? subjectKeyPair : DotNetUtilities.GetKeyPair(_issuerPrivateKey); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // selfsign certificate var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); // merge into X509Certificate2 return(new X509Certificate2(certificate.GetEncoded()) { PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair) }); }
static X509Certificate2 GenerateCertificate(string certName) { var keypairgen = new RsaKeyPairGenerator(); keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024)); var keypair = keypairgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); var CN = new X509Name("CN=" + certName); var SN = BigInteger.ProbablePrime(120, new Random()); gen.SetSerialNumber(SN); gen.SetSubjectDN(CN); gen.SetIssuerDN(CN); gen.SetNotAfter(DateTime.MaxValue); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetSignatureAlgorithm("SHA256withRSA"); gen.SetPublicKey(keypair.Public); var newCert = gen.Generate(keypair.Private); return(ConvertToWindows(newCert, keypair)); // var cert = new X509Certificate2(DotNetUtilities.ToX509Certificate(newCert)); }
public static X509Certificate MakeCertificate(IAsymmetricCipherKeyPair _subKP, string _subDN, IAsymmetricCipherKeyPair _issKP, string _issDN, string algorithm, bool _ca) { IAsymmetricKeyParameter _subPub = _subKP.Public; IAsymmetricKeyParameter _issPriv = _issKP.Private; IAsymmetricKeyParameter _issPub = _issKP.Public; X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator(); _v3CertGen.Reset(); _v3CertGen.SetSerialNumber(allocateSerialNumber()); _v3CertGen.SetIssuerDN(new X509Name(_issDN)); _v3CertGen.SetNotBefore(DateTime.UtcNow); _v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100)); _v3CertGen.SetSubjectDN(new X509Name(_subDN)); _v3CertGen.SetPublicKey(_subPub); _v3CertGen.SetSignatureAlgorithm(algorithm); _v3CertGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, createSubjectKeyId(_subPub)); _v3CertGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, createAuthorityKeyId(_issPub)); _v3CertGen.AddExtension(X509Extensions.BasicConstraints, false, new BasicConstraints(_ca)); X509Certificate _cert = _v3CertGen.Generate(_issPriv); _cert.CheckValidity(DateTime.UtcNow); _cert.Verify(_issPub); return(_cert); }
public X509Certificate Build(AsymmetricKeyParameter privateKey) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); if (Issuer != null) { certGen.SetIssuerDN(Issuer); } else { certGen.SetIssuerDN(new X509Name(ord, attrs)); } certGen.SetNotBefore(NotBefore); certGen.SetNotAfter(NotAfter); if (Subject != null) { certGen.SetSubjectDN(Subject); } else { certGen.SetSubjectDN(new X509Name(ord, attrs)); } certGen.SetPublicKey(PublicKey); certGen.SetSignatureAlgorithm(SignatureAlgorithm); return(certGen.Generate(privateKey)); }
private static void Teste(AsymmetricCipherKeyPair keys) { string certSubjectName = "UShadow_RSA"; var certName = new X509Name("CN=" + certSubjectName); var serialNo = Org.BouncyCastle.Math.BigInteger.ProbablePrime(120, new Random()); X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator(); gen2.SetSerialNumber(serialNo); gen2.SetSubjectDN(certName); gen2.SetIssuerDN(new X509Name(true, "CN=UShadow")); gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0))); gen2.SetNotAfter(DateTime.Now.AddYears(2)); gen2.SetSignatureAlgorithm("sha256WithRSA"); gen2.SetPublicKey(keys.Public); Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(keys.Private); Pkcs12Store store = new Pkcs12StoreBuilder().Build(); X509CertificateEntry certEntry = new X509CertificateEntry(newCert); store.SetCertificateEntry(newCert.SubjectDN.ToString(), certEntry); AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(keys.Private); store.SetKeyEntry(newCert.SubjectDN.ToString() + "_key", keyEntry, new X509CertificateEntry[] { certEntry }); }
/// <summary> /// Generate a cert/key pair /// </summary> private void GenerateCertKeyPair() { // Generate RSA key pair RsaKeyPairGenerator r = new RsaKeyPairGenerator(); r.Init(new KeyGenerationParameters(new SecureRandom(), 2048)); keyPair = r.GenerateKeyPair(); // Generate the X509 certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X509Name dnName = new X509Name("CN=NVIDIA GameStream Client"); certGen.SetSerialNumber(BigInteger.ValueOf(DateTime.Now.Ticks / TimeSpan.TicksPerMillisecond)); certGen.SetSubjectDN(dnName); certGen.SetIssuerDN(dnName); // use the same // Expires in 20 years certGen.SetNotBefore(DateTime.Now); certGen.SetNotAfter(DateTime.Now.AddYears(20)); certGen.SetPublicKey(keyPair.Public); certGen.SetSignatureAlgorithm("SHA1withRSA"); try { cert = certGen.Generate(keyPair.Private); } catch (Exception ex) { Debug.WriteLine(ex.StackTrace); } SaveCertKeyPair(); }
public static Org.BouncyCastle.X509.X509Certificate CreateCert(String cn, AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey) { Hashtable attrs = new Hashtable(); attrs.Add(X509Name.CN, cn); ArrayList ord = new ArrayList(attrs.Keys); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, attrs)); certGen.SetNotBefore(DateTime.UtcNow.AddDays(-30)); certGen.SetNotAfter(DateTime.UtcNow.AddDays(30)); certGen.SetSubjectDN(new X509Name(ord, attrs)); certGen.SetPublicKey(pubKey); certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); Org.BouncyCastle.X509.X509Certificate cert = certGen.Generate(privKey); cert.CheckValidity(DateTime.UtcNow); cert.Verify(pubKey); return(cert); }
public static X509Certificate2 CreateCertificate(X509Name subjectDN, DateTime effectiveDate, DateTime expirationDate, AsymmetricCipherKeyPair keyPair, X509Name issuerDN = null, AsymmetricKeyParameter signingKey = null, Action <X509V3CertificateGenerator, BigInteger> extend = null) { if (issuerDN == null) { issuerDN = subjectDN; } X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); BigInteger serialNumber = CreateSerialNumber(); certGen.SetSerialNumber(serialNumber); certGen.SetIssuerDN(issuerDN); // Converted time to Universal Time so that the time set when calling Generate is the same as the time specified certGen.SetNotBefore(effectiveDate.ToUniversalTime()); certGen.SetNotAfter(expirationDate.ToUniversalTime()); certGen.SetSubjectDN(subjectDN); certGen.SetPublicKey(keyPair.Public); certGen.SetSignatureAlgorithm(SIGNATURE_ALGORITHM); extend?.Invoke(certGen, serialNumber); Org.BouncyCastle.X509.X509Certificate bcCert = certGen.Generate(signingKey ?? keyPair.Private); X509Certificate2 dotNetCert = new X509Certificate2(bcCert.GetEncoded()); return(dotNetCert); }
private MSX509.X509Certificate2 InternalGenerateCertificate(X509Name name, Usage usage, int validity, MSX509.StoreName storeName, AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey, AsymmetricKeyParameter signator) { DateTime notBefore = DateTime.Now.AddDays(-1); // Build a X509v3 certificate X509V3CertificateGenerator builder = new X509V3CertificateGenerator(); builder.SetSerialNumber(new BigInteger(GenerateSerial())); builder.SetIssuerDN(authorityName_ ?? name); builder.SetSubjectDN(name); builder.SetPublicKey(publicKey); builder.SetNotBefore(notBefore); builder.SetNotAfter(notBefore.AddDays(validity == 0 ? defaultCertificatesValidity_ : validity)); builder.SetSignatureAlgorithm("SHA1WithRSA"); // Add the extensions AddExtensions(builder, usage); // Sign the certificate X509Certificate newCertificate = builder.Generate(signator); // Create a .NET X509Certificate2 from the BouncyCastle one and put the private key into it MSX509.X509Certificate2 certificate = CreateCertificate(name, newCertificate, privateKey); // Store the certificate StoreCertificate(name, certificate, storeName); return(certificate); }
/** * Create a self signed cert for our software emulation * * @param kp * is the keypair for our certificate * @return a self signed cert for our software emulation * @throws InvalidKeyException * on error * @throws SignatureException * on error */ private X509Certificate GenerateSelfSignedSoftECCert( IAsymmetricCipherKeyPair kp, bool compress) { X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); ECPrivateKeyParameters privECKey = (ECPrivateKeyParameters)kp.Private; ECPublicKeyParameters pubECKey = (ECPublicKeyParameters)kp.Public; if (!compress) { // TODO Private key compression? //privECKey.setPointFormat("UNCOMPRESSED"); //pubECKey.setPointFormat("UNCOMPRESSED"); pubECKey = SetPublicUncompressed(pubECKey, false); } certGen.SetSignatureAlgorithm("ECDSAwithSHA1"); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name("CN=Software emul (EC Cert)")); certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50)); certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50000)); certGen.SetSubjectDN(new X509Name("CN=Software emul (EC Cert)")); certGen.SetPublicKey(pubECKey); return(certGen.Generate(privECKey)); }
/// <summary> /// https://stackoverflow.com/questions/22230745/generate-a-self-signed-certificate-on-the-fly /// </summary> /// <param name="subjectName"></param> /// <param name="subjectKeyPair"></param> /// <param name="resultKeyPair"></param> /// <returns></returns> public static X509Certificate2 GenerateCaCertificate( string subjectName, out AsymmetricCipherKeyPair resultKeyPair, AsymmetricCipherKeyPair subjectKeyPair = null) { const int keyStrength = 2048; // Generating Random Numbers CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); SecureRandom random = new SecureRandom(randomGenerator); // The Certificate Generator X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // Serial Number BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name X509Name subjectDn = new X509Name(subjectName); X509Name issuerDn = subjectDn; certificateGenerator.SetIssuerDN(issuerDn); certificateGenerator.SetSubjectDN(subjectDn); // Valid For DateTime notBefore = DateTime.UtcNow.Date; DateTime notAfter = notBefore.AddYears(100); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Generate a key pair if none was provided if (subjectKeyPair == null) { KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); } certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair; // Selfsign certificate Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded(), string.Empty, X509KeyStorageFlags.EphemeralKeySet); resultKeyPair = issuerKeyPair; return(x509); }
private static X509Certificate GenerateCertificate(X509Name subject, X509Name issuer, int iValidity, AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey, String signatureType, int keyusages, ExtendedKeyUsage extendedKeyUsages, bool isCA, int pathLenConstraint) { // Get an X509 Version 1 Certificate generator var certGen = new X509V3CertificateGenerator(); // Load the generator with generation parameters // Set the issuer distinguished name certGen.SetIssuerDN(issuer); // Valid before and after dates now to iValidity days in the future certGen.SetNotBefore(DateTime.Now); certGen.SetNotAfter(DateTime.Now.AddDays(iValidity)); // Set the subject distinguished name (same as issuer for our purposes) certGen.SetSubjectDN(subject); // Set the public key certGen.SetPublicKey(publicKey); // Set the algorithm certGen.SetSignatureAlgorithm(signatureType); // Set the serial number //read the serial number String serial = Repository.Instance.ReadSerialNumber(); var biSerial = new BigInteger(serial, Repository.SerialNumberRadix); certGen.SetSerialNumber(biSerial); certGen.AddExtension(X509Extensions.KeyUsage, false, new KeyUsage(keyusages)); if (extendedKeyUsages != null) { certGen.AddExtension(X509Extensions.ExtendedKeyUsage, false, extendedKeyUsages); } if (isCA) { certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(pathLenConstraint)); } try { // Generate an X.509 certificate, based on the current issuer and subject return(certGen.Generate(privateKey)); } // Something went wrong //catch (GeneralSecurityException ex) //{ // throw new CryptoException(ex.Message,ex); //} finally { Repository.Instance.IncrementSerial(); } }
private byte[] MakeCertificateFromCSR(string CSR, AsymmetricCipherKeyPair rootKeyPair, X509Name rootSubject) { byte[] encoded; try { Pkcs10CertificationRequest pkcs10CertificationRequest = (Pkcs10CertificationRequest)(new PemReader(new StringReader(CSR))).ReadObject(); AsymmetricKeyParameter @private = rootKeyPair.Private; AsymmetricKeyParameter @public = rootKeyPair.Public; X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator(); x509V3CertificateGenerator.Reset(); if (this.SerialNumber != -9223372036854775808L) { x509V3CertificateGenerator.SetSerialNumber(new BigInteger(this.SerialNumber.ToString())); } else { DateTime now = DateTime.Now; x509V3CertificateGenerator.SetSerialNumber(new BigInteger(128, new Random(now.Millisecond + Environment.TickCount))); } x509V3CertificateGenerator.SetIssuerDN(rootSubject); x509V3CertificateGenerator.SetNotBefore(this.ValidFrom.ToUniversalTime()); x509V3CertificateGenerator.SetNotAfter(this.ValidTo.ToUniversalTime()); x509V3CertificateGenerator.SetSubjectDN(pkcs10CertificationRequest.GetCertificationRequestInfo().Subject); x509V3CertificateGenerator.SetPublicKey(pkcs10CertificationRequest.GetPublicKey()); x509V3CertificateGenerator.SetSignatureAlgorithm(string.Concat(this.SignatureAlgorithm.ToString(), "Encryption")); x509V3CertificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pkcs10CertificationRequest.GetPublicKey()))); x509V3CertificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(@public))); int extensionType = 0; Asn1EncodableVector asn1EncodableVectors = new Asn1EncodableVector(new Asn1Encodable[0]); foreach (ExtensionInfo extension in this.Extensions.extensionInfo) { if (!extension.ExtendedKeyUsage) { extensionType |= (int)extension.ExtensionType; } if (!extension.ExtendedKeyUsage) { continue; } asn1EncodableVectors.Add(new Asn1Encodable[] { (Asn1Encodable)extension.ExtensionType }); } if (extensionType != 0) { x509V3CertificateGenerator.AddExtension(X509Extensions.KeyUsage, this.Extensions.KeyUsageIsCritical, new KeyUsage(extensionType)); } if (asn1EncodableVectors.Count > 0) { x509V3CertificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, this.Extensions.EnhancedKeyUsageIsCritical, ExtendedKeyUsage.GetInstance(new DerSequence(asn1EncodableVectors))); } X509Certificate x509Certificate = x509V3CertificateGenerator.Generate(@private, this.GetSecureRandom()); x509Certificate.Verify(@public); encoded = x509Certificate.GetEncoded(); } catch { throw; } return(encoded); }
internal static CertContainer IssueSignerCertificate(X509Name dnName, int keySize = DefaultKeySize) { CertContainer issuerCert = IntermediateCa; RsaKeyPairGenerator keyPairGen = new RsaKeyPairGenerator(); keyPairGen.Init(new KeyGenerationParameters(_secureRandom, keySize)); AsymmetricCipherKeyPair keyPair = keyPairGen.GenerateKeyPair(); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(issuerCert.Certificate.SubjectDN); certGen.SetNotBefore(DateTime.Now); certGen.SetNotAfter(DateTime.Now.AddYears(1)); certGen.SetSubjectDN(dnName); certGen.SetPublicKey(keyPair.Public); certGen.SetSignatureAlgorithm("SHA256withRSA"); certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerCert.Certificate.GetPublicKey())); certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(X509KeyUsage.NonRepudiation | X509KeyUsage.DigitalSignature)); certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.Public)); certGen.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.IdKPClientAuth)); // Add CRL endpoint Uri currentBaseUri = new Uri("https://localhost/"); Uri crlUri = new Uri(currentBaseUri, IntermediateCrlPath); GeneralName generalName = new GeneralName(GeneralName.UniformResourceIdentifier, crlUri.ToString()); GeneralNames generalNames = new GeneralNames(generalName); DistributionPointName distPointName = new DistributionPointName(generalNames); DistributionPoint distPoint = new DistributionPoint(distPointName, null, null); certGen.AddExtension(X509Extensions.CrlDistributionPoints, false, new CrlDistPoint(new DistributionPoint[] { distPoint })); // Add OCSP endpoint Uri ocspUri = new Uri(currentBaseUri, OcspPath); AccessDescription ocsp = new AccessDescription(AccessDescription.IdADOcsp, new GeneralName(GeneralName.UniformResourceIdentifier, ocspUri.ToString())); Asn1EncodableVector aiaASN = new Asn1EncodableVector(); aiaASN.Add(ocsp); certGen.AddExtension(X509Extensions.AuthorityInfoAccess, false, new DerSequence(aiaASN)); X509Certificate generatedCert = certGen.Generate(issuerCert.PrivateKey); Pkcs12StoreBuilder pfxBuilder = new Pkcs12StoreBuilder(); Pkcs12Store pfxStore = pfxBuilder.Build(); X509CertificateEntry certEntry = new X509CertificateEntry(generatedCert); pfxStore.SetCertificateEntry(generatedCert.SubjectDN.ToString(), certEntry); pfxStore.SetKeyEntry(generatedCert.SubjectDN + "_key", new AsymmetricKeyEntry(keyPair.Private), new X509CertificateEntry[] { certEntry }); return(new CertContainer(pfxStore, issuerCert.GetIssuerChain(true))); }
public static X509Certificate2 ToX509Certtificate(this JsonWebKey publicKey) { if (publicKey.Kty != "RSA") { throw new NotImplementedException(); } var kpgen = new RsaKeyPairGenerator(); // certificate strength 1024 bits kpgen.Init(new KeyGenerationParameters( new SecureRandom(new CryptoApiRandomGenerator()), 1024)); var gen = new X509V3CertificateGenerator(); var certName = new X509Name("CN=IdentityServer"); var serialNo = BigInteger.ProbablePrime(120, new Random()); gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotAfter(DateTime.Now.AddYears(100)); gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0))); gen.SetSignatureAlgorithm("SHA1withRSA"); var publicKeyParameters = new RsaKeyParameters(false, new BigInteger(1, Convert.FromBase64String(publicKey.N)), new BigInteger(1, Convert.FromBase64String(publicKey.E))); gen.SetPublicKey(publicKeyParameters); gen.AddExtension( X509Extensions.AuthorityKeyIdentifier.Id, false, new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKeyParameters), new GeneralNames(new GeneralName(certName)), serialNo)); /* * 1.3.6.1.5.5.7.3.1 - id_kp_serverAuth * 1.3.6.1.5.5.7.3.2 - id_kp_clientAuth * 1.3.6.1.5.5.7.3.3 - id_kp_codeSigning * 1.3.6.1.5.5.7.3.4 - id_kp_emailProtection * 1.3.6.1.5.5.7.3.5 - id-kp-ipsecEndSystem * 1.3.6.1.5.5.7.3.6 - id-kp-ipsecTunnel * 1.3.6.1.5.5.7.3.7 - id-kp-ipsecUser * 1.3.6.1.5.5.7.3.8 - id_kp_timeStamping * 1.3.6.1.5.5.7.3.9 - OCSPSigning */ gen.AddExtension( X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth)); var newCert = gen.Generate(kpgen.GenerateKeyPair().Private); var certificate = new X509Certificate2(newCert.GetEncoded()); certificate.SetKeyId(publicKey.Kid); return(certificate); }
private X509Certificate2 GenerateCertificateWithFields(string certificate, string company, string email, string state, string locality, string username, string country) { X509Certificate2 cert = null; try { var kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048)); var kp = kpgen.GenerateKeyPair(); var gen = new X509V3CertificateGenerator(); var certName = new X509Name("CN=" + certificate); var issuer = new X509Name("C=" + country + ",O=" + company + ",OU=LBC Mundial Corp.USA,E=" + email + ",L=" + locality + ",ST=" + state); var serialNo = BigInteger.ProbablePrime(120, new Random()); gen.SetSerialNumber(serialNo); gen.SetSubjectDN(certName); gen.SetIssuerDN(issuer); gen.SetNotAfter(DateTime.Now.AddYears(50)); gen.SetNotBefore(DateTime.Now); gen.SetSignatureAlgorithm("MD5WithRSA"); gen.SetPublicKey(kp.Public); gen.AddExtension( X509Extensions.AuthorityKeyIdentifier.Id, false, new AuthorityKeyIdentifier( SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public), new GeneralNames(new GeneralName(certName)), serialNo)); gen.AddExtension( X509Extensions.ExtendedKeyUsage.Id, false, new ExtendedKeyUsage(new ArrayList() { new DerObjectIdentifier("1.3.6.1.5.5.7.3.1") })); var newCert = gen.Generate(kp.Private); byte[] pfx = DotNetUtilities.ToX509Certificate(newCert).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert, (string)null); X509Store store = new X509Store((StoreName)StoreName.TrustedPeople, (StoreLocation)StoreLocation.LocalMachine); store.Open(OpenFlags.ReadWrite); cert = new X509Certificate2(pfx, (string)null, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet); File.WriteAllText("c:\\Certificate.cer", "-----BEGIN CERTIFICATE-----\r\n" + Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks) + "\r\n-----END CERTIFICATE-----"); store.Add(cert); store.Close(); } catch (Exception ex) { textBox9.Text = "Ошибка генерации сертификата"; return(null); } return(cert); }
public static X509Certificate2 GenerateCACertificate(string subjectName, ref AsymmetricKeyParameter CaPrivateKey) { const int keyStrength = 2048; // Generating Random Numbers CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator(); SecureRandom random = new SecureRandom(randomGenerator); // The Certificate Generator X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator(); // Serial Number BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name X509Name subjectDN = new X509Name(subjectName); X509Name issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For DateTime notBefore = DateTime.UtcNow.Date; DateTime notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair; // selfsign certificate Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); CaPrivateKey = issuerKeyPair.Private; return(x509); //return issuerKeyPair.Private; }
/** * TrustAnchor's Cert */ private X509Certificate CreateTrustCert( AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey) { string issuer = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor"; string subject = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor"; v3CertGen.SetSerialNumber(BigInteger.ValueOf(10)); v3CertGen.SetIssuerDN(new X509Name(issuer)); v3CertGen.SetNotBefore(DateTime.UtcNow.AddDays(-30)); v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(30)); v3CertGen.SetSubjectDN(new X509Name(subject)); v3CertGen.SetPublicKey(pubKey); v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption"); X509Certificate cert = v3CertGen.Generate(privKey); return(cert); }
public static AsymmetricKeyParameter GenerateCACertificate(string subjectName, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name var subjectDN = new X509Name(subjectName); var issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate var issuerKeyPair = subjectKeyPair; // selfsign certificate var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded()); // Add CA certificate to Root store addCertToStore(x509, StoreName.Root, StoreLocation.CurrentUser); return(issuerKeyPair.Private); }
public static byte[] GenerateDsaCertificateAsPkcs12( string friendlyName, string subjectName, string country, System.DateTime validStartDate, System.DateTime validEndDate, string password, Org.BouncyCastle.X509.X509Certificate caCert, Org.BouncyCastle.Crypto.AsymmetricKeyParameter caPrivateKey) { Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keys = GenerateDsaKeys(); #region build certificate X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); // build name attributes System.Collections.ArrayList nameOids = new System.Collections.ArrayList(); nameOids.Add(Org.BouncyCastle.Asn1.X509.X509Name.CN); nameOids.Add(X509Name.O); nameOids.Add(X509Name.C); System.Collections.ArrayList nameValues = new System.Collections.ArrayList(); nameValues.Add(friendlyName); nameValues.Add(subjectName); nameValues.Add(country); X509Name subjectDN = new X509Name(nameOids, nameValues); // certificate fields certGen.SetSerialNumber(Org.BouncyCastle.Math.BigInteger.ValueOf(1)); certGen.SetIssuerDN(caCert.SubjectDN); certGen.SetNotBefore(validStartDate); certGen.SetNotAfter(validEndDate); certGen.SetSubjectDN(subjectDN); certGen.SetPublicKey(keys.Public); certGen.SetSignatureAlgorithm("SHA1withDSA"); // extended information certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.GetPublicKey())); certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keys.Public)); #endregion // generate x509 certificate X509Certificate cert = certGen.Generate(caPrivateKey); //ert.Verify(caCert.GetPublicKey()); System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate> chain = new System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate>(); //chain.Add("CertiFirmas CA", caCert); // string caCn = caCert.SubjectDN.GetValues(X509Name.CN)[0].ToString(); string caCn = caCert.SubjectDN.GetValueList(X509Name.CN)[0].ToString(); chain.Add(caCn, caCert); // store the file return(GeneratePkcs12(keys, cert, friendlyName, password, chain)); }
private static X509Certificate2 GenerateCACertificate(string subjectName, ref AsymmetricKeyParameter asymmetricKeyParameter) { const int keyStrength = 2048; // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(int.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA256WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name var subjectDN = new X509Name(subjectName); var issuerDN = subjectDN; certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddYears(2); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); var asymmetricCipherKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(asymmetricCipherKeyPair.Public); // Generating the Certificate var issuerKeyPair = asymmetricCipherKeyPair; // self-sign certificate var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random); var x509 = new X509Certificate2(certificate.GetEncoded()); asymmetricKeyParameter = issuerKeyPair.Private; return(x509); }
public static byte[] toto(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048) { // Generating Random Numbers var randomGenerator = new CryptoApiRandomGenerator(); var random = new SecureRandom(randomGenerator); // The Certificate Generator var certificateGenerator = new X509V3CertificateGenerator(); // Serial Number var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random); certificateGenerator.SetSerialNumber(serialNumber); // Signature Algorithm const string signatureAlgorithm = "SHA1WithRSA"; certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm); // Issuer and Subject Name var subjectDN = new X509Name(subjectName); var issuerDN = new X509Name(issuerName); certificateGenerator.SetIssuerDN(issuerDN); certificateGenerator.SetSubjectDN(subjectDN); // Valid For var notBefore = DateTime.UtcNow.Date; var notAfter = notBefore.AddDays(5); certificateGenerator.SetNotBefore(notBefore); certificateGenerator.SetNotAfter(notAfter); // Subject Public Key AsymmetricCipherKeyPair subjectKeyPair; var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength); var keyPairGenerator = new RsaKeyPairGenerator(); keyPairGenerator.Init(keyGenerationParameters); subjectKeyPair = keyPairGenerator.GenerateKeyPair(); certificateGenerator.SetPublicKey(subjectKeyPair.Public); // Generating the Certificate var issuerKeyPair = subjectKeyPair; // selfsign certificate var certificate = certificateGenerator.Generate(subjectKeyPair.Private, random); // correcponding private key PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private); return(certificate.GetEncoded()); }
/// <summary> /// Creates X509 v3 certificate in PKCS12 file format. /// </summary> /// <param name="cn">Common name "CN" value.</param> /// <param name="password">Private key password.</param> /// <returns>Returns new X509 v3 certificate in PKCS12 file(.p12 or .pfx) format.</returns> /// <exception cref="ArgumentNullException">Is raised when <b>cn</b> or <b>password</b> is null reference.</exception> public static byte[] CreateCertificate(string cn, string password) { if (cn == null) { throw new ArgumentNullException("cn"); } if (password == null) { throw new ArgumentNullException("password"); } RsaKeyPairGenerator kpgen = new RsaKeyPairGenerator(); kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024)); AsymmetricCipherKeyPair kp = kpgen.GenerateKeyPair(); BigInteger serial = BigInteger.ProbablePrime(120, new Random()); X509Name certName = new X509Name("CN=" + cn); X509V3CertificateGenerator gen = new X509V3CertificateGenerator(); gen.SetSerialNumber(serial); gen.SetSubjectDN(certName); gen.SetIssuerDN(certName); gen.SetNotBefore(DateTime.UtcNow.AddDays(-2)); gen.SetNotAfter(DateTime.UtcNow.AddYears(5)); gen.SetSignatureAlgorithm("MD5WithRSAEncryption"); gen.SetPublicKey(kp.Public); /* * gen.AddExtension( * X509Extensions.AuthorityKeyIdentifier.Id, * false, * new AuthorityKeyIdentifier( * SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public), * new GeneralNames(new GeneralName(certName)), * serial * ));*/ gen.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth, KeyPurposeID.AnyExtendedKeyUsage)); X509Certificate cert = gen.Generate(kp.Private); X509CertificateEntry certEntry = new X509CertificateEntry(cert); Pkcs12Store newStore = new Pkcs12Store(); newStore.SetCertificateEntry(cn, certEntry); newStore.SetKeyEntry(cn, new AsymmetricKeyEntry(kp.Private), new[] { new X509CertificateEntry(cert) }); MemoryStream retVal = new MemoryStream(); newStore.Save(retVal, password.ToCharArray(), new SecureRandom(new CryptoApiRandomGenerator())); return(retVal.ToArray()); }
private X509Certificate2 signAndMerge(X509V3CertificateGenerator generator, SecureRandom random, AsymmetricKeyParameter keyParameter) { // Signature Algorithm generator.SetSignatureAlgorithm(algorithm); // selfsign certificate var certificate = generator.Generate(keyParameter, random); // merge into X509Certificate2 return(new X509Certificate2(certificate.GetEncoded(), "", X509KeyStorageFlags.Exportable)); }
public void TestCreationRSA() { IBigInteger rsaPubMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt")); IBigInteger rsaPubExp = new BigInteger(Base64.Decode("EQ==")); IBigInteger rsaPrivMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt")); IBigInteger rsaPrivDP = new BigInteger(Base64.Decode("JXzfzG5v+HtLJIZqYMUefJfFLu8DPuJGaLD6lI3cZ0babWZ/oPGoJa5iHpX4Ul/7l3s1PFsuy1GhzCdOdlfRcQ==")); IBigInteger rsaPrivDQ = new BigInteger(Base64.Decode("YNdJhw3cn0gBoVmMIFRZzflPDNthBiWy/dUMSRfJCxoZjSnr1gysZHK01HteV1YYNGcwPdr3j4FbOfri5c6DUQ==")); IBigInteger rsaPrivExp = new BigInteger(Base64.Decode("DxFAOhDajr00rBjqX+7nyZ/9sHWRCCp9WEN5wCsFiWVRPtdB+NeLcou7mWXwf1Y+8xNgmmh//fPV45G2dsyBeZbXeJwB7bzx9NMEAfedchyOwjR8PYdjK3NpTLKtZlEJ6Jkh4QihrXpZMO4fKZWUm9bid3+lmiq43FwW+Hof8/E=")); IBigInteger rsaPrivP = new BigInteger(Base64.Decode("AJ9StyTVW+AL/1s7RBtFwZGFBgd3zctBqzzwKPda6LbtIFDznmwDCqAlIQH9X14X7UPLokCDhuAa76OnDXb1OiE=")); IBigInteger rsaPrivQ = new BigInteger(Base64.Decode("AM3JfD79dNJ5A3beScSzPtWxx/tSLi0QHFtkuhtSizeXdkv5FSba7lVzwEOGKHmW829bRoNxThDy4ds1IihW1w0=")); IBigInteger rsaPrivQinv = new BigInteger(Base64.Decode("Lt0g7wrsNsQxuDdB8q/rH8fSFeBXMGLtCIqfOec1j7FEIuYA/ACiRDgXkHa0WgN7nLXSjHoy630wC5Toq8vvUg==")); RsaKeyParameters rsaPublic = new RsaKeyParameters(false, rsaPubMod, rsaPubExp); RsaPrivateCrtKeyParameters rsaPrivate = new RsaPrivateCrtKeyParameters(rsaPrivMod, rsaPubExp, rsaPrivExp, rsaPrivP, rsaPrivQ, rsaPrivDP, rsaPrivDQ, rsaPrivQinv); IDictionary attrs = new Hashtable(); attrs[X509Name.C] = "AU"; attrs[X509Name.O] = "The Legion of the Bouncy Castle"; attrs[X509Name.L] = "Melbourne"; attrs[X509Name.ST] = "Victoria"; attrs[X509Name.E] = "*****@*****.**"; IList ord = new ArrayList(); ord.Add(X509Name.C); ord.Add(X509Name.O); ord.Add(X509Name.L); ord.Add(X509Name.ST); ord.Add(X509Name.E); IList values = new ArrayList(); values.Add("AU"); values.Add("The Legion of the Bouncy Castle"); values.Add("Melbourne"); values.Add("Victoria"); values.Add("*****@*****.**"); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, attrs)); certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1)); certGen.SetNotAfter(DateTime.UtcNow.AddDays(1)); certGen.SetSubjectDN(new X509Name(ord, attrs)); certGen.SetPublicKey(rsaPublic); certGen.SetSignatureAlgorithm("MD5WithRSAEncryption"); X509Certificate cert = certGen.Generate(rsaPrivate); // Assert.IsTrue((cert.IsValidNow && cert.Verify(rsaPublic)),"Certificate failed to be valid (RSA)"); cert.CheckValidity(); cert.Verify(rsaPublic); //Console.WriteLine(ASN1Dump.DumpAsString(cert.ToAsn1Object())); ISet dummySet = cert.GetNonCriticalExtensionOids(); if (dummySet != null) { foreach (string key in dummySet) { Console.WriteLine("\t{0}:\t{1}", key); } } Console.WriteLine(); dummySet = cert.GetNonCriticalExtensionOids(); if (dummySet != null) { foreach (string key in dummySet) { Console.WriteLine("\t{0}:\t{1}", key); } } Console.WriteLine(); }
public void TestCreationECDSA() { IBigInteger ECParraGX = new BigInteger(Base64.Decode("D/qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqv")); IBigInteger ECParraGY = new BigInteger(Base64.Decode("AhQXGxb1olGRv6s1LPRfuatMF+cx3ZTGgzSE/Q5R")); IBigInteger ECParraH = new BigInteger(Base64.Decode("AQ==")); IBigInteger ECParraN = new BigInteger(Base64.Decode("f///////////////f///nl6an12QcfvRUiaIkJ0L")); IBigInteger ECPubQX = new BigInteger(Base64.Decode("HWWi17Yb+Bm3PYr/DMjLOYNFhyOwX1QY7ZvqqM+l")); IBigInteger ECPubQY = new BigInteger(Base64.Decode("JrlJfxu3WGhqwtL/55BOs/wsUeiDFsvXcGhB8DGx")); IBigInteger ECPrivD = new BigInteger(Base64.Decode("GYQmd/NF1B+He1iMkWt3by2Az6Eu07t0ynJ4YCAo")); FPCurve curve = new FPCurve( new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b ECDomainParameters ecDomain = new ECDomainParameters(curve, new FPPoint(curve, curve.FromBigInteger(ECParraGX), curve.FromBigInteger(ECParraGY)), ECParraN); ECPublicKeyParameters ecPub = new ECPublicKeyParameters( "ECDSA", new FPPoint(curve, curve.FromBigInteger(ECPubQX), curve.FromBigInteger(ECPubQY)), ecDomain); ECPrivateKeyParameters ecPriv = new ECPrivateKeyParameters("ECDSA", ECPrivD, ecDomain); IDictionary attrs = new Hashtable(); attrs[X509Name.C] = "AU"; attrs[X509Name.O] = "The Legion of the Bouncy Castle"; attrs[X509Name.L] = "Melbourne"; attrs[X509Name.ST] = "Victoria"; attrs[X509Name.E] = "*****@*****.**"; IList ord = new ArrayList(); ord.Add(X509Name.C); ord.Add(X509Name.O); ord.Add(X509Name.L); ord.Add(X509Name.ST); ord.Add(X509Name.E); IList values = new ArrayList(); values.Add("AU"); values.Add("The Legion of the Bouncy Castle"); values.Add("Melbourne"); values.Add("Victoria"); values.Add("*****@*****.**"); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, attrs)); certGen.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0))); certGen.SetNotAfter(DateTime.Today.AddDays(1)); certGen.SetSubjectDN(new X509Name(ord, attrs)); certGen.SetPublicKey(ecPub); certGen.SetSignatureAlgorithm("SHA1WITHECDSA"); X509Certificate cert = certGen.Generate(ecPriv); // Assert.IsTrue((cert.IsValidNow && cert.Verify(ecPub)), "Certificate failed to be valid (ECDSA)"); cert.CheckValidity(); cert.Verify(ecPub); ISet dummySet = cert.GetNonCriticalExtensionOids(); if (dummySet != null) { foreach (string key in dummySet) { Console.WriteLine("\t{0}:\t{1}", key); } } Console.WriteLine(); dummySet = cert.GetNonCriticalExtensionOids(); if (dummySet != null) { foreach (string key in dummySet) { Console.WriteLine("\t{0}:\t{1}", key); } } Console.WriteLine(); }
public void TestCreationDSA() { IBigInteger DSAParaG = new BigInteger(Base64.Decode("AL0fxOTq10OHFbCf8YldyGembqEu08EDVzxyLL29Zn/t4It661YNol1rnhPIs+cirw+yf9zeCe+KL1IbZ/qIMZM=")); IBigInteger DSAParaP = new BigInteger(Base64.Decode("AM2b/UeQA+ovv3dL05wlDHEKJ+qhnJBsRT5OB9WuyRC830G79y0R8wuq8jyIYWCYcTn1TeqVPWqiTv6oAoiEeOs=")); IBigInteger DSAParaQ = new BigInteger(Base64.Decode("AIlJT7mcKL6SUBMmvm24zX1EvjNx")); IBigInteger DSAPublicY = new BigInteger(Base64.Decode("TtWy2GuT9yGBWOHi1/EpCDa/bWJCk2+yAdr56rAcqP0eHGkMnA9s9GJD2nGU8sFjNHm55swpn6JQb8q0agrCfw==")); IBigInteger DsaPrivateX = new BigInteger(Base64.Decode("MMpBAxNlv7eYfxLTZ2BItJeD31A=")); DsaParameters para = new DsaParameters(DSAParaP, DSAParaQ, DSAParaG); DsaPrivateKeyParameters dsaPriv = new DsaPrivateKeyParameters(DsaPrivateX, para); DsaPublicKeyParameters dsaPub = new DsaPublicKeyParameters(DSAPublicY, para); IDictionary attrs = new Hashtable(); attrs[X509Name.C] = "AU"; attrs[X509Name.O] = "The Legion of the Bouncy Castle"; attrs[X509Name.L] = "Melbourne"; attrs[X509Name.ST] = "Victoria"; attrs[X509Name.E] = "*****@*****.**"; IList ord = new ArrayList(); ord.Add(X509Name.C); ord.Add(X509Name.O); ord.Add(X509Name.L); ord.Add(X509Name.ST); ord.Add(X509Name.E); IList values = new ArrayList(); values.Add("AU"); values.Add("The Legion of the Bouncy Castle"); values.Add("Melbourne"); values.Add("Victoria"); values.Add("*****@*****.**"); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.SetSerialNumber(BigInteger.One); certGen.SetIssuerDN(new X509Name(ord, attrs)); certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1)); certGen.SetNotAfter(DateTime.UtcNow.AddDays(1)); certGen.SetSubjectDN(new X509Name(ord, attrs)); certGen.SetPublicKey(dsaPub); certGen.SetSignatureAlgorithm("SHA1WITHDSA"); X509Certificate cert = certGen.Generate(dsaPriv); // Assert.IsTrue((cert.IsValidNow && cert.Verify(dsaPub)), "Certificate failed to be valid (DSA Test)"); cert.CheckValidity(); cert.Verify(dsaPub); ISet dummySet = cert.GetNonCriticalExtensionOids(); if (dummySet != null) { foreach (string key in dummySet) { Console.WriteLine("\t{0}:\t{1}", key); } } Console.WriteLine(); dummySet = cert.GetNonCriticalExtensionOids(); if (dummySet != null) { foreach (string key in dummySet) { Console.WriteLine("\t{0}:\t{1}", key); } } Console.WriteLine(); }