public static (CertPrivateKey, BcCertificate) GenerateRsaSelfSignedCertificate(string subjectName,
string issuerName,
AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber =
BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
#pragma warning disable CS0618 // Type or member is obsolete
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
#pragma warning restore CS0618 // Type or member is obsolete
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.AddMonths(-1).Date;
var notAfter = DateTime.UtcNow.AddMonths(1).Date;
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
#pragma warning disable CS0618 // Type or member is obsolete
var certificate = certificateGenerator.Generate(issuerPrivKey, random);
#pragma warning restore CS0618 // Type or member is obsolete
var key = new CertPrivateKey
{
KeyPair = subjectKeyPair,
};
return(key, certificate);
}
public static X509Certificate2 GenerateSelfSignedCert()
{
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var certificateGenerator = new X509V3CertificateGenerator();
var serialNumber =
BigIntegers.CreateRandomInRange(
BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
const string signatureAlgorithm = "SHA1WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
var subjectDN = new X509Name("CN=simpletorrent");
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
var notBefore = DateTime.UtcNow.Date.AddHours(-24);
var notAfter = notBefore.AddYears(1000);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
const int strength = 4096;
var keyGenerationParameters = new KeyGenerationParameters(random, strength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
var issuerKeyPair = subjectKeyPair;
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
var store = new Pkcs12Store();
string friendlyName = certificate.SubjectDN.ToString();
var certificateEntry = new X509CertificateEntry(certificate);
store.SetCertificateEntry(friendlyName, certificateEntry);
store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry });
string password = "******";
var stream = new MemoryStream();
store.Save(stream, password.ToCharArray(), random);
//mono bug #1660 fix -> convert to definite-length encoding
byte[] pfx = Pkcs12Utilities.ConvertToDefiniteLength(stream.ToArray(), password.ToCharArray());
var convertedCertificate =
new X509Certificate2(
pfx, password,
X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
return(convertedCertificate);
}
static X509Certificate2 GenerateCertificate(string certName)
{
var keypairgen = new RsaKeyPairGenerator();
keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));
var keypair = keypairgen.GenerateKeyPair();
var gen = new X509V3CertificateGenerator();
var CN = new X509Name("CN=" + certName);
var SN = BigInteger.ProbablePrime(120, new Random());
gen.SetSerialNumber(SN);
gen.SetSubjectDN(CN);
gen.SetIssuerDN(CN);
gen.SetNotAfter(DateTime.MaxValue);
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetSignatureAlgorithm("SHA256WithRSA");
gen.SetPublicKey(keypair.Public);
var newCert = gen.Generate(keypair.Private);
X509Certificate2 cert = new X509Certificate2(DotNetUtilities.ToX509Certificate((Org.BouncyCastle.X509.X509Certificate)newCert));
cert.PrivateKey = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)keypair.Private);
return(cert);
}
public static void SelfSign(string privateKey, string csrFile)
{
var pk = ReadAsymmetricKeyParameter(privateKey);
var PKKeyInfo = PrivateKeyInfoFactory.CreatePrivateKeyInfo(pk.Private);
var reader = new PemReader(File.OpenText(csrFile));
var csr = (Pkcs10CertificationRequest)(reader.ReadObject());
var csrinfo = csr.GetCertificationRequestInfo();
AlgorithmIdentifier sigAlgId = new AlgorithmIdentifier(PkcsObjectIdentifiers.Sha256WithRsaEncryption);
AlgorithmIdentifier digAlgId = new DefaultDigestAlgorithmIdentifierFinder().find(sigAlgId);
BigInteger serial = new BigInteger(128, new SecureRandom());
DateTime from = new DateTime(DateTime.Now.Year, DateTime.Now.Month, DateTime.Now.Day);
DateTime to = from.AddYears(20);
X509V3CertificateGenerator tbsGen = new X509V3CertificateGenerator();
tbsGen.SetIssuerDN(csrinfo.Subject);
tbsGen.SetSerialNumber(serial);
tbsGen.SetNotBefore((from));
tbsGen.SetNotAfter((to));
tbsGen.SetPublicKey(csr.GetPublicKey());
tbsGen.SetSubjectDN(csrinfo.Subject);
tbsGen.SetSignatureAlgorithm("SHA256WITHRSA");
var cert = tbsGen.Generate(pk.Private);
// save the TBS
System.IO.File.WriteAllBytes("cert.cer", cert.GetEncoded());
}
private static X509Certificate GenerateCertificate(Org.BouncyCastle.Security.SecureRandom random,
string subjectName,
AsymmetricCipherKeyPair subjectKeyPair,
BigInteger subjectSerialNumber,
string[] subjectAlternativeNames,
string issuerName,
AsymmetricCipherKeyPair issuerKeyPair,
BigInteger issuerSerialNumber,
bool isCertificateAuthority,
KeyPurposeID[] usages,
int expiresIn)
{
var certificateGenerator = new X509V3CertificateGenerator();
certificateGenerator.SetSerialNumber(subjectSerialNumber);
// Set the signature algorithm. This is used to generate the thumbprint which is then signed
// with the issuer's private key. We'll use SHA-256, which is (currently) considered fairly strong.
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
var issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
// Note: The subject can be omitted if you specify a subject alternative name (SAN).
var subjectDN = new X509Name(subjectName);
certificateGenerator.SetSubjectDN(subjectDN);
// Our certificate needs valid from/to values.
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(expiresIn);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// The subject's public key goes in the certificate.
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
certificateGenerator.AddAuthorityKeyIdentifier(issuerDN, issuerKeyPair, issuerSerialNumber);
certificateGenerator.AddSubjectKeyIdentifier(subjectKeyPair);
certificateGenerator.AddBasicConstraints(isCertificateAuthority);
if (usages != null && usages.Any())
{
certificateGenerator.AddExtendedKeyUsage(usages);
}
if (subjectAlternativeNames != null && subjectAlternativeNames.Any())
{
certificateGenerator.AddSubjectAlternativeNames(subjectAlternativeNames);
}
// The certificate is signed with the issuer's private key.
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
return(certificate);
}
/// <summary>
/// Creates a new X509 certificate and returns its data in PEM format
/// </summary>
public string GenerateNewCertificatePEM()
{
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var certificateGenerator = new X509V3CertificateGenerator();
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA");
var subjectDN = new X509Name("cn=Unknown");
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
certificateGenerator.SetNotBefore(DateTime.UtcNow.Date.AddYears(-10));
certificateGenerator.SetNotAfter(DateTime.UtcNow.Date.AddYears(50));
var keyGenerationParameters = new KeyGenerationParameters(random, 2048);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
X509Certificate cert = certificateGenerator.Generate(subjectKeyPair.Private);
using (var writer = new StringWriter())
{
var pemWriter = new OpenSsl.PemWriter(writer);
pemWriter.WriteObject(new PemObject("CERTIFICATE", cert.GetEncoded()));
pemWriter.WriteObject(subjectKeyPair.Private);
return(writer.ToString());
}
}
public X509Certificate2 Build()
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
certificateGenerator.SetSignatureAlgorithm("SHA256WithRSA");
// Issuer and Subject Name
certificateGenerator.SetIssuerDN(new X509Name(_issuerName ?? _subjectName));
certificateGenerator.SetSubjectDN(new X509Name(_subjectName));
// Authority Key Identifier
if (_issuer != null)
{
var authorityKeyIdentifier = new AuthorityKeyIdentifierStructure(
DotNetUtilities.FromX509Certificate(_issuer));
certificateGenerator.AddExtension(
X509Extensions.AuthorityKeyIdentifier.Id, false, authorityKeyIdentifier);
}
// Basic Constraints - certificate is allowed to be used as intermediate.
certificateGenerator.AddExtension(
X509Extensions.BasicConstraints.Id, true, new BasicConstraints(_intermediate));
// Valid For
certificateGenerator.SetNotBefore(_notBefore ?? DateTime.UtcNow.Date);
certificateGenerator.SetNotAfter(_notAfter ?? DateTime.UtcNow.Date.AddYears(2));
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, _keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
var issuerKeyPair = _issuerPrivateKey == null
? subjectKeyPair
: DotNetUtilities.GetKeyPair(_issuerPrivateKey);
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// selfsign certificate
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
// merge into X509Certificate2
return(new X509Certificate2(certificate.GetEncoded())
{
PrivateKey = ConvertToRsaPrivateKey(subjectKeyPair)
});
}
static X509Certificate2 GenerateCertificate(string certName)
{
var keypairgen = new RsaKeyPairGenerator();
keypairgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var keypair = keypairgen.GenerateKeyPair();
var gen = new X509V3CertificateGenerator();
var CN = new X509Name("CN=" + certName);
var SN = BigInteger.ProbablePrime(120, new Random());
gen.SetSerialNumber(SN);
gen.SetSubjectDN(CN);
gen.SetIssuerDN(CN);
gen.SetNotAfter(DateTime.MaxValue);
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetSignatureAlgorithm("SHA256withRSA");
gen.SetPublicKey(keypair.Public);
var newCert = gen.Generate(keypair.Private);
return(ConvertToWindows(newCert, keypair));
// var cert = new X509Certificate2(DotNetUtilities.ToX509Certificate(newCert));
}
public static X509Certificate MakeCertificate(IAsymmetricCipherKeyPair _subKP,
string _subDN, IAsymmetricCipherKeyPair _issKP, string _issDN, string algorithm, bool _ca)
{
IAsymmetricKeyParameter _subPub = _subKP.Public;
IAsymmetricKeyParameter _issPriv = _issKP.Private;
IAsymmetricKeyParameter _issPub = _issKP.Public;
X509V3CertificateGenerator _v3CertGen = new X509V3CertificateGenerator();
_v3CertGen.Reset();
_v3CertGen.SetSerialNumber(allocateSerialNumber());
_v3CertGen.SetIssuerDN(new X509Name(_issDN));
_v3CertGen.SetNotBefore(DateTime.UtcNow);
_v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(100));
_v3CertGen.SetSubjectDN(new X509Name(_subDN));
_v3CertGen.SetPublicKey(_subPub);
_v3CertGen.SetSignatureAlgorithm(algorithm);
_v3CertGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false,
createSubjectKeyId(_subPub));
_v3CertGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false,
createAuthorityKeyId(_issPub));
_v3CertGen.AddExtension(X509Extensions.BasicConstraints, false,
new BasicConstraints(_ca));
X509Certificate _cert = _v3CertGen.Generate(_issPriv);
_cert.CheckValidity(DateTime.UtcNow);
_cert.Verify(_issPub);
return(_cert);
}
public X509Certificate Build(AsymmetricKeyParameter privateKey)
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
if (Issuer != null)
{
certGen.SetIssuerDN(Issuer);
}
else
{
certGen.SetIssuerDN(new X509Name(ord, attrs));
}
certGen.SetNotBefore(NotBefore);
certGen.SetNotAfter(NotAfter);
if (Subject != null)
{
certGen.SetSubjectDN(Subject);
}
else
{
certGen.SetSubjectDN(new X509Name(ord, attrs));
}
certGen.SetPublicKey(PublicKey);
certGen.SetSignatureAlgorithm(SignatureAlgorithm);
return(certGen.Generate(privateKey));
}
private static void Teste(AsymmetricCipherKeyPair keys)
{
string certSubjectName = "UShadow_RSA";
var certName = new X509Name("CN=" + certSubjectName);
var serialNo = Org.BouncyCastle.Math.BigInteger.ProbablePrime(120, new Random());
X509V3CertificateGenerator gen2 = new X509V3CertificateGenerator();
gen2.SetSerialNumber(serialNo);
gen2.SetSubjectDN(certName);
gen2.SetIssuerDN(new X509Name(true, "CN=UShadow"));
gen2.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(30, 0, 0, 0)));
gen2.SetNotAfter(DateTime.Now.AddYears(2));
gen2.SetSignatureAlgorithm("sha256WithRSA");
gen2.SetPublicKey(keys.Public);
Org.BouncyCastle.X509.X509Certificate newCert = gen2.Generate(keys.Private);
Pkcs12Store store = new Pkcs12StoreBuilder().Build();
X509CertificateEntry certEntry = new X509CertificateEntry(newCert);
store.SetCertificateEntry(newCert.SubjectDN.ToString(), certEntry);
AsymmetricKeyEntry keyEntry = new AsymmetricKeyEntry(keys.Private);
store.SetKeyEntry(newCert.SubjectDN.ToString() + "_key", keyEntry, new X509CertificateEntry[] { certEntry });
}
/// <summary>
/// Generate a cert/key pair
/// </summary>
private void GenerateCertKeyPair()
{
// Generate RSA key pair
RsaKeyPairGenerator r = new RsaKeyPairGenerator();
r.Init(new KeyGenerationParameters(new SecureRandom(), 2048));
keyPair = r.GenerateKeyPair();
// Generate the X509 certificate
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
X509Name dnName = new X509Name("CN=NVIDIA GameStream Client");
certGen.SetSerialNumber(BigInteger.ValueOf(DateTime.Now.Ticks / TimeSpan.TicksPerMillisecond));
certGen.SetSubjectDN(dnName);
certGen.SetIssuerDN(dnName); // use the same
// Expires in 20 years
certGen.SetNotBefore(DateTime.Now);
certGen.SetNotAfter(DateTime.Now.AddYears(20));
certGen.SetPublicKey(keyPair.Public);
certGen.SetSignatureAlgorithm("SHA1withRSA");
try
{
cert = certGen.Generate(keyPair.Private);
}
catch (Exception ex)
{
Debug.WriteLine(ex.StackTrace);
}
SaveCertKeyPair();
}
public static Org.BouncyCastle.X509.X509Certificate CreateCert(String cn,
AsymmetricKeyParameter pubKey, AsymmetricKeyParameter privKey)
{
Hashtable attrs = new Hashtable();
attrs.Add(X509Name.CN, cn);
ArrayList ord = new ArrayList(attrs.Keys);
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.UtcNow.AddDays(-30));
certGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(pubKey);
certGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
Org.BouncyCastle.X509.X509Certificate cert = certGen.Generate(privKey);
cert.CheckValidity(DateTime.UtcNow);
cert.Verify(pubKey);
return(cert);
}
public static X509Certificate2 CreateCertificate(X509Name subjectDN, DateTime effectiveDate, DateTime expirationDate, AsymmetricCipherKeyPair keyPair, X509Name issuerDN = null,
AsymmetricKeyParameter signingKey = null, Action <X509V3CertificateGenerator, BigInteger> extend = null)
{
if (issuerDN == null)
{
issuerDN = subjectDN;
}
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
BigInteger serialNumber = CreateSerialNumber();
certGen.SetSerialNumber(serialNumber);
certGen.SetIssuerDN(issuerDN);
// Converted time to Universal Time so that the time set when calling Generate is the same as the time specified
certGen.SetNotBefore(effectiveDate.ToUniversalTime());
certGen.SetNotAfter(expirationDate.ToUniversalTime());
certGen.SetSubjectDN(subjectDN);
certGen.SetPublicKey(keyPair.Public);
certGen.SetSignatureAlgorithm(SIGNATURE_ALGORITHM);
extend?.Invoke(certGen, serialNumber);
Org.BouncyCastle.X509.X509Certificate bcCert = certGen.Generate(signingKey ?? keyPair.Private);
X509Certificate2 dotNetCert = new X509Certificate2(bcCert.GetEncoded());
return(dotNetCert);
}
private MSX509.X509Certificate2 InternalGenerateCertificate(X509Name name, Usage usage, int validity, MSX509.StoreName storeName, AsymmetricKeyParameter publicKey, AsymmetricKeyParameter privateKey, AsymmetricKeyParameter signator)
{
DateTime notBefore = DateTime.Now.AddDays(-1);
// Build a X509v3 certificate
X509V3CertificateGenerator builder = new X509V3CertificateGenerator();
builder.SetSerialNumber(new BigInteger(GenerateSerial()));
builder.SetIssuerDN(authorityName_ ?? name);
builder.SetSubjectDN(name);
builder.SetPublicKey(publicKey);
builder.SetNotBefore(notBefore);
builder.SetNotAfter(notBefore.AddDays(validity == 0 ? defaultCertificatesValidity_ : validity));
builder.SetSignatureAlgorithm("SHA1WithRSA");
// Add the extensions
AddExtensions(builder, usage);
// Sign the certificate
X509Certificate newCertificate = builder.Generate(signator);
// Create a .NET X509Certificate2 from the BouncyCastle one and put the private key into it
MSX509.X509Certificate2 certificate = CreateCertificate(name, newCertificate, privateKey);
// Store the certificate
StoreCertificate(name, certificate, storeName);
return(certificate);
}
/**
* Create a self signed cert for our software emulation
*
* @param kp
* is the keypair for our certificate
* @return a self signed cert for our software emulation
* @throws InvalidKeyException
* on error
* @throws SignatureException
* on error
*/
private X509Certificate GenerateSelfSignedSoftECCert(
IAsymmetricCipherKeyPair kp,
bool compress)
{
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
ECPrivateKeyParameters privECKey = (ECPrivateKeyParameters)kp.Private;
ECPublicKeyParameters pubECKey = (ECPublicKeyParameters)kp.Public;
if (!compress)
{
// TODO Private key compression?
//privECKey.setPointFormat("UNCOMPRESSED");
//pubECKey.setPointFormat("UNCOMPRESSED");
pubECKey = SetPublicUncompressed(pubECKey, false);
}
certGen.SetSignatureAlgorithm("ECDSAwithSHA1");
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name("CN=Software emul (EC Cert)"));
certGen.SetNotBefore(DateTime.UtcNow.AddSeconds(-50));
certGen.SetNotAfter(DateTime.UtcNow.AddSeconds(50000));
certGen.SetSubjectDN(new X509Name("CN=Software emul (EC Cert)"));
certGen.SetPublicKey(pubECKey);
return(certGen.Generate(privECKey));
}
/// <summary>
/// https://stackoverflow.com/questions/22230745/generate-a-self-signed-certificate-on-the-fly
/// </summary>
/// <param name="subjectName"></param>
/// <param name="subjectKeyPair"></param>
/// <param name="resultKeyPair"></param>
/// <returns></returns>
public static X509Certificate2 GenerateCaCertificate(
string subjectName,
out AsymmetricCipherKeyPair resultKeyPair,
AsymmetricCipherKeyPair subjectKeyPair = null)
{
const int keyStrength = 2048;
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(long.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
X509Name subjectDn = new X509Name(subjectName);
X509Name issuerDn = subjectDn;
certificateGenerator.SetIssuerDN(issuerDn);
certificateGenerator.SetSubjectDN(subjectDn);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(100);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Generate a key pair if none was provided
if (subjectKeyPair == null)
{
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
}
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;
// Selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
X509Certificate2 x509 = new X509Certificate2(certificate.GetEncoded(), string.Empty, X509KeyStorageFlags.EphemeralKeySet);
resultKeyPair = issuerKeyPair;
return(x509);
}
private static X509Certificate GenerateCertificate(X509Name subject, X509Name issuer,
int iValidity, AsymmetricKeyParameter publicKey,
AsymmetricKeyParameter privateKey, String signatureType,
int keyusages, ExtendedKeyUsage extendedKeyUsages, bool isCA,
int pathLenConstraint)
{
// Get an X509 Version 1 Certificate generator
var certGen = new X509V3CertificateGenerator();
// Load the generator with generation parameters
// Set the issuer distinguished name
certGen.SetIssuerDN(issuer);
// Valid before and after dates now to iValidity days in the future
certGen.SetNotBefore(DateTime.Now);
certGen.SetNotAfter(DateTime.Now.AddDays(iValidity));
// Set the subject distinguished name (same as issuer for our purposes)
certGen.SetSubjectDN(subject);
// Set the public key
certGen.SetPublicKey(publicKey);
// Set the algorithm
certGen.SetSignatureAlgorithm(signatureType);
// Set the serial number
//read the serial number
String serial = Repository.Instance.ReadSerialNumber();
var biSerial = new BigInteger(serial, Repository.SerialNumberRadix);
certGen.SetSerialNumber(biSerial);
certGen.AddExtension(X509Extensions.KeyUsage, false, new KeyUsage(keyusages));
if (extendedKeyUsages != null)
{
certGen.AddExtension(X509Extensions.ExtendedKeyUsage, false, extendedKeyUsages);
}
if (isCA)
{
certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(pathLenConstraint));
}
try
{
// Generate an X.509 certificate, based on the current issuer and subject
return(certGen.Generate(privateKey));
}
// Something went wrong
//catch (GeneralSecurityException ex)
//{
// throw new CryptoException(ex.Message,ex);
//}
finally
{
Repository.Instance.IncrementSerial();
}
}
private byte[] MakeCertificateFromCSR(string CSR, AsymmetricCipherKeyPair rootKeyPair, X509Name rootSubject)
{
byte[] encoded;
try
{
Pkcs10CertificationRequest pkcs10CertificationRequest = (Pkcs10CertificationRequest)(new PemReader(new StringReader(CSR))).ReadObject();
AsymmetricKeyParameter @private = rootKeyPair.Private;
AsymmetricKeyParameter @public = rootKeyPair.Public;
X509V3CertificateGenerator x509V3CertificateGenerator = new X509V3CertificateGenerator();
x509V3CertificateGenerator.Reset();
if (this.SerialNumber != -9223372036854775808L)
{
x509V3CertificateGenerator.SetSerialNumber(new BigInteger(this.SerialNumber.ToString()));
}
else
{
DateTime now = DateTime.Now;
x509V3CertificateGenerator.SetSerialNumber(new BigInteger(128, new Random(now.Millisecond + Environment.TickCount)));
}
x509V3CertificateGenerator.SetIssuerDN(rootSubject);
x509V3CertificateGenerator.SetNotBefore(this.ValidFrom.ToUniversalTime());
x509V3CertificateGenerator.SetNotAfter(this.ValidTo.ToUniversalTime());
x509V3CertificateGenerator.SetSubjectDN(pkcs10CertificationRequest.GetCertificationRequestInfo().Subject);
x509V3CertificateGenerator.SetPublicKey(pkcs10CertificationRequest.GetPublicKey());
x509V3CertificateGenerator.SetSignatureAlgorithm(string.Concat(this.SignatureAlgorithm.ToString(), "Encryption"));
x509V3CertificateGenerator.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pkcs10CertificationRequest.GetPublicKey())));
x509V3CertificateGenerator.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifier(SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(@public)));
int extensionType = 0;
Asn1EncodableVector asn1EncodableVectors = new Asn1EncodableVector(new Asn1Encodable[0]);
foreach (ExtensionInfo extension in this.Extensions.extensionInfo)
{
if (!extension.ExtendedKeyUsage)
{
extensionType |= (int)extension.ExtensionType;
}
if (!extension.ExtendedKeyUsage)
{
continue;
}
asn1EncodableVectors.Add(new Asn1Encodable[] { (Asn1Encodable)extension.ExtensionType });
}
if (extensionType != 0)
{
x509V3CertificateGenerator.AddExtension(X509Extensions.KeyUsage, this.Extensions.KeyUsageIsCritical, new KeyUsage(extensionType));
}
if (asn1EncodableVectors.Count > 0)
{
x509V3CertificateGenerator.AddExtension(X509Extensions.ExtendedKeyUsage, this.Extensions.EnhancedKeyUsageIsCritical, ExtendedKeyUsage.GetInstance(new DerSequence(asn1EncodableVectors)));
}
X509Certificate x509Certificate = x509V3CertificateGenerator.Generate(@private, this.GetSecureRandom());
x509Certificate.Verify(@public);
encoded = x509Certificate.GetEncoded();
}
catch
{
throw;
}
return(encoded);
}
internal static CertContainer IssueSignerCertificate(X509Name dnName, int keySize = DefaultKeySize)
{
CertContainer issuerCert = IntermediateCa;
RsaKeyPairGenerator keyPairGen = new RsaKeyPairGenerator();
keyPairGen.Init(new KeyGenerationParameters(_secureRandom, keySize));
AsymmetricCipherKeyPair keyPair = keyPairGen.GenerateKeyPair();
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(issuerCert.Certificate.SubjectDN);
certGen.SetNotBefore(DateTime.Now);
certGen.SetNotAfter(DateTime.Now.AddYears(1));
certGen.SetSubjectDN(dnName);
certGen.SetPublicKey(keyPair.Public);
certGen.SetSignatureAlgorithm("SHA256withRSA");
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(issuerCert.Certificate.GetPublicKey()));
certGen.AddExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false));
certGen.AddExtension(X509Extensions.KeyUsage, true, new KeyUsage(X509KeyUsage.NonRepudiation | X509KeyUsage.DigitalSignature));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keyPair.Public));
certGen.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.IdKPClientAuth));
// Add CRL endpoint
Uri currentBaseUri = new Uri("https://localhost/");
Uri crlUri = new Uri(currentBaseUri, IntermediateCrlPath);
GeneralName generalName = new GeneralName(GeneralName.UniformResourceIdentifier, crlUri.ToString());
GeneralNames generalNames = new GeneralNames(generalName);
DistributionPointName distPointName = new DistributionPointName(generalNames);
DistributionPoint distPoint = new DistributionPoint(distPointName, null, null);
certGen.AddExtension(X509Extensions.CrlDistributionPoints, false, new CrlDistPoint(new DistributionPoint[] { distPoint }));
// Add OCSP endpoint
Uri ocspUri = new Uri(currentBaseUri, OcspPath);
AccessDescription ocsp = new AccessDescription(AccessDescription.IdADOcsp,
new GeneralName(GeneralName.UniformResourceIdentifier, ocspUri.ToString()));
Asn1EncodableVector aiaASN = new Asn1EncodableVector();
aiaASN.Add(ocsp);
certGen.AddExtension(X509Extensions.AuthorityInfoAccess, false, new DerSequence(aiaASN));
X509Certificate generatedCert = certGen.Generate(issuerCert.PrivateKey);
Pkcs12StoreBuilder pfxBuilder = new Pkcs12StoreBuilder();
Pkcs12Store pfxStore = pfxBuilder.Build();
X509CertificateEntry certEntry = new X509CertificateEntry(generatedCert);
pfxStore.SetCertificateEntry(generatedCert.SubjectDN.ToString(), certEntry);
pfxStore.SetKeyEntry(generatedCert.SubjectDN + "_key", new AsymmetricKeyEntry(keyPair.Private), new X509CertificateEntry[] { certEntry });
return(new CertContainer(pfxStore, issuerCert.GetIssuerChain(true)));
}
public static X509Certificate2 ToX509Certtificate(this JsonWebKey publicKey)
{
if (publicKey.Kty != "RSA")
{
throw new NotImplementedException();
}
var kpgen = new RsaKeyPairGenerator();
// certificate strength 1024 bits
kpgen.Init(new KeyGenerationParameters(
new SecureRandom(new CryptoApiRandomGenerator()), 1024));
var gen = new X509V3CertificateGenerator();
var certName = new X509Name("CN=IdentityServer");
var serialNo = BigInteger.ProbablePrime(120, new Random());
gen.SetSerialNumber(serialNo);
gen.SetSubjectDN(certName);
gen.SetIssuerDN(certName);
gen.SetNotAfter(DateTime.Now.AddYears(100));
gen.SetNotBefore(DateTime.Now.Subtract(new TimeSpan(7, 0, 0, 0)));
gen.SetSignatureAlgorithm("SHA1withRSA");
var publicKeyParameters = new RsaKeyParameters(false, new BigInteger(1, Convert.FromBase64String(publicKey.N)), new BigInteger(1, Convert.FromBase64String(publicKey.E)));
gen.SetPublicKey(publicKeyParameters);
gen.AddExtension(
X509Extensions.AuthorityKeyIdentifier.Id,
false,
new AuthorityKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(publicKeyParameters),
new GeneralNames(new GeneralName(certName)),
serialNo));
/*
* 1.3.6.1.5.5.7.3.1 - id_kp_serverAuth
* 1.3.6.1.5.5.7.3.2 - id_kp_clientAuth
* 1.3.6.1.5.5.7.3.3 - id_kp_codeSigning
* 1.3.6.1.5.5.7.3.4 - id_kp_emailProtection
* 1.3.6.1.5.5.7.3.5 - id-kp-ipsecEndSystem
* 1.3.6.1.5.5.7.3.6 - id-kp-ipsecTunnel
* 1.3.6.1.5.5.7.3.7 - id-kp-ipsecUser
* 1.3.6.1.5.5.7.3.8 - id_kp_timeStamping
* 1.3.6.1.5.5.7.3.9 - OCSPSigning
*/
gen.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,
false,
new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth));
var newCert = gen.Generate(kpgen.GenerateKeyPair().Private);
var certificate = new X509Certificate2(newCert.GetEncoded());
certificate.SetKeyId(publicKey.Kid);
return(certificate);
}
private X509Certificate2 GenerateCertificateWithFields(string certificate, string company, string email, string state, string locality, string username, string country)
{
X509Certificate2 cert = null;
try
{
var kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 2048));
var kp = kpgen.GenerateKeyPair();
var gen = new X509V3CertificateGenerator();
var certName = new X509Name("CN=" + certificate);
var issuer = new X509Name("C=" + country + ",O=" + company + ",OU=LBC Mundial Corp.USA,E=" + email + ",L=" + locality + ",ST=" + state);
var serialNo = BigInteger.ProbablePrime(120, new Random());
gen.SetSerialNumber(serialNo);
gen.SetSubjectDN(certName);
gen.SetIssuerDN(issuer);
gen.SetNotAfter(DateTime.Now.AddYears(50));
gen.SetNotBefore(DateTime.Now);
gen.SetSignatureAlgorithm("MD5WithRSA");
gen.SetPublicKey(kp.Public);
gen.AddExtension(
X509Extensions.AuthorityKeyIdentifier.Id,
false,
new AuthorityKeyIdentifier(
SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public),
new GeneralNames(new GeneralName(certName)),
serialNo));
gen.AddExtension(
X509Extensions.ExtendedKeyUsage.Id,
false,
new ExtendedKeyUsage(new ArrayList()
{
new DerObjectIdentifier("1.3.6.1.5.5.7.3.1")
}));
var newCert = gen.Generate(kp.Private);
byte[] pfx = DotNetUtilities.ToX509Certificate(newCert).Export(System.Security.Cryptography.X509Certificates.X509ContentType.Cert, (string)null);
X509Store store = new X509Store((StoreName)StoreName.TrustedPeople, (StoreLocation)StoreLocation.LocalMachine);
store.Open(OpenFlags.ReadWrite);
cert = new X509Certificate2(pfx, (string)null, X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.MachineKeySet);
File.WriteAllText("c:\\Certificate.cer",
"-----BEGIN CERTIFICATE-----\r\n"
+ Convert.ToBase64String(cert.Export(X509ContentType.Cert), Base64FormattingOptions.InsertLineBreaks)
+ "\r\n-----END CERTIFICATE-----");
store.Add(cert);
store.Close();
}
catch (Exception ex)
{
textBox9.Text = "Ошибка генерации сертификата";
return(null);
}
return(cert);
}
public static X509Certificate2 GenerateCACertificate(string subjectName, ref AsymmetricKeyParameter CaPrivateKey)
{
const int keyStrength = 2048;
// Generating Random Numbers
CryptoApiRandomGenerator randomGenerator = new CryptoApiRandomGenerator();
SecureRandom random = new SecureRandom(randomGenerator);
// The Certificate Generator
X509V3CertificateGenerator certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
BigInteger serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
X509Name subjectDN = new X509Name(subjectName);
X509Name issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
DateTime notBefore = DateTime.UtcNow.Date;
DateTime notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
KeyGenerationParameters keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
RsaKeyPairGenerator keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
AsymmetricCipherKeyPair issuerKeyPair = subjectKeyPair;
// selfsign certificate
Org.BouncyCastle.X509.X509Certificate certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
X509Certificate2 x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
CaPrivateKey = issuerKeyPair.Private;
return(x509);
//return issuerKeyPair.Private;
}
/**
* TrustAnchor's Cert
*/
private X509Certificate CreateTrustCert(
AsymmetricKeyParameter pubKey,
AsymmetricKeyParameter privKey)
{
string issuer = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
string subject = "C=JP, O=policyMappingAdditionalTest, OU=trustAnchor";
v3CertGen.SetSerialNumber(BigInteger.ValueOf(10));
v3CertGen.SetIssuerDN(new X509Name(issuer));
v3CertGen.SetNotBefore(DateTime.UtcNow.AddDays(-30));
v3CertGen.SetNotAfter(DateTime.UtcNow.AddDays(30));
v3CertGen.SetSubjectDN(new X509Name(subject));
v3CertGen.SetPublicKey(pubKey);
v3CertGen.SetSignatureAlgorithm("SHA1WithRSAEncryption");
X509Certificate cert = v3CertGen.Generate(privKey);
return(cert);
}
public static AsymmetricKeyParameter GenerateCACertificate(string subjectName, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
var x509 = new System.Security.Cryptography.X509Certificates.X509Certificate2(certificate.GetEncoded());
// Add CA certificate to Root store
addCertToStore(x509, StoreName.Root, StoreLocation.CurrentUser);
return(issuerKeyPair.Private);
}
public static byte[] GenerateDsaCertificateAsPkcs12(
string friendlyName,
string subjectName,
string country,
System.DateTime validStartDate,
System.DateTime validEndDate,
string password,
Org.BouncyCastle.X509.X509Certificate caCert,
Org.BouncyCastle.Crypto.AsymmetricKeyParameter caPrivateKey)
{
Org.BouncyCastle.Crypto.AsymmetricCipherKeyPair keys = GenerateDsaKeys();
#region build certificate
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
// build name attributes
System.Collections.ArrayList nameOids = new System.Collections.ArrayList();
nameOids.Add(Org.BouncyCastle.Asn1.X509.X509Name.CN);
nameOids.Add(X509Name.O);
nameOids.Add(X509Name.C);
System.Collections.ArrayList nameValues = new System.Collections.ArrayList();
nameValues.Add(friendlyName);
nameValues.Add(subjectName);
nameValues.Add(country);
X509Name subjectDN = new X509Name(nameOids, nameValues);
// certificate fields
certGen.SetSerialNumber(Org.BouncyCastle.Math.BigInteger.ValueOf(1));
certGen.SetIssuerDN(caCert.SubjectDN);
certGen.SetNotBefore(validStartDate);
certGen.SetNotAfter(validEndDate);
certGen.SetSubjectDN(subjectDN);
certGen.SetPublicKey(keys.Public);
certGen.SetSignatureAlgorithm("SHA1withDSA");
// extended information
certGen.AddExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert.GetPublicKey()));
certGen.AddExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(keys.Public));
#endregion
// generate x509 certificate
X509Certificate cert = certGen.Generate(caPrivateKey);
//ert.Verify(caCert.GetPublicKey());
System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate> chain =
new System.Collections.Generic.Dictionary <string, Org.BouncyCastle.X509.X509Certificate>();
//chain.Add("CertiFirmas CA", caCert);
// string caCn = caCert.SubjectDN.GetValues(X509Name.CN)[0].ToString();
string caCn = caCert.SubjectDN.GetValueList(X509Name.CN)[0].ToString();
chain.Add(caCn, caCert);
// store the file
return(GeneratePkcs12(keys, cert, friendlyName, password, chain));
}
private static X509Certificate2 GenerateCACertificate(string subjectName, ref AsymmetricKeyParameter asymmetricKeyParameter)
{
const int keyStrength = 2048;
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(int.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA256WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddYears(2);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
var asymmetricCipherKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(asymmetricCipherKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = asymmetricCipherKeyPair;
// self-sign certificate
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
var x509 = new X509Certificate2(certificate.GetEncoded());
asymmetricKeyParameter = issuerKeyPair.Private;
return(x509);
}
public static byte[] toto(string subjectName, string issuerName, AsymmetricKeyParameter issuerPrivKey, int keyStrength = 2048)
{
// Generating Random Numbers
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
// The Certificate Generator
var certificateGenerator = new X509V3CertificateGenerator();
// Serial Number
var serialNumber = BigIntegers.CreateRandomInRange(BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
// Signature Algorithm
const string signatureAlgorithm = "SHA1WithRSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
// Issuer and Subject Name
var subjectDN = new X509Name(subjectName);
var issuerDN = new X509Name(issuerName);
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
// Valid For
var notBefore = DateTime.UtcNow.Date;
var notAfter = notBefore.AddDays(5);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
// Subject Public Key
AsymmetricCipherKeyPair subjectKeyPair;
var keyGenerationParameters = new KeyGenerationParameters(random, keyStrength);
var keyPairGenerator = new RsaKeyPairGenerator();
keyPairGenerator.Init(keyGenerationParameters);
subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
// Generating the Certificate
var issuerKeyPair = subjectKeyPair;
// selfsign certificate
var certificate = certificateGenerator.Generate(subjectKeyPair.Private, random);
// correcponding private key
PrivateKeyInfo info = PrivateKeyInfoFactory.CreatePrivateKeyInfo(subjectKeyPair.Private);
return(certificate.GetEncoded());
}
/// <summary>
/// Creates X509 v3 certificate in PKCS12 file format.
/// </summary>
/// <param name="cn">Common name "CN" value.</param>
/// <param name="password">Private key password.</param>
/// <returns>Returns new X509 v3 certificate in PKCS12 file(.p12 or .pfx) format.</returns>
/// <exception cref="ArgumentNullException">Is raised when <b>cn</b> or <b>password</b> is null reference.</exception>
public static byte[] CreateCertificate(string cn, string password)
{
if (cn == null)
{
throw new ArgumentNullException("cn");
}
if (password == null)
{
throw new ArgumentNullException("password");
}
RsaKeyPairGenerator kpgen = new RsaKeyPairGenerator();
kpgen.Init(new KeyGenerationParameters(new SecureRandom(new CryptoApiRandomGenerator()), 1024));
AsymmetricCipherKeyPair kp = kpgen.GenerateKeyPair();
BigInteger serial = BigInteger.ProbablePrime(120, new Random());
X509Name certName = new X509Name("CN=" + cn);
X509V3CertificateGenerator gen = new X509V3CertificateGenerator();
gen.SetSerialNumber(serial);
gen.SetSubjectDN(certName);
gen.SetIssuerDN(certName);
gen.SetNotBefore(DateTime.UtcNow.AddDays(-2));
gen.SetNotAfter(DateTime.UtcNow.AddYears(5));
gen.SetSignatureAlgorithm("MD5WithRSAEncryption");
gen.SetPublicKey(kp.Public);
/*
* gen.AddExtension(
* X509Extensions.AuthorityKeyIdentifier.Id,
* false,
* new AuthorityKeyIdentifier(
* SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(kp.Public),
* new GeneralNames(new GeneralName(certName)),
* serial
* ));*/
gen.AddExtension(X509Extensions.ExtendedKeyUsage, false, new ExtendedKeyUsage(KeyPurposeID.IdKPServerAuth, KeyPurposeID.AnyExtendedKeyUsage));
X509Certificate cert = gen.Generate(kp.Private);
X509CertificateEntry certEntry = new X509CertificateEntry(cert);
Pkcs12Store newStore = new Pkcs12Store();
newStore.SetCertificateEntry(cn, certEntry);
newStore.SetKeyEntry(cn, new AsymmetricKeyEntry(kp.Private), new[] { new X509CertificateEntry(cert) });
MemoryStream retVal = new MemoryStream();
newStore.Save(retVal, password.ToCharArray(), new SecureRandom(new CryptoApiRandomGenerator()));
return(retVal.ToArray());
}
private X509Certificate2 signAndMerge(X509V3CertificateGenerator generator, SecureRandom random, AsymmetricKeyParameter keyParameter)
{
// Signature Algorithm
generator.SetSignatureAlgorithm(algorithm);
// selfsign certificate
var certificate = generator.Generate(keyParameter, random);
// merge into X509Certificate2
return(new X509Certificate2(certificate.GetEncoded(), "", X509KeyStorageFlags.Exportable));
}
public void TestCreationRSA()
{
IBigInteger rsaPubMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
IBigInteger rsaPubExp = new BigInteger(Base64.Decode("EQ=="));
IBigInteger rsaPrivMod = new BigInteger(Base64.Decode("AIASoe2PQb1IP7bTyC9usjHP7FvnUMVpKW49iuFtrw/dMpYlsMMoIU2jupfifDpdFxIktSB4P+6Ymg5WjvHKTIrvQ7SR4zV4jaPTu56Ys0pZ9EDA6gb3HLjtU+8Bb1mfWM+yjKxcPDuFjwEtjGlPHg1Vq+CA9HNcMSKNn2+tW6qt"));
IBigInteger rsaPrivDP = new BigInteger(Base64.Decode("JXzfzG5v+HtLJIZqYMUefJfFLu8DPuJGaLD6lI3cZ0babWZ/oPGoJa5iHpX4Ul/7l3s1PFsuy1GhzCdOdlfRcQ=="));
IBigInteger rsaPrivDQ = new BigInteger(Base64.Decode("YNdJhw3cn0gBoVmMIFRZzflPDNthBiWy/dUMSRfJCxoZjSnr1gysZHK01HteV1YYNGcwPdr3j4FbOfri5c6DUQ=="));
IBigInteger rsaPrivExp = new BigInteger(Base64.Decode("DxFAOhDajr00rBjqX+7nyZ/9sHWRCCp9WEN5wCsFiWVRPtdB+NeLcou7mWXwf1Y+8xNgmmh//fPV45G2dsyBeZbXeJwB7bzx9NMEAfedchyOwjR8PYdjK3NpTLKtZlEJ6Jkh4QihrXpZMO4fKZWUm9bid3+lmiq43FwW+Hof8/E="));
IBigInteger rsaPrivP = new BigInteger(Base64.Decode("AJ9StyTVW+AL/1s7RBtFwZGFBgd3zctBqzzwKPda6LbtIFDznmwDCqAlIQH9X14X7UPLokCDhuAa76OnDXb1OiE="));
IBigInteger rsaPrivQ = new BigInteger(Base64.Decode("AM3JfD79dNJ5A3beScSzPtWxx/tSLi0QHFtkuhtSizeXdkv5FSba7lVzwEOGKHmW829bRoNxThDy4ds1IihW1w0="));
IBigInteger rsaPrivQinv = new BigInteger(Base64.Decode("Lt0g7wrsNsQxuDdB8q/rH8fSFeBXMGLtCIqfOec1j7FEIuYA/ACiRDgXkHa0WgN7nLXSjHoy630wC5Toq8vvUg=="));
RsaKeyParameters rsaPublic = new RsaKeyParameters(false, rsaPubMod, rsaPubExp);
RsaPrivateCrtKeyParameters rsaPrivate = new RsaPrivateCrtKeyParameters(rsaPrivMod, rsaPubExp, rsaPrivExp, rsaPrivP, rsaPrivQ, rsaPrivDP, rsaPrivDQ, rsaPrivQinv);
IDictionary attrs = new Hashtable();
attrs[X509Name.C] = "AU";
attrs[X509Name.O] = "The Legion of the Bouncy Castle";
attrs[X509Name.L] = "Melbourne";
attrs[X509Name.ST] = "Victoria";
attrs[X509Name.E] = "*****@*****.**";
IList ord = new ArrayList();
ord.Add(X509Name.C);
ord.Add(X509Name.O);
ord.Add(X509Name.L);
ord.Add(X509Name.ST);
ord.Add(X509Name.E);
IList values = new ArrayList();
values.Add("AU");
values.Add("The Legion of the Bouncy Castle");
values.Add("Melbourne");
values.Add("Victoria");
values.Add("*****@*****.**");
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1));
certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(rsaPublic);
certGen.SetSignatureAlgorithm("MD5WithRSAEncryption");
X509Certificate cert = certGen.Generate(rsaPrivate);
// Assert.IsTrue((cert.IsValidNow && cert.Verify(rsaPublic)),"Certificate failed to be valid (RSA)");
cert.CheckValidity();
cert.Verify(rsaPublic);
//Console.WriteLine(ASN1Dump.DumpAsString(cert.ToAsn1Object()));
ISet dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
}
public void TestCreationECDSA()
{
IBigInteger ECParraGX = new BigInteger(Base64.Decode("D/qWPNyogWzMM7hkK+35BcPTWFc9Pyf7vTs8uaqv"));
IBigInteger ECParraGY = new BigInteger(Base64.Decode("AhQXGxb1olGRv6s1LPRfuatMF+cx3ZTGgzSE/Q5R"));
IBigInteger ECParraH = new BigInteger(Base64.Decode("AQ=="));
IBigInteger ECParraN = new BigInteger(Base64.Decode("f///////////////f///nl6an12QcfvRUiaIkJ0L"));
IBigInteger ECPubQX = new BigInteger(Base64.Decode("HWWi17Yb+Bm3PYr/DMjLOYNFhyOwX1QY7ZvqqM+l"));
IBigInteger ECPubQY = new BigInteger(Base64.Decode("JrlJfxu3WGhqwtL/55BOs/wsUeiDFsvXcGhB8DGx"));
IBigInteger ECPrivD = new BigInteger(Base64.Decode("GYQmd/NF1B+He1iMkWt3by2Az6Eu07t0ynJ4YCAo"));
FPCurve curve = new FPCurve(
new BigInteger("883423532389192164791648750360308885314476597252960362792450860609699839"), // q
new BigInteger("7fffffffffffffffffffffff7fffffffffff8000000000007ffffffffffc", 16), // a
new BigInteger("6b016c3bdcf18941d0d654921475ca71a9db2fb27d1d37796185c2942c0a", 16)); // b
ECDomainParameters ecDomain =
new ECDomainParameters(curve, new FPPoint(curve, curve.FromBigInteger(ECParraGX), curve.FromBigInteger(ECParraGY)), ECParraN);
ECPublicKeyParameters ecPub = new ECPublicKeyParameters(
"ECDSA",
new FPPoint(curve,
curve.FromBigInteger(ECPubQX),
curve.FromBigInteger(ECPubQY)),
ecDomain);
ECPrivateKeyParameters ecPriv = new ECPrivateKeyParameters("ECDSA", ECPrivD, ecDomain);
IDictionary attrs = new Hashtable();
attrs[X509Name.C] = "AU";
attrs[X509Name.O] = "The Legion of the Bouncy Castle";
attrs[X509Name.L] = "Melbourne";
attrs[X509Name.ST] = "Victoria";
attrs[X509Name.E] = "*****@*****.**";
IList ord = new ArrayList();
ord.Add(X509Name.C);
ord.Add(X509Name.O);
ord.Add(X509Name.L);
ord.Add(X509Name.ST);
ord.Add(X509Name.E);
IList values = new ArrayList();
values.Add("AU");
values.Add("The Legion of the Bouncy Castle");
values.Add("Melbourne");
values.Add("Victoria");
values.Add("*****@*****.**");
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.Today.Subtract(new TimeSpan(1, 0, 0, 0)));
certGen.SetNotAfter(DateTime.Today.AddDays(1));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(ecPub);
certGen.SetSignatureAlgorithm("SHA1WITHECDSA");
X509Certificate cert = certGen.Generate(ecPriv);
// Assert.IsTrue((cert.IsValidNow && cert.Verify(ecPub)), "Certificate failed to be valid (ECDSA)");
cert.CheckValidity();
cert.Verify(ecPub);
ISet dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
}
public void TestCreationDSA()
{
IBigInteger DSAParaG = new BigInteger(Base64.Decode("AL0fxOTq10OHFbCf8YldyGembqEu08EDVzxyLL29Zn/t4It661YNol1rnhPIs+cirw+yf9zeCe+KL1IbZ/qIMZM="));
IBigInteger DSAParaP = new BigInteger(Base64.Decode("AM2b/UeQA+ovv3dL05wlDHEKJ+qhnJBsRT5OB9WuyRC830G79y0R8wuq8jyIYWCYcTn1TeqVPWqiTv6oAoiEeOs="));
IBigInteger DSAParaQ = new BigInteger(Base64.Decode("AIlJT7mcKL6SUBMmvm24zX1EvjNx"));
IBigInteger DSAPublicY = new BigInteger(Base64.Decode("TtWy2GuT9yGBWOHi1/EpCDa/bWJCk2+yAdr56rAcqP0eHGkMnA9s9GJD2nGU8sFjNHm55swpn6JQb8q0agrCfw=="));
IBigInteger DsaPrivateX = new BigInteger(Base64.Decode("MMpBAxNlv7eYfxLTZ2BItJeD31A="));
DsaParameters para = new DsaParameters(DSAParaP, DSAParaQ, DSAParaG);
DsaPrivateKeyParameters dsaPriv = new DsaPrivateKeyParameters(DsaPrivateX, para);
DsaPublicKeyParameters dsaPub = new DsaPublicKeyParameters(DSAPublicY, para);
IDictionary attrs = new Hashtable();
attrs[X509Name.C] = "AU";
attrs[X509Name.O] = "The Legion of the Bouncy Castle";
attrs[X509Name.L] = "Melbourne";
attrs[X509Name.ST] = "Victoria";
attrs[X509Name.E] = "*****@*****.**";
IList ord = new ArrayList();
ord.Add(X509Name.C);
ord.Add(X509Name.O);
ord.Add(X509Name.L);
ord.Add(X509Name.ST);
ord.Add(X509Name.E);
IList values = new ArrayList();
values.Add("AU");
values.Add("The Legion of the Bouncy Castle");
values.Add("Melbourne");
values.Add("Victoria");
values.Add("*****@*****.**");
X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
certGen.SetSerialNumber(BigInteger.One);
certGen.SetIssuerDN(new X509Name(ord, attrs));
certGen.SetNotBefore(DateTime.UtcNow.AddDays(-1));
certGen.SetNotAfter(DateTime.UtcNow.AddDays(1));
certGen.SetSubjectDN(new X509Name(ord, attrs));
certGen.SetPublicKey(dsaPub);
certGen.SetSignatureAlgorithm("SHA1WITHDSA");
X509Certificate cert = certGen.Generate(dsaPriv);
// Assert.IsTrue((cert.IsValidNow && cert.Verify(dsaPub)), "Certificate failed to be valid (DSA Test)");
cert.CheckValidity();
cert.Verify(dsaPub);
ISet dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
dummySet = cert.GetNonCriticalExtensionOids();
if (dummySet != null)
{
foreach (string key in dummySet)
{
Console.WriteLine("\t{0}:\t{1}", key);
}
}
Console.WriteLine();
}
