public static X509Certificate2 GenerateSelfSignedCertEcdsa()
{
var randomGenerator = new CryptoApiRandomGenerator();
var random = new SecureRandom(randomGenerator);
var certificateGenerator = new X509V3CertificateGenerator();
var serialNumber =
BigIntegers.CreateRandomInRange(
BigInteger.One, BigInteger.ValueOf(Int64.MaxValue), random);
certificateGenerator.SetSerialNumber(serialNumber);
const string signatureAlgorithm = "SHA256withECDSA";
certificateGenerator.SetSignatureAlgorithm(signatureAlgorithm);
var subjectDN = new X509Name("CN=simpletorrent");
var issuerDN = subjectDN;
certificateGenerator.SetIssuerDN(issuerDN);
certificateGenerator.SetSubjectDN(subjectDN);
var notBefore = DateTime.UtcNow.Date.AddHours(-24);
var notAfter = notBefore.AddYears(1000);
certificateGenerator.SetNotBefore(notBefore);
certificateGenerator.SetNotAfter(notAfter);
ECKeyGenerationParameters genParam
= new ECKeyGenerationParameters(X962NamedCurves.GetOid("prime256v1"), random);
var keyPairGenerator = new ECKeyPairGenerator();
keyPairGenerator.Init(genParam);
var subjectKeyPair = keyPairGenerator.GenerateKeyPair();
certificateGenerator.SetPublicKey(subjectKeyPair.Public);
var issuerKeyPair = subjectKeyPair;
var certificate = certificateGenerator.Generate(issuerKeyPair.Private, random);
var store = new Pkcs12Store();
string friendlyName = certificate.SubjectDN.ToString();
var certificateEntry = new X509CertificateEntry(certificate);
store.SetCertificateEntry(friendlyName, certificateEntry);
store.SetKeyEntry(friendlyName, new AsymmetricKeyEntry(subjectKeyPair.Private), new[] { certificateEntry });
string password = "******";
var stream = new MemoryStream();
store.Save(stream, password.ToCharArray(), random);
//mono bug #1660 fix -> convert to definite-length encoding
byte[] pfx = Pkcs12Utilities.ConvertToDefiniteLength(stream.ToArray(), password.ToCharArray());
var convertedCertificate =
new X509Certificate2(
pfx, password,
X509KeyStorageFlags.PersistKeySet | X509KeyStorageFlags.Exportable);
return(convertedCertificate);
}
private static AsymmetricCipherKeyPair GenerateKeyPairEcc()
{
var oid = X962NamedCurves.GetOid("prime256v1");
var generator = new ECKeyPairGenerator();
var genParam = new ECKeyGenerationParameters(oid, RandomUtil.SecureRandomBc);
generator.Init(genParam);
return(generator.GenerateKeyPair());
}
/// <summary>
/// Determine the curve OID from an EC key blob
/// </summary>
/// <param name="magic">Magic number</param>
/// <returns>Curve OID</returns>
private static DerObjectIdentifier getCurveOid(int magic, CurveNamespace nameSpace)
{
switch (magic)
{
case (int)KeyBlobMagicNumber.ECDHPublicP256:
case (int)KeyBlobMagicNumber.ECDsaPublicP256:
switch (nameSpace)
{
case CurveNamespace.X962:
return(X962NamedCurves.GetOid("prime256v1"));
case CurveNamespace.NIST:
return(NistNamedCurves.GetOid("P-256"));
case CurveNamespace.SEC:
return(SecNamedCurves.GetOid("SecP256r1"));
}
break;
case (int)KeyBlobMagicNumber.ECDHPublicP384:
case (int)KeyBlobMagicNumber.ECDsaPublicP384:
switch (nameSpace)
{
case CurveNamespace.X962: // These aren't in the BC list
return(X962NamedCurves.GetOid("prime384v1"));
case CurveNamespace.NIST:
return(NistNamedCurves.GetOid("P-384"));
case CurveNamespace.SEC:
return(SecNamedCurves.GetOid("SecP384r1"));
}
break;
case (int)KeyBlobMagicNumber.ECDHPublicP521:
case (int)KeyBlobMagicNumber.ECDsaPublicP521:
switch (nameSpace)
{
case CurveNamespace.X962: // These aren't in the BC list
return(X962NamedCurves.GetOid("prime521v1"));
case CurveNamespace.NIST:
return(NistNamedCurves.GetOid("P-521"));
case CurveNamespace.SEC:
return(SecNamedCurves.GetOid("SecP521r1"));
}
break;
}
return(null);
}
public static DerObjectIdentifier GetOid(string name)
{
DerObjectIdentifier oid = X962NamedCurves.GetOid(name);
if (oid == null)
{
oid = SecNamedCurves.GetOid(name);
}
if (oid == null)
{
oid = NistNamedCurves.GetOid(name);
}
if (oid == null)
{
oid = TeleTrusTNamedCurves.GetOid(name);
}
if (oid == null)
{
oid = AnssiNamedCurves.GetOid(name);
}
return(oid);
}