// Note: PKCS#8 doesn't define how to generate the key required for encryption
// so you're on your own. Just don't try to copy the big guys too much ;)
// Netscape: http://www.cs.auckland.ac.nz/~pgut001/pubs/netscape.txt
// Microsoft: http://www.cs.auckland.ac.nz/~pgut001/pubs/breakms.txt
public byte[] GetBytes()
{
if (_algorithm == null)
{
throw new CryptographicException("No algorithm OID specified");
}
ASN1 encryptionAlgorithm = new ASN1(0x30);
encryptionAlgorithm.Add(ASN1Convert.FromOid(_algorithm));
// parameters ANY DEFINED BY algorithm OPTIONAL
if ((_iterations > 0) || (_salt != null))
{
ASN1 salt = new ASN1(0x04, _salt);
ASN1 iterations = ASN1Convert.FromInt32(_iterations);
ASN1 parameters = new ASN1(0x30);
parameters.Add(salt);
parameters.Add(iterations);
encryptionAlgorithm.Add(parameters);
}
// encapsulates EncryptedData into an OCTET STRING
ASN1 encryptedData = new ASN1(0x04, _data);
ASN1 encryptedPrivateKeyInfo = new ASN1(0x30);
encryptedPrivateKeyInfo.Add(encryptionAlgorithm);
encryptedPrivateKeyInfo.Add(encryptedData);
return(encryptedPrivateKeyInfo.GetBytes());
}
public byte[] GetBytes()
{
ASN1 privateKeyAlgorithm = new ASN1(0x30);
privateKeyAlgorithm.Add(ASN1Convert.FromOid(_algorithm));
privateKeyAlgorithm.Add(new ASN1(0x05)); // ASN.1 NULL
ASN1 pki = new ASN1(0x30);
pki.Add(new ASN1(0x02, new byte[1] {
(byte)_version
}));
pki.Add(privateKeyAlgorithm);
pki.Add(new ASN1(0x04, _key));
if (_list.Count > 0)
{
ASN1 attributes = new ASN1(0xA0);
foreach (ASN1 attribute in _list)
{
attributes.Add(attribute);
}
pki.Add(attributes);
}
return(pki.GetBytes());
}
// methods
private void Decode(byte[] data)
{
ASN1 encryptedPrivateKeyInfo = new ASN1(data);
if (encryptedPrivateKeyInfo.Tag != 0x30)
{
throw new CryptographicException("invalid EncryptedPrivateKeyInfo");
}
ASN1 encryptionAlgorithm = encryptedPrivateKeyInfo[0];
if (encryptionAlgorithm.Tag != 0x30)
{
throw new CryptographicException("invalid encryptionAlgorithm");
}
ASN1 algorithm = encryptionAlgorithm[0];
if (algorithm.Tag != 0x06)
{
throw new CryptographicException("invalid algorithm");
}
_algorithm = ASN1Convert.ToOid(algorithm);
// parameters ANY DEFINED BY algorithm OPTIONAL
if (encryptionAlgorithm.Count > 1)
{
ASN1 parameters = encryptionAlgorithm[1];
if (parameters.Tag != 0x30)
{
throw new CryptographicException("invalid parameters");
}
ASN1 salt = parameters[0];
if (salt.Tag != 0x04)
{
throw new CryptographicException("invalid salt");
}
_salt = salt.Value;
ASN1 iterationCount = parameters[1];
if (iterationCount.Tag != 0x02)
{
throw new CryptographicException("invalid iterationCount");
}
_iterations = ASN1Convert.ToInt32(iterationCount);
}
ASN1 encryptedData = encryptedPrivateKeyInfo[1];
if (encryptedData.Tag != 0x04)
{
throw new CryptographicException("invalid EncryptedData");
}
_data = encryptedData.Value;
}
// methods
private void Decode(byte[] data)
{
ASN1 privateKeyInfo = new ASN1(data);
if (privateKeyInfo.Tag != 0x30)
{
throw new CryptographicException("invalid PrivateKeyInfo");
}
ASN1 version = privateKeyInfo[0];
if (version.Tag != 0x02)
{
throw new CryptographicException("invalid version");
}
_version = version.Value[0];
ASN1 privateKeyAlgorithm = privateKeyInfo[1];
if (privateKeyAlgorithm.Tag != 0x30)
{
throw new CryptographicException("invalid algorithm");
}
ASN1 algorithm = privateKeyAlgorithm[0];
if (algorithm.Tag != 0x06)
{
throw new CryptographicException("missing algorithm OID");
}
_algorithm = ASN1Convert.ToOid(algorithm);
ASN1 privateKey = privateKeyInfo[2];
_key = privateKey.Value;
// attributes [0] IMPLICIT Attributes OPTIONAL
if (privateKeyInfo.Count > 3)
{
ASN1 attributes = privateKeyInfo[3];
for (int i = 0; i < attributes.Count; i++)
{
_list.Add(attributes[i]);
}
}
}
/*
* RSAPrivateKey ::= SEQUENCE {
* version Version,
* modulus INTEGER, -- n
* publicExponent INTEGER, -- e
* privateExponent INTEGER, -- d
* prime1 INTEGER, -- p
* prime2 INTEGER, -- q
* exponent1 INTEGER, -- d mod (p-1)
* exponent2 INTEGER, -- d mod (q-1)
* coefficient INTEGER, -- (inverse of q) mod p
* otherPrimeInfos OtherPrimeInfos OPTIONAL
* }
*/
static public byte[] Encode(RSA rsa)
{
RSAParameters param = rsa.ExportParameters(true);
ASN1 rsaPrivateKey = new ASN1(0x30);
rsaPrivateKey.Add(new ASN1(0x02, new byte[1] {
0x00
}));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Modulus));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Exponent));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.D));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.P));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.Q));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DP));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.DQ));
rsaPrivateKey.Add(ASN1Convert.FromUnsignedBigInteger(param.InverseQ));
return(rsaPrivateKey.GetBytes());
}
static public byte[] Encode(DSA dsa)
{
DSAParameters param = dsa.ExportParameters(true);
return(ASN1Convert.FromUnsignedBigInteger(param.X).GetBytes());
}