public void _01_GenerateKeyTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Prepare attribute template of new key List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>(); objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true)); // Specify key generation mechanism Mechanism mechanism = new Mechanism(CKM.CKM_DES3_KEY_GEN); // Generate key ObjectHandle objectHandle = session.GenerateKey(mechanism, objectAttributes); // Do something interesting with generated key // Destroy object session.DestroyObject(objectHandle); session.Logout(); } } }
public void _02_DigestMultiPartTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RO session using (Session session = slot.OpenSession(true)) { // Specify digesting mechanism Mechanism mechanism = new Mechanism(CKM.CKM_SHA_1); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); byte[] digest = null; // Multipart digesting can be used i.e. for digesting of streamed data using (MemoryStream inputStream = new MemoryStream(sourceData)) { // Digest data digest = session.Digest(mechanism, inputStream); } // Do something interesting with digest value Assert.IsTrue(Convert.ToBase64String(digest) == "e1AsOh9IyGCa4hLN+2Od7jlnP14="); } } }
public void _01_BasicSignEncryptAndDecryptVerifyTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate asymetric key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Specify signing mechanism Mechanism signingMechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS); // Generate symetric key ObjectHandle secretKey = Helpers.GenerateKey(session); // Generate random initialization vector byte[] iv = session.GenerateRandom(8); // Specify encryption mechanism with initialization vector as parameter Mechanism encryptionMechanism = new Mechanism(CKM.CKM_DES3_CBC, iv); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Passw0rd"); // Sign and encrypt data byte[] signature = null; byte[] encryptedData = null; session.SignEncrypt(signingMechanism, privateKey, encryptionMechanism, secretKey, sourceData, out signature, out encryptedData); // Do something interesting with signature and encrypted data // Decrypt data and verify signature of data byte[] decryptedData = null; bool isValid = false; session.DecryptVerify(signingMechanism, publicKey, encryptionMechanism, secretKey, encryptedData, signature, out decryptedData, out isValid); // Do something interesting with decrypted data and verification result Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData)); Assert.IsTrue(isValid); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.DestroyObject(secretKey); session.Logout(); } } }
public void _01_BasicWrapAndUnwrapKeyTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate asymetric key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Generate symetric key ObjectHandle secretKey = Helpers.GenerateKey(session); // Specify wrapping mechanism Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS); // Wrap key byte[] wrappedKey = session.WrapKey(mechanism, publicKey, secretKey); // Do something interesting with wrapped key Assert.IsNotNull(wrappedKey); // Define attributes for unwrapped key List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>(); objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_DERIVE, true)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_EXTRACTABLE, true)); // Unwrap key ObjectHandle unwrappedKey = session.UnwrapKey(mechanism, privateKey, wrappedKey, objectAttributes); // Do something interesting with unwrapped key Assert.IsTrue(unwrappedKey.ObjectId != CK.CK_INVALID_HANDLE); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.DestroyObject(secretKey); session.Logout(); } } }
public void _01_BasicDigestEncryptAndDecryptDigestTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate symetric key ObjectHandle generatedKey = Helpers.GenerateKey(session); // Generate random initialization vector byte[] iv = session.GenerateRandom(8); // Specify encryption mechanism with initialization vector as parameter Mechanism encryptionMechanism = new Mechanism(CKM.CKM_DES3_CBC, iv); // Specify digesting mechanism Mechanism digestingMechanism = new Mechanism(CKM.CKM_SHA_1); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Our new password"); // Encrypt and digest data byte[] digest1 = null; byte[] encryptedData = null; session.DigestEncrypt(digestingMechanism, encryptionMechanism, generatedKey, sourceData, out digest1, out encryptedData); // Do something interesting with encrypted data and digest // Decrypt and digest data byte[] digest2 = null; byte[] decryptedData = null; session.DecryptDigest(digestingMechanism, encryptionMechanism, generatedKey, encryptedData, out digest2, out decryptedData); // Do something interesting with decrypted data and digest Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData)); Assert.IsTrue(Convert.ToBase64String(digest1) == Convert.ToBase64String(digest2)); session.DestroyObject(generatedKey); session.Logout(); } } }
public void _01_BasicSignAndVerifyRecoverTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Specify signing mechanism Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); // Sign data byte[] signature = session.SignRecover(mechanism, privateKey, sourceData); // Do something interesting with signature // Verify signature bool isValid = false; byte[] recoveredData = session.VerifyRecover(mechanism, publicKey, signature, out isValid); // Do something interesting with verification result and recovered data Assert.IsTrue(isValid); Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(recoveredData)); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.Logout(); } } }
public void _01_DigestSinglePartTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RO session using (Session session = slot.OpenSession(true)) { // Specify digesting mechanism Mechanism mechanism = new Mechanism(CKM.CKM_SHA_1); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); // Digest data byte[] digest = session.Digest(mechanism, sourceData); // Do something interesting with digest value Assert.IsTrue(Convert.ToBase64String(digest) == "e1AsOh9IyGCa4hLN+2Od7jlnP14="); } } }
public void _01_BasicDeriveKeyTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate symetric key ObjectHandle baseKey = Helpers.GenerateKey(session); // Generate random data needed for key derivation byte[] data = session.GenerateRandom(24); // Specify mechanism parameters CkKeyDerivationStringData mechanismParams = new CkKeyDerivationStringData(data); // Specify derivation mechanism with parameters Mechanism mechanism = new Mechanism(CKM.CKM_XOR_BASE_AND_DATA, mechanismParams); // Derive key ObjectHandle derivedKey = session.DeriveKey(mechanism, baseKey, null); // Do something interesting with derived key Assert.IsTrue(derivedKey.ObjectId != CK.CK_INVALID_HANDLE); session.DestroyObject(baseKey); session.DestroyObject(derivedKey); session.Logout(); } } }
/// <summary> /// Derives a key from a base key, creating a new key object /// </summary> /// <param name="mechanism">Derivation mechanism</param> /// <param name="baseKeyHandle">Handle of base key</param> /// <param name="attributes">Attributes for the new key</param> /// <returns>Handle of derived key</returns> public ObjectHandle DeriveKey(Mechanism mechanism, ObjectHandle baseKeyHandle, List<ObjectAttribute> attributes) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (baseKeyHandle == null) throw new ArgumentNullException("baseKeyHandle"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) { List<HighLevelAPI40.ObjectAttribute> hlaAttributes = ObjectAttribute.ConvertToHighLevelAPI40List(attributes); HighLevelAPI40.ObjectHandle unwrappedKeyHandle = _session40.DeriveKey(mechanism.Mechanism40, baseKeyHandle.ObjectHandle40, hlaAttributes); return new ObjectHandle(unwrappedKeyHandle); } else { List<HighLevelAPI41.ObjectAttribute> hlaAttributes = ObjectAttribute.ConvertToHighLevelAPI41List(attributes); HighLevelAPI41.ObjectHandle unwrappedKeyHandle = _session41.DeriveKey(mechanism.Mechanism41, baseKeyHandle.ObjectHandle41, hlaAttributes); return new ObjectHandle(unwrappedKeyHandle); } } else { if (Platform.StructPackingSize == 0) { List<HighLevelAPI80.ObjectAttribute> hlaAttributes = ObjectAttribute.ConvertToHighLevelAPI80List(attributes); HighLevelAPI80.ObjectHandle unwrappedKeyHandle = _session80.DeriveKey(mechanism.Mechanism80, baseKeyHandle.ObjectHandle80, hlaAttributes); return new ObjectHandle(unwrappedKeyHandle); } else { List<HighLevelAPI81.ObjectAttribute> hlaAttributes = ObjectAttribute.ConvertToHighLevelAPI81List(attributes); HighLevelAPI81.ObjectHandle unwrappedKeyHandle = _session81.DeriveKey(mechanism.Mechanism81, baseKeyHandle.ObjectHandle81, hlaAttributes); return new ObjectHandle(unwrappedKeyHandle); } } }
/// <summary> /// Wraps (i.e., encrypts) a private or secret key /// </summary> /// <param name="mechanism">Wrapping mechanism</param> /// <param name="wrappingKeyHandle">Handle of wrapping key</param> /// <param name="keyHandle">Handle of key to be wrapped</param> /// <returns>Wrapped key</returns> public byte[] WrapKey(Mechanism mechanism, ObjectHandle wrappingKeyHandle, ObjectHandle keyHandle) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (wrappingKeyHandle == null) throw new ArgumentNullException("wrappingKeyHandle"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) return _session40.WrapKey(mechanism.Mechanism40, wrappingKeyHandle.ObjectHandle40, keyHandle.ObjectHandle40); else return _session41.WrapKey(mechanism.Mechanism41, wrappingKeyHandle.ObjectHandle41, keyHandle.ObjectHandle41); } else { if (Platform.StructPackingSize == 0) return _session80.WrapKey(mechanism.Mechanism80, wrappingKeyHandle.ObjectHandle80, keyHandle.ObjectHandle80); else return _session81.WrapKey(mechanism.Mechanism81, wrappingKeyHandle.ObjectHandle81, keyHandle.ObjectHandle81); } }
/// <summary> /// Generates a public/private key pair, creating new key objects /// </summary> /// <param name="mechanism">Key generation mechanism</param> /// <param name="publicKeyAttributes">Attributes of the public key</param> /// <param name="privateKeyAttributes">Attributes of the private key</param> /// <param name="publicKeyHandle">Handle of the new public key</param> /// <param name="privateKeyHandle">Handle of the new private key</param> public void GenerateKeyPair(Mechanism mechanism, List<ObjectAttribute> publicKeyAttributes, List<ObjectAttribute> privateKeyAttributes, out ObjectHandle publicKeyHandle, out ObjectHandle privateKeyHandle) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) { List<HighLevelAPI40.ObjectAttribute> hlaPublicKeyAttributes = ObjectAttribute.ConvertToHighLevelAPI40List(publicKeyAttributes); List<HighLevelAPI40.ObjectAttribute> hlaPrivateKeyAttributes = ObjectAttribute.ConvertToHighLevelAPI40List(privateKeyAttributes); HighLevelAPI40.ObjectHandle hlaPublicKeyHandle = null; HighLevelAPI40.ObjectHandle hlaPrivateKeyHandle = null; _session40.GenerateKeyPair(mechanism.Mechanism40, hlaPublicKeyAttributes, hlaPrivateKeyAttributes, out hlaPublicKeyHandle, out hlaPrivateKeyHandle); publicKeyHandle = new ObjectHandle(hlaPublicKeyHandle); privateKeyHandle = new ObjectHandle(hlaPrivateKeyHandle); } else { List<HighLevelAPI41.ObjectAttribute> hlaPublicKeyAttributes = ObjectAttribute.ConvertToHighLevelAPI41List(publicKeyAttributes); List<HighLevelAPI41.ObjectAttribute> hlaPrivateKeyAttributes = ObjectAttribute.ConvertToHighLevelAPI41List(privateKeyAttributes); HighLevelAPI41.ObjectHandle hlaPublicKeyHandle = null; HighLevelAPI41.ObjectHandle hlaPrivateKeyHandle = null; _session41.GenerateKeyPair(mechanism.Mechanism41, hlaPublicKeyAttributes, hlaPrivateKeyAttributes, out hlaPublicKeyHandle, out hlaPrivateKeyHandle); publicKeyHandle = new ObjectHandle(hlaPublicKeyHandle); privateKeyHandle = new ObjectHandle(hlaPrivateKeyHandle); } } else { if (Platform.StructPackingSize == 0) { List<HighLevelAPI80.ObjectAttribute> hlaPublicKeyAttributes = ObjectAttribute.ConvertToHighLevelAPI80List(publicKeyAttributes); List<HighLevelAPI80.ObjectAttribute> hlaPrivateKeyAttributes = ObjectAttribute.ConvertToHighLevelAPI80List(privateKeyAttributes); HighLevelAPI80.ObjectHandle hlaPublicKeyHandle = null; HighLevelAPI80.ObjectHandle hlaPrivateKeyHandle = null; _session80.GenerateKeyPair(mechanism.Mechanism80, hlaPublicKeyAttributes, hlaPrivateKeyAttributes, out hlaPublicKeyHandle, out hlaPrivateKeyHandle); publicKeyHandle = new ObjectHandle(hlaPublicKeyHandle); privateKeyHandle = new ObjectHandle(hlaPrivateKeyHandle); } else { List<HighLevelAPI81.ObjectAttribute> hlaPublicKeyAttributes = ObjectAttribute.ConvertToHighLevelAPI81List(publicKeyAttributes); List<HighLevelAPI81.ObjectAttribute> hlaPrivateKeyAttributes = ObjectAttribute.ConvertToHighLevelAPI81List(privateKeyAttributes); HighLevelAPI81.ObjectHandle hlaPublicKeyHandle = null; HighLevelAPI81.ObjectHandle hlaPrivateKeyHandle = null; _session81.GenerateKeyPair(mechanism.Mechanism81, hlaPublicKeyAttributes, hlaPrivateKeyAttributes, out hlaPublicKeyHandle, out hlaPrivateKeyHandle); publicKeyHandle = new ObjectHandle(hlaPublicKeyHandle); privateKeyHandle = new ObjectHandle(hlaPrivateKeyHandle); } } }
/// <summary> /// Signs multi-part data, where the signature is an appendix to the data /// </summary> /// <param name="mechanism">Signature mechanism</param> /// <param name="keyHandle">Signature key</param> /// <param name="inputStream">Input stream from which data should be read</param> /// <returns>Signature</returns> public byte[] Sign(Mechanism mechanism, ObjectHandle keyHandle, Stream inputStream) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); if (inputStream == null) throw new ArgumentNullException("inputStream"); return Sign(mechanism, keyHandle, inputStream, 4096); }
/// <summary> /// Generates asymetric key pair /// </summary> /// <param name='session'>Read-write session with user logged in</param> /// <param name='ckaLabel'>Value of CKA_LABEL attribute for generated keys</param> /// <param name='ckaId'>Value of CKA_ID attribute for generated keys</param> /// <param name='publicKeyHandle'>Output parameter for public key object handle</param> /// <param name='privateKeyHandle'>Output parameter for private key object handle</param> public static void GenerateKeyPair(Session session, string ckaLabel, byte[] ckaId, out ObjectHandle publicKeyHandle, out ObjectHandle privateKeyHandle) { // Prepare attribute template of new public key List<ObjectAttribute> publicKeyAttributes = new List<ObjectAttribute>(); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY_RECOVER, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_WRAP, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_MODULUS_BITS, 1024)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 })); // Prepare attribute template of new private key List<ObjectAttribute> privateKeyAttributes = new List<ObjectAttribute>(); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true)); // Specify key generation mechanism Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN); // Generate key pair session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle); }
public void _02_GenerateKeyPairTest() { using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // The CKA_ID attribute is intended as a means of distinguishing multiple key pairs held by the same subject byte[] ckaId = session.GenerateRandom(20); // Prepare attribute template of new public key List<ObjectAttribute> publicKeyAttributes = new List<ObjectAttribute>(); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY_RECOVER, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_WRAP, true)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_MODULUS_BITS, 1024)); publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 })); // Prepare attribute template of new private key List<ObjectAttribute> privateKeyAttributes = new List<ObjectAttribute>(); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, Settings.ApplicationName)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SENSITIVE, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_SIGN_RECOVER, true)); privateKeyAttributes.Add(new ObjectAttribute(CKA.CKA_UNWRAP, true)); // Specify key generation mechanism Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_KEY_PAIR_GEN); // Generate key pair ObjectHandle publicKeyHandle = null; ObjectHandle privateKeyHandle = null; session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out publicKeyHandle, out privateKeyHandle); // Do something interesting with generated key pair // Destroy keys session.DestroyObject(privateKeyHandle); session.DestroyObject(publicKeyHandle); session.Logout(); } } }
/// <summary> /// Decrypts single-part data /// </summary> /// <param name="mechanism">Decryption mechanism</param> /// <param name="keyHandle">Handle of the decryption key</param> /// <param name="encryptedData">Data to be decrypted</param> /// <returns>Decrypted data</returns> public byte[] Decrypt(Mechanism mechanism, ObjectHandle keyHandle, byte[] encryptedData) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); if (encryptedData == null) throw new ArgumentNullException("encryptedData"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) return _session40.Decrypt(mechanism.Mechanism40, keyHandle.ObjectHandle40, encryptedData); else return _session41.Decrypt(mechanism.Mechanism41, keyHandle.ObjectHandle41, encryptedData); } else { if (Platform.StructPackingSize == 0) return _session80.Decrypt(mechanism.Mechanism80, keyHandle.ObjectHandle80, encryptedData); else return _session81.Decrypt(mechanism.Mechanism81, keyHandle.ObjectHandle81, encryptedData); } }
/// <summary> /// Signs and encrypts data /// </summary> /// <param name="signingMechanism">Signing mechanism</param> /// <param name="signingKeyHandle">Handle of the signing key</param> /// <param name="encryptionMechanism">Encryption mechanism</param> /// <param name="encryptionKeyHandle">Handle of the encryption key</param> /// <param name="inputStream">Input stream from which data to be processed should be read</param> /// <param name="outputStream">Output stream where encrypted data should be written</param> /// <returns>Signature</returns> public byte[] SignEncrypt(Mechanism signingMechanism, ObjectHandle signingKeyHandle, Mechanism encryptionMechanism, ObjectHandle encryptionKeyHandle, Stream inputStream, Stream outputStream) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (signingMechanism == null) throw new ArgumentNullException("signingMechanism"); if (signingKeyHandle == null) throw new ArgumentNullException("signingKeyHandle"); if (encryptionMechanism == null) throw new ArgumentNullException("encryptionMechanism"); if (encryptionKeyHandle == null) throw new ArgumentNullException("encryptionKeyHandle"); if (inputStream == null) throw new ArgumentNullException("inputStream"); if (outputStream == null) throw new ArgumentNullException("outputStream"); return SignEncrypt(signingMechanism, signingKeyHandle, encryptionMechanism, encryptionKeyHandle, inputStream, outputStream, 4096); }
/// <summary> /// Signs and encrypts data /// </summary> /// <param name="signingMechanism">Signing mechanism</param> /// <param name="signingKeyHandle">Handle of the signing key</param> /// <param name="encryptionMechanism">Encryption mechanism</param> /// <param name="encryptionKeyHandle">Handle of the encryption key</param> /// <param name="data">Data to be processed</param> /// <param name="signature">Signature</param> /// <param name="encryptedData">Encrypted data</param> public void SignEncrypt(Mechanism signingMechanism, ObjectHandle signingKeyHandle, Mechanism encryptionMechanism, ObjectHandle encryptionKeyHandle, byte[] data, out byte[] signature, out byte[] encryptedData) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (signingMechanism == null) throw new ArgumentNullException("signingMechanism"); if (signingKeyHandle == null) throw new ArgumentNullException("signingKeyHandle"); if (encryptionMechanism == null) throw new ArgumentNullException("encryptionMechanism"); if (encryptionKeyHandle == null) throw new ArgumentNullException("encryptionKeyHandle"); if (data == null) throw new ArgumentNullException("data"); using (MemoryStream inputMemoryStream = new MemoryStream(data), outputMemorySteam = new MemoryStream()) { signature = SignEncrypt(signingMechanism, signingKeyHandle, encryptionMechanism, encryptionKeyHandle, inputMemoryStream, outputMemorySteam); encryptedData = outputMemorySteam.ToArray(); } }
/// <summary> /// Digests and decrypts data /// </summary> /// <param name="digestingMechanism">Digesting mechanism</param> /// <param name="decryptionMechanism">Decryption mechanism</param> /// <param name="keyHandle">Handle of the decryption key</param> /// <param name="inputStream">Input stream from which data to be processed should be read</param> /// <param name="outputStream">Output stream where decrypted data should be written</param> /// <returns>Digest</returns> public byte[] DecryptDigest(Mechanism digestingMechanism, Mechanism decryptionMechanism, ObjectHandle keyHandle, Stream inputStream, Stream outputStream) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (digestingMechanism == null) throw new ArgumentNullException("digestingMechanism"); if (decryptionMechanism == null) throw new ArgumentNullException("decryptionMechanism"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); if (inputStream == null) throw new ArgumentNullException("inputStream"); if (outputStream == null) throw new ArgumentNullException("outputStream"); return DecryptDigest(digestingMechanism, decryptionMechanism, keyHandle, inputStream, outputStream, 4096); }
/// <summary> /// Digests and decrypts data /// </summary> /// <param name="digestingMechanism">Digesting mechanism</param> /// <param name="decryptionMechanism">Decryption mechanism</param> /// <param name="keyHandle">Handle of the decryption key</param> /// <param name="data">Data to be processed</param> /// <param name="digest">Digest</param> /// <param name="decryptedData">Decrypted data</param> public void DecryptDigest(Mechanism digestingMechanism, Mechanism decryptionMechanism, ObjectHandle keyHandle, byte[] data, out byte[] digest, out byte[] decryptedData) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (digestingMechanism == null) throw new ArgumentNullException("digestingMechanism"); if (decryptionMechanism == null) throw new ArgumentNullException("decryptionMechanism"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); if (data == null) throw new ArgumentNullException("data"); using (MemoryStream inputMemoryStream = new MemoryStream(data), outputMemorySteam = new MemoryStream()) { digest = DecryptDigest(digestingMechanism, decryptionMechanism, keyHandle, inputMemoryStream, outputMemorySteam); decryptedData = outputMemorySteam.ToArray(); } }
/// <summary> /// Verifies signature of data, where the data can be recovered from the signature /// </summary> /// <param name="mechanism">Verification mechanism;</param> /// <param name="keyHandle">Verification key</param> /// <param name="signature">Signature</param> /// <param name="isValid">Flag indicating whether signature is valid</param> /// <returns>Data recovered from the signature</returns> public byte[] VerifyRecover(Mechanism mechanism, ObjectHandle keyHandle, byte[] signature, out bool isValid) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); if (signature == null) throw new ArgumentNullException("signature"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) return _session40.VerifyRecover(mechanism.Mechanism40, keyHandle.ObjectHandle40, signature, out isValid); else return _session41.VerifyRecover(mechanism.Mechanism41, keyHandle.ObjectHandle41, signature, out isValid); } else { if (Platform.StructPackingSize == 0) return _session80.VerifyRecover(mechanism.Mechanism80, keyHandle.ObjectHandle80, signature, out isValid); else return _session81.VerifyRecover(mechanism.Mechanism81, keyHandle.ObjectHandle81, signature, out isValid); } }
/// <summary> /// Verifies a signature of data, where the signature is an appendix to the data /// </summary> /// <param name="mechanism">Verification mechanism;</param> /// <param name="keyHandle">Verification key</param> /// <param name="inputStream">Input stream from which data that was signed should be read</param> /// <param name="signature">Signature</param> /// <param name="isValid">Flag indicating whether signature is valid</param> public void Verify(Mechanism mechanism, ObjectHandle keyHandle, Stream inputStream, byte[] signature, out bool isValid) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); if (inputStream == null) throw new ArgumentNullException("inputStream"); if (signature == null) throw new ArgumentNullException("signature"); Verify(mechanism, keyHandle, inputStream, signature, out isValid, 4096); }
/// <summary> /// Encrypts multi-part data /// </summary> /// <param name="mechanism">Encryption mechanism</param> /// <param name="keyHandle">Handle of the encryption key</param> /// <param name="inputStream">Input stream from which data to be encrypted should be read</param> /// <param name="outputStream">Output stream where encrypted data should be written</param> public void Encrypt(Mechanism mechanism, ObjectHandle keyHandle, Stream inputStream, Stream outputStream) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); if (inputStream == null) throw new ArgumentNullException("inputStream"); if (outputStream == null) throw new ArgumentNullException("outputStream"); Encrypt(mechanism, keyHandle, inputStream, outputStream, 4096); }
/// <summary> /// Encrypts multi-part data /// </summary> /// <param name="mechanism">Encryption mechanism</param> /// <param name="keyHandle">Handle of the encryption key</param> /// <param name="inputStream">Input stream from which data to be encrypted should be read</param> /// <param name="outputStream">Output stream where encrypted data should be written</param> /// <param name="bufferLength">Size of read buffer in bytes</param> public void Encrypt(Mechanism mechanism, ObjectHandle keyHandle, Stream inputStream, Stream outputStream, int bufferLength) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (keyHandle == null) throw new ArgumentNullException("keyHandle"); if (inputStream == null) throw new ArgumentNullException("inputStream"); if (outputStream == null) throw new ArgumentNullException("outputStream"); if (bufferLength < 1) throw new ArgumentException("Value has to be positive number", "bufferLength"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) _session40.Encrypt(mechanism.Mechanism40, keyHandle.ObjectHandle40, inputStream, outputStream, bufferLength); else _session41.Encrypt(mechanism.Mechanism41, keyHandle.ObjectHandle41, inputStream, outputStream, bufferLength); } else { if (Platform.StructPackingSize == 0) _session80.Encrypt(mechanism.Mechanism80, keyHandle.ObjectHandle80, inputStream, outputStream, bufferLength); else _session81.Encrypt(mechanism.Mechanism81, keyHandle.ObjectHandle81, inputStream, outputStream, bufferLength); } }
/// <summary> /// Digests multi-part data /// </summary> /// <param name="mechanism">Digesting mechanism</param> /// <param name="inputStream">Input stream from which data should be read</param> /// <returns>Digest</returns> public byte[] Digest(Mechanism mechanism, Stream inputStream) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (inputStream == null) throw new ArgumentNullException("inputStream"); return Digest(mechanism, inputStream, 4096); }
/// <summary> /// Digests single-part data /// </summary> /// <param name="mechanism">Digesting mechanism</param> /// <param name="data">Data to be digested</param> /// <returns>Digest</returns> public byte[] Digest(Mechanism mechanism, byte[] data) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (data == null) throw new ArgumentNullException("data"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) return _session40.Digest(mechanism.Mechanism40, data); else return _session41.Digest(mechanism.Mechanism41, data); } else { if (Platform.StructPackingSize == 0) return _session80.Digest(mechanism.Mechanism80, data); else return _session81.Digest(mechanism.Mechanism81, data); } }
/// <summary> /// Decrypts data and verifies a signature of data /// </summary> /// <param name="verificationMechanism">Verification mechanism</param> /// <param name="verificationKeyHandle">Handle of the verification key</param> /// <param name="decryptionMechanism">Decryption mechanism</param> /// <param name="decryptionKeyHandle">Handle of the decryption key</param> /// <param name="data">Data to be processed</param> /// <param name="signature">Signature</param> /// <param name="decryptedData">Decrypted data</param> /// <param name="isValid">Flag indicating whether signature is valid</param> public void DecryptVerify(Mechanism verificationMechanism, ObjectHandle verificationKeyHandle, Mechanism decryptionMechanism, ObjectHandle decryptionKeyHandle, byte[] data, byte[] signature, out byte[] decryptedData, out bool isValid) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (verificationMechanism == null) throw new ArgumentNullException("verificationMechanism"); if (verificationKeyHandle == null) throw new ArgumentNullException("verificationKeyHandle"); if (decryptionMechanism == null) throw new ArgumentNullException("decryptionMechanism"); if (decryptionKeyHandle == null) throw new ArgumentNullException("decryptionKeyHandle"); if (data == null) throw new ArgumentNullException("data"); if (signature == null) throw new ArgumentNullException("signature"); using (MemoryStream inputMemoryStream = new MemoryStream(data), outputMemorySteam = new MemoryStream()) { DecryptVerify(verificationMechanism, verificationKeyHandle, decryptionMechanism, decryptionKeyHandle, inputMemoryStream, outputMemorySteam, signature, out isValid); decryptedData = outputMemorySteam.ToArray(); } }
/// <summary> /// Decrypts data and verifies a signature of data /// </summary> /// <param name="verificationMechanism">Verification mechanism</param> /// <param name="verificationKeyHandle">Handle of the verification key</param> /// <param name="decryptionMechanism">Decryption mechanism</param> /// <param name="decryptionKeyHandle">Handle of the decryption key</param> /// <param name="inputStream">Input stream from which data to be processed should be read</param> /// <param name="outputStream">Output stream where decrypted data should be written</param> /// <param name="signature">Signature</param> /// <param name="isValid">Flag indicating whether signature is valid</param> public void DecryptVerify(Mechanism verificationMechanism, ObjectHandle verificationKeyHandle, Mechanism decryptionMechanism, ObjectHandle decryptionKeyHandle, Stream inputStream, Stream outputStream, byte[] signature, out bool isValid) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (verificationMechanism == null) throw new ArgumentNullException("verificationMechanism"); if (verificationKeyHandle == null) throw new ArgumentNullException("verificationKeyHandle"); if (decryptionMechanism == null) throw new ArgumentNullException("decryptionMechanism"); if (decryptionKeyHandle == null) throw new ArgumentNullException("decryptionKeyHandle"); if (inputStream == null) throw new ArgumentNullException("inputStream"); if (outputStream == null) throw new ArgumentNullException("outputStream"); if (signature == null) throw new ArgumentNullException("signature"); DecryptVerify(verificationMechanism, verificationKeyHandle, decryptionMechanism, decryptionKeyHandle, inputStream, outputStream, signature, out isValid, 4096); }
/// <summary> /// Decrypts data and verifies a signature of data /// </summary> /// <param name="verificationMechanism">Verification mechanism</param> /// <param name="verificationKeyHandle">Handle of the verification key</param> /// <param name="decryptionMechanism">Decryption mechanism</param> /// <param name="decryptionKeyHandle">Handle of the decryption key</param> /// <param name="inputStream">Input stream from which data to be processed should be read</param> /// <param name="outputStream">Output stream where decrypted data should be written</param> /// <param name="signature">Signature</param> /// <param name="isValid">Flag indicating whether signature is valid</param> /// <param name="bufferLength">Size of read buffer in bytes</param> public void DecryptVerify(Mechanism verificationMechanism, ObjectHandle verificationKeyHandle, Mechanism decryptionMechanism, ObjectHandle decryptionKeyHandle, Stream inputStream, Stream outputStream, byte[] signature, out bool isValid, int bufferLength) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (verificationMechanism == null) throw new ArgumentNullException("verificationMechanism"); if (verificationKeyHandle == null) throw new ArgumentNullException("verificationKeyHandle"); if (decryptionMechanism == null) throw new ArgumentNullException("decryptionMechanism"); if (decryptionKeyHandle == null) throw new ArgumentNullException("decryptionKeyHandle"); if (inputStream == null) throw new ArgumentNullException("inputStream"); if (outputStream == null) throw new ArgumentNullException("outputStream"); if (signature == null) throw new ArgumentNullException("signature"); if (bufferLength < 1) throw new ArgumentException("Value has to be positive number", "bufferLength"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) _session40.DecryptVerify(verificationMechanism.Mechanism40, verificationKeyHandle.ObjectHandle40, decryptionMechanism.Mechanism40, decryptionKeyHandle.ObjectHandle40, inputStream, outputStream, signature, out isValid, bufferLength); else _session41.DecryptVerify(verificationMechanism.Mechanism41, verificationKeyHandle.ObjectHandle41, decryptionMechanism.Mechanism41, decryptionKeyHandle.ObjectHandle41, inputStream, outputStream, signature, out isValid, bufferLength); } else { if (Platform.StructPackingSize == 0) _session80.DecryptVerify(verificationMechanism.Mechanism80, verificationKeyHandle.ObjectHandle80, decryptionMechanism.Mechanism80, decryptionKeyHandle.ObjectHandle80, inputStream, outputStream, signature, out isValid, bufferLength); else _session81.DecryptVerify(verificationMechanism.Mechanism81, verificationKeyHandle.ObjectHandle81, decryptionMechanism.Mechanism81, decryptionKeyHandle.ObjectHandle81, inputStream, outputStream, signature, out isValid, bufferLength); } }
/// <summary> /// Signs and encrypts data /// </summary> /// <param name="signingMechanism">Signing mechanism</param> /// <param name="signingKeyHandle">Handle of the signing key</param> /// <param name="encryptionMechanism">Encryption mechanism</param> /// <param name="encryptionKeyHandle">Handle of the encryption key</param> /// <param name="inputStream">Input stream from which data to be processed should be read</param> /// <param name="outputStream">Output stream where encrypted data should be written</param> /// <param name="bufferLength">Size of read buffer in bytes</param> /// <returns>Signature</returns> public byte[] SignEncrypt(Mechanism signingMechanism, ObjectHandle signingKeyHandle, Mechanism encryptionMechanism, ObjectHandle encryptionKeyHandle, Stream inputStream, Stream outputStream, int bufferLength) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (signingMechanism == null) throw new ArgumentNullException("signingMechanism"); if (signingKeyHandle == null) throw new ArgumentNullException("signingKeyHandle"); if (encryptionMechanism == null) throw new ArgumentNullException("encryptionMechanism"); if (encryptionKeyHandle == null) throw new ArgumentNullException("encryptionKeyHandle"); if (inputStream == null) throw new ArgumentNullException("inputStream"); if (outputStream == null) throw new ArgumentNullException("outputStream"); if (bufferLength < 1) throw new ArgumentException("Value has to be positive number", "bufferLength"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) return _session40.SignEncrypt(signingMechanism.Mechanism40, signingKeyHandle.ObjectHandle40, encryptionMechanism.Mechanism40, encryptionKeyHandle.ObjectHandle40, inputStream, outputStream, bufferLength); else return _session41.SignEncrypt(signingMechanism.Mechanism41, signingKeyHandle.ObjectHandle41, encryptionMechanism.Mechanism41, encryptionKeyHandle.ObjectHandle41, inputStream, outputStream, bufferLength); } else { if (Platform.StructPackingSize == 0) return _session80.SignEncrypt(signingMechanism.Mechanism80, signingKeyHandle.ObjectHandle80, encryptionMechanism.Mechanism80, encryptionKeyHandle.ObjectHandle80, inputStream, outputStream, bufferLength); else return _session81.SignEncrypt(signingMechanism.Mechanism81, signingKeyHandle.ObjectHandle81, encryptionMechanism.Mechanism81, encryptionKeyHandle.ObjectHandle81, inputStream, outputStream, bufferLength); } }
/// <summary> /// Digests multi-part data /// </summary> /// <param name="mechanism">Digesting mechanism</param> /// <param name="inputStream">Input stream from which data should be read</param> /// <param name="bufferLength">Size of read buffer in bytes</param> /// <returns>Digest</returns> public byte[] Digest(Mechanism mechanism, Stream inputStream, int bufferLength) { if (this._disposed) throw new ObjectDisposedException(this.GetType().FullName); if (mechanism == null) throw new ArgumentNullException("mechanism"); if (inputStream == null) throw new ArgumentNullException("inputStream"); if (bufferLength < 1) throw new ArgumentException("Value has to be positive number", "bufferLength"); if (Platform.UnmanagedLongSize == 4) { if (Platform.StructPackingSize == 0) return _session40.Digest(mechanism.Mechanism40, inputStream, bufferLength); else return _session41.Digest(mechanism.Mechanism41, inputStream, bufferLength); } else { if (Platform.StructPackingSize == 0) return _session80.Digest(mechanism.Mechanism80, inputStream, bufferLength); else return _session81.Digest(mechanism.Mechanism81, inputStream, bufferLength); } }