public static void Rc4AndCngWrappersDontMixTest() { // // Combination of RC4 over a CAPI certificate. // // This works as long as the PKCS implementation opens the cert using CAPI. If he creates a CNG wrapper handle (by passing CRYPT_ACQUIRE_PREFER_NCRYPT_KEY_FLAG), // the test fails with a NOTSUPPORTED crypto exception inside Decrypt(). The same happens if the key is genuinely CNG. // byte[] content = { 6, 3, 128, 33, 44 }; AlgorithmIdentifier rc4 = new AlgorithmIdentifier(new Oid(Oids.Rc4)); EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(content), rc4); CmsRecipientCollection recipients = new CmsRecipientCollection(new CmsRecipient(Certificates.RSAKeyTransferCapi1.GetCertificate())); ecms.Encrypt(recipients); byte[] encodedMessage = ecms.Encode(); ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey()) { if (cert == null) return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can. X509Certificate2Collection extraStore = new X509Certificate2Collection(); extraStore.Add(cert); ecms.Decrypt(extraStore); } ContentInfo contentInfo = ecms.ContentInfo; Assert.Equal<byte>(content, contentInfo.Content); }
public byte[] encrypt(byte[] plainTest) { envelopedContentInfo = new ContentInfo(plainTest); envelopedCms = new EnvelopedCms(envelopedContentInfo); envelopeCmsResipient = new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, cryptographyClientCert); envelopedCms.Encrypt(envelopeCmsResipient); return envelopedCms.Encode(); }
private byte[] EncryptedBytes(byte[] bytes) { var contentInfo = new ContentInfo(bytes); var encryptAlgoOid = new Oid("2.16.840.1.101.3.4.1.42"); // AES-256-CBC var envelopedCms = new EnvelopedCms(contentInfo, new AlgorithmIdentifier(encryptAlgoOid)); var recipient = new CmsRecipient(CryptographicCertificate); envelopedCms.Encrypt(recipient); return envelopedCms.Encode(); }
/// <summary> /// Encrypts the specified string. /// </summary> /// <param name="plaintext">The plaintext to be encrypted.</param> /// <param name="certificate">The certificate to be used for encryption.</param> /// <returns>The encrypted text.</returns> public static string Encrypt(this string plaintext, X509Certificate2 certificate) { var contentInfo = new ContentInfo(Encoding.UTF8.GetBytes(plaintext)); var envelopedCms = new EnvelopedCms(contentInfo); var cmsRecipient = new CmsRecipient(certificate); envelopedCms.Encrypt(cmsRecipient); return Convert.ToBase64String(envelopedCms.Encode()); }
private byte[] Envelope(byte[] contentBytes) { Pkcs.ContentInfo content = new Pkcs.ContentInfo(contentBytes); Pkcs.EnvelopedCms envMsg = new Pkcs.EnvelopedCms(content); Pkcs.CmsRecipient recipient = new Pkcs.CmsRecipient(Pkcs.SubjectIdentifierType.IssuerAndSerialNumber, _recipientCert); envMsg.Encrypt(recipient); byte[] encryptedBytes = envMsg.Encode(); return(encryptedBytes); }
public static void DecodeCertificates0_RoundTrip() { ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); VerifyCertificates0(encodedMessage); }
public static void DecodeAlgorithmDes_RoundTrip() { AlgorithmIdentifier algorithm = new AlgorithmIdentifier(new Oid(Oids.Des)); ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo, algorithm); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); VerifyAlgorithmDes(encodedMessage); }
public static void DecodeRecipients3_RoundTrip() { ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); CmsRecipientCollection recipients = new CmsRecipientCollection(); foreach (X509Certificate2 cert in s_certs) { recipients.Add(new CmsRecipient(cert)); } ecms.Encrypt(recipients); byte[] encodedMessage = ecms.Encode(); VerifyRecipients3(encodedMessage); }
public static void ZeroLengthContent_RoundTrip() { ContentInfo contentInfo = new ContentInfo(Array.Empty<byte>()); EnvelopedCms ecms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); try { ecms.Encrypt(cmsRecipient); } catch (CryptographicException e) { throw new Exception("ecms.Encrypt() threw " + e.Message + ".\nIf you're running on the desktop CLR, this is actually an expected result."); } } byte[] encodedMessage = ecms.Encode(); ValidateZeroLengthContent(encodedMessage); }
public static void PostEncrypt_ContentInfo() { ContentInfo expectedContentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(expectedContentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { ecms.Encrypt(new CmsRecipient(cert)); } // Encrypting does not update ContentInfo. ContentInfo actualContentInfo = ecms.ContentInfo; Assert.Equal(expectedContentInfo.ContentType, actualContentInfo.ContentType); Assert.Equal<byte>(expectedContentInfo.Content, actualContentInfo.Content); }
private string Encrypt(string password, X509Certificate2 cert) { byte[] bytes = Encoding.UTF8.GetBytes(password); EnvelopedCms envelopedCms = new EnvelopedCms(new ContentInfo(bytes)); envelopedCms.Encrypt(new CmsRecipient(cert)); return Convert.ToBase64String(envelopedCms.Encode()); }
private static KeyTransRecipientInfo EncodeKeyTransl(SubjectIdentifierType type = SubjectIdentifierType.IssuerAndSerialNumber) { ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(type, cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); EnvelopedCms ecms2 = new EnvelopedCms(); ecms2.Decode(encodedMessage); RecipientInfoCollection recipients = ecms2.RecipientInfos; Assert.Equal(1, recipients.Count); RecipientInfo recipientInfo = recipients[0]; Assert.True(recipientInfo is KeyTransRecipientInfo); return (KeyTransRecipientInfo)recipientInfo; }
public static void DecryptMultipleRecipients() { // Force Decrypt() to try multiple recipients. Ensure that a failure to find a matching cert in one doesn't cause it to quit early. CertLoader[] certLoaders = new CertLoader[] { Certificates.RSAKeyTransfer1, Certificates.RSAKeyTransfer2, Certificates.RSAKeyTransfer3, }; byte[] content = { 6, 3, 128, 33, 44 }; EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(content), new AlgorithmIdentifier(new Oid(Oids.Aes256))); CmsRecipientCollection recipients = new CmsRecipientCollection(); foreach (CertLoader certLoader in certLoaders) { recipients.Add(new CmsRecipient(certLoader.GetCertificate())); } ecms.Encrypt(recipients); byte[] encodedMessage = ecms.Encode(); ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); // How do we know that Decrypt() tries receipients in the order they appear in ecms.RecipientInfos? Because we wrote the implementation. // Not that some future implementation can't ever change it but it's the best guess we have. RecipientInfo me = ecms.RecipientInfos[2]; CertLoader matchingCertLoader = null; for (int index = 0; index < recipients.Count; index++) { if (recipients[index].Certificate.Issuer == ((X509IssuerSerial)(me.RecipientIdentifier.Value)).IssuerName) { matchingCertLoader = certLoaders[index]; break; } } Assert.NotNull(matchingCertLoader); using (X509Certificate2 cert = matchingCertLoader.TryGetCertificateWithPrivateKey()) { if (cert == null) return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can. X509Certificate2Collection extraStore = new X509Certificate2Collection(); extraStore.Add(cert); ecms.Decrypt(extraStore); } ContentInfo contentInfo = ecms.ContentInfo; Assert.Equal<byte>(content, contentInfo.Content); }
public void EnvelopedCmsRecipientCollectionNull () { EnvelopedCms ep = new EnvelopedCms (); CmsRecipientCollection p7rc = null; // do not confuse compiler ep.Encrypt (p7rc); }
private static void TestSimpleDecrypt_RoundTrip(CertLoader certLoader, ContentInfo contentInfo, string algorithmOidValue, SubjectIdentifierType type) { // Deep-copy the contentInfo since the real ContentInfo doesn't do this. This defends against a bad implementation changing // our "expectedContentInfo" to match what it produces. ContentInfo expectedContentInfo = new ContentInfo(new Oid(contentInfo.ContentType), (byte[])(contentInfo.Content.Clone())); string certSubjectName; byte[] encodedMessage; using (X509Certificate2 certificate = certLoader.GetCertificate()) { certSubjectName = certificate.Subject; AlgorithmIdentifier alg = new AlgorithmIdentifier(new Oid(algorithmOidValue)); EnvelopedCms ecms = new EnvelopedCms(contentInfo, alg); CmsRecipient cmsRecipient = new CmsRecipient(type, certificate); ecms.Encrypt(cmsRecipient); encodedMessage = ecms.Encode(); } // We don't pass "certificate" down because it's expected that the certificate used for encrypting doesn't have a private key (part of the purpose of this test is // to ensure that you don't need the recipient's private key to encrypt.) The decrypt phase will have to locate the matching cert with the private key. VerifySimpleDecrypt(encodedMessage, certLoader, expectedContentInfo); }
public void EncryptEmpty () { EnvelopedCms ep = new EnvelopedCms (); ep.Encrypt (); }
public static void EnvelopedCmsEncryptWithNullRecipients() { EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(new byte[3])); Assert.Throws<ArgumentNullException>(() => ecms.Encrypt((CmsRecipientCollection)null)); }
public static void ReuseEnvelopeCmsEncodeThenDecode() { // Test ability to encrypt, encode and decode all in one EnvelopedCms instance. ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); ecms.Decode(encodedMessage); RecipientInfoCollection recipients = ecms.RecipientInfos; Assert.Equal(1, recipients.Count); RecipientInfo recipientInfo = recipients[0]; KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo; Assert.NotNull(recipientInfo); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName); Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber); }
private static byte[] CreateEcmsWithAttributes(params AsnEncodedData[] attributes) { ContentInfo contentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(contentInfo); foreach (AsnEncodedData attribute in attributes) { ecms.UnprotectedAttributes.Add(attribute); } using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } byte[] encodedMessage = ecms.Encode(); return encodedMessage; }
public static void PostEncrypt_Decrypt() { ContentInfo expectedContentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(expectedContentInfo); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { ecms.Encrypt(new CmsRecipient(cert)); } Assert.ThrowsAny<CryptographicException>(() => ecms.Decrypt()); }
public static void PostEncrypt_Version() { ContentInfo expectedContentInfo = new ContentInfo(new byte[] { 1, 2, 3 }); EnvelopedCms ecms = new EnvelopedCms(expectedContentInfo); int versionBeforeEncrypt = ecms.Version; using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { ecms.Encrypt(new CmsRecipient(cert)); } // Encrypt does not update Version member. Assert.Equal(versionBeforeEncrypt, ecms.Version); }
private byte[] Envelope(byte[] contentBytes) { Pkcs.ContentInfo content = new Pkcs.ContentInfo(contentBytes); Pkcs.EnvelopedCms envMsg = new Pkcs.EnvelopedCms(content); Pkcs.CmsRecipient recipient = new Pkcs.CmsRecipient(Pkcs.SubjectIdentifierType.IssuerAndSerialNumber, _recipientCert); envMsg.Encrypt(recipient); byte[] encryptedBytes = envMsg.Encode(); return encryptedBytes; }
public static void PostDecrypt_Encode() { byte[] expectedContent = { 6, 3, 128, 33, 44 }; EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(expectedContent)); ecms.Encrypt(new CmsRecipient(Certificates.RSAKeyTransfer1.GetCertificate())); byte[] encodedMessage = ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253" + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004818067" + "6bada56dcaf2e65226941242db73b5a5420a6212cd6af662db52fdc0ca63875cb69066f7074da0fc009ce724e2d73fb19380" + "2deea8d92b069486a41c7c4fc3cd0174a918a559f79319039b40ae797bcacc909c361275ee2a5b1f0ff09fb5c19508e3f5ac" + "051ac0f03603c27fb8993d49ac428f8bcfc23a90ef9b0fac0f423a302b06092a864886f70d010701301406082a864886f70d" + "0307040828dc4d72ca3132e48008546cc90f2c5d4b79").HexToByteArray(); ecms.Decode(encodedMessage); using (X509Certificate2 cer = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey()) { if (cer == null) return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can. X509Certificate2Collection extraStore = new X509Certificate2Collection(cer); RecipientInfoCollection r = ecms.RecipientInfos; ecms.Decrypt(r[0], extraStore); // Desktop compat: Calling Encode() at this point should have thrown an InvalidOperationException. Instead, it returns // the decrypted inner content (same as ecms.ContentInfo.Content). This is easy for someone to take a reliance on // so for compat sake, we'd better keep it. byte[] encoded = ecms.Encode(); Assert.Equal<byte>(expectedContent, encoded); } }
public static void ReuseEnvelopeCmsDecodeThenEncode() { byte[] encodedMessage = ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253" + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e" + "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c" + "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4" + "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d" + "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray(); EnvelopedCms ecms = new EnvelopedCms(); ecms.Decode(encodedMessage); using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate()) { CmsRecipient cmsRecipient = new CmsRecipient(cert); ecms.Encrypt(cmsRecipient); } encodedMessage = ecms.Encode(); ecms.Decode(encodedMessage); RecipientInfoCollection recipients = ecms.RecipientInfos; Assert.Equal(1, recipients.Count); RecipientInfo recipientInfo = recipients[0]; KeyTransRecipientInfo recipient = recipientInfo as KeyTransRecipientInfo; Assert.NotNull(recipientInfo); SubjectIdentifier subjectIdentifier = recipient.RecipientIdentifier; object value = subjectIdentifier.Value; Assert.True(value is X509IssuerSerial); X509IssuerSerial xis = (X509IssuerSerial)value; Assert.Equal("CN=RSAKeyTransfer1", xis.IssuerName); Assert.Equal("31D935FB63E8CFAB48A0BF7B397B67C0", xis.SerialNumber); }
public static void PostDecrypt_RecipientInfos() { byte[] expectedContent = { 6, 3, 128, 33, 44 }; EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(expectedContent)); ecms.Encrypt(new CmsRecipient(Certificates.RSAKeyTransfer1.GetCertificate())); byte[] encodedMessage = ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253" + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004818067" + "6bada56dcaf2e65226941242db73b5a5420a6212cd6af662db52fdc0ca63875cb69066f7074da0fc009ce724e2d73fb19380" + "2deea8d92b069486a41c7c4fc3cd0174a918a559f79319039b40ae797bcacc909c361275ee2a5b1f0ff09fb5c19508e3f5ac" + "051ac0f03603c27fb8993d49ac428f8bcfc23a90ef9b0fac0f423a302b06092a864886f70d010701301406082a864886f70d" + "0307040828dc4d72ca3132e48008546cc90f2c5d4b79").HexToByteArray(); ecms.Decode(encodedMessage); using (X509Certificate2 cer = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey()) { if (cer == null) return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can. X509Certificate2Collection extraStore = new X509Certificate2Collection(cer); RecipientInfoCollection col1 = ecms.RecipientInfos; ecms.Decrypt(col1[0], extraStore); // Make sure we can still RecipientInfos after a Decrypt() RecipientInfoCollection col2 = ecms.RecipientInfos; Assert.Equal(col1.Count, col2.Count); RecipientInfo r1 = col1[0]; RecipientInfo r2 = col2[0]; X509IssuerSerial is1 = (X509IssuerSerial)(r1.RecipientIdentifier.Value); X509IssuerSerial is2 = (X509IssuerSerial)(r2.RecipientIdentifier.Value); Assert.Equal(is1.IssuerName, is2.IssuerName); Assert.Equal(is1.SerialNumber, is2.SerialNumber); } }
public static void EnvelopedCmsEncryptWithZeroRecipients() { // On the desktop, this throws up a UI for the user to select a recipient. We don't support that. EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(new byte[3])); Assert.Throws<PlatformNotSupportedException>(() => ecms.Encrypt(new CmsRecipientCollection())); }
public void EncryptCmsRecipientUnknown () { ContentInfo ci = new ContentInfo (asnNull); EnvelopedCms ep = new EnvelopedCms (SubjectIdentifierType.IssuerAndSerialNumber, ci); X509Certificate2 x509 = GetCertificate (false); CmsRecipient p7r = new CmsRecipient (SubjectIdentifierType.Unknown, x509); ep.Encrypt (p7r); byte[] encoded = ep.Encode (); #if DEBUG FileStream fs = File.OpenWrite ("EncryptCmsRecipientUnknown.der"); fs.Write (encoded, 0, encoded.Length); fs.Close (); #endif RoundTrip (encoded); }
/// <summary> /// Encrypts the message and envelopes it for multiple recipients. /// </summary> /// <param name="recipients">An object containing the recipients' certificates with public keys.</param> /// <example> /// <code> /// [C#] /// /// CmsRecipientCollection recipients = new CmsRecipientCollection(); /// /// recipients.Add(new CmsRecipient(new X509Certificate2("C:\\recipient1.cer"))); /// recipients.Add(new CmsRecipient(new X509Certificate2("C:\\recipient2.cer"))); /// /// message.SmimeEnvelopeAndEncryptFor(recipients); /// </code> /// </example> public void SmimeEnvelopeAndEncryptFor(CmsRecipientCollection recipients) { string mimeString = this.ToMimeString(); byte[] toencrypt = Encoding.ASCII.GetBytes(mimeString); EnvelopedCms cms = new EnvelopedCms(new ContentInfo(toencrypt)); cms.Encrypt(recipients); MimePart envelope = new MimePart(); envelope.ContentType.MimeType = "application/pkcs7-mime"; envelope.ContentType.Parameters.Add("smime-type", "encrypted-data"); envelope.ContentType.Parameters.Add("name", "smime.p7m"); envelope.ContentDisposition.Disposition = "attachment"; envelope.ContentDisposition.FileName = "smime.p7m"; envelope.ContentTransferEncoding = ContentTransferEncoding.Base64; envelope.BinaryContent = cms.Encode(); this.PartTreeRoot = envelope; this.ContentType = this.PartTreeRoot.ContentType; this.ContentDisposition = this.PartTreeRoot.ContentDisposition; this.ContentTransferEncoding = this.PartTreeRoot.ContentTransferEncoding; }
public static byte[] Encrypt(byte[] data, X509Certificate2 encryptingCert) { ContentInfo plainContent = new ContentInfo(data); EnvelopedCms encryptedData = new EnvelopedCms(plainContent); CmsRecipient recipient = new CmsRecipient(encryptingCert); encryptedData.Encrypt(recipient); byte[] encryptedBytes = encryptedData.Encode(); return encryptedBytes; }
public void EnvelopedCmsRecipientNull () { EnvelopedCms ep = new EnvelopedCms (); CmsRecipient p7r = null; // do not confuse compiler ep.Encrypt (p7r); }
/// <summary> /// /// </summary> /// <param name="message"></param> /// <param name="encryptionCertificates"></param> /// <returns></returns> internal static byte[] EncryptMessage(Byte[] message, X509Certificate2Collection encryptionCertificates) { EnvelopedCms envelopedCms = new EnvelopedCms(new ContentInfo(message)); CmsRecipientCollection recipients = new CmsRecipientCollection(SubjectIdentifierType.IssuerAndSerialNumber, encryptionCertificates); envelopedCms.Encrypt(recipients); return envelopedCms.Encode(); }