/// <summary> /// Initializes a new instance of the <see cref="AsymmetricCryptoKeyStoreWrapper"/> class. /// </summary> /// <param name="dataStore">The data store.</param> /// <param name="asymmetricCrypto">The asymmetric protection to apply to symmetric keys. Must include the private key.</param> public AsymmetricCryptoKeyStoreWrapper(ICryptoKeyStore dataStore, RSACryptoServiceProvider asymmetricCrypto) { Contract.Requires<ArgumentNullException>(dataStore != null); Contract.Requires<ArgumentNullException>(asymmetricCrypto != null); Contract.Requires<ArgumentException>(!asymmetricCrypto.PublicOnly); this.dataStore = dataStore; this.asymmetricCrypto = asymmetricCrypto; }
public static string Decrypt(this string stringToDecrypt, string key) { if (string.IsNullOrEmpty(stringToDecrypt)) { throw new ArgumentException("An empty string value cannot be encrypted."); } if (string.IsNullOrEmpty(key)) { throw new ArgumentException("Cannot decrypt using an empty key. Please supply a decryption key."); } //var cspp = new CspParameters { KeyContainerName = key }; var cspp = new CspParameters { KeyContainerName = key, Flags = CspProviderFlags.UseMachineKeyStore }; var rsa = new RSACryptoServiceProvider(cspp) { PersistKeyInCsp = true }; var decryptArray = stringToDecrypt.Split(new[] { "-" }, StringSplitOptions.None); var decryptByteArray = Array.ConvertAll(decryptArray, (s => Convert.ToByte(byte.Parse(s, System.Globalization.NumberStyles.HexNumber)))); byte[] bytes = rsa.Decrypt(decryptByteArray, true); string result = System.Text.Encoding.UTF8.GetString(bytes); return result; }
protected void btnEncrypt_Click(object sender, EventArgs e) { try { string dataToEncrypt = "revathis"; // byte[] inputData = null; byte[] encryptedData; // inputData= Convert.ToByte(dataToEncrypt); using (RSACryptoServiceProvider rsaServiceProvider = new RSACryptoServiceProvider()) { // dataToEncrypt //inputData = rsaServiceProvider. encryptedData= rsaServiceProvider.Encrypt(Encoding.ASCII.GetBytes(dataToEncrypt), false); Response.Write("Encrypted Data: "); foreach (byte byteItem in encryptedData) { Response.Write(byteItem); } } } catch (Exception) { throw; } }
//static RSACryptoServiceProvider RSA; //public static void ExportParameters() //{ // var publicKey = RSA.ExportParameters(false); // // +Exponent { byte[3]} // //+Modulus { byte[256]} //} public async Task<byte[]> Encrypt(byte[] Exponent, byte[] Modulus) { // https://sites.google.com/a/jsc-solutions.net/backlog/knowledge-base/2015/201503/20150323 // encrypted state sharing. // what about import? // http://bouncy-castle.1462172.n4.nabble.com/Interoperability-issue-with-SunJCE-OAEP-td4656157.html // http://www.w3.org/TR/WebCryptoAPI/#rsa-oaep // RSA/ECB/OAEPWithSHA-1AndMGF1Padding // X:\jsc.svn\examples\java\hybrid\JVMCLRCryptoKeyExport\JVMCLRCryptoKeyExport\Program.cs //var n = new RSACryptoServiceProvider(2048); var n = new RSACryptoServiceProvider(); // can we import in java android? n.ImportParameters( new RSAParameters { Exponent = Exponent, Modulus = Modulus } ); // http://stackoverflow.com/questions/9839274/rsa-encryption-by-supplying-modulus-and-exponent var value = n.Encrypt( Encoding.UTF8.GetBytes("hello from server"), fOAEP: true ); //Array.Reverse(value); return value; }
protected override void OnConnect() { base.OnConnect(); m_rsa = new RSACryptoServiceProvider(); RSAParameters para = m_rsa.ExportParameters(false); SendRSAKey(para.Modulus, para.Exponent); }
public ProxyRsaKeyParameters(RSACryptoServiceProvider proxy) : base(false, new Math.BigInteger(1, proxy.ExportParameters(false).Modulus), new Math.BigInteger(1, proxy.ExportParameters(false).Exponent)) { this.proxy = proxy; }
static void EncryptSomeText() { string dataToBeEncrypted = "My secret text!"; Console.WriteLine("Original: {0}", dataToBeEncrypted); var encryptedData = Encrypt(dataToBeEncrypted); Console.WriteLine("Cipher data: {0}", encryptedData.Aggregate<byte, string>("", (s, b) => s += b.ToString())); var decryptedString = Decrypt(encryptedData); Console.WriteLine("Decrypted:{0}", decryptedString); // As you can see, you first need to convert the data you want to encrypt to a byte sequence. // To encrypt the data, you need only the public key. // You then use the private key to decrypt the data. // Because of this, it’s important to store the private key in a secure location. // If you would store it in plain text on disk or even in a nonsecure memory location, // your private key could be extracted and your security would be compromised. // The .NET Framework offers a secure location for storing asymmetric keys in a key container. // A key container can be specific to a user or to the whole machine. // This example shows how to configure an RSACryptoServiceProvider to use a key container for saving and loading the asymmetric key. UnicodeEncoding ByteConverter = new UnicodeEncoding(); byte[] dataToEncrypt = ByteConverter.GetBytes(dataToBeEncrypted); string containerName = "SecretContainer"; CspParameters csp = new CspParameters() { KeyContainerName = containerName }; using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(csp)) { var encryptedByteData = RSA.Encrypt(dataToEncrypt, false); } }
public static string RSAEncrypt(string source, string xmlKey) { using (var rsa = new RSACryptoServiceProvider(1024)) { rsa.FromXmlString(xmlKey); var encrypted = rsa.Encrypt(Encoding.UTF8.GetBytes(source), false); return BytesToHex(encrypted); } }
public string Calculate(string input, RSACryptoServiceProvider provider) { byte[] podatki = Encoding.ASCII.GetBytes(input); byte[] signature = provider.SignData(podatki, CryptoConfig.MapNameToOID("SHA256")); return this.CalculateMD5Hash(signature); }
// Copied from ACS code // This method returns an AsymmetricSignatureFormatter capable of supporting Sha256 signatures. private static RSACryptoServiceProvider GetCryptoProviderForSha256(RSACryptoServiceProvider rsaProvider) { const int PROV_RSA_AES = 24; // CryptoApi provider type for an RSA provider supporting sha-256 digital signatures if (rsaProvider.CspKeyContainerInfo.ProviderType == PROV_RSA_AES) { return rsaProvider; } CspParameters csp = new CspParameters { ProviderType = PROV_RSA_AES, KeyContainerName = rsaProvider.CspKeyContainerInfo.KeyContainerName, KeyNumber = (int)rsaProvider.CspKeyContainerInfo.KeyNumber }; if (rsaProvider.CspKeyContainerInfo.MachineKeyStore) { csp.Flags = CspProviderFlags.UseMachineKeyStore; } // // If UseExistingKey is not specified, the CLR will generate a key for a non-existent group. // With this flag, a CryptographicException is thrown instead. // csp.Flags |= CspProviderFlags.UseExistingKey; return new RSACryptoServiceProvider(csp); }
public static bool CompareCode(string regcode) { if (regcode == null || regcode == "") { return false; } try { string toolcode = GetDiskVolumeSerialNumber() + GetCpuSerialNumber(); string pubkey = "<RSAKeyValue><Modulus>xe3teTUwLgmbiwFJwWEQnshhKxgcasglGsfNVFTk0hdqKc9i7wb+gG7HOdPZLh65QyBcFfzdlrawwVkiPEL5kNTX1q3JW5J49mTVZqWd3w49reaLd8StHRYJdyGAL4ZovBhSTThETi+zYvgQ5SvCGkM6/xXOz+lkMaEgeFcjQQs=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue>"; string prikey = "<RSAKeyValue><Modulus>xe3teTUwLgmbiwFJwWEQnshhKxgcasglGsfNVFTk0hdqKc9i7wb+gG7HOdPZLh65QyBcFfzdlrawwVkiPEL5kNTX1q3JW5J49mTVZqWd3w49reaLd8StHRYJdyGAL4ZovBhSTThETi+zYvgQ5SvCGkM6/xXOz+lkMaEgeFcjQQs=</Modulus><Exponent>AQAB</Exponent><P>5flMAd7IrUTx92yomBdJBPDzp1Kclpaw4uXB1Ht+YXqwLW/9icI6mcv7d2O0kuVLSWj8DPZJol9V8AtvHkC3oQ==</P><Q>3FRA9UWcFrVPvGR5bewcL7YqkCMZlybV/t6nCH+gyMfbEvgk+p04F+j8WiHDykWj+BahjScjwyF5SGADbrfJKw==</Q><DP>b4WOU1XbERNfF3JM67xW/5ttPNX185zN2Ko8bbMZXWImr1IgrD5RNqXRo1rphVbGRKoxmIOSv7flr8uLrisKIQ==</DP><DQ>otSZlSq2qomgvgg7PaOLSS+F0TQ/i1emO0/tffhkqT4ah7BgE97xP6puJWZivjAteAGxrxHH+kPY0EY1AzRMNQ==</DQ><InverseQ>Sxyz0fEf5m7GrzAngLDRP/i+QDikJFfM6qPyr3Ub6Y5RRsFbeOWY1tX3jmV31zv4cgJ6donH7W2dSBPi67sSsw==</InverseQ><D>nVqofsIgSZltxTcC8fA/DFz1kxMaFHKFvSK3RKIxQC1JQ3ASkUEYN/baAElB0f6u/oTNcNWVPOqE31IDe7ErQelVc4D26RgFd5V7dSsF3nVz00s4mq1qUBnCBLPIrdb0rcQZ8FUQTsd96qW8Foave4tm8vspbM65iVUBBVdSYYE=</D></RSAKeyValue>"; using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider()) { rsa.FromXmlString(pubkey); RSAPKCS1SignatureDeformatter f = new RSAPKCS1SignatureDeformatter(rsa); f.SetHashAlgorithm("SHA1"); SHA1Managed sha = new SHA1Managed(); byte[] name = sha.ComputeHash(ASCIIEncoding.ASCII.GetBytes(toolcode)); byte[] key = Convert.FromBase64String(regcode); return f.VerifySignature(name, key); } } catch { return false; } }
public static void EncryptSomeText() { //Init keys GeneratePublicAndPrivateKeys(); UnicodeEncoding ByteConverter = new UnicodeEncoding(); byte[] dataToEncrypt = ByteConverter.GetBytes("My ultra secret message!"); byte[] encryptedData; using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider()) { RSA.FromXmlString(publicKeyXML); encryptedData = RSA.Encrypt(dataToEncrypt, false); } byte[] decryptedData; using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider()) { RSA.FromXmlString(privateKeyXML); decryptedData = RSA.Decrypt(encryptedData, false); } string decryptedString = ByteConverter.GetString(decryptedData); Console.WriteLine(decryptedString); }
public string RSADecrypt(string xmlPrivateKey, byte[] DecryptString) { RSACryptoServiceProvider provider1 = new RSACryptoServiceProvider(); provider1.FromXmlString(xmlPrivateKey); byte[] buffer1 = provider1.Decrypt(DecryptString, false); return new UnicodeEncoding().GetString(buffer1); }
public string RSAEncrypt(string xmlPublicKey, byte[] EncryptString) { RSACryptoServiceProvider provider1 = new RSACryptoServiceProvider(); provider1.FromXmlString(xmlPublicKey); byte[] buffer1 = provider1.Encrypt(EncryptString, false); return Convert.ToBase64String(buffer1); }
static void Main(string[] args) { // Create digital signature algortihm object // This will generate private/public key pair RSACryptoServiceProvider signer = new RSACryptoServiceProvider(); // array to hold signature - will be shared byte[] signature = null; // string to hold public key - will be shared string publicKey = null; using(FileStream file = new FileStream(@"info.txt", FileMode.Open, FileAccess.Read)) { // read file to be used to create signature into a byte array BinaryReader reader = new BinaryReader(file); byte[] data = reader.ReadBytes((int)file.Length); // create signature by signing data - generates a digital signature by first // generating the hash the data and then generate a signature based on the // hash and the private key // file, signature and public key are then shared with the recipient signature = signer.SignData(data,new SHA1CryptoServiceProvider()); // export public key publicKey = signer.ToXmlString(false); reader.Close(); file.Close(); } // Create digital signature algortihm object // which will use the public key exported by the signer RSACryptoServiceProvider verifier = new RSACryptoServiceProvider(); verifier.FromXmlString(publicKey); using (FileStream file2 = new FileStream(@"info.txt", FileMode.Open, FileAccess.Read)) { // read file to be used to verify the signature into a byte array BinaryReader reader2 = new BinaryReader(file2); byte[] data2 = reader2.ReadBytes((int)file2.Length); // verify the signature based on the contents of the file // verification will only succeed if the signature was generated from this // file using the correct private key, thus confirming the identity of the // signer if (verifier.VerifyData(data2, new SHA1CryptoServiceProvider(), signature)) { Console.WriteLine("Verified"); } else { Console.WriteLine("NOT verified"); } reader2.Close(); file2.Close(); } }
public IHttpActionResult DecodeToken(string access_token) { var tokenReceived = new JwtSecurityToken(access_token); var publicOnly = new RSACryptoServiceProvider(); publicOnly.FromXmlString(_configuration.PublicKey.FromBase64String()); var validationParameters = new TokenValidationParameters { ValidIssuer = _configuration.Issuer ,ValidAudience = "http://mysite.com" ,IssuerSigningToken = new RsaSecurityToken(publicOnly) ,ValidateLifetime = true }; var recipientTokenHandler = new JwtSecurityTokenHandler(); SecurityToken securityToken; var claimsPrincipal = recipientTokenHandler.ValidateToken(access_token, validationParameters, out securityToken); var currentTime = (long) (DateTime.UtcNow - new DateTime(1970, 1, 1)).TotalSeconds; if (tokenReceived.Payload.Exp < currentTime) { throw new SecurityTokenValidationException(string.Format("Lifetime validation failed. The token is expired. ValidTo: '{0}' Current time: '{1}'.", tokenReceived.ValidTo, DateTime.UtcNow)); } return Ok(new { header = tokenReceived.Header, payload = tokenReceived.Payload, current = currentTime }); }
public static string Encrypt(string data) { try { var rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(_publicKey); var dataToEncrypt = _encoder.GetBytes(data); var encryptedByteArray = rsa.Encrypt(dataToEncrypt, false).ToArray(); var length = encryptedByteArray.Count(); var item = 0; var sb = new StringBuilder(); foreach (var x in encryptedByteArray) { item++; sb.Append(x); if (item < length) sb.Append(","); } return sb.ToString(); } catch (Exception) { throw new RSAException(); } }
public async Task<IHttpActionResult> CreateToken(Token token) { var publicAndPrivate = new RSACryptoServiceProvider(); publicAndPrivate.FromXmlString(_configuration.PrivateKey.FromBase64String()); var jwtToken = new JwtSecurityToken( issuer: _configuration.Issuer, audience: "http://mysite.com" , claims: new List<Claim>() { new Claim(ClaimTypes.Name, token.username) } , notBefore: DateTime.UtcNow , expires: DateTime.UtcNow.AddMinutes(1) , signingCredentials: new SigningCredentials( new RsaSecurityKey(publicAndPrivate) ,SecurityAlgorithms.RsaSha256Signature ,SecurityAlgorithms.Sha256Digest) ); var tokenHandler = new JwtSecurityTokenHandler(); var tokenString = tokenHandler.WriteToken(jwtToken); return Ok(new { access_token = tokenString, expires_in = new TimeSpan(0,0, 1,0).TotalSeconds, expires_on = (long)(DateTime.UtcNow.AddMinutes(1) - new DateTime(1970, 1, 1)).TotalSeconds }); }
static OAuthServerHelper() { RSAParameters privateRsaParameters; RSAParameters publicRsaParameters; using (var rsaKeyGen = new RSACryptoServiceProvider(RsaKeySize)) { privateRsaParameters = rsaKeyGen.ExportParameters(true); publicRsaParameters = rsaKeyGen.ExportParameters(false); } Tuple<byte[], byte[]> aesKeyAndIV; using (var aesKeyGen = new AesCryptoServiceProvider()) { aesKeyAndIV = Tuple.Create(aesKeyGen.Key, aesKeyGen.IV); } rsa = new ThreadLocal<RSACryptoServiceProvider>(() => { var result = new RSACryptoServiceProvider(); result.ImportParameters(privateRsaParameters); return result; }); aes = new ThreadLocal<AesCryptoServiceProvider>(() => { var result = new AesCryptoServiceProvider(); result.Key = aesKeyAndIV.Item1; result.IV = aesKeyAndIV.Item2; return result; }); rsaExponent = OAuthHelper.BytesToString(publicRsaParameters.Exponent); rsaModulus = OAuthHelper.BytesToString(publicRsaParameters.Modulus); }
public void AssignNewKey() { using (var rsa = new RSACryptoServiceProvider(2048)) { rsa.PersistKeyInCsp = false; //in memory publicKey = rsa.ExportParameters(false); privateKey = rsa.ExportParameters(true); return; //to file File.WriteAllText(@"C:\git\CryptographyDemo\CryptographyDemo\bin\Debug\public.txt", rsa.ToXmlString(false)); File.WriteAllText(@"C:\git\CryptographyDemo\CryptographyDemo\bin\Debug\private.txt", rsa.ToXmlString(true)); } //To key container, stored for windows user const int providerRsaFull = 1; CspParameters cspParams = new CspParameters(providerRsaFull); cspParams.KeyContainerName = "TomsContainer"; cspParams.Flags = CspProviderFlags.UseMachineKeyStore; cspParams.ProviderName = "Microsoft Strong Cryptographic Provider"; var rsa2 = new RSACryptoServiceProvider(cspParams); rsa2.PersistKeyInCsp = true; // SHOULD THEN DELETE KEY }
static public byte[] RSADecrypt(byte[] DataToDecrypt, RSAParameters RSAKeyInfo, bool DoOAEPPadding) { try { byte[] decryptedData; //Create a new instance of RSACryptoServiceProvider. using (RSACryptoServiceProvider RSA = new RSACryptoServiceProvider()) { //Import the RSA Key information. This needs //to include the private key information. RSA.ImportParameters(RSAKeyInfo); //Decrypt the passed byte array and specify OAEP padding. //OAEP padding is only available on Microsoft Windows XP or //later. decryptedData = RSA.Decrypt(DataToDecrypt, DoOAEPPadding); } return decryptedData; } //Catch and display a CryptographicException //to the console. catch (CryptographicException e) { Console.WriteLine(e.ToString()); return null; } }
public void Assign() { // AssignParameter(); RSA = new RSACryptoServiceProvider(1024); if (File.Exists(@"C:\Users\Chris\Documents\Cambridge\Part II Project\Code\Encryption Example\EncryptionExample\privatekey.xml") == true) File.Delete(@"C:\Users\Chris\Documents\Cambridge\Part II Project\Code\Encryption Example\EncryptionExample\privatekey.xml"); if (File.Exists(@"C:\Users\Chris\Documents\Cambridge\Part II Project\Code\Encryption Example\EncryptionExample\publickey.xml") == true) File.Delete(@"C:\Users\Chris\Documents\Cambridge\Part II Project\Code\Encryption Example\EncryptionExample\publickey.xml"); //provide public and private RSA params FileStream fs = new FileStream(@"C:\Users\Chris\Documents\Cambridge\Part II Project\Code\Encryption Example\EncryptionExample\privatekey.xml", FileMode.CreateNew, FileAccess.ReadWrite); StreamWriter sw = new StreamWriter(fs); string publicPrivateKeyXML = RSA.ToXmlString(true); sw.Write(publicPrivateKeyXML); sw.Close(); fs.Close(); FileStream fs2 = new FileStream(@"C:\Users\Chris\Documents\Cambridge\Part II Project\Code\Encryption Example\EncryptionExample\publickey.xml", FileMode.CreateNew, FileAccess.ReadWrite); StreamWriter sw2 = new StreamWriter(fs2); string publicOnlyKeyXML = RSA.ToXmlString(false); sw2.Write(publicOnlyKeyXML); sw2.Close(); fs2.Close(); }
public static string Text_Encryption(string text, int bits, string encryption_key) { StringBuilder result = new StringBuilder(""); try { RSACryptoServiceProvider rsacsp = new RSACryptoServiceProvider(bits); rsacsp.FromXmlString(encryption_key); int key = bits / 8; Byte[] bites = Encoding.UTF32.GetBytes(text); int max_length = key - 42; int data_length = bites.Length; int iterations = data_length / max_length; for (int i = 0; i <= iterations; i++) { int total_bytes = (data_length - max_length * i > max_length) ? max_length : data_length - max_length * i; Byte[] temp_bytes = new Byte[total_bytes]; Buffer.BlockCopy(bites, max_length * i, temp_bytes, 0, temp_bytes.Length); Byte[] encrypted_bytes = rsacsp.Encrypt(temp_bytes, true); Array.Reverse(encrypted_bytes); result.Append(Convert.ToBase64String(encrypted_bytes)); } } catch (Exception e) { result.Append("<Error>" + e.Message + "</Error>"); } return result.ToString(); }
public static Boolean Test(int keySize) { Boolean bRes = true; Byte[] abPlain = { 0, 1, 2, 3, 4, 5, 6, 7 }; Byte[] abCipher = null; int kl = keySize; try { using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(kl)) { abCipher = rsa.Encrypt(abPlain); Log.Comment("Cipher is : "); PrintByteArray(abCipher); abCipher = rsa.Decrypt(abCipher); } Log.Comment("Decrypted plaintext is : "); PrintByteArray(abCipher); if (!Compare(abPlain, abCipher)) { bRes = false; Log.Comment("Failed to decrypt to the original plaintext"); } } catch (Exception e) { Log.Comment("Exception ocured :\n" + e.ToString()); bRes = false; } return bRes; }
public static string Text_Decryption(string text, int bits, string encryption_key) { string result = String.Empty; ArrayList list = new ArrayList(); try { RSACryptoServiceProvider rsacsp = new RSACryptoServiceProvider(bits); rsacsp.FromXmlString(encryption_key); int blockSizeBase64 = (bits / 8 % 3 != 0) ? (((bits / 8) / 3) * 4) + 4 : ((bits / 8) / 3) * 4; int iterations = text.Length / blockSizeBase64; for (int i = 0; i < iterations; i++) { Byte[] encrypted_bytes = Convert.FromBase64String(text.Substring(blockSizeBase64 * i, blockSizeBase64)); Array.Reverse(encrypted_bytes); list.AddRange(rsacsp.Decrypt(encrypted_bytes, true)); } } catch (Exception e) { result = "<Error>" + e.Message + "</Error>"; } result = Encoding.UTF32.GetString((Byte[])list.ToArray(typeof(Byte))); return result; }
/// <summary> /// Initializes a new instance of the <see cref="AsymmetricCryptoKeyStoreWrapper"/> class. /// </summary> /// <param name="dataStore">The data store.</param> /// <param name="asymmetricCrypto">The asymmetric protection to apply to symmetric keys. Must include the private key.</param> public AsymmetricCryptoKeyStoreWrapper(ICryptoKeyStore dataStore, RSACryptoServiceProvider asymmetricCrypto) { Requires.NotNull(dataStore, "dataStore"); Requires.NotNull(asymmetricCrypto, "asymmetricCrypto"); Requires.True(!asymmetricCrypto.PublicOnly, "asymmetricCrypto"); this.dataStore = dataStore; this.asymmetricCrypto = asymmetricCrypto; }
public void GeneratedXmlIsSerializableToLicenseDetails() { // Setup var key = new RSACryptoServiceProvider(); var generator = new LicenseGenerator(key); var testLicense = new LicenseDetails { StartDate = DateTime.Now, EndDate = DateTime.Now.AddMonths(1), Application = "Test App", MinVersion = new SerializableVersion(1, 2, 3, 4), MaxVersion = new SerializableVersion(5, 6, 7, 8), LicensedUserName = "******", LicenseKey = "1234", CustomValues = new SerializableDictionary<string, string> { {"Key1", "val2"}, {"Key2", "Val2"} } }; // Test var rawXml = generator.GenerateSignedXml(testLicense); // Verify LicenseDetails verificationLicense; Assert.IsNotNullOrEmpty(rawXml, "Null or empty xml returned"); var deserializer = new XmlSerializer(typeof (LicenseDetails)); using (TextReader reader = new StringReader(rawXml)) verificationLicense = (LicenseDetails) deserializer.Deserialize(reader); Assert.IsTrue(testLicense.Equals(verificationLicense), "Licenses were not equal"); }
/// <summary> /// Floating 라이선스를 생성합니다. /// 참고 : http://en.wikipedia.org/wiki/Floating_licensing /// </summary> /// <param name="privateKey">제품의 Private Key</param> /// <param name="name">라이선스 명</param> /// <param name="publicKey">제품의 Public Key</param> /// <returns>Floating License의 XML 문자열</returns> public static string GenerateFloatingLicense(string privateKey, string name, string publicKey) { if(IsDebugEnabled) log.Debug("Floating License를 생성합니다... privateKey=[{0}], name=[{1}], publicKey=[{2}]", privateKey, name, publicKey); using(var rsa = new RSACryptoServiceProvider()) { rsa.FromXmlString(privateKey); var doc = new XmlDocument(); var licenseElement = doc.CreateElement(LicensingSR.FloatingLicense); doc.AppendChild(licenseElement); var publicKeyElement = doc.CreateElement(LicensingSR.LicenseServerPublicKey); licenseElement.AppendChild(publicKeyElement); publicKeyElement.InnerText = publicKey; var nameElement = doc.CreateElement(LicensingSR.LicenseName); licenseElement.AppendChild(nameElement); nameElement.InnerText = name; var signatureElement = GetXmlDigitalSignature(doc, rsa); doc.FirstChild.AppendChild(doc.ImportNode(signatureElement, true)); using(var ms = new MemoryStream()) using(var xw = XmlWriter.Create(ms, new XmlWriterSettings { Indent = true, Encoding = Encoding.UTF8 })) { doc.Save(xw); ms.Position = 0; return new StreamReader(ms).ReadToEnd(); } } }
/// <summary> /// Generate keys into specified files. /// </summary> /// <param name="publicKeyFileName">Name of the file that will contain public key</param> /// <param name="privateKeyFileName">Name of the file that will contain private key</param> public void GenerateKeys(out byte[] publicKey, out byte[] privateKey) { // Variables CspParameters cspParams = null; RSACryptoServiceProvider rsaProvider = null; try { // Create a new key pair on target CSP cspParams = new CspParameters() { ProviderType = 1, // PROV_RSA_FULL Flags = CspProviderFlags.UseArchivableKey, // can be exported KeyNumber = (int)KeyNumber.Exchange // can be safely stored and exchanged }; rsaProvider = new RSACryptoServiceProvider(cspParams); rsaProvider.PersistKeyInCsp = false; // Export public key only publicKey = rsaProvider.ExportCspBlob(false); privateKey = rsaProvider.ExportCspBlob(true); } catch (Exception ex) { Debug.Fail(string.Format("Exception occured while generating keys: {0}", ex.Message)); publicKey = null; privateKey = null; } finally { if (rsaProvider != null) rsaProvider.PersistKeyInCsp = false; } }
/// <summary> /// RSA签名 /// </summary> /// <param name="strKeyPrivate">私钥</param> /// <param name="strHashbyteSignature">待签名Hash描述</param> /// <param name="strEncryptedSignatureData">签名后的结果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref string strEncryptedSignatureData) { try { byte[] HashbyteSignature; byte[] EncryptedSignatureData; HashbyteSignature = Convert.FromBase64String(strHashbyteSignature); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData); return(true); } catch (Exception ex) { throw ex; } }
public bool SignatureDeformatter(string p_strKeyPublic, byte[] HashbyteDeformatter, string p_strDeformatterData) { byte[] DeformatterData; System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(p_strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); DeformatterData = Convert.FromBase64String(p_strDeformatterData); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return(true); } else { return(false); } }
public bool SignatureDeformatter(string pStrKeyPublic, byte[] hashbyteDeformatter, string pStrDeformatterData) { byte[] deformatterData; var rsa = new System.Security.Cryptography.RSACryptoServiceProvider(); rsa.FromXmlString(pStrKeyPublic); var rsaDeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(rsa); //指定解密的时候HASH算法为MD5 rsaDeformatter.SetHashAlgorithm("MD5"); deformatterData = Convert.FromBase64String(pStrDeformatterData); if (rsaDeformatter.VerifySignature(hashbyteDeformatter, deformatterData)) { return(true); } else { return(false); } }
/// <summary> /// RSA签名验证 /// </summary> /// <param name="HashbyteDeformatter">Hash描述</param> /// <param name="strKeyPublic">公钥</param> /// <param name="DeformatterData">签名后的结果</param> /// <returns></returns> public static bool SignatureDeformatter(this byte[] HashbyteDeformatter, string strKeyPublic, byte[] DeformatterData) { try { System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); if (RSADeformatter.VerifySignature(MD5.Create().ComputeHash(HashbyteDeformatter), MD5.Create().ComputeHash(DeformatterData))) { return(true); } else { return(false); } } catch (Exception ex) { throw ex; } }
public void GenerateKeys() { System.Security.Cryptography.CspParameters cspParams = null; System.Security.Cryptography.RSACryptoServiceProvider rsaProvider = null; string publicKey = ""; string privateKey = ""; try { cspParams = new System.Security.Cryptography.CspParameters(); cspParams.ProviderType = 1; cspParams.Flags = System.Security.Cryptography.CspProviderFlags.UseArchivableKey; cspParams.KeyNumber = (int)System.Security.Cryptography.KeyNumber.Exchange; rsaProvider = new System.Security.Cryptography.RSACryptoServiceProvider(cspParams); publicKey = rsaProvider.ToXmlString(false); privateKey = rsaProvider.ToXmlString(true); } catch (Exception ex) { Log(ex.Message); } }
public string Encrypt(string publicKey, string plainText) { System.Security.Cryptography.CspParameters cspParams = null; System.Security.Cryptography.RSACryptoServiceProvider rsaProvider = null; byte[] plainBytes = null; byte[] encryptedBytes = null; string result = ""; try { cspParams = new System.Security.Cryptography.CspParameters(); cspParams.ProviderType = 1; rsaProvider = new System.Security.Cryptography.RSACryptoServiceProvider(cspParams); rsaProvider.FromXmlString(publicKey); plainBytes = System.Text.Encoding.UTF8.GetBytes(plainText); encryptedBytes = rsaProvider.Encrypt(plainBytes, false); result = Convert.ToBase64String(encryptedBytes); } catch (Exception ex) { Log(ex.Message); } return(result); }
public static byte[] RSADecrypt(byte[] privateKey, byte[] dataToDecrypt) { // helper to RSA decrypt a given blob // PROV_RSA_AES == 24 var cspParameters = new System.Security.Cryptography.CspParameters(24); using (var rsaProvider = new System.Security.Cryptography.RSACryptoServiceProvider(cspParameters)) { try { rsaProvider.PersistKeyInCsp = false; rsaProvider.ImportCspBlob(privateKey); byte[] dataToDecryptRev = new byte[256]; Buffer.BlockCopy(dataToDecrypt, 0, dataToDecryptRev, 0, dataToDecrypt.Length); // ... Array.Copy? naw... :( Array.Reverse(dataToDecryptRev); // ... don't ask me how long it took to realize this :( byte[] dec = rsaProvider.Decrypt(dataToDecryptRev, false); // no padding return(dec); } catch (Exception e) { Console.WriteLine("Error decryption domain key: {0}", e.Message); } finally { rsaProvider.PersistKeyInCsp = false; rsaProvider.Clear(); } } return(new byte[0]); }
/// <summary> /// 秘密鍵を使って文字列を復号化する /// </summary> /// <param name="str">Encryptメソッドにより暗号化された文字列</param> /// <returns>復号化された文字列</returns> public static string ClientDecrypt(string str) { try { //RSACryptoServiceProviderオブジェクトの作成 var rsa = new System.Security.Cryptography.RSACryptoServiceProvider(KeySize); //秘密鍵を指定 rsa.FromXmlString(clientPrivateKey); //復号化する文字列をバイト配列に byte[] data = System.Convert.FromBase64String(str); //復号化する byte[] decryptedData = rsa.Decrypt(data, false); //結果を文字列に変換 return(System.Text.Encoding.UTF8.GetString(decryptedData)); } catch (Exception) { } return(null); }
/* * converts a bouncy castle private key to a windows private key */ private static sys2.AsymmetricAlgorithm ConvertToSystemKey(RsaPrivateCrtKeyParameters privateKey) { sys2.CspParameters cspPars = new sys2.CspParameters { KeyContainerName = Guid.NewGuid().ToString(), KeyNumber = (int)sys2.KeyNumber.Exchange }; sys2.RSACryptoServiceProvider rsaCryptoProvider = new sys2.RSACryptoServiceProvider(cspPars); sys2.RSAParameters rsaParameters = new sys2.RSAParameters { Modulus = privateKey.Modulus.ToByteArrayUnsigned(), P = privateKey.P.ToByteArrayUnsigned(), Q = privateKey.Q.ToByteArrayUnsigned(), DP = privateKey.DP.ToByteArrayUnsigned(), DQ = privateKey.DQ.ToByteArrayUnsigned(), InverseQ = privateKey.QInv.ToByteArrayUnsigned(), D = privateKey.Exponent.ToByteArrayUnsigned(), Exponent = privateKey.PublicExponent.ToByteArrayUnsigned() }; rsaCryptoProvider.ImportParameters(rsaParameters); return(rsaCryptoProvider); }
/// <summary>Verifies that a digital signature is valid by determining the hash value in the signature using the specified hashing algorithm and padding, and comparing it to the provided hash value. </summary> /// <param name="hash">The hash value of the signed data. </param> /// <param name="signature">The signature data to be verified. </param> /// <param name="hashAlgorithm">The hash algorithm name used to create the hash value. </param> /// <param name="padding">The padding. </param> /// <returns> /// <see langword="true" /> if the signature is valid; otherwise, <see langword="false" />. </returns> /// <exception cref="T:System.ArgumentException"> /// <paramref name="hashAlgorithm" /> is <see langword="null" /> or <see cref="F:System.String.Empty" />. </exception> /// <exception cref="T:System.ArgumentNullException"> /// <paramref name="hash" /> is <see langword="null" />. -or- /// <paramref name="padding" /> is <see langword="null" />. </exception> /// <exception cref="T:System.Security.Cryptography.CryptographicException"> /// <paramref name="padding" /> does not equal <see cref="P:System.Security.Cryptography.RSASignaturePadding.Pkcs1" />. </exception> // Token: 0x060022CF RID: 8911 RVA: 0x0007D290 File Offset: 0x0007B490 public override bool VerifyHash(byte[] hash, byte[] signature, HashAlgorithmName hashAlgorithm, RSASignaturePadding padding) { if (hash == null) { throw new ArgumentNullException("hash"); } if (signature == null) { throw new ArgumentNullException("signature"); } if (string.IsNullOrEmpty(hashAlgorithm.Name)) { throw RSA.HashAlgorithmNameNullOrEmpty(); } if (padding == null) { throw new ArgumentNullException("padding"); } if (padding != RSASignaturePadding.Pkcs1) { throw RSACryptoServiceProvider.PaddingModeNotSupported(); } return(this.VerifyHash(hash, RSACryptoServiceProvider.GetAlgorithmId(hashAlgorithm), signature)); }
/// <inheritdoc/> public ICryptographicKey ImportKeyPair(byte[] keyBlob, CryptographicPrivateKeyBlobType blobType = CryptographicPrivateKeyBlobType.Pkcs8RawPrivateKeyInfo) { Requires.NotNull(keyBlob, "keyBlob"); var parameters = KeyFormatter.GetFormatter(blobType).Read(keyBlob); Platform.RSA rsa; if (CapiKeyFormatter.IsCapiCompatible(parameters)) { rsa = new Platform.RSACryptoServiceProvider(); } else { #if DESKTOP rsa = new RSAManaged(); #else CapiKeyFormatter.VerifyCapiCompatibleParameters(parameters); throw new NotSupportedException(); #endif } rsa.ImportParameters(KeyFormatter.ToPlatformParameters(parameters)); return(new RsaCryptographicKey(rsa, this.algorithm)); }
/// <summary> /// Create a signature xml element for the specified xml document and private key /// </summary> /// <param name="xmlToSign"></param> /// <param name="keyPubPri">Private+public key</param> /// <returns></returns> public static System.Xml.XmlElement CreateSignature(System.Xml.XmlDocument xmlToSign, string keyPubPri) { System.Security.Cryptography.RSACryptoServiceProvider rsa = new System.Security.Cryptography.RSACryptoServiceProvider(); rsa.FromXmlString(keyPubPri); System.Security.Cryptography.Xml.SignedXml sx = new System.Security.Cryptography.Xml.SignedXml(xmlToSign); sx.SigningKey = rsa; // Create a reference to be signed System.Security.Cryptography.Xml.Reference reference = new System.Security.Cryptography.Xml.Reference(""); // Set the canonicalization method for the document. sx.SignedInfo.CanonicalizationMethod = System.Security.Cryptography.Xml.SignedXml.XmlDsigCanonicalizationUrl; // No comments. // Add an enveloped transformation to the reference. System.Security.Cryptography.Xml.XmlDsigEnvelopedSignatureTransform env = new System.Security.Cryptography.Xml.XmlDsigEnvelopedSignatureTransform(false); reference.AddTransform(env); sx.AddReference(reference); sx.ComputeSignature(); return(sx.GetXml()); }
/// <summary> /// RSA签名验证 /// </summary> /// <param name="strKeyPublic">公钥</param> /// <param name="HashbyteDeformatter">Hash描述</param> /// <param name="DeformatterData">签名后的结果</param> /// <returns></returns> public static bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, byte[] DeformatterData) { try { System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); strKeyPublic = regBitStrength.Replace(strKeyPublic, ""); RSA.FromXmlString(strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return(true); } else { return(false); } } catch (Exception ex) { throw ex; } }
/// <summary> /// RSA签名验证 /// </summary> /// <param name="strKeyPublic">公钥</param> /// <param name="HashbyteDeformatter">Hash描述</param> /// <param name="DeformatterData">签名后的结果</param> /// <returns></returns> public bool SignatureDeformatter(string strKeyPublic, byte[] HashbyteDeformatter, byte[] DeformatterData) { try { System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); //RSA.FromXmlString(strKeyPublic); RSA.ImportCspBlob(Convert.FromBase64String(strKeyPublic));//载入钥 System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return(true); } else { return(false); } } catch (Exception ex) { throw ex; } }
/// <summary> /// RSA签名 /// </summary> /// <param name="strKeyPrivate">私钥</param> /// <param name="strHashbyteSignature">待签名Hash描述</param> /// <param name="strEncryptedSignatureData">签名后的结果</param> /// <returns></returns> public bool SignatureFormatter(string strKeyPrivate, string strHashbyteSignature, ref string strEncryptedSignatureData) { try { byte[] HashbyteSignature; byte[] EncryptedSignatureData; HashbyteSignature = Convert.FromBase64String(strHashbyteSignature); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter (RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData); return true; } catch (Exception ex) { throw ex; } }
/// <summary> /// RSA加密解密及RSA签名和验证 /// </summary> public class RSA { #region RSA 加密解密 #region RSA 的密钥产生 /// <summary> /// RSA 的密钥产生 产生私钥 和公钥 /// </summary> /// <param name="xmlKeys"></param> /// <param name="xmlPublicKey"></param> public Tuple<string,string> generateKey() { System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); string xmlKeys = rsa.ToXmlString(true); string xmlPublicKey = rsa.ToXmlString(false); return Tuple.Create<string, string>(xmlKeys, xmlPublicKey); } #endregion #region RSA的加密函数 //############################################################################## //RSA 方式加密 //说明KEY必须是XML的行式,返回的是字符串 //在有一点需要说明!!该加密方式有 长度 限制的!! //############################################################################## //RSA的加密函数 string public string encrypt(string xmlPublicKey, string m_strEncryptString) { byte[] PlainTextBArray; byte[] CypherTextBArray; string Result; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPublicKey); PlainTextBArray = (new UnicodeEncoding()).GetBytes(m_strEncryptString); CypherTextBArray = rsa.Encrypt(PlainTextBArray, false); Result = Convert.ToBase64String(CypherTextBArray); return Result; } //RSA的加密函数 byte[] public string encrypt(string xmlPublicKey, byte[] EncryptString) { byte[] CypherTextBArray; string Result; RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPublicKey); CypherTextBArray = rsa.Encrypt(EncryptString, false); Result = Convert.ToBase64String(CypherTextBArray); return Result; } #endregion #region RSA的解密函数 //RSA的解密函数 string public string decrypt(string xmlPrivateKey, string m_strDecryptString) { byte[] PlainTextBArray; byte[] DypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPrivateKey); PlainTextBArray = Convert.FromBase64String(m_strDecryptString); DypherTextBArray = rsa.Decrypt(PlainTextBArray, false); Result = (new UnicodeEncoding()).GetString(DypherTextBArray); return Result; } //RSA的解密函数 byte public string decrypt(string xmlPrivateKey, byte[] DecryptString) { byte[] DypherTextBArray; string Result; System.Security.Cryptography.RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(); rsa.FromXmlString(xmlPrivateKey); DypherTextBArray = rsa.Decrypt(DecryptString, false); Result = (new UnicodeEncoding()).GetString(DypherTextBArray); return Result; } #endregion #endregion #region RSA数字签名 #region 获取Hash描述表 //获取Hash描述表 public bool GetHash(string m_strSource, ref byte[] HashData) { //从字符串中取得Hash描述 byte[] Buffer; System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); Buffer = System.Text.Encoding.GetEncoding("GB2312").GetBytes(m_strSource); HashData = MD5.ComputeHash(Buffer); return true; } //获取Hash描述表 public bool GetHash(string m_strSource, ref string strHashData) { //从字符串中取得Hash描述 byte[] Buffer; byte[] HashData; System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); Buffer = System.Text.Encoding.GetEncoding("GB2312").GetBytes(m_strSource); HashData = MD5.ComputeHash(Buffer); strHashData = Convert.ToBase64String(HashData); return true; } //获取Hash描述表 public bool GetHash(System.IO.FileStream objFile, ref byte[] HashData) { //从文件中取得Hash描述 System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); HashData = MD5.ComputeHash(objFile); objFile.Close(); return true; } //获取Hash描述表 public bool GetHash(System.IO.FileStream objFile, ref string strHashData) { //从文件中取得Hash描述 byte[] HashData; System.Security.Cryptography.HashAlgorithm MD5 = System.Security.Cryptography.HashAlgorithm.Create("MD5"); HashData = MD5.ComputeHash(objFile); objFile.Close(); strHashData = Convert.ToBase64String(HashData); return true; } #endregion #region RSA签名 //RSA签名 public bool SignatureFormatter(string p_strKeyPrivate, byte[] HashbyteSignature, ref byte[] EncryptedSignatureData) { System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(p_strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); return true; } //RSA签名 public bool SignatureFormatter(string p_strKeyPrivate, byte[] HashbyteSignature, ref string m_strEncryptedSignatureData) { byte[] EncryptedSignatureData; System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(p_strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); m_strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData); return true; } //RSA签名 public bool SignatureFormatter(string p_strKeyPrivate, string m_strHashbyteSignature, ref byte[] EncryptedSignatureData) { byte[] HashbyteSignature; HashbyteSignature = Convert.FromBase64String(m_strHashbyteSignature); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(p_strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); return true; } //RSA签名 public bool SignatureFormatter(string p_strKeyPrivate, string m_strHashbyteSignature, ref string m_strEncryptedSignatureData) { byte[] HashbyteSignature; byte[] EncryptedSignatureData; HashbyteSignature = Convert.FromBase64String(m_strHashbyteSignature); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(p_strKeyPrivate); System.Security.Cryptography.RSAPKCS1SignatureFormatter RSAFormatter = new System.Security.Cryptography.RSAPKCS1SignatureFormatter(RSA); //设置签名的算法为MD5 RSAFormatter.SetHashAlgorithm("MD5"); //执行签名 EncryptedSignatureData = RSAFormatter.CreateSignature(HashbyteSignature); m_strEncryptedSignatureData = Convert.ToBase64String(EncryptedSignatureData); return true; } #endregion #region RSA 签名验证 public bool SignatureDeformatter(string p_strKeyPublic, byte[] HashbyteDeformatter, byte[] DeformatterData) { System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(p_strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } public bool SignatureDeformatter(string p_strKeyPublic, string p_strHashbyteDeformatter, byte[] DeformatterData) { byte[] HashbyteDeformatter; HashbyteDeformatter = Convert.FromBase64String(p_strHashbyteDeformatter); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(p_strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } public bool SignatureDeformatter(string p_strKeyPublic, byte[] HashbyteDeformatter, string p_strDeformatterData) { byte[] DeformatterData; System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(p_strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); DeformatterData = Convert.FromBase64String(p_strDeformatterData); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } public bool SignatureDeformatter(string p_strKeyPublic, string p_strHashbyteDeformatter, string p_strDeformatterData) { byte[] DeformatterData; byte[] HashbyteDeformatter; HashbyteDeformatter = Convert.FromBase64String(p_strHashbyteDeformatter); System.Security.Cryptography.RSACryptoServiceProvider RSA = new System.Security.Cryptography.RSACryptoServiceProvider(); RSA.FromXmlString(p_strKeyPublic); System.Security.Cryptography.RSAPKCS1SignatureDeformatter RSADeformatter = new System.Security.Cryptography.RSAPKCS1SignatureDeformatter(RSA); //指定解密的时候HASH算法为MD5 RSADeformatter.SetHashAlgorithm("MD5"); DeformatterData = Convert.FromBase64String(p_strDeformatterData); if (RSADeformatter.VerifySignature(HashbyteDeformatter, DeformatterData)) { return true; } else { return false; } } } #endregion #endregion
public void RSAKey(out string xmlKeys, out string xmlPublicKey) { System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = new System.Security.Cryptography.RSACryptoServiceProvider(); xmlKeys = rSACryptoServiceProvider.ToXmlString(true); xmlPublicKey = rSACryptoServiceProvider.ToXmlString(false); }
public async Task ValidLocallySignedAccessToken_FromX509Certificate() { #if NETSTANDARD const string sPfx = @" MIIGMQIBAzCCBfcGCSqGSIb3DQEHAaCCBegEggXkMIIF4DCCAt8GCSqGSIb3DQEHBqCCAtAwggLM AgEAMIICxQYJKoZIhvcNAQcBMBwGCiqGSIb3DQEMAQYwDgQImgNbotR3pnACAggAgIICmMHYqn7R 91hqe5gpwTGxNHaDmrvaLWfBq17xyVIdboPxzSAX4MoNasJplZgCzlN4vMwsY9CG3aY/AV5b4qF3 GRlkR5Ou3xJ84WJUkKkjVcql7hXZ8Zl8hyMKfQgW7SYpmJK/I4qYPqz5wg2ivZ4YbH4KA+VL9eaX XR5KKdePWt+P9T3oFD1GYAjdPRTL/phSflvv01v2vkmx6In5hS10w2LjxyOJQtiHocOyEe7XAtor bjsPi9jzMQmW5OESh9c+LDgEHCQQrccc0kG9j+GYJ65b7qORGq9OzBarVgiK+QGrC6aZhGgXZjMD 2K/efd4igVN/QqbpMHB+BDkZKQDRiEc4ezDqZ1VRP8T6VrYP/C+vhvPjZLgIacsxzxZ3f497OkOQ pnrdpvBC6vPUxzsBpSTMcYlUGObWu+PNuwbOsQabps55c/jb67g/POKmkAqnJMFPXY45tT0/FrHX hVK3rsSXQBwxy9/qzzPN+nBF7VlgvSoVzrF384t5Slf2ehwYTw3sgJoUudZ4c12kyE+uLdrOVl3Q BHKDLfy1hRgxMQS/c3uNKkSgXAH3lk9SqMZ9dBzUoY2hZ45YogsP0dQDvzs3AQEdhGW0ZoGEQjC/ QcTTvp7lg/M9gRoBUp/DegGjf2p0N1OlPhj4m63Q2XEm65AvOkA5xxs5RTZKgcU28BJjkgEUpVNt 1rnp0sBsMABmtZ4FXP1YNcKCBdNkIYw67DOO5MRfAGqaDqosT3CL9EOGna61KLQEmtOS33NAx49y ZtCeh/N91jnC+AMjjhhqwzRtrXJ6g/MLxEmmIFvNYcEipeYHfPynhuVywVVH/tj0SqmnDP4cQd4t HvFQL5frBq963Wl0ToPVAC+koMvsplAr0dvJLVfNceIwggL5BgkqhkiG9w0BBwGgggLqBIIC5jCC AuIwggLeBgsqhkiG9w0BDAoBAqCCAqYwggKiMBwGCiqGSIb3DQEMAQMwDgQINLkrmjjeasQCAggA BIICgIc2PtM3mraGPkm8MqvJOEj64fTocAnAHzGVJ8BhwBXkQI++2d9eAGlSB7pO0JioT7uMBwCL i3zVQ6bvDw2tbgVD3Pmc/qY0TpIySptODk6X1Y9fI1Bwrvgi+6cx7PIdFUrypnL/djNTtVIkIfFk TO48YTlT6Gsn+z2Pe6asI0PSDoLgmw2yPauN7Xz1KkAg0KHDT+vMlSLaAYWF8k3+/jFNgPVUpaMM t/DzuJti0R5+eVnpAPkMTJhncumvMdBYzg2Wx0URHzU4+24hSXE8/xMBN3pVsj11T7Eu5jPazIKR qB5a5dn/ICVx/JHzz5dFonHilIvyiMfNE7VKTTerisEhCSdUgqq+sIhlPAlLTBCoyUgcGiCi7dKW GAT47PJ4rvJsGHSUcaNORF71W1GqQQ5iTsJK5rPmGpMUmGwjsemmWmgp00BeMtmqO19B1yRrjDZO atDYISR3UkmeI0A9VlXAspZ2ngmbuWvW0M8nrzwvDLIfgJ8rsFwexIVecFO58j2YSKBmVEykUvSd x+PH3gr8IWAd/Ct0VNLF1Jk2ktOXx1pnM9GWUl8rbvTvM5lNevArHpWp+7vY6JlkM+trdaSE66Lr cvvI+faKAnj4QtkmkbKPF0qLFsDssFv7AI0l7/65PhRZwJ12WpZEOKsqkUyAUbQI16Cva6cuY38y XZ++x67rU4ldumq0YKOJPdPbAtptwMdCn7lepDaxT8mwv4SIZSd37hAP8UNvmRdRWL4dYx3m8Y+l 4hnClZt+GbKmMgXu/o4ua37kOlCV1T0VqmuRzpOwnct8HBvtVS6TuScExeiEkNBA4KwSIY04ZSm+ Sell3vQywF3jry7v/FMgPhoxJTAjBgkqhkiG9w0BCRUxFgQU+7ZMLd/K3gq6I9wxj3LcCb2tf5Uw MTAhMAkGBSsOAwIaBQAEFOM/amdwLHU0WBmyCw96Za0+5Z+PBAgvp7LF+Qwu+AICCAA="; var x509Cert = new X509Certificate2(Convert.FromBase64String(sPfx)); #else const string sPrivateKey = @" -----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALQoMIfUT93VMvb5 4U5dsJLXD1D6z4o/VuVlNUaf5xH01qAv8Egpxe6f5frLB/p1eNyDjNIZ3QitD6aN 9Vfh4ifg6txBuBJtIMfSDvRJITNZ2SjKJREbflZuBk0HINKYQk2H+3TIzUbE/pN4 Cu6Mids5L/oVOnRWIe3bEC+PHR7ZAgMBAAECgYBI1qrwb+2ukeFeK59lcMnQRLVD l3RLv9ohOy80E7h38RbJgzhR5NnK5ck1AduC7vXjqihIVf6g4F+ghmq4knI94KPQ 2fOyQGVV6jVeRVqMusx7tP9V1H26yABiK6TPklcCsWwADFmexfOxfIgbBGSmlbAd N2/ad1Xog1xDebrbEQJBAO+2qSIDX1ahfxUyvvcMaix6Mrh/OYKb5aH1Y/7MfAav lpbQavQHNvak2147aPNxy0ZvWdJ2HVA7hUMkgysYWSUCQQDAZalkZMSrve+Onh55 U+w5xjLklhh8PhYxx8plT8ae9VG75dGvWSz/W81B3ILg2lrNU6o08NKBJdZsJYmc BeKlAkBtJh3zF9gEaTqlW1rqwKNjpyyLJ5r3JqczzLmAXnmmzbLi7vmULejP+5bL XH/YQZtOcgtTMmb8jm2Kegijyc1lAkANGt+e5v4+dIGMxVhuCzlb9hQhXdftHo2E dodivzxYN32Jvu25c+mMu0QP6GVBy53Dvp8pW/36rgkc9LGa3wvBAkEA7dGAl95T UeNFVfuzkYNtQppcSgrx1oTcpTHoNgcvk8AgBf4yDdJJyo0IUONmgJCVffc1aTWn nf/8cW9YC+0icQ== -----END PRIVATE KEY-----"; const string sCert = @" MIICNDCCAZ2gAwIBAgIJAKl3qU1+NsuuMA0GCSqGSIb3DQEBCwUAMDMxCzAJBgNV BAYTAkdCMRMwEQYDVQQIDApTb21lLVN0YXRlMQ8wDQYDVQQKDAZHb29nbGUwHhcN MTYwODEwMTQwOTQ2WhcNNDMxMjI3MTQwOTQ2WjAzMQswCQYDVQQGEwJHQjETMBEG A1UECAwKU29tZS1TdGF0ZTEPMA0GA1UECgwGR29vZ2xlMIGfMA0GCSqGSIb3DQEB AQUAA4GNADCBiQKBgQC0KDCH1E/d1TL2+eFOXbCS1w9Q+s+KP1blZTVGn+cR9Nag L/BIKcXun+X6ywf6dXjcg4zSGd0IrQ+mjfVX4eIn4OrcQbgSbSDH0g70SSEzWdko yiURG35WbgZNByDSmEJNh/t0yM1GxP6TeArujInbOS/6FTp0ViHt2xAvjx0e2QID AQABo1AwTjAdBgNVHQ4EFgQUMqzJi099PA8ML5CV1OSiHgiTGoUwHwYDVR0jBBgw FoAUMqzJi099PA8ML5CV1OSiHgiTGoUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0B AQsFAAOBgQBQ9cMInb2rEcg8TTYq8MjDEegHWLUI9Dq/IvP/FHyKDczza4eX8m+G 3buutN74pX2/GHRgqvqEvvUUuAQUnZ36k6KjTNxfzNLiSXDPNeYmy6PWsUZy4Rye /Van/ePiXdipTKMiUyl7V6dTjkE5p/e372wNVXUpcxOMmYdWmzSMvg=="; var x509Cert = new X509Certificate2(Convert.FromBase64String(sCert)); RSAParameters rsaParameters = Pkcs8.DecodeRsaParameters(sPrivateKey); var privateKey = new System.Security.Cryptography.RSACryptoServiceProvider(); privateKey.ImportParameters(rsaParameters); x509Cert.PrivateKey = privateKey; #endif Assert.That(x509Cert.HasPrivateKey); var initializer = new ServiceAccountCredential.Initializer("some-id") { Clock = new MockClock { UtcNow = new DateTime(2016, 1, 1, 0, 0, 0, DateTimeKind.Utc) } }; var cred = new ServiceAccountCredential(initializer.FromCertificate(x509Cert)); Assert.That(cred.Scopes?.Any(), Is.False); // HasScopes must be false for the type of access token we want to test. string accessToken = await cred.GetAccessTokenForRequestAsync("http://authurl/"); string expectedToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzb21lLWlkIiwic3ViIjoi" + "c29tZS1pZCIsImF1ZCI6Imh0dHA6Ly9hdXRodXJsLyIsImV4cCI6MTQ1MTYxMDAwMCwia" + "WF0IjoxNDUxNjA2NDAwfQ.GfpDHgrFi4ZlGC5LuJEarLU4_eTrT5PVa-S40YtkdB2E1f3" + "4naYG2ItcfBEFg7Gbdkr1cIAyipuhEd2yLfPmWGwhOwVcBRNyK_J5w8RodS44mxNJwau0" + "jKy4x1K20ybLqcnNgzE0wag6fi5GHwdNIB0URdHDTiC88CRYdl1CIdk"; Assert.That(accessToken, Is.EqualTo(expectedToken)); }
public X509AsymmetricSignatureProvider(System.Security.Cryptography.RSACryptoServiceProvider rsa) { this.Initialize(rsa); }
/// <summary> /// 随机生成密钥对 /// </summary> public void Reset(int keySize) { this.rsa = new RSACryptoServiceProvider(keySize); }
public static void VerifySig(XmlDocument sigDoc) { try { XmlElement envelope = sigDoc.DocumentElement; XmlElement securityElem = LameXpath.SelectSingleNode(sigDoc, Elem.Security); if (securityElem != null) { XmlAttribute mustUndAtt = securityElem.Attributes[Attrib.mustUnderstand, Ns.soap]; if (mustUndAtt != null) { mustUndAtt.Value = "0"; } } XmlElement sigElem = LameXpath.SelectSingleNode(sigDoc, Elem.Signature); if (sigElem == null) { return; } XmlElement sigValElem = LameXpath.SelectSingleNode(sigElem, Elem.SignatureValue); byte[] baSigVal = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(sigValElem.InnerText); bool comments = false; bool exclusive = true; System.Security.Cryptography.SHA1CryptoServiceProvider shaCsp = new System.Security.Cryptography.SHA1CryptoServiceProvider(); XmlElement sigMethElem = LameXpath.SelectSingleNode(sigElem, Elem.SignatureMethod); string segMeth = sigMethElem.Attributes["Algorithm"].Value; XmlElement signedInfoElem = LameXpath.SelectSingleNode(sigElem, Elem.SignedInfo); XmlDocument xdSignedInfo = new XmlDocument(); xdSignedInfo.LoadXml(signedInfoElem.OuterXml); XmlCanonicalizer xc = new XmlCanonicalizer(comments, exclusive); MemoryStream ms = (MemoryStream)xc.Canonicalize(xdSignedInfo); byte [] baMs = new byte[ms.Length]; ms.Read(baMs, 0, baMs.Length); ArrayList keyInfoRefElem = LameXpath.SelectChildNodes(sigElem, Elem.SecurityTokenReference, Elem.Reference); XmlElement keyInfoRef = (XmlElement)keyInfoRefElem[0]; string secTokUri = keyInfoRef.Attributes["URI"].Value; secTokUri = secTokUri.TrimStart(new char[] { '#' }); XmlElement secTokElem = LameXpath.SelectSingleNode(secTokUri, sigDoc); if (secTokElem.LocalName == Elem.UsernameToken) { XmlElement nonce = LameXpath.SelectSingleNode(secTokElem, Elem.Nonce); XmlElement created = LameXpath.SelectSingleNode(secTokElem, Elem.Created); //DerivedKeyGenerator seems to be off by 1? //byte [] baKey = P_SHA1.DeriveKey(ClearPassword, StrKeyLabel, nonce.InnerText, created.InnerText, NumKeyBytes); byte [] baKey = P_SHA1.DeriveKey(SigObj.ClearPassword, StrKeyLabel, nonce.InnerText, created.InnerText, NumKeyBytes); HMACSHA1 hmacSha = new HMACSHA1(baKey); byte [] baSig = hmacSha.ComputeHash(baMs); OpenNETCF.Security.Cryptography.Internal.Format.SameBytes(baSigVal, baSig); } else if (secTokElem.LocalName == Elem.BinarySecurityToken) { byte[] baCert = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(secTokElem.InnerText); X509Certificate cert = new X509Certificate(baCert); //pub key to verify sig. byte [] exponent; byte [] modulus; DecodeCertKey.GetPublicRsaParams(cert, out exponent, out modulus); System.Security.Cryptography.RSAParameters rsaParam = new System.Security.Cryptography.RSAParameters(); rsaParam.Exponent = exponent; rsaParam.Modulus = modulus; System.Security.Cryptography.RSACryptoServiceProvider rsaCsp = new System.Security.Cryptography.RSACryptoServiceProvider(); rsaCsp.ImportParameters(rsaParam); byte [] baUnsigHash = shaCsp.ComputeHash(baMs); bool valid = rsaCsp.VerifyHash(baUnsigHash, "SHA", baSigVal); if (valid == false) { throw new Exception("signature is not valid"); } } else if (secTokElem.LocalName == Elem.SecurityContextToken) { //TODO how to validate signature? } else { throw new Exception("only support Username, BinarySecurity, and SecurityContext Token signature"); } //verify reference hashes string refdName = String.Empty; ArrayList refNodes = LameXpath.SelectChildNodes(sigDoc, Elem.SignedInfo, Elem.Reference); foreach (object oXn in refNodes) { XmlNode xn = (XmlNode)oXn; string uriId = xn.Attributes[Attrib.URI].Value; uriId = uriId.TrimStart(new char[] { '#' }); XmlElement digValElem = LameXpath.SelectSingleNode(xn, Elem.DigestValue); byte[] baDigest = OpenNETCF.Security.Cryptography.Internal.Format.GetB64(digValElem.InnerText); XmlElement refdElem = LameXpath.SelectSingleNode(uriId, sigDoc); XmlDocument xdRefdElem = new XmlDocument(); refdName = refdElem.LocalName; //for debug visibility xdRefdElem.LoadXml(refdElem.OuterXml); //not reusable xc = new XmlCanonicalizer(comments, exclusive); //MemoryStream ms = (MemoryStream) xc.Canonicalize(refdElem); ms = (MemoryStream)xc.Canonicalize(xdRefdElem); baMs = new byte[ms.Length]; ms.Read(baMs, 0, baMs.Length); byte [] baHash = shaCsp.ComputeHash(baMs); try { OpenNETCF.Security.Cryptography.Internal.Format.SameBytes(baDigest, baHash); } catch (Exception ex) { throw new Exception(refdName + ":" + ex.Message, ex); } } } finally { //ClearPassword = null; SigObj = null; } }
//=============================================================================== // Name: Function IALUGenerator_GenKey // Input: // ByRef Lic As ActiveLock3.ProductLicense - Product license // ByVal InstCode As String - Installation Code sent by the user // ByVal RegisteredLevel As String - Registration Level for the license. Default is "0" // Output: // String - Liberation key for the license // Purpose: Given the Installation Code, generates an Activelock license liberation key. // Remarks: None //=============================================================================== private string IALUGenerator_GenKey(ref ActiveLock3_6NET.ProductLicense Lic, string InstCode, [System.Runtime.InteropServices.OptionalAttribute, System.Runtime.InteropServices.DefaultParameterValueAttribute("0")] // ERROR: Optional parameters aren't supported in C# string RegisteredLevel) { // Take request code and decrypt it. string strReq = null; // 05.13.05 - ialkan Modified to merge DLLs into one strReq = modBase64.Base64_Decode(ref InstCode); // strReq now contains the {LockCode + vbLf + User} string string strLock = string.Empty; string strUser = string.Empty; GetLockAndUserFromInstallCode(strReq, ref strLock, ref strUser); Lic.Licensee = strUser; // registration date string strRegDate = null; // registered level Lic.RegisteredLevel = RegisteredLevel; strRegDate = Lic.RegisteredDate; string strEncrypted = null; // @todo Rethink this bit about encrypting the dates. // We need to keep in mind that the app does not have access to the private key, so and any decryption that requires private key // would not be possible. // Perhaps instead of encrypting, we could do MD5 hash of (regdate+lockcode)? //ActiveLockEventSink_ValidateValue strRegDate, strEncrypted // hash it //strEncrypted = ActiveLock3.MD5Hash(strEncrypted) strEncrypted = strRegDate; // get software codes ProductInfo ProdInfo = null; ProdInfo = IALUGenerator_RetrieveProduct(Lic.ProductName, Lic.ProductVer); Lic.ProductKey = ProdInfo.VCode; string strLic = null; strLic = Lic.ToString_Renamed() + Constants.vbLf + strLock; System.Diagnostics.Debug.WriteLine("strLic: " + Constants.vbCrLf + strLic); if (modALUGEN.strLeft(ProdInfo.VCode, 3) != "RSA") { // sign it string strSig = null; strSig = new string(Strings.Chr(0), 1024); // 05.13.05 - ialkan Modified to merge DLLs into one. Moved RSASign into a module strSig = modActiveLock.RSASign(ProdInfo.VCode, ProdInfo.GCode, strLic); // Create liberation key. This will be a base-64 encoded string of the whole license. string strLicKey = null; // 05.13.05 - ialkan Modified to merge DLLs into one strLicKey = modBase64.Base64_Encode(ref strSig); // update Lic with license key Lic.LicenseKey = strLicKey; // Print some info for debugging purposes System.Diagnostics.Debug.WriteLine("VCode: " + ProdInfo.VCode); System.Diagnostics.Debug.WriteLine("Lic: " + strLic); System.Diagnostics.Debug.WriteLine("Lic hash: " + modMD5.Hash(ref strLic)); System.Diagnostics.Debug.WriteLine("LicKey: " + strLicKey); System.Diagnostics.Debug.WriteLine("Sig: " + strSig); System.Diagnostics.Debug.WriteLine("Verify: " + modActiveLock.RSAVerify(ProdInfo.VCode, strLic, modBase64.Base64_Decode(ref strLicKey))); System.Diagnostics.Debug.WriteLine("===================================================="); } else { try { System.Security.Cryptography.RSACryptoServiceProvider rsaCSP = new System.Security.Cryptography.RSACryptoServiceProvider(); string strPublicBlob = null; string strPrivateBlob = null; strPublicBlob = ProdInfo.VCode; strPrivateBlob = ProdInfo.GCode; if (modALUGEN.strLeft(ProdInfo.GCode, 6) == "RSA512") { strPrivateBlob = modALUGEN.strRight(ProdInfo.GCode, Strings.Len(ProdInfo.GCode) - 6); } else { strPrivateBlob = modALUGEN.strRight(ProdInfo.GCode, Strings.Len(ProdInfo.GCode) - 7); } // import private key params into instance of RSACryptoServiceProvider rsaCSP.FromXmlString(strPrivateBlob); RSAParameters rsaPrivateParams = default(RSAParameters); //stores private key rsaPrivateParams = rsaCSP.ExportParameters(true); rsaCSP.ImportParameters(rsaPrivateParams); byte[] userData = Encoding.UTF8.GetBytes(strLic); AsymmetricSignatureFormatter asf = new RSAPKCS1SignatureFormatter(rsaCSP); HashAlgorithm algorithm = new SHA1Managed(); asf.SetHashAlgorithm(algorithm.ToString()); byte[] myhashedData = null; // a byte array to store hash value string myhashedDataString = null; myhashedData = algorithm.ComputeHash(userData); myhashedDataString = BitConverter.ToString(myhashedData).Replace("-", string.Empty); byte[] mysignature = null; // holds signatures mysignature = asf.CreateSignature(algorithm); string mySignatureBlock = null; mySignatureBlock = Convert.ToBase64String(mysignature); Lic.LicenseKey = mySignatureBlock; } catch (Exception ex) { modActiveLock.Set_Locale(modActiveLock.regionalSymbol); Err().Raise(AlugenGlobals.alugenErrCodeConstants.alugenProdInvalid, modTrial.ACTIVELOCKSTRING, ex.Message); } } // Serialize it into a formatted string string strLibKey = string.Empty; Lic.Save(ref strLibKey); return(strLibKey); }
public static Claim DeserializeClaim(XmlDictionaryReader reader, SctClaimDictionary dictionary, XmlObjectSerializer serializer) { if (reader.IsStartElement(dictionary.NullValue, dictionary.EmptyString)) { reader.ReadElementString(); return(null); } else if (reader.IsStartElement(dictionary.WindowsSidClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); byte[] sidBytes = reader.ReadContentAsBase64(); reader.ReadEndElement(); return(new Claim(ClaimTypes.Sid, new SecurityIdentifier(sidBytes, 0), right)); } else if (reader.IsStartElement(dictionary.DenyOnlySidClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); byte[] sidBytes = reader.ReadContentAsBase64(); reader.ReadEndElement(); return(new Claim(ClaimTypes.DenyOnlySid, new SecurityIdentifier(sidBytes, 0), right)); } else if (reader.IsStartElement(dictionary.X500DistinguishedNameClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); byte[] rawData = reader.ReadContentAsBase64(); reader.ReadEndElement(); return(new Claim(ClaimTypes.X500DistinguishedName, new X500DistinguishedName(rawData), right)); } else if (reader.IsStartElement(dictionary.X509ThumbprintClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); byte[] thumbprint = reader.ReadContentAsBase64(); reader.ReadEndElement(); return(new Claim(ClaimTypes.Thumbprint, thumbprint, right)); } else if (reader.IsStartElement(dictionary.NameClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); string name = reader.ReadString(); reader.ReadEndElement(); return(new Claim(ClaimTypes.Name, name, right)); } else if (reader.IsStartElement(dictionary.DnsClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); string dns = reader.ReadString(); reader.ReadEndElement(); return(new Claim(ClaimTypes.Dns, dns, right)); } else if (reader.IsStartElement(dictionary.RsaClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); string rsaXml = reader.ReadString(); reader.ReadEndElement(); System.Security.Cryptography.RSACryptoServiceProvider rsa = new System.Security.Cryptography.RSACryptoServiceProvider(); rsa.FromXmlString(rsaXml); return(new Claim(ClaimTypes.Rsa, rsa, right)); } else if (reader.IsStartElement(dictionary.MailAddressClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); string address = reader.ReadString(); reader.ReadEndElement(); return(new Claim(ClaimTypes.Email, new System.Net.Mail.MailAddress(address), right)); } else if (reader.IsStartElement(dictionary.SystemClaim, dictionary.EmptyString)) { reader.ReadElementString(); return(Claim.System); } else if (reader.IsStartElement(dictionary.HashClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); byte[] hash = reader.ReadContentAsBase64(); reader.ReadEndElement(); return(new Claim(ClaimTypes.Hash, hash, right)); } else if (reader.IsStartElement(dictionary.SpnClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); string spn = reader.ReadString(); reader.ReadEndElement(); return(new Claim(ClaimTypes.Spn, spn, right)); } else if (reader.IsStartElement(dictionary.UpnClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); string upn = reader.ReadString(); reader.ReadEndElement(); return(new Claim(ClaimTypes.Upn, upn, right)); } else if (reader.IsStartElement(dictionary.UrlClaim, dictionary.EmptyString)) { string right = ReadRightAttribute(reader, dictionary); reader.ReadStartElement(); string url = reader.ReadString(); reader.ReadEndElement(); return(new Claim(ClaimTypes.Uri, new Uri(url), right)); } else { return((Claim)serializer.ReadObject(reader)); } }
internal static bool Pkcs1VerifyData(RSA rsa, byte[] data, byte[] signature, string hashAlgorithmName) { // Because RSACryptoServiceProvider existed in 4.5, but RSACng didn't, and RSA's SignData // method requires types that aren't in 4.5, try RSACryptoServiceProvider's way first. RSACryptoServiceProvider rsaCsp = rsa as RSACryptoServiceProvider; if (rsaCsp != null) { return(rsaCsp.VerifyData(data, hashAlgorithmName, signature)); } if (s_rsaPkcs1VerifyMethod == null) { // [X] VerifyData(byte[] data, byte[] signature, HashAlgorithmName hashAlgorithmName, RSASignaturePadding padding) // [ ] VerifyData(byte[] data, int offset, int count, byte[] signature, HashAlgorithmName hashAlgorithmName, RSASignaturePadding padding) // [ ] VerifyData(Stream data, byte[] signature, HashAlgorithmName hashAlgorithmName, RSASignaturePadding padding) Debug.Assert(s_hashAlgorithmNameType != null); Debug.Assert(s_rsaSignaturePaddingType != null); Debug.Assert(s_pkcs1SignaturePadding != null); Type[] signatureTypes = { typeof(byte[]), typeof(byte[]), s_hashAlgorithmNameType, s_rsaSignaturePaddingType }; MethodInfo verifyDataMethod = typeof(RSA).GetMethod( "VerifyData", BindingFlags.Public | BindingFlags.Instance, null, signatureTypes, null); Debug.Assert( verifyDataMethod != null, "Cannot find RSA.VerifyData(byte[], byte[], HashAlgorithmName, RSASignaturePadding)"); // Because the HashAlgorithmName and RSASignaturePadding types aren't guaranteed available at // assembly time (though they really need to be if the runtime makes it here...) the delegate binding // is a bit harder than normal. Type delegateType = typeof(Func <, , , , ,>).MakeGenericType( typeof(RSA), typeof(byte[]), typeof(byte[]), s_hashAlgorithmNameType, s_rsaSignaturePaddingType, typeof(bool)); Delegate openDelegate = Delegate.CreateDelegate(delegateType, verifyDataMethod); s_rsaPkcs1VerifyMethod = (delegateRsa, delegateData, delegateSignature, delegateAlgorithm) => { object hashAlgorithmNameObject = Activator.CreateInstance(s_hashAlgorithmNameType, delegateAlgorithm); object[] args = { delegateRsa, delegateData, delegateSignature, hashAlgorithmNameObject, s_pkcs1SignaturePadding }; return((bool)openDelegate.DynamicInvoke(args)); }; } Debug.Assert(s_rsaPkcs1VerifyMethod != null); return(s_rsaPkcs1VerifyMethod(rsa, data, signature, hashAlgorithmName)); }
private static System.Security.Cryptography.RSACryptoServiceProvider DecodePrivateKeyInfo(byte[] pkcs8) { byte[] b = new byte[] { 48, 13, 6, 9, 42, 134, 72, 134, 247, 13, 1, 1, 1, 5, 0 }; byte[] a = new byte[15]; System.IO.MemoryStream memoryStream = new System.IO.MemoryStream(pkcs8); int num = (int)memoryStream.Length; System.IO.BinaryReader binaryReader = new System.IO.BinaryReader(memoryStream); System.Security.Cryptography.RSACryptoServiceProvider result; try { ushort num2 = binaryReader.ReadUInt16(); if (num2 == 33072) { binaryReader.ReadByte(); } else { if (num2 != 33328) { result = null; return(result); } binaryReader.ReadInt16(); } byte b2 = binaryReader.ReadByte(); if (b2 != 2) { result = null; } else { num2 = binaryReader.ReadUInt16(); if (num2 != 1) { result = null; } else { a = binaryReader.ReadBytes(15); if (!RSAFromPkcs8.CompareBytearrays(a, b)) { result = null; } else { b2 = binaryReader.ReadByte(); if (b2 != 4) { result = null; } else { b2 = binaryReader.ReadByte(); if (b2 == 129) { binaryReader.ReadByte(); } else { if (b2 == 130) { binaryReader.ReadUInt16(); } } byte[] privkey = binaryReader.ReadBytes((int)((long)num - memoryStream.Position)); System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = RSAFromPkcs8.DecodeRSAPrivateKey(privkey); result = rSACryptoServiceProvider; } } } } } catch (System.Exception) { result = null; } finally { binaryReader.Close(); } return(result); }
private static byte[] decrypt(byte[] data, string privateKey, string input_charset) { System.Security.Cryptography.RSACryptoServiceProvider rSACryptoServiceProvider = RSAFromPkcs8.DecodePemPrivateKey(privateKey); new System.Security.Cryptography.SHA1CryptoServiceProvider(); return(rSACryptoServiceProvider.Decrypt(data, false)); }
/// <summary> /// RSAPkcs8Util /// </summary> /// <param name="dataEncoding"></param> /// <param name="publicKey"></param> /// <param name="privateKey"></param> /// <param name="keySize"></param> public RsaPkcs8Util(Encoding dataEncoding, string publicKey, string privateKey = null, int keySize = 2048) { if (string.IsNullOrEmpty(privateKey) && string.IsNullOrEmpty(publicKey)) { throw new Exception("Public and private keys must not be empty at the same time"); } if (!string.IsNullOrEmpty(privateKey)) { #if NET451 || NET452 PrivateRsa = new MsRSA { KeySize = keySize }; #else PrivateRsa = MsRSA.Create(); PrivateRsa.KeySize = keySize; #endif PrivateRsa.TouchFromPrivateKeyInPkcs8(privateKey, out var priRsap); #if NET451 || NET452 PrivateRsaKeyParameter = GetPrivateKeyParameter(privateKey); #endif if (string.IsNullOrEmpty(publicKey)) { #if NET451 || NET452 PublicRsa = new MsRSA { KeySize = keySize }; #else PublicRsa = MsRSA.Create(); PublicRsa.KeySize = keySize; #endif var pubRsap = new RSAParameters { Modulus = priRsap.Modulus, Exponent = priRsap.Exponent }; PublicRsa.ImportParameters(pubRsap); #if NET451 || NET452 PublicRsaKeyParameter = GetPublicKeyParameter(publicKey); #endif } } if (!string.IsNullOrEmpty(publicKey)) { #if NET451 || NET452 PublicRsa = new MsRSA { KeySize = keySize }; #else PublicRsa = MsRSA.Create(); PublicRsa.KeySize = keySize; #endif PublicRsa.TouchFromPublicKeyInPkcs8(publicKey, out _); #if NET451 || NET452 PublicRsaKeyParameter = GetPublicKeyParameter(publicKey); #endif } DataEncoding = dataEncoding.SafeEncodingValue(); }
static void Main() { //lets take a new CSP with a new 2048 bit rsa key pair var csp = new System.Security.Cryptography.RSACryptoServiceProvider(2048); //how to get the private key var privKey = csp.ExportParameters(true); //and the public key ... var pubKey = csp.ExportParameters(false); //converting the public key into a string representation string pubKeyString = ""; { //we need some buffer var sw = new System.IO.StringWriter(); //we need a serializer var xs = new System.Xml.Serialization.XmlSerializer(typeof(RSAParameters)); //serialize the key into the stream xs.Serialize(sw, pubKey); //get the string from the stream pubKeyString = sw.ToString(); } //converting it back { //get a stream from the string var sr = new System.IO.StringReader(pubKeyString); //we need a deserializer var xs = new System.Xml.Serialization.XmlSerializer(typeof(RSAParameters)); //get the object back from the stream pubKey = (RSAParameters)xs.Deserialize(sr); } //conversion for the private key is no black magic either ... omitted //we have a public key ... let's get a new csp and load that key csp = new RSACryptoServiceProvider(); csp.ImportParameters(pubKey); //we need some data to encrypt var plainTextData = "foobar"; //for encryption, always handle bytes... var bytesPlainTextData = System.Text.Encoding.Unicode.GetBytes(plainTextData); //apply pkcs#1.5 padding and encrypt our data var bytesCypherText = csp.Encrypt(bytesPlainTextData, false); //we might want a string representation of our cypher text... base64 will do var cypherText = Convert.ToBase64String(bytesCypherText); /* * some transmission / storage / retrieval * * and we want to decrypt our cypherText */ //first, get our bytes back from the base64 string ... bytesCypherText = Convert.FromBase64String(cypherText); //we want to decrypt, therefore we need a csp and load our private key csp = new RSACryptoServiceProvider(); csp.ImportParameters(privKey); //decrypt and strip pkcs#1.5 padding bytesPlainTextData = csp.Decrypt(bytesCypherText, false); //get our original plainText back... plainTextData = System.Text.Encoding.Unicode.GetString(bytesPlainTextData); }
public async void StartMQTT(string clientid, string cafile, string clientcertfile, string clientprivate, string clientprivatepassword = "") { var ca = new X509Certificate(cafile, ""); var reader = new PemReader(File.OpenText(clientprivate)); var privatekey = (AsymmetricCipherKeyPair)reader.ReadObject(); var pkinfo = (Org.BouncyCastle.Crypto.Parameters.RsaPrivateCrtKeyParameters)privatekey.Private; var ce1 = new X509Certificate2(File.ReadAllBytes(clientcertfile), clientprivatepassword, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet); CspParameters parms = new CspParameters(); parms.Flags = CspProviderFlags.NoFlags; parms.KeyContainerName = Guid.NewGuid().ToString().ToUpperInvariant(); parms.ProviderType = ((Environment.OSVersion.Version.Major > 5) || ((Environment.OSVersion.Version.Major == 5) && (Environment.OSVersion.Version.Minor >= 1))) ? 0x18 : 1; System.Security.Cryptography.RSACryptoServiceProvider rcsp = new System.Security.Cryptography.RSACryptoServiceProvider(parms) { PersistKeyInCsp = true }; rcsp.ImportParameters(DotNetUtilities.ToRSAParameters(pkinfo)); ce1.PrivateKey = rcsp; //var clientcert = CertificatesToDBandBack.Certificate.GetCertificateFromPEMstring(File.ReadAllText(clientcertfile), File.ReadAllText(clientprivate), clientprivatepassword); MQTTClient = new MqttFactory().CreateMqttClient(); var options = new MqttClientOptionsBuilder() .WithTcpServer(mqtt_host, mqtt_port).WithClientId(clientid).WithTls(new MqttClientOptionsBuilderTlsParameters { AllowUntrustedCertificates = false, IgnoreCertificateChainErrors = false, IgnoreCertificateRevocationErrors = false, UseTls = true, SslProtocol = System.Security.Authentication.SslProtocols.Tls12, Certificates = new List <byte[]> { ca.Export(X509ContentType.SerializedCert), ce1.Export(X509ContentType.SerializedCert) }, CertificateValidationCallback = (X509Certificate x, X509Chain y, SslPolicyErrors z, IMqttClientOptions o) => { return(true); } }).Build(); MQTTClient.ApplicationMessageReceivedHandler = new MqttApplicationMessageReceivedHandlerDelegate(e => { Console.WriteLine("### RECEIVED APPLICATION MESSAGE ###"); Console.WriteLine($"+ Topic = {e.ApplicationMessage.Topic}"); Console.WriteLine($"+ Payload = {Encoding.UTF8.GetString(e.ApplicationMessage.Payload)}"); Console.WriteLine($"+ QoS = {e.ApplicationMessage.QualityOfServiceLevel}"); Console.WriteLine($"+ Retain = {e.ApplicationMessage.Retain}"); Console.WriteLine(); }); MQTTClient.ConnectedHandler = new MqttClientConnectedHandlerDelegate(async a => { Console.WriteLine("### CONNECTED WITH SERVER ###"); await MQTTClient.SubscribeAsync(new TopicFilterBuilder().WithTopic("#").Build()); }); MQTTClient.DisconnectedHandler = new MqttClientDisconnectedHandlerDelegate(async a => { Console.WriteLine("### DISCONNECTED FROM SERVER ###"); }); var connect = await MQTTClient.ConnectAsync(options); var sub = MQTTClient.SubscribeAsync(new TopicFilter { Topic = "test", QualityOfServiceLevel = MqttQualityOfServiceLevel.AtMostOnce }); }
public void TestRfc7515Example_A_2_1() { string protectedSample = // From the RFC example "{\"alg\":\"RS256\"}"; byte[] protectedBytesExpected = // From the RFC example { 123, 34, 97, 108, 103, 34, 58, 34, 82, 83, 50, 53, 54, 34, 125 }; byte[] protectedBytesActual = Encoding.UTF8.GetBytes(protectedSample); CollectionAssert.AreEqual(protectedBytesExpected, protectedBytesActual); string protectedB64uExpected = "eyJhbGciOiJSUzI1NiJ9"; // From the RFC example string protectedB64uActual = CryptoHelper.Base64.UrlEncode(protectedBytesActual); Assert.AreEqual(protectedB64uExpected, protectedB64uActual); string payloadSample = // From the RFC example "{\"iss\":\"joe\",\r\n" + " \"exp\":1300819380,\r\n" + " \"http://example.com/is_root\":true}"; byte[] payloadBytesActual = Encoding.UTF8.GetBytes(payloadSample); string payloadB64uActual = CryptoHelper.Base64.UrlEncode(payloadBytesActual); string signingInput = $"{protectedB64uActual}.{payloadB64uActual}"; byte[] signingBytesExpected = // From the RFC example { 101, 121, 74, 104, 98, 71, 99, 105, 79, 105, 74, 83, 85, 122, 73, 49, 78, 105, 74, 57, 46, 101, 121, 74, 112, 99, 51, 77, 105, 79,105, 74, 113, 98, 50, 85, 105, 76, 65, 48, 75, 73, 67, 74, 108, 101, 72, 65, 105, 79, 106, 69, 122, 77, 68, 65, 52, 77, 84, 107, 122, 79, 68, 65, 115, 68, 81, 111, 103, 73, 109, 104, 48, 100, 72, 65, 54, 76, 121, 57, 108, 101, 71, 70, 116, 99, 71, 120, 108, 76, 109, 78, 118, 98, 83, 57, 112, 99, 49, 57, 121, 98, 50, 57, 48, 73, 106, 112, 48, 99, 110, 86, 108, 102, 81 }; byte[] signingBytesActual = Encoding.ASCII.GetBytes(signingInput); CollectionAssert.AreEqual(signingBytesExpected, signingBytesActual); byte[] sigExpected = // From the RFC example { 112, 46, 33, 137, 67, 232, 143, 209, 30, 181, 216, 45, 191, 120, 69, 243, 65, 6, 174, 27, 129, 255, 247, 115, 17, 22, 173, 209, 113, 125, 131, 101, 109, 66, 10, 253, 60, 150, 238, 221, 115, 162, 102, 62, 81, 102, 104, 123, 0, 11, 135, 34, 110, 1, 135, 237, 16, 115, 249, 69, 229, 130, 173, 252, 239, 22, 216, 90, 121, 142, 232, 198, 109, 219, 61, 184, 151, 91, 23, 208, 148, 2, 190, 237, 213, 217, 217, 112, 7, 16, 141, 178, 129, 96, 213, 248, 4, 12, 167, 68, 87, 98, 184, 31, 190, 127, 249, 217, 46, 10, 231, 111, 36, 242, 91, 51, 187, 230, 244, 74, 230, 30, 177, 4, 10, 203, 32, 4, 77, 62, 249, 18, 142, 212,1, 48, 121, 91, 212, 189, 59, 65, 238, 202, 208, 102, 171, 101, 25, 129, 253, 228, 141, 247, 127, 55, 45, 195, 139, 159, 175, 221, 59, 239, 177, 139, 93, 163, 204, 60, 46, 176, 47, 158, 58, 65, 214, 18, 202, 173, 21, 145, 18, 115, 160, 95, 35, 185, 232, 56, 250, 175, 132, 157, 105, 132, 41, 239, 90, 30, 136, 121, 130, 54, 195, 212, 14, 96, 69, 34, 165, 68, 200, 242, 122, 122, 45, 184, 6, 99, 209, 108, 247, 202, 234, 86, 222, 64, 92, 178, 33, 90, 69, 178, 194, 85, 102, 181, 90, 193, 167, 72, 160, 112, 223, 200, 163, 42, 70, 149, 67, 208, 25, 238, 251, 71 }; byte[] sigActual = null; using (var rsa = new System.Security.Cryptography.RSACryptoServiceProvider()) { rsa.ImportParameters(GetRsaParamsForRfc7515Example_A_2_1()); using (var sha256 = new System.Security.Cryptography.SHA256CryptoServiceProvider()) { sigActual = rsa.SignData(signingBytesExpected, sha256); } } CollectionAssert.AreEqual(sigExpected, sigActual); string sigB64uExpected = // From the RFC example "cC4hiUPoj9Eetdgtv3hF80EGrhuB__dzERat0XF9g2VtQgr9PJbu3XOiZj5RZmh7" + "AAuHIm4Bh-0Qc_lF5YKt_O8W2Fp5jujGbds9uJdbF9CUAr7t1dnZcAcQjbKBYNX4" + "BAynRFdiuB--f_nZLgrnbyTyWzO75vRK5h6xBArLIARNPvkSjtQBMHlb1L07Qe7K" + "0GarZRmB_eSN9383LcOLn6_dO--xi12jzDwusC-eOkHWEsqtFZESc6BfI7noOPqv" + "hJ1phCnvWh6IeYI2w9QOYEUipUTI8np6LbgGY9Fs98rqVt5AXLIhWkWywlVmtVrB" + "p0igcN_IoypGlUPQGe77Rw"; string sigB64uActual = CryptoHelper.Base64.UrlEncode(sigActual); Assert.AreEqual(sigB64uExpected, sigB64uActual); }
public static string SignDownload(string updateFile) { RSACryptoServiceProvider provider = new RSACryptoServiceProvider(); provider.FromXmlString(File.ReadAllText("private.key")); byte[] signedBytes = provider.SignData(File.ReadAllBytes(updateFile), "SHA256"); return Convert.ToBase64String(signedBytes); }