//********************************************************************************** // //OpenSSLKey // .NET 2.0 OpenSSL Public & Private Key Parser // /* Copyright (c) 2000 JavaScience Consulting, Michel Gallant Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. */ //*********************************************************************************** // // opensslkey.cs // // Reads and parses: // (1) OpenSSL PEM or DER public keys // (2) OpenSSL PEM or DER traditional SSLeay private keys (encrypted and unencrypted) // (3) PKCS #8 PEM or DER encoded private keys (encrypted and unencrypted) // Keys in PEM format must have headers/footers . // Encrypted Private Key in SSLEay format not supported in DER // Removes header/footer lines. // For traditional SSLEAY PEM private keys, checks for encrypted format and // uses PBE to extract 3DES key. // For SSLEAY format, only supports encryption format: DES-EDE3-CBC // For PKCS #8, only supports PKCS#5 v2.0 3des. // Parses private and public key components and returns .NET RSA object. // Creates dummy unsigned certificate linked to private keypair and // optionally exports to pkcs #12 // // See also: // http://www.openssl.org/docs/crypto/pem.html#PEM_ENCRYPTION_FORMAT //************************************************************************************** using System; using System.IO; using System.Text; using System.Security.Cryptography; using System.Security.Cryptography.X509Certificates; using System.Runtime.InteropServices; using System.Security; using System.Diagnostics; using System.ComponentModel; namespace JavaScience { public class Win32 { [DllImport("crypt32.dll", SetLastError=true)] public static extern IntPtr CertCreateSelfSignCertificate( IntPtr hProv, ref CERT_NAME_BLOB pSubjectIssuerBlob, uint dwFlagsm, ref CRYPT_KEY_PROV_INFO pKeyProvInfo, IntPtr pSignatureAlgorithm, IntPtr pStartTime, IntPtr pEndTime, IntPtr other) ; [DllImport("crypt32.dll", SetLastError=true)] public static extern bool CertStrToName( uint dwCertEncodingType, String pszX500, uint dwStrType, IntPtr pvReserved, [In, Out] byte[] pbEncoded, ref uint pcbEncoded, IntPtr other); [DllImport("crypt32.dll", SetLastError=true)] public static extern bool CertFreeCertificateContext( IntPtr hCertStore) ; } [StructLayout(LayoutKind.Sequential)] public struct CRYPT_KEY_PROV_INFO { [MarshalAs(UnmanagedType.LPWStr)] public String pwszContainerName; [MarshalAs(UnmanagedType.LPWStr)] public String pwszProvName; public uint dwProvType; public uint dwFlags; public uint cProvParam; public IntPtr rgProvParam; public uint dwKeySpec; } [StructLayout(LayoutKind.Sequential)] public struct CERT_NAME_BLOB { public int cbData; public IntPtr pbData; } public class opensslkey { const String pemprivheader = "-----BEGIN RSA PRIVATE KEY-----" ; const String pemprivfooter = "-----END RSA PRIVATE KEY-----" ; const String pempubheader = "-----BEGIN PUBLIC KEY-----" ; const String pempubfooter = "-----END PUBLIC KEY-----" ; const String pemp8header = "-----BEGIN PRIVATE KEY-----" ; const String pemp8footer = "-----END PRIVATE KEY-----" ; const String pemp8encheader = "-----BEGIN ENCRYPTED PRIVATE KEY-----" ; const String pemp8encfooter = "-----END ENCRYPTED PRIVATE KEY-----" ; // static byte[] pempublickey; // static byte[] pemprivatekey; // static byte[] pkcs8privatekey; // static byte[] pkcs8encprivatekey; static bool verbose = false; public static void Main(String[] args) { if(args.Length == 1) if(args[0].ToUpper() == "V") verbose = true; Console.ForegroundColor = ConsoleColor.Gray; Console.Write("\nRSA public, private or PKCS #8 key file to decode: "); String filename = Console.ReadLine().Trim(); if (filename == "") //exit while(true) loop return; if (!File.Exists(filename)) { Console.WriteLine("File \"{0}\" does not exist!\n", filename); return; } StreamReader sr = File.OpenText(filename); String pemstr = sr.ReadToEnd().Trim(); sr.Close(); if(pemstr.StartsWith("-----BEGIN")) DecodePEMKey(pemstr); else DecodeDERKey(filename); } // ------- Decode PEM pubic, private or pkcs8 key ---------------- public static void DecodePEMKey(String pemstr) { byte[] pempublickey; byte[] pemprivatekey; byte[] pkcs8privatekey; byte[] pkcs8encprivatekey; if(pemstr.StartsWith(pempubheader) && pemstr.EndsWith(pempubfooter)) { Console.WriteLine("Trying to decode and parse a PEM public key .."); pempublickey = DecodeOpenSSLPublicKey(pemstr); if(pempublickey != null) { if(verbose) showBytes("\nRSA public key", pempublickey) ; //PutFileBytes("rsapubkey.pem", pempublickey, pempublickey.Length) ; RSACryptoServiceProvider rsa = DecodeX509PublicKey(pempublickey); Console.WriteLine("\nCreated an RSACryptoServiceProvider instance\n") ; String xmlpublickey =rsa.ToXmlString(false) ; Console.WriteLine("\nXML RSA public key: {0} bits\n{1}\n", rsa.KeySize, xmlpublickey) ; } } else if(pemstr.StartsWith(pemprivheader) && pemstr.EndsWith(pemprivfooter)) { Console.WriteLine("Trying to decrypt and parse a PEM private key .."); pemprivatekey = DecodeOpenSSLPrivateKey(pemstr); if(pemprivatekey != null) { if(verbose) showBytes("\nRSA private key", pemprivatekey) ; //PutFileBytes("rsaprivkey.pem", pemprivatekey, pemprivatekey.Length) ; RSACryptoServiceProvider rsa = DecodeRSAPrivateKey(pemprivatekey); Console.WriteLine("\nCreated an RSACryptoServiceProvider instance\n") ; String xmlprivatekey =rsa.ToXmlString(true) ; Console.WriteLine("\nXML RSA private key: {0} bits\n{1}\n", rsa.KeySize, xmlprivatekey) ; ProcessRSA(rsa); } } else if(pemstr.StartsWith(pemp8header) && pemstr.EndsWith(pemp8footer)) { Console.WriteLine("Trying to decode and parse as PEM PKCS #8 PrivateKeyInfo .."); pkcs8privatekey = DecodePkcs8PrivateKey(pemstr); if(pkcs8privatekey != null) { if(verbose) showBytes("\nPKCS #8 PrivateKeyInfo", pkcs8privatekey) ; //PutFileBytes("PrivateKeyInfo", pkcs8privatekey, pkcs8privatekey.Length) ; RSACryptoServiceProvider rsa = DecodePrivateKeyInfo(pkcs8privatekey); if(rsa !=null) { Console.WriteLine("\nCreated an RSACryptoServiceProvider instance\n") ; String xmlprivatekey =rsa.ToXmlString(true) ; Console.WriteLine("\nXML RSA private key: {0} bits\n{1}\n", rsa.KeySize, xmlprivatekey) ; ProcessRSA(rsa) ; } else Console.WriteLine("\nFailed to create an RSACryptoServiceProvider"); } } else if(pemstr.StartsWith(pemp8encheader) && pemstr.EndsWith(pemp8encfooter)) { Console.WriteLine("Trying to decode and parse as PEM PKCS #8 EncryptedPrivateKeyInfo .."); pkcs8encprivatekey = DecodePkcs8EncPrivateKey(pemstr); if(pkcs8encprivatekey != null) { if(verbose) showBytes("\nPKCS #8 EncryptedPrivateKeyInfo", pkcs8encprivatekey) ; //PutFileBytes("EncryptedPrivateKeyInfo", pkcs8encprivatekey, pkcs8encprivatekey.Length) ; RSACryptoServiceProvider rsa = DecodeEncryptedPrivateKeyInfo(pkcs8encprivatekey); if(rsa !=null) { Console.WriteLine("\nCreated an RSACryptoServiceProvider instance\n") ; String xmlprivatekey =rsa.ToXmlString(true) ; Console.WriteLine("\nXML RSA private key: {0} bits\n{1}\n", rsa.KeySize, xmlprivatekey) ; ProcessRSA(rsa) ; } else Console.WriteLine("\nFailed to create an RSACryptoServiceProvider"); } } else { Console.WriteLine("Not a PEM public, private key or a PKCS #8"); return; } } // ------- Decode PEM pubic, private or pkcs8 key ---------------- public static void DecodeDERKey(String filename) { RSACryptoServiceProvider rsa = null ; byte[] keyblob = GetFileBytes(filename); if(keyblob == null) return; rsa = DecodeX509PublicKey(keyblob); if(rsa !=null) { Console.WriteLine("\nA valid SubjectPublicKeyInfo\n") ; Console.WriteLine("\nCreated an RSACryptoServiceProvider instance\n") ; String xmlpublickey =rsa.ToXmlString(false) ; Console.WriteLine("\nXML RSA public key: {0} bits\n{1}\n", rsa.KeySize, xmlpublickey) ; return; } rsa = DecodeRSAPrivateKey(keyblob); if(rsa != null) { Console.WriteLine("\nA valid RSAPrivateKey\n") ; Console.WriteLine("\nCreated an RSACryptoServiceProvider instance\n") ; String xmlprivatekey =rsa.ToXmlString(true) ; Console.WriteLine("\nXML RSA private key: {0} bits\n{1}\n", rsa.KeySize, xmlprivatekey) ; ProcessRSA(rsa) ; return; } rsa = DecodePrivateKeyInfo(keyblob); //PKCS #8 unencrypted if(rsa !=null) { Console.WriteLine("\nA valid PKCS #8 PrivateKeyInfo\n") ; Console.WriteLine("\nCreated an RSACryptoServiceProvider instance\n") ; String xmlprivatekey =rsa.ToXmlString(true) ; Console.WriteLine("\nXML RSA private key: {0} bits\n{1}\n", rsa.KeySize, xmlprivatekey) ; ProcessRSA(rsa); return; } rsa = DecodeEncryptedPrivateKeyInfo(keyblob); //PKCS #8 encrypted if(rsa !=null) { Console.WriteLine("\nA valid PKCS #8 EncryptedPrivateKeyInfo\n") ; Console.WriteLine("\nCreated an RSACryptoServiceProvider instance\n") ; String xmlprivatekey =rsa.ToXmlString(true) ; Console.WriteLine("\nXML RSA private key: {0} bits\n{1}\n", rsa.KeySize, xmlprivatekey) ; ProcessRSA(rsa); return; } Console.WriteLine("Not a binary DER public, private or PKCS #8 key"); return; } public static void ProcessRSA(RSACryptoServiceProvider rsa) { if(verbose) showRSAProps(rsa); Console.Write("\n\nExport RSA private key to PKCS #12 file? (Y or N) "); String resp = Console.ReadLine().ToUpper() ; if(resp == "Y" || resp == "YES") RSAtoPKCS12(rsa) ; } //-------- Generate pkcs #12 from an RSACryptoServiceProvider --------- public static void RSAtoPKCS12(RSACryptoServiceProvider rsa) { CspKeyContainerInfo keyInfo = rsa.CspKeyContainerInfo; String keycontainer = keyInfo.KeyContainerName; uint keyspec = (uint) keyInfo.KeyNumber; String provider = keyInfo.ProviderName; uint cspflags = 0; //CryptoAPI Current User store; LM would be CRYPT_MACHINE_KEYSET = 0x00000020 String fname = keycontainer + ".p12" ; //---- need to pass in rsa since underlying keycontainer is not persisted and might be deleted too quickly --- byte[] pkcs12 = GetPkcs12(rsa, keycontainer, provider, keyspec , cspflags) ; if ( (pkcs12 !=null) && verbose) showBytes("\npkcs #12", pkcs12); if(pkcs12 !=null){ PutFileBytes(fname, pkcs12, pkcs12.Length) ; Console.WriteLine("\nWrote pkc #12 file '{0}'\n", fname) ; } else Console.WriteLine("\nProblem getting pkcs#12") ; } //-------- Get the binary PKCS #8 PRIVATE key -------- public static byte[] DecodePkcs8PrivateKey(String instr) { const String pemp8header = "-----BEGIN PRIVATE KEY-----" ; const String pemp8footer = "-----END PRIVATE KEY-----" ; String pemstr = instr.Trim() ; byte[] binkey; if(!pemstr.StartsWith(pemp8header) || !pemstr.EndsWith(pemp8footer)) return null; StringBuilder sb = new StringBuilder(pemstr) ; sb.Replace(pemp8header, "") ; //remove headers/footers, if present sb.Replace(pemp8footer, "") ; String pubstr = sb.ToString().Trim(); //get string after removing leading/trailing whitespace try{ binkey = Convert.FromBase64String(pubstr) ; } catch(System.FormatException) { //if can't b64 decode, data is not valid return null; } return binkey; } //------- Parses binary asn.1 PKCS #8 PrivateKeyInfo; returns RSACryptoServiceProvider --- public static RSACryptoServiceProvider DecodePrivateKeyInfo(byte[] pkcs8) { // encoded OID sequence for PKCS #1 rsaEncryption szOID_RSA_RSA = "1.2.840.113549.1.1.1" // this byte[] includes the sequence byte and terminal encoded null byte[] SeqOID = {0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00} ; byte[] seq = new byte[15]; // --------- Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob ------ MemoryStream mem = new MemoryStream(pkcs8) ; int lenstream = (int) mem.Length; BinaryReader binr = new BinaryReader(mem) ; //wrap Memory Stream with BinaryReader for easy reading byte bt = 0; ushort twobytes = 0; try{ twobytes = binr.ReadUInt16(); if(twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81) binr.ReadByte(); //advance 1 byte else if(twobytes == 0x8230) binr.ReadInt16(); //advance 2 bytes else return null; bt = binr.ReadByte(); if(bt != 0x02) return null; twobytes = binr.ReadUInt16(); if(twobytes != 0x0001) return null; seq = binr.ReadBytes(15); //read the Sequence OID if(!CompareBytearrays(seq, SeqOID)) //make sure Sequence for OID is correct return null; bt = binr.ReadByte(); if(bt != 0x04) //expect an Octet string return null; bt = binr.ReadByte(); //read next byte, or next 2 bytes is 0x81 or 0x82; otherwise bt is the byte count if(bt == 0x81) binr.ReadByte(); else if(bt == 0x82) binr.ReadUInt16(); //------ at this stage, the remaining sequence should be the RSA private key byte[] rsaprivkey = binr.ReadBytes((int)(lenstream -mem.Position)) ; RSACryptoServiceProvider rsacsp = DecodeRSAPrivateKey(rsaprivkey); return rsacsp; } catch(Exception){ return null; } finally { binr.Close(); } } //-------- Get the binary PKCS #8 Encrypted PRIVATE key -------- public static byte[] DecodePkcs8EncPrivateKey(String instr) { const String pemp8encheader = "-----BEGIN ENCRYPTED PRIVATE KEY-----" ; const String pemp8encfooter = "-----END ENCRYPTED PRIVATE KEY-----" ; String pemstr = instr.Trim() ; byte[] binkey; if(!pemstr.StartsWith(pemp8encheader) || !pemstr.EndsWith(pemp8encfooter)) return null; StringBuilder sb = new StringBuilder(pemstr) ; sb.Replace(pemp8encheader, "") ; //remove headers/footers, if present sb.Replace(pemp8encfooter, "") ; String pubstr = sb.ToString().Trim(); //get string after removing leading/trailing whitespace try{ binkey = Convert.FromBase64String(pubstr) ; } catch(System.FormatException) { //if can't b64 decode, data is not valid return null; } return binkey; } //------- Parses binary asn.1 EncryptedPrivateKeyInfo; returns RSACryptoServiceProvider --- public static RSACryptoServiceProvider DecodeEncryptedPrivateKeyInfo(byte[] encpkcs8) { // encoded OID sequence for PKCS #1 rsaEncryption szOID_RSA_RSA = "1.2.840.113549.1.1.1" // this byte[] includes the sequence byte and terminal encoded null byte[] OIDpkcs5PBES2 = {0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0D } ; byte[] OIDpkcs5PBKDF2 = {0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x05, 0x0C } ; byte[] OIDdesEDE3CBC = {0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07} ; byte[] seqdes = new byte[10] ; byte[] seq = new byte[11]; byte[] salt ; byte[] IV; byte[] encryptedpkcs8; byte[] pkcs8; int saltsize, ivsize, encblobsize; int iterations; // --------- Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob ------ MemoryStream mem = new MemoryStream(encpkcs8) ; int lenstream = (int) mem.Length; BinaryReader binr = new BinaryReader(mem) ; //wrap Memory Stream with BinaryReader for easy reading byte bt = 0; ushort twobytes = 0; try{ twobytes = binr.ReadUInt16(); if(twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81) binr.ReadByte(); //advance 1 byte else if(twobytes == 0x8230) binr.ReadInt16(); //advance 2 bytes else return null; twobytes = binr.ReadUInt16(); //inner sequence if(twobytes == 0x8130) binr.ReadByte(); else if(twobytes == 0x8230) binr.ReadInt16(); seq = binr.ReadBytes(11); //read the Sequence OID if(!CompareBytearrays(seq, OIDpkcs5PBES2)) //is it a OIDpkcs5PBES2 ? return null; twobytes = binr.ReadUInt16(); //inner sequence for pswd salt if(twobytes == 0x8130) binr.ReadByte(); else if(twobytes == 0x8230) binr.ReadInt16(); twobytes = binr.ReadUInt16(); //inner sequence for pswd salt if(twobytes == 0x8130) binr.ReadByte(); else if(twobytes == 0x8230) binr.ReadInt16(); seq = binr.ReadBytes(11); //read the Sequence OID if(!CompareBytearrays(seq, OIDpkcs5PBKDF2)) //is it a OIDpkcs5PBKDF2 ? return null; twobytes = binr.ReadUInt16(); if(twobytes == 0x8130) binr.ReadByte(); else if(twobytes == 0x8230) binr.ReadInt16(); bt = binr.ReadByte(); if(bt != 0x04) //expect octet string for salt return null; saltsize = binr.ReadByte(); salt = binr.ReadBytes(saltsize); if(verbose) showBytes("Salt for pbkd", salt); bt=binr.ReadByte(); if (bt != 0x02) //expect an integer for PBKF2 interation count return null; int itbytes = binr.ReadByte(); //PBKD2 iterations should fit in 2 bytes. if(itbytes ==1) iterations = binr.ReadByte(); else if(itbytes == 2) iterations = 256*binr.ReadByte() + binr.ReadByte(); else return null; if(verbose) Console.WriteLine("PBKD2 iterations {0}", iterations); twobytes = binr.ReadUInt16(); if(twobytes == 0x8130) binr.ReadByte(); else if(twobytes == 0x8230) binr.ReadInt16(); seqdes = binr.ReadBytes(10); //read the Sequence OID if(!CompareBytearrays(seqdes, OIDdesEDE3CBC)) //is it a OIDdes-EDE3-CBC ? return null; bt = binr.ReadByte(); if(bt != 0x04) //expect octet string for IV return null; ivsize = binr.ReadByte(); // IV byte size should fit in one byte (24 expected for 3DES) IV= binr.ReadBytes(ivsize); if(verbose) showBytes("IV for des-EDE3-CBC", IV); bt=binr.ReadByte(); if(bt != 0x04) // expect octet string for encrypted PKCS8 data return null; bt = binr.ReadByte(); if(bt == 0x81) encblobsize = binr.ReadByte(); // data size in next byte else if(bt == 0x82) encblobsize = 256*binr.ReadByte() + binr.ReadByte() ; else encblobsize = bt; // we already have the data size encryptedpkcs8 = binr.ReadBytes(encblobsize) ; //if(verbose) // showBytes("Encrypted PKCS8 blob", encryptedpkcs8) ; SecureString secpswd = GetSecPswd("Enter password for Encrypted PKCS #8 ==>") ; pkcs8 = DecryptPBDK2(encryptedpkcs8, salt, IV, secpswd, iterations) ; if(pkcs8 == null) // probably a bad pswd entered. return null; //if(verbose) // showBytes("Decrypted PKCS #8", pkcs8) ; //----- With a decrypted pkcs #8 PrivateKeyInfo blob, decode it to an RSA --- RSACryptoServiceProvider rsa = DecodePrivateKeyInfo(pkcs8) ; return rsa; } catch(Exception){ return null; } finally { binr.Close(); } } // ------ Uses PBKD2 to derive a 3DES key and decrypts data -------- public static byte[] DecryptPBDK2(byte[] edata, byte[] salt, byte[]IV, SecureString secpswd, int iterations) { CryptoStream decrypt = null; IntPtr unmanagedPswd = IntPtr.Zero; byte[] psbytes = new byte[secpswd.Length] ; unmanagedPswd = Marshal.SecureStringToGlobalAllocAnsi(secpswd); Marshal.Copy(unmanagedPswd, psbytes, 0, psbytes.Length) ; Marshal.ZeroFreeGlobalAllocAnsi(unmanagedPswd); try { Rfc2898DeriveBytes kd = new Rfc2898DeriveBytes(psbytes, salt, iterations); TripleDES decAlg = TripleDES.Create(); decAlg.Key = kd.GetBytes(24); decAlg.IV = IV; MemoryStream memstr = new MemoryStream(); decrypt = new CryptoStream(memstr,decAlg.CreateDecryptor(), CryptoStreamMode.Write); decrypt.Write(edata, 0, edata.Length); decrypt.Flush(); decrypt.Close() ; // this is REQUIRED. byte[] cleartext = memstr.ToArray(); return cleartext; } catch (Exception e) { Console.WriteLine("Problem decrypting: {0}", e.Message) ; return null; } } //-------- Get the binary RSA PUBLIC key -------- public static byte[] DecodeOpenSSLPublicKey(String instr) { const String pempubheader = "-----BEGIN PUBLIC KEY-----" ; const String pempubfooter = "-----END PUBLIC KEY-----" ; String pemstr = instr.Trim() ; byte[] binkey; if(!pemstr.StartsWith(pempubheader) || !pemstr.EndsWith(pempubfooter)) return null; StringBuilder sb = new StringBuilder(pemstr) ; sb.Replace(pempubheader, "") ; //remove headers/footers, if present sb.Replace(pempubfooter, "") ; String pubstr = sb.ToString().Trim(); //get string after removing leading/trailing whitespace try{ binkey = Convert.FromBase64String(pubstr) ; } catch(System.FormatException) { //if can't b64 decode, data is not valid return null; } return binkey; } //------- Parses binary asn.1 X509 SubjectPublicKeyInfo; returns RSACryptoServiceProvider --- public static RSACryptoServiceProvider DecodeX509PublicKey(byte[] x509key) { // encoded OID sequence for PKCS #1 rsaEncryption szOID_RSA_RSA = "1.2.840.113549.1.1.1" byte[] SeqOID = {0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00} ; byte[] seq = new byte[15]; // --------- Set up stream to read the asn.1 encoded SubjectPublicKeyInfo blob ------ MemoryStream mem = new MemoryStream(x509key) ; BinaryReader binr = new BinaryReader(mem) ; //wrap Memory Stream with BinaryReader for easy reading byte bt = 0; ushort twobytes = 0; try{ twobytes = binr.ReadUInt16(); if(twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81) binr.ReadByte(); //advance 1 byte else if(twobytes == 0x8230) binr.ReadInt16(); //advance 2 bytes else return null; seq = binr.ReadBytes(15); //read the Sequence OID if(!CompareBytearrays(seq, SeqOID)) //make sure Sequence for OID is correct return null; twobytes = binr.ReadUInt16(); if(twobytes == 0x8103) //data read as little endian order (actual data order for Bit String is 03 81) binr.ReadByte(); //advance 1 byte else if(twobytes == 0x8203) binr.ReadInt16(); //advance 2 bytes else return null; bt = binr.ReadByte(); if(bt != 0x00) //expect null byte next return null; twobytes = binr.ReadUInt16(); if(twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81) binr.ReadByte(); //advance 1 byte else if(twobytes == 0x8230) binr.ReadInt16(); //advance 2 bytes else return null; twobytes = binr.ReadUInt16(); byte lowbyte = 0x00; byte highbyte = 0x00; if(twobytes == 0x8102) //data read as little endian order (actual data order for Integer is 02 81) lowbyte = binr.ReadByte(); // read next bytes which is bytes in modulus else if(twobytes == 0x8202) { highbyte = binr.ReadByte(); //advance 2 bytes lowbyte = binr.ReadByte(); } else return null; byte[] modint = {lowbyte, highbyte, 0x00, 0x00} ; //reverse byte order since asn.1 key uses big endian order int modsize = BitConverter.ToInt32(modint, 0) ; byte firstbyte = binr.ReadByte(); binr.BaseStream.Seek(-1, SeekOrigin.Current); if(firstbyte == 0x00) { //if first byte (highest order) of modulus is zero, don't include it binr.ReadByte(); //skip this null byte modsize -=1 ; //reduce modulus buffer size by 1 } byte[] modulus = binr.ReadBytes(modsize); //read the modulus bytes if(binr.ReadByte() != 0x02) //expect an Integer for the exponent data return null; int expbytes = (int) binr.ReadByte() ; // should only need one byte for actual exponent data (for all useful values) byte[] exponent = binr.ReadBytes(expbytes); showBytes("\nExponent", exponent); showBytes("\nModulus", modulus) ; // ------- create RSACryptoServiceProvider instance and initialize with public key ----- RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(); RSAParameters RSAKeyInfo = new RSAParameters(); RSAKeyInfo.Modulus = modulus; RSAKeyInfo.Exponent = exponent; RSA.ImportParameters(RSAKeyInfo); return RSA; } catch(Exception){ return null; } finally { binr.Close(); } } //------- Parses binary ans.1 RSA private key; returns RSACryptoServiceProvider --- public static RSACryptoServiceProvider DecodeRSAPrivateKey(byte[] privkey) { byte[] MODULUS, E, D, P, Q, DP, DQ, IQ ; // --------- Set up stream to decode the asn.1 encoded RSA private key ------ MemoryStream mem = new MemoryStream(privkey) ; BinaryReader binr = new BinaryReader(mem) ; //wrap Memory Stream with BinaryReader for easy reading byte bt = 0; ushort twobytes = 0; int elems = 0; try{ twobytes = binr.ReadUInt16(); if(twobytes == 0x8130) //data read as little endian order (actual data order for Sequence is 30 81) binr.ReadByte(); //advance 1 byte else if(twobytes == 0x8230) binr.ReadInt16(); //advance 2 bytes else return null; twobytes = binr.ReadUInt16(); if(twobytes != 0x0102) //version number return null; bt = binr.ReadByte(); if(bt !=0x00) return null; //------ all private key components are Integer sequences ---- elems = GetIntegerSize(binr); MODULUS = binr.ReadBytes(elems); elems = GetIntegerSize(binr); E = binr.ReadBytes(elems) ; elems = GetIntegerSize(binr); D = binr.ReadBytes(elems) ; elems = GetIntegerSize(binr); P = binr.ReadBytes(elems) ; elems = GetIntegerSize(binr); Q = binr.ReadBytes(elems) ; elems = GetIntegerSize(binr); DP = binr.ReadBytes(elems) ; elems = GetIntegerSize(binr); DQ = binr.ReadBytes(elems) ; elems = GetIntegerSize(binr); IQ = binr.ReadBytes(elems) ; Console.WriteLine("showing components .."); if(verbose) { showBytes("\nModulus", MODULUS) ; showBytes("\nExponent", E); showBytes("\nD", D); showBytes("\nP", P); showBytes("\nQ", Q); showBytes("\nDP", DP); showBytes("\nDQ", DQ); showBytes("\nIQ", IQ); } // ------- create RSACryptoServiceProvider instance and initialize with public key ----- RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(); RSAParameters RSAparams = new RSAParameters(); RSAparams.Modulus =MODULUS; RSAparams.Exponent = E; RSAparams.D = D; RSAparams.P = P; RSAparams.Q = Q; RSAparams.DP = DP; RSAparams.DQ = DQ; RSAparams.InverseQ = IQ; RSA.ImportParameters(RSAparams); return RSA; } catch(Exception){ return null; } finally { binr.Close(); } } private static int GetIntegerSize(BinaryReader binr) { byte bt = 0; byte lowbyte = 0x00; byte highbyte = 0x00; int count = 0; bt = binr.ReadByte(); if(bt != 0x02) //expect integer return 0; bt = binr.ReadByte(); if(bt == 0x81) count = binr.ReadByte(); // data size in next byte else if(bt == 0x82) { highbyte = binr.ReadByte(); // data size in next 2 bytes lowbyte = binr.ReadByte(); byte[] modint = {lowbyte, highbyte, 0x00, 0x00} ; count = BitConverter.ToInt32(modint, 0) ; } else { count = bt; // we already have the data size } while(binr.ReadByte() == 0x00) { //remove high order zeros in data count -=1; } binr.BaseStream.Seek(-1, SeekOrigin.Current); //last ReadByte wasn't a removed zero, so back up a byte return count; } //----- Get the binary RSA PRIVATE key, decrypting if necessary ---- public static byte[] DecodeOpenSSLPrivateKey(String instr) { const String pemprivheader = "-----BEGIN RSA PRIVATE KEY-----" ; const String pemprivfooter = "-----END RSA PRIVATE KEY-----" ; String pemstr = instr.Trim() ; byte[] binkey; if(!pemstr.StartsWith(pemprivheader) || !pemstr.EndsWith(pemprivfooter)) return null; StringBuilder sb = new StringBuilder(pemstr) ; sb.Replace(pemprivheader, "") ; //remove headers/footers, if present sb.Replace(pemprivfooter, "") ; String pvkstr = sb.ToString().Trim(); //get string after removing leading/trailing whitespace try{ // if there are no PEM encryption info lines, this is an UNencrypted PEM private key binkey = Convert.FromBase64String(pvkstr) ; return binkey; } catch(System.FormatException) { //if can't b64 decode, it must be an encrypted private key //Console.WriteLine("Not an unencrypted OpenSSL PEM private key"); } StringReader str = new StringReader(pvkstr); //-------- read PEM encryption info. lines and extract salt ----- if(!str.ReadLine().StartsWith("Proc-Type: 4,ENCRYPTED")) return null; String saltline = str.ReadLine(); if(!saltline.StartsWith("DEK-Info: DES-EDE3-CBC,") ) return null; String saltstr = saltline.Substring(saltline.IndexOf(",") + 1).Trim() ; byte[] salt = new byte[saltstr.Length/2]; for (int i=0; i ") ; //Console.Write("\nEnter password to derive 3DES key: "); //String pswd = Console.ReadLine(); byte[] deskey = GetOpenSSL3deskey(salt, despswd, 1, 2); // count=1 (for OpenSSL implementation); 2 iterations to get at least 24 bytes if(deskey == null) return null; //showBytes("3DES key", deskey) ; //------ Decrypt the encrypted 3des-encrypted RSA private key ------ byte[] rsakey = DecryptKey(binkey, deskey, salt); //OpenSSL uses salt value in PEM header also as 3DES IV if(rsakey !=null) return rsakey; //we have a decrypted RSA private key else { Console.WriteLine("Failed to decrypt RSA private key; probably wrong password."); return null; } } // ----- Decrypt the 3DES encrypted RSA private key ---------- public static byte[] DecryptKey(byte[] cipherData, byte[] desKey, byte[] IV) { MemoryStream memst = new MemoryStream(); TripleDES alg = TripleDES.Create(); alg.Key = desKey; alg.IV = IV; try{ CryptoStream cs = new CryptoStream(memst, alg.CreateDecryptor(), CryptoStreamMode.Write); cs.Write(cipherData, 0, cipherData.Length); cs.Close(); } catch(Exception exc){ Console.WriteLine(exc.Message); return null ;} byte[] decryptedData = memst.ToArray(); return decryptedData; } //----- OpenSSL PBKD uses only one hash cycle (count); miter is number of iterations required to build sufficient bytes --- private static byte[] GetOpenSSL3deskey(byte[] salt, SecureString secpswd, int count, int miter ) { IntPtr unmanagedPswd = IntPtr.Zero; int HASHLENGTH = 16; //MD5 bytes byte[] keymaterial = new byte[HASHLENGTH*miter] ; //to store contatenated Mi hashed results byte[] psbytes = new byte[secpswd.Length] ; unmanagedPswd = Marshal.SecureStringToGlobalAllocAnsi(secpswd); Marshal.Copy(unmanagedPswd, psbytes, 0, psbytes.Length) ; Marshal.ZeroFreeGlobalAllocAnsi(unmanagedPswd); //UTF8Encoding utf8 = new UTF8Encoding(); //byte[] psbytes = utf8.GetBytes(pswd); // --- contatenate salt and pswd bytes into fixed data array --- byte[] data00 = new byte[psbytes.Length + salt.Length] ; Array.Copy(psbytes, data00, psbytes.Length); //copy the pswd bytes Array.Copy(salt, 0, data00, psbytes.Length, salt.Length) ; //concatenate the salt bytes // ---- do multi-hashing and contatenate results D1, D2 ... into keymaterial bytes ---- MD5 md5 = new MD5CryptoServiceProvider(); byte[] result = null; byte[] hashtarget = new byte[HASHLENGTH + data00.Length]; //fixed length initial hashtarget for(int j=0; j") ; pfxblob = cert.Export(X509ContentType.Pkcs12, pswd); } catch(Exception exc) { Console.WriteLine( "BAD RESULT" + exc.Message); pfxblob = null; } rsa.Clear() ; if(hCertCntxt != IntPtr.Zero) Win32.CertFreeCertificateContext(hCertCntxt) ; return pfxblob; } private static IntPtr CreateUnsignedCertCntxt(String keycontainer, String provider, uint KEYSPEC, uint cspflags, String DN) { const uint AT_KEYEXCHANGE = 0x00000001; const uint AT_SIGNATURE = 0x00000002; const uint CRYPT_MACHINE_KEYSET = 0x00000020; const uint PROV_RSA_FULL = 0x00000001; const String MS_DEF_PROV = "Microsoft Base Cryptographic Provider v1.0"; const String MS_STRONG_PROV = "Microsoft Strong Cryptographic Provider"; const String MS_ENHANCED_PROV = "Microsoft Enhanced Cryptographic Provider v1.0"; const uint CERT_CREATE_SELFSIGN_NO_SIGN = 1 ; const uint X509_ASN_ENCODING = 0x00000001; const uint CERT_X500_NAME_STR = 3; IntPtr hCertCntxt = IntPtr.Zero; byte[] encodedName = null; uint cbName = 0; if( provider != MS_DEF_PROV && provider != MS_STRONG_PROV && provider != MS_ENHANCED_PROV) return IntPtr.Zero; if(keycontainer == "") return IntPtr.Zero; if( KEYSPEC != AT_SIGNATURE && KEYSPEC != AT_KEYEXCHANGE) return IntPtr.Zero; if(cspflags != 0 && cspflags != CRYPT_MACHINE_KEYSET) //only 0 (Current User) keyset is currently used. return IntPtr.Zero; if (DN == "") return IntPtr.Zero; if(Win32.CertStrToName(X509_ASN_ENCODING, DN, CERT_X500_NAME_STR, IntPtr.Zero, null, ref cbName, IntPtr.Zero)) { encodedName = new byte[cbName] ; Win32.CertStrToName(X509_ASN_ENCODING, DN, CERT_X500_NAME_STR, IntPtr.Zero, encodedName, ref cbName, IntPtr.Zero); } CERT_NAME_BLOB subjectblob = new CERT_NAME_BLOB(); subjectblob.pbData = Marshal.AllocHGlobal(encodedName.Length); Marshal.Copy(encodedName, 0, subjectblob.pbData, encodedName.Length); subjectblob.cbData = encodedName.Length; CRYPT_KEY_PROV_INFO pInfo = new CRYPT_KEY_PROV_INFO(); pInfo.pwszContainerName = keycontainer; pInfo.pwszProvName = provider; pInfo.dwProvType = PROV_RSA_FULL; pInfo.dwFlags = cspflags; pInfo.cProvParam = 0; pInfo.rgProvParam = IntPtr.Zero; pInfo.dwKeySpec = KEYSPEC; hCertCntxt = Win32.CertCreateSelfSignCertificate(IntPtr.Zero, ref subjectblob, CERT_CREATE_SELFSIGN_NO_SIGN, ref pInfo, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero); if(hCertCntxt == IntPtr.Zero) showWin32Error(Marshal.GetLastWin32Error()); Marshal.FreeHGlobal(subjectblob.pbData); return hCertCntxt ; } private static SecureString GetSecPswd(String prompt) { SecureString password = new SecureString(); Console.ForegroundColor = ConsoleColor.Gray; Console.Write(prompt); Console.ForegroundColor = ConsoleColor.Magenta; while (true) { ConsoleKeyInfo cki = Console.ReadKey(true); if (cki.Key == ConsoleKey.Enter) { Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine(); return password; } else if (cki.Key == ConsoleKey.Backspace) { // remove the last asterisk from the screen... if (password.Length > 0) { Console.SetCursorPosition(Console.CursorLeft - 1, Console.CursorTop); Console.Write(" "); Console.SetCursorPosition(Console.CursorLeft - 1, Console.CursorTop); password.RemoveAt(password.Length - 1); } } else if (cki.Key == ConsoleKey.Escape) { Console.ForegroundColor = ConsoleColor.Gray; Console.WriteLine(); return password; } else if (Char.IsLetterOrDigit(cki.KeyChar) || Char.IsSymbol(cki.KeyChar)) { if (password.Length < 20) { password.AppendChar(cki.KeyChar); Console.Write("*"); } else { Console.Beep(); } } else { Console.Beep(); } } } private static bool CompareBytearrays(byte [] a, byte[] b) { if(a.Length != b.Length) return false; int i =0; foreach(byte c in a) { if(c != b[i] ) return false; i++; } return true; } private static void showRSAProps(RSACryptoServiceProvider rsa) { Console.WriteLine("RSA CSP key information:"); CspKeyContainerInfo keyInfo = rsa.CspKeyContainerInfo; Console.WriteLine("Accessible property: " + keyInfo.Accessible); Console.WriteLine("Exportable property: " + keyInfo.Exportable); Console.WriteLine("HardwareDevice property: " + keyInfo.HardwareDevice); Console.WriteLine("KeyContainerName property: " + keyInfo.KeyContainerName); Console.WriteLine("KeyNumber property: " + keyInfo.KeyNumber.ToString()); Console.WriteLine("MachineKeyStore property: " + keyInfo.MachineKeyStore); Console.WriteLine("Protected property: " + keyInfo.Protected); Console.WriteLine("ProviderName property: " + keyInfo.ProviderName); Console.WriteLine("ProviderType property: " + keyInfo.ProviderType); Console.WriteLine("RandomlyGenerated property: " + keyInfo.RandomlyGenerated); Console.WriteLine("Removable property: " + keyInfo.Removable); Console.WriteLine("UniqueKeyContainerName property: " + keyInfo.UniqueKeyContainerName); } private static void showBytes(String info, byte[] data){ Console.WriteLine("{0} [{1} bytes]", info, data.Length); for(int i=1; i<=data.Length; i++){ Console.Write("{0:X2} ", data[i-1]) ; if(i%16 == 0) Console.WriteLine(); } Console.WriteLine("\n\n"); } private static byte[] GetFileBytes(String filename){ if(!File.Exists(filename)) return null; Stream stream=new FileStream(filename,FileMode.Open); int datalen = (int)stream.Length; byte[] filebytes =new byte[datalen]; stream.Seek(0,SeekOrigin.Begin); stream.Read(filebytes,0,datalen); stream.Close(); return filebytes; } private static void PutFileBytes(String outfile, byte[] data, int bytes) { FileStream fs = null; if(bytes > data.Length) { Console.WriteLine("Too many bytes"); return; } try{ fs = new FileStream(outfile, FileMode.Create); fs.Write(data, 0, bytes); } catch(Exception e) { Console.WriteLine(e.Message) ; } finally { fs.Close(); } } private static void showWin32Error(int errorcode) { Win32Exception myEx=new Win32Exception(errorcode); Console.ForegroundColor = ConsoleColor.Red; Console.WriteLine("Error code:\t 0x{0:X}", myEx.ErrorCode); Console.WriteLine("Error message:\t {0}\n", myEx.Message); Console.ForegroundColor = ConsoleColor.Gray; } } }