CryptoSysPKI Namespace

A .NET interface to CryptoSys PKI.

Classes

Enumerations

Asn1 Class

ASN.1 utilities

Inheritance Hierarchy

System.Object
CryptoSysPKI.Asn1

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public class Asn1

The Asn1 type exposes the following members.

Methods

See Also

CryptoSysPKI Namespace

Asn1.TextDump Method

Dump details of an ASN.1 formatted data file to a text file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int TextDump(
    string outputFile,
    string fileOrPEMString,
    Asn1.Options options = Asn1.Options.Default
)

Parameters

outputFile String

Filename of text file to be created

fileOrPEMString String

Filename of ASN.1 formatted data file to be analyzed (or a string containing its base64 or PEM representation)

options Asn1.Options (Optional)

Option flags (optional)

Return Value

Int32
Zero if successful; otherwise it returns an error code

See Also

Asn1 Class
CryptoSysPKI Namespace

General.ErrorLookup Method

Return a description of an error code.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string ErrorLookup(
    int errCode
)

Parameters

errCode Int32

Code number

Return Value

String
Corresponding error message

See Also

General Class
CryptoSysPKI Namespace

Asn1.TextDumpToString Method

Dump details of ASN.1 formatted data to a string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string TextDumpToString(
    string fileOrPEMString,
    Asn1.Options options = Asn1.Options.Default
)

Parameters

fileOrPEMString String

Filename of ASN.1 formatted data file to be analyzed (or a string containing its base64 or PEM representation)

options Asn1.Options (Optional)

Option flags: set as zero for defaults.

Return Value

String
String containing the output.

Remarks

This function creates a temporary file in the system TEMP directory. This file is locked and is automatically deleted after use.

Example

// Very simple ASN.1 data encoded in base64
string s = Asn1.TextDumpToString("MAQwAgUA");
Debug.Assert(s.Length > 0, "Asn1.TextDumpToString failed");
Console.WriteLine(s);
/*
30 04  --SEQUENCE/4 bytes
   30 02  --SEQUENCE/2 bytes
      05 00  --NULL/0 bytes
--(6 bytes) */

// An X.509 certificate file
s = Asn1.TextDumpToString("smallca.cer");
Console.WriteLine(s);
/*
30 81 e0  --SEQUENCE/224 bytes
   30 81 9a  --SEQUENCE/154 bytes
      02 01  --INTEGER/1 bytes
         01
      30 0d  --SEQUENCE/13 bytes
         06 09  --OBJECTIDENTIFIER/9 bytes
            2a 86 48 86 f7 0d 01 01 05
            --sha1WithRSAEncryption (1.2.840.113549.1.1.5)
         05 00  --NULL/0 bytes
      30 0c  --SEQUENCE/12 bytes
         31 0a  --SET/10 bytes
            30 08  --SEQUENCE/8 bytes
               06 03  --OBJECTIDENTIFIER/3 bytes
                  55 04 03
                  --commonName (2.5.4.3)
               13 01  --PRINTABLESTRING/1 bytes
                  41
                  --'A'
[===cut===]
   30 0d  --SEQUENCE/13 bytes
      06 09  --OBJECTIDENTIFIER/9 bytes
         2a 86 48 86 f7 0d 01 01 05
         --sha1WithRSAEncryption (1.2.840.113549.1.1.5)
      05 00  --NULL/0 bytes
   03 32  --BITSTRING/50 bytes
      00 --0 unused bits
      01 9a 9b b2 ec b9 cd fd 66 c6 94 5b 2e d6 96 dc
      32 87 68 da 5e 6f 2e 5d 5a 7f e6 09 2e 60 8f 8c
      45 a5 18 7e 06 1c e9 81 aa ea d6 f2 e3 14 7d 25
      91
--(227 bytes) */

See Also

Asn1 Class
CryptoSysPKI Namespace

Asn1.Type Method

Describe the type of ASN.1 data.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string Type(
    string fileOrPEMString
)

Parameters

fileOrPEMString String

Filename of ASN.1 formatted data file to be analyzed (or a string containing its base64 or PEM representation)

Return Value

String
String containing the name of the type of ASN.1 data or the empty string if not found

Remarks

The output is a string describing the most likely type of the ASN.1-formatted data, or an empty string (““) if the type cannot be determined. The following types are detected: | Output string value | ASN.1 object type | Reference | | ————————— | ———————– | —————— | | EC PRIVATE KEY | ECPrivateKey | [RFC5915] | | EC PRIVATE KEY | ECPrivateKey | [RFC5915] | | OCSP REQUEST | OCSPRequest | [RFC6960] | | OCSP RESPONSE | OCSPResponse | [RFC6960] | | PKCS1 RSA PRIVATE KEY | RSAPrivateKey | [RFC3447] | | PKCS1 RSA PUBLIC KEY | RSAPublicKey | [RFC3447] | | PKCS10 CERTIFICATE REQUEST | CertificationRequest | [RFC2986] | | PKCS12 PFX | PFX | [RFC7292] | | PKCS7 CERTIFICATE CHAIN | ContentInfo | [RFC5652] | | PKCS7/CMS COMPRESSED DATA | ContentInfo | [RFC3274] | | PKCS7/CMS DATA | ContentInfo | [RFC5652] | | PKCS7/CMS ENVELOPED DATA | ContentInfo | [RFC5652] | | CMS AUTH ENVELOPED DATA | ContentInfo | [RFC5083] | | PKCS7/CMS SIGNED DATA | ContentInfo | [RFC5652] | | PKCS8 ENCRYPTED PRIVATE KEY | EncryptedPrivateKeyInfo | [RFC5208][RFC5958] | | PKCS8 PRIVATE KEY INFO | PrivateKeyInfo | [RFC5208][RFC5958] | | PKCS8 ONE ASYMMETRIC KEY | OneAsymmetricKey | [RFC5958] | | PUBLIC KEY INFO | SubjectPublicKeyInfo | [RFC3279][RFC5480] | | X509 CERTIFICATE | Certificate | [RFC5280] | | X509 CRL | CertificateList | [RFC5280] | Note that these descriptions are not necessarily those used as labels for PEM formatted files defined in [RFC7468].

Example

Console.WriteLine("Print type names of various ASN.1 data files...");
string fname, s;
fname = "smallca.cer";
s = Asn1.Type(fname);
Console.WriteLine("Asn1.Type('" + fname + "')=" + s);
// Asn1.Type('smallca.cer')=X509 CERTIFICATE
fname = "AlicePrivRSASign.p8e";
s = Asn1.Type(fname);
Console.WriteLine("Asn1.Type('" + fname + "')=" + s);
// Asn1.Type('AlicePrivRSASign.p8e')=PKCS8 ENCRYPTED PRIVATE KEY

See Also

Asn1 Class
CryptoSysPKI Namespace

Cipher Class

Generic Block Cipher

Inheritance Hierarchy

System.Object
CryptoSysPKI.Cipher

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public class Cipher

The Cipher type exposes the following members.

Methods

See Also

CryptoSysPKI Namespace

Cipher.BlockBytes Method

Return the block size in bytes for a given cipher algorithm.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int BlockBytes(
    CipherAlgorithm alg
)

Parameters

alg CipherAlgorithm

Cipher algorithm

Return Value

Int32
Block size in bytes

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode) Method

Decrypt data block in byte array.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] Decrypt(
    byte[] input,
    byte[] key,
    byte[] iv,
    CipherAlgorithm cipherAlg,
    Mode mode
)

Parameters

input Byte[]

Input data to be decrypted

key Byte[]

Key of exact length for block cipher algorithm

iv Byte[]

Initialization Vector (IV) of exactly the block size or null for ECB mode

cipherAlg CipherAlgorithm

Cipher algorithm

mode Mode

Cipher mode

Return Value

Byte[]
Decrypted data in byte array or empty array on error

Remarks

For ECB and CBC modes, input data length must be an exact multiple of the block length.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Decrypt(String, String, String, CipherAlgorithm, Mode) Method

Decrypt data block as hex-encoded string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string Decrypt(
    string inputHex,
    string keyHex,
    string ivHex,
    CipherAlgorithm cipherAlg,
    Mode mode
)

Parameters

inputHex String

Hex-encoded input data

keyHex String

Hex-encoded key representing exact key length

ivHex String

Hex-encoded IV representing exact block length or "" for ECB mode

cipherAlg CipherAlgorithm

Cipher Algorithm

mode Mode

Cipher Mode

Return Value

String
Decrypted plaintext in hex-encoded string or empty string on error

Remarks

For ECB and CBC modes, input data length must represent an exact multiple of the block length.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Decrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts) Method

Decrypt data in a byte array using the specified block cipher algorithm, mode and padding.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] Decrypt(
    byte[] input,
    byte[] key,
    byte[] iv,
    CipherAlgorithm cipherAlg,
    Mode mode,
    Padding pad = Padding.Default,
    Cipher.Opts opts = Cipher.Opts.Default
)

Parameters

input Byte[]

Input data to be decrypted

key Byte[]

Key of exact length for block cipher algorithm

iv Byte[]

Initialization Vector (IV) of exactly the block size, or null for ECB mode or if IV is prefixed.

cipherAlg CipherAlgorithm

Cipher algorithm

mode Mode

Cipher mode

pad Padding (Optional)

Padding method to use

opts Cipher.Opts (Optional)

Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended to the input.

Return Value

Byte[]
Decrypted plaintext in byte array or empty array on error

Remarks

Default padding is Pkcs5 for ECB and CBC mode and NoPad for all other modes. It is an error if the specified padding is not found after decryption.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Decrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts) Method

Decrypt hex-encoded data using specified block cipher algorithm, mode and padding.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string Decrypt(
    string inputHex,
    string keyHex,
    string ivHex,
    CipherAlgorithm cipherAlg,
    Mode mode,
    Padding pad = Padding.Default,
    Cipher.Opts opts = Cipher.Opts.Default
)

Parameters

inputHex String

Hex-encoded input data

keyHex String

Hex-encoded key representing exact key length

ivHex String

Hex-encoded IV representing exact block length, or "" for ECB mode or if IV is prefixed.

cipherAlg CipherAlgorithm

Cipher Algorithm

mode Mode

Cipher Mode

pad Padding (Optional)

Padding method to use

opts Cipher.Opts (Optional)

Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended to the input.

Return Value

String
Decrypted plaintex in hex-encoded string or empty string on error

Remarks

Input data may be any even number of hex characters, but not zero. Default padding is Pkcs5 for ECB and CBC mode and NoPad for all other modes.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.DecryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm) Method

Decrypt data using the AES-GCM authenticated encryption algorithm.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] DecryptAEAD(
    byte[] input,
    byte[] key,
    byte[] iv,
    AeadAlgorithm aeadAlg
)

Parameters

input Byte[]

Input data to be decrypted.

key Byte[]

Key of exact length for algorithm (16, 24 or 32 bytes).

iv Byte[]

Initialization Vector (IV) (aka nonce) exactly 12 bytes long.

aeadAlg AeadAlgorithm

Authenticated encryption algorithm.

Return Value

Byte[]
Plaintext in a byte array, or empty array on error (an empty array may also be the correct result - check General.ErrorCode for details).

Remarks

The input must include the 16-byte tag appended to the ciphertext. The output will be exactly 16 bytes shorter than the input. In all cases the IV must be exactly 12 bytes (96 bits) and the tag must be exactly 16 bytes (128 bits).

See Also

Cipher Class
CryptoSysPKI Namespace

General.ErrorCode Method

Return the error code of the first error that occurred when calling the last function.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int ErrorCode()

Return Value

Int32
Error code

See Also

General Class
CryptoSysPKI Namespace

Cipher.DecryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts) Method

Decrypt data using the AES-GCM authenticated encryption algorithm with AAD and options.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] DecryptAEAD(
    byte[] input,
    byte[] key,
    byte[] iv,
    byte[] aad,
    AeadAlgorithm aeadAlg,
    Cipher.Opts opts
)

Parameters

input Byte[]

Input data to be decrypted.

key Byte[]

Key of exact length for algorithm (16, 24 or 32 bytes).

iv Byte[]

Initialization Vector (IV) (aka nonce) exactly 12 bytes long, if not provided in input.

aad Byte[]

Additional authenticated data (optional) - set as null to ignore.

aeadAlg AeadAlgorithm

Authenticated encryption algorithm.

opts Cipher.Opts

Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended at the start of the input.

Return Value

Byte[]
Plaintext in a byte array, or empty array on error (an empty array may also be the correct result - check General.ErrorCode for details).

Remarks

The input must include the 16-byte tag appended to the ciphertext and may include a 12-byte prefixed IV. The output will either be exactly 16 bytes shorter than the input, or exactly 28 bytes shorter if the Cipher.Opts.PrefixIV option is used. In all cases the IV must be exactly 12 bytes (96 bits) and the tag must be exactly 16 bytes (128 bits). If additional authentication data (AAD) was provided during encryption then the exact same AAD data must be provided here.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode) Method

Encrypt data block in byte array.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] Encrypt(
    byte[] input,
    byte[] key,
    byte[] iv,
    CipherAlgorithm cipherAlg,
    Mode mode
)

Parameters

input Byte[]

Input data to be encrypted

key Byte[]

Key of exact length for block cipher algorithm

iv Byte[]

Initialization Vector (IV) of exactly the block size or null for ECB mode

cipherAlg CipherAlgorithm

Cipher algorithm

mode Mode

Cipher mode

Return Value

Byte[]
Ciphertext in byte array or empty array on error

Remarks

For ECB and CBC modes, input data length must be an exact multiple of the block length.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Encrypt(String, String, String, CipherAlgorithm, Mode) Method

Encrypt data block as hex-encoded string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string Encrypt(
    string inputHex,
    string keyHex,
    string ivHex,
    CipherAlgorithm cipherAlg,
    Mode mode
)

Parameters

inputHex String

Hex-encoded input data

keyHex String

Hex-encoded key representing exact key length

ivHex String

Hex-encoded IV representing exact block length or "" for ECB mode

cipherAlg CipherAlgorithm

Cipher algorithm

mode Mode

Cipher mode

Return Value

String
Ciphertext in hex-encoded string or empty string on error

Remarks

For ECB and CBC modes, input data length must be an exact multiple of the block length.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Encrypt(Byte[], Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts) Method

Encrypt data in a byte array using the specified block cipher algorithm, mode and padding.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] Encrypt(
    byte[] input,
    byte[] key,
    byte[] iv,
    CipherAlgorithm cipherAlg,
    Mode mode,
    Padding pad = Padding.Default,
    Cipher.Opts opts = Cipher.Opts.Default
)

Parameters

input Byte[]

Input data to be encrypted

key Byte[]

Key of exact length for block cipher algorithm

iv Byte[]

Initialization Vector (IV) of exactly the block size or null for ECB mode.

cipherAlg CipherAlgorithm

Cipher algorithm

mode Mode

Cipher mode

pad Padding (Optional)

Padding method to use

opts Cipher.Opts (Optional)

Advanced options. Use Cipher.Opts.PrefixIV to prepend the IV to the output.

Return Value

Byte[]
Ciphertext in byte array or empty array on error

Remarks

Default padding is Pkcs5 for ECB and CBC mode and NoPad for all other modes.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Encrypt(String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts) Method

Encrypt hex-encoded data using specified block cipher algorithm, mode and padding.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string Encrypt(
    string inputHex,
    string keyHex,
    string ivHex,
    CipherAlgorithm cipherAlg,
    Mode mode,
    Padding pad = Padding.Default,
    Cipher.Opts opts = Cipher.Opts.Default
)

Parameters

inputHex String

Hex-encoded input data

keyHex String

Hex-encoded key representing exact key length

ivHex String

Hex-encoded IV representing exact block length or "" for ECB mode

cipherAlg CipherAlgorithm

Cipher Algorithm

mode Mode

Cipher Mode

pad Padding (Optional)

Padding method to use (optional)

opts Cipher.Opts (Optional)

Advanced options. Use Cipher.Opts.PrefixIV to prepend the IV to the output.

Return Value

String
Encrypted ciphertext in hex-encoded string or empty string on error

Remarks

Input data may be any even number of hex characters, but not zero. Default padding is Pkcs5 for ECB and CBC mode and NoPad for all other modes.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.EncryptAEAD(Byte[], Byte[], Byte[], AeadAlgorithm) Method

Encrypt data using the AES-GCM authenticated encryption algorithm.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] EncryptAEAD(
    byte[] input,
    byte[] key,
    byte[] iv,
    AeadAlgorithm aeadAlg
)

Parameters

input Byte[]

Input data to be encrypted.

key Byte[]

Key of exact length for algorithm (16, 24 or 32 bytes).

iv Byte[]

Initialization Vector (IV) (aka nonce) exactly 12 bytes long.

aeadAlg AeadAlgorithm

Authenticated encryption algorithm.

Return Value

Byte[]
Ciphertext with tag appended in a byte array, or empty array on error.

Remarks

The output will be exactly 16 bytes longer than the input.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.EncryptAEAD(Byte[], Byte[], Byte[], Byte[], AeadAlgorithm, Cipher.Opts) Method

Encrypt data using the AES-GCM authenticated encryption algorithm with AAD and options.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] EncryptAEAD(
    byte[] input,
    byte[] key,
    byte[] iv,
    byte[] aad,
    AeadAlgorithm aeadAlg,
    Cipher.Opts opts
)

Parameters

input Byte[]

Input data to be encrypted.

key Byte[]

Key of exact length for algorithm (16, 24 or 32 bytes).

iv Byte[]

Initialization Vector (IV) (aka nonce) exactly 12 bytes long.

aad Byte[]

Additional authenticated data (optional) - set as null to ignore.

aeadAlg AeadAlgorithm

Authenticated encryption algorithm.

opts Cipher.Opts

Advanced options. Use Cipher.Opts.PrefixIV to prepend the 12-byte IV to the output

Return Value

Byte[]
Ciphertext with tag appended in a byte array, or empty array on error.

Remarks

The output will either be exactly 16 bytes longer than the input, or exactly 28 bytes longer if Cipher.Opts.PrefixIV is used.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.FileDecrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts) Method

Decrypt a file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int FileDecrypt(
    string fileOut,
    string fileIn,
    byte[] key,
    byte[] iv,
    CipherAlgorithm cipherAlg,
    Mode mode,
    Padding pad = Padding.Default,
    Cipher.Opts opts = Cipher.Opts.Default
)

Parameters

fileOut String

Name of output file to be created or overwritten

fileIn String

Name of input file

key Byte[]

Key of of exact length for block cipher algorithm

iv Byte[]

Initialization Vector (IV) of exactly the block size, or null for ECB mode or if IV is prefixed.

cipherAlg CipherAlgorithm

Cipher Algorithm

mode Mode

Cipher Mode

pad Padding (Optional)

Padding method to use (optional, ECB and CBC modes only, default=Pkcs5)

opts Cipher.Opts (Optional)

Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended to the input.

Return Value

Int32
0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.FileDecrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts) Method

Decrypt a file passing key and IV as hex strings.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int FileDecrypt(
    string fileOut,
    string fileIn,
    string keyHex,
    string ivHex,
    CipherAlgorithm cipherAlg,
    Mode mode,
    Padding pad = Padding.Default,
    Cipher.Opts opts = Cipher.Opts.Default
)

Parameters

fileOut String

Name of output file to be created or overwritten

fileIn String

Name of input file, in binary format.

keyHex String

Hex-encoded key of exact length

ivHex String

Hex-encoded IV, or "" for ECB mode or if IV is prefixed.

cipherAlg CipherAlgorithm

Cipher Algorithm

mode Mode

Cipher Mode

pad Padding (Optional)

Padding method to use (optional, ECB and CBC modes only, default=Pkcs5)

opts Cipher.Opts (Optional)

Advanced options. Use Cipher.Opts.PrefixIV to expect the IV to be prepended to the input.

Return Value

Int32
0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same. The output file is in binary format.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.FileEncrypt(String, String, Byte[], Byte[], CipherAlgorithm, Mode, Padding, Cipher.Opts) Method

Encrypt a file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int FileEncrypt(
    string fileOut,
    string fileIn,
    byte[] key,
    byte[] iv,
    CipherAlgorithm cipherAlg,
    Mode mode,
    Padding pad = Padding.Default,
    Cipher.Opts opts = Cipher.Opts.Default
)

Parameters

fileOut String

Name of output file to be created or overwritten

fileIn String

Name of input file

key Byte[]

Key of of exact length for block cipher algorithm

iv Byte[]

Initialization Vector (IV) of exactly the block size or null for ECB mode

cipherAlg CipherAlgorithm

Cipher Algorithm

mode Mode

Cipher Mode

pad Padding (Optional)

Padding method to use (optional, ECB and CBC modes only, default=Pkcs5)

opts Cipher.Opts (Optional)

Advanced options. Use Cipher.Opts.PrefixIV to prepend the IV to the output.

Return Value

Int32
0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.FileEncrypt(String, String, String, String, CipherAlgorithm, Mode, Padding, Cipher.Opts) Method

Encrypt a file passing key and IV as hex strings.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int FileEncrypt(
    string fileOut,
    string fileIn,
    string keyHex,
    string ivHex,
    CipherAlgorithm cipherAlg,
    Mode mode,
    Padding pad = Padding.Default,
    Cipher.Opts opts = Cipher.Opts.Default
)

Parameters

fileOut String

Name of output file to be created or overwritten

fileIn String

Name of input file, in binary format.

keyHex String

Hex-encoded key of exact length

ivHex String

Hex-encoded IV or "" for ECB mode

cipherAlg CipherAlgorithm

Cipher Algorithm

mode Mode

Cipher Mode

pad Padding (Optional)

Padding method to use (optional, ECB and CBC modes only, default=Pkcs5)

opts Cipher.Opts (Optional)

Advanced options. Use Cipher.Opts.PrefixIV to prepend the IV to the output.

Return Value

Int32
0 if successful or non-zero error code

Remarks

fileOut and fileIn must not be the same. The output file is in binary format.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.KeyBytes Method

Return the key size in bytes for a given cipher algorithm.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int KeyBytes(
    CipherAlgorithm alg
)

Parameters

alg CipherAlgorithm

Cipher algorithm

Return Value

Int32
Key size in bytes

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.KeyUnwrap Method

Unwrap (decrypt) key material with a key-encryption key.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] KeyUnwrap(
    byte[] data,
    byte[] kek,
    CipherAlgorithm cipherAlg
)

Parameters

data Byte[]

Wrapped key

kek Byte[]

Key encryption key

cipherAlg CipherAlgorithm

Block cipher to use for wrapping

Return Value

Byte[]
Unwrapped key material (or empty array on error)

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.KeyWrap Method

Wrap (encrypt) key material with a key-encryption key.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] KeyWrap(
    byte[] data,
    byte[] kek,
    CipherAlgorithm cipherAlg
)

Parameters

data Byte[]

Key material to be wrapped

kek Byte[]

Key encryption key

cipherAlg CipherAlgorithm

Block cipher to use for wrapping

Return Value

Byte[]
Wrapped key (or empty array on error)

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Pad(Byte[], CipherAlgorithm, Padding) Method

Pad byte array to correct length for ECB and CBC encryption.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] Pad(
    byte[] input,
    CipherAlgorithm cipherAlg,
    Padding pad = Padding.Pkcs5
)

Parameters

input Byte[]

Data to be padded

cipherAlg CipherAlgorithm

Block cipher being used

pad Padding (Optional)

Padding method to use (default is PKCS#5/#7)

Return Value

Byte[]
Padded data in byte array

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Pad(String, CipherAlgorithm, Padding) Method

Pad hex-encoded string to correct length for ECB and CBC encryption.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string Pad(
    string inputHex,
    CipherAlgorithm cipherAlg,
    Padding pad = Padding.Pkcs5
)

Parameters

inputHex String

Hex-encoded data to be padded

cipherAlg CipherAlgorithm

Block cipher being used

pad Padding (Optional)

Padding method to use (default is PKCS#5/#7)

Return Value

String
Padded data in hex-encoded string

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Unpad(Byte[], CipherAlgorithm, Padding) Method

Remove padding from an encryption block.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static byte[] Unpad(
    byte[] input,
    CipherAlgorithm cipherAlg,
    Padding pad = Padding.Pkcs5
)

Parameters

input Byte[]

Padded data

cipherAlg CipherAlgorithm

Block cipher being used

pad Padding (Optional)

Padding method to use (default is PKCS#5/#7)

Return Value

Byte[]
Unpadded data in byte array.

Remarks

Unless pad is NoPad, the unpadded output is always shorter than the padded input. An error is indicated by returning the original data. If the output length equals the input length, then error.

See Also

Cipher Class
CryptoSysPKI Namespace

Cipher.Unpad(String, CipherAlgorithm, Padding) Method

Remove padding from a hex-encoded encryption block.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string Unpad(
    string inputHex,
    CipherAlgorithm cipherAlg,
    Padding pad = Padding.Pkcs5
)

Parameters

inputHex String

Hex-encoded padded data

cipherAlg CipherAlgorithm

Block cipher being used

pad Padding (Optional)

Padding method to use (default is PKCS#5/#7)

Return Value

String
Unpadded data in hex-encoded string.

Remarks

Unless pad is NoPad, the unpadded output is always shorter than the padded input. An error is indicated by returning the original data. If the output length equals the input length, then error.

See Also

Cipher Class
CryptoSysPKI Namespace

Cms Class

Create, read and analyze Cryptographic Message Syntax (CMS) objects.

Inheritance Hierarchy

System.Object
CryptoSysPKI.Cms

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public class Cms

The Cms type exposes the following members.

Methods

See Also

CryptoSysPKI Namespace

Cms.GetSigDataDigest Method

Extract the message digest from a signed-data CMS object file and verify the signature.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string GetSigDataDigest(
    string inputFile,
    string certFile
)

Parameters

inputFile String

name of file containing CMS signed-data object

certFile String

an (optional) X.509 certificate file to be used to identify the signer

Return Value

String
Hash value in hex format or an empty string if error

Remarks

If no certificate is given, it will use the first valid SignerInfo and certificate pair it finds in the SignedData. RSASSA-PKCS1V1_5 only.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.GetSigHashAlgorithm Method

Find ID of message digest hash algorithm used to make signature.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int GetSigHashAlgorithm(
    string inputFile,
    string certFile
)

Parameters

inputFile String

name of file containing CMS signed-data object

certFile String

an (optional) X.509 certificate file to be used to identify the signer

Return Value

Int32
0=SHA-1, 1=MD5, 2=MD2, 3=SHA-256, 4=SHA-384, 5=SHA-512, 6=SHA-224; or a negative error code

Remarks

This method returns an integer ID number. Alternatively, use Cms.QuerySigData(inputFile, "digestAlgorithm") to get the name directly as a string, e.g. "sha1". See QuerySigData(String, String)

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeComprData Method

Create a new CMS compressed-data file (.p7z) from an existing input file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int MakeComprData(
    string outputFile,
    string inputFile
)

Parameters

outputFile String

Output file to be created

inputFile String

Input data file

Return Value

Int32
Zero if successful; otherwise it returns a non-zero error code

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeDetachedSig Method

Create a “detached signature” CMS signed-data object file from a message digest of the content (advanced algorithms).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int MakeDetachedSig(
    string outputFile,
    string hexDigest,
    string certList,
    string privateKey,
    HashAlgorithm hashAlg = HashAlgorithm.Sha1,
    Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)

Parameters

outputFile String

name of output file to be created

hexDigest String

string containing message digest in hex format

certList String

filename of the signer’s certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer’s certificate.

privateKey String

Private key data for the sender.

hashAlg HashAlgorithm (Optional)

Message digest algorithm to be used in signature [default=SHA-1]

advOptions Cms.SigDataOptions (Optional)

Advanced option flags. See Cms.SigDataOptions.

Return Value

Int32
Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeEnvData(String, String, String, CipherAlgorithm, Cms.EnvDataOptions) Method

Create a CMS enveloped-data object (default recipient parameters).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int MakeEnvData(
    string outputFile,
    string inputFile,
    string certList,
    CipherAlgorithm cipherAlg,
    Cms.EnvDataOptions advOptions
)

Parameters

outputFile String

Name of output file to be created.

inputFile String

Input data file.

certList String

List of recipient X.509 certificate filename(s), separated by semi-colons (;). Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).

cipherAlg CipherAlgorithm

Content encryption algorithm [default=AES128-CBC].

advOptions Cms.EnvDataOptions

Advanced options. See Cms.EnvDataOptions.

Return Value

Int32
Number of successful recipients or a negative error code.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg) Method

Create a CMS enveloped-data object (advanced options).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int MakeEnvData(
    string outputFile,
    string inputFile,
    string certList,
    CipherAlgorithm cipherAlg = ,
    Cms.KeyEncrAlgorithm keyEncrAlg = Cms.KeyEncrAlgorithm.Default,
    HashAlgorithm hashAlg = HashAlgorithm.Sha1,
    Cms.EnvDataOptions advOptions = Cms.EnvDataOptions.None,
    Kdf.KdfAlg kdfAlg = Kdf.KdfAlg.X963,
    Kdf.KeyWrapAlg keyWrapAlg = Kdf.KeyWrapAlg.Default,
    string keyString = "",
    int count = 0,
    Cms.ContentEncrAlg contEncrAlg = Cms.ContentEncrAlg.Aes128
)

Parameters

outputFile String

Name of output file to be created.

inputFile String

Input data file.

certList String

List of one or more recipient X.509 certificate filenames, separated by semicolons (;). A certificate’s representation in base64 or as a PEM string may be used instead of a filename. Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).

Special cases: Set as "type=@pwri" to create a single recipientInfo of the PasswordRecipientInfo (pwri) type; or set as "type=@kekri,keyid=<string>" to create a single recipientInfo of the KEKRecipientInfo (kekri) type. See Remarks.

cipherAlg CipherAlgorithm (Optional)

Content encryption algorithm [default=ignored]. Deprecated: use contEncrAlg. (This parameter will be removed in a future update)

keyEncrAlg Cms.KeyEncrAlgorithm (Optional)

Key encryption algorithm for ktri type [default=RSAES-PKCS-v1_5)]

hashAlg HashAlgorithm (Optional)

Hash function where applicable. Must be one of the SHA-* family [default=SHA-1; SHA-256 for RSA-KEM]

advOptions Cms.EnvDataOptions (Optional)

Advanced options. See Cms.EnvDataOptions.

kdfAlg Kdf.KdfAlg (Optional)

Key derivation function (KDF) for ECDH key agreement scheme (where applicable)

keyWrapAlg Kdf.KeyWrapAlg (Optional)

Key wrap algorithm for ECDH key agreement scheme or kekri type (default=match content encryption algorithm)

keyString String (Optional)

(formerly ukmString) Use to pass optional additional user key material (ukm) for KDF where KeyAgreement (kari) type is used. Or use to pass the password for a pwri type or the key encryption key (KEK) for a kekri type. Either pass a plain ASCII string, e.g. "abc" or use the format "#x<hex-digits>" to pass a string of arbitrary octet values, e.g. "#xdeadbeef01" to pass the 5 bytes 0xde,0xad,0xbe,0xef,0x01. Required for pwri and kekri types.

count Int32 (Optional)

Optional iteration count for KDF in pwri type (default=4096) or tag length for AuthEnvelopedData (in range 12-16, default=16). Otherwise ignored.

contEncrAlg Cms.ContentEncrAlg (Optional)

Preferred way to specify content encryption algorithm with more options. Takes precedence over cipherAlg. [default=AES128-CBC]

Return Value

Int32
Number of successful recipients or a negative error code.

Remarks

The output is a file containing a CMS EnvelopedData object or AuthEnvelopedData object. New in [v22.0] use the preferred contEncrAlg parameter to specify the content-encryption algorithm rather than cipherAlg. If a list of certificates is passed in certList, the recipientInfo type is set automatically depending on the public key found in each certificate, one for each certificate. If the public key is RSA (rsaEncryption) then the key transport technique (ktri) will be used for that particular recipientInfo. If the public key is a supported ECC key, then the standard ECDH ephemeral-static key agreement technique (kari) will be used as per [RFC5753] and [RFC8418].

Alternatively, use key encryption option Cms.KeyEncrAlgorithm.Rsa_Kem with an RSA public key, and the RSA-KEM algorithm using KEMRecipientInfo will be used for key encryption.

If certList is set to "type=@pwri" then a single recipientInfo will be created of PasswordRecipientInfo type (pwri). The password must be passed in the keyString parameter. The parameters keyEncrAlg, kdfAlg and keyWrapAlg are ignored in this case. If certList is set to "type=@kekri,keyid=<string>" then a single recipientInfo will be created of KEKRecipientInfo type (kekri). The key encryption key (KEK) must be passed in the keyString parameter. The parameters keyEncrAlg, hashAlg and kdfAlg are ignored in this case.

Example

// Create an enveloped CMS object (ktri type) to Bob using Bob's RSA key
n = Cms.MakeEnvData("cms2bob_aes128.p7m", "excontent.txt", "BobRSASignByCarl.cer", CipherAlgorithm.Aes128, Cms.KeyEncrAlgorithm.Rsa_Oaep);

// Create an enveloped CMS object (kekri type) using a previously distributed symmetric key-encryption key (KEK) 
n = Cms.MakeEnvData("cms_envdata_kekri.p7m", "excontent.txt", "type=@kekri,keyid=ourcommonkey", CipherAlgorithm.Aes256, 
        hashAlg: HashAlgorithm.Sha256, keyWrapAlg:Kdf.KeyWrapAlg.Aes128_wrap, keyString: "#x0123456789ABCDEFF0E1D2C3B4A59687");

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeEnvDataFromBytes Method

Create a CMS enveloped-data object from data in a byte array.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int MakeEnvDataFromBytes(
    string outputFile,
    byte[] inputData,
    string certList,
    CipherAlgorithm cipherAlg = ,
    Cms.KeyEncrAlgorithm keyEncrAlg = Cms.KeyEncrAlgorithm.Default,
    HashAlgorithm hashAlg = HashAlgorithm.Sha1,
    Cms.EnvDataOptions advOptions = Cms.EnvDataOptions.None,
    Kdf.KdfAlg kdfAlg = Kdf.KdfAlg.X963,
    Kdf.KeyWrapAlg keyWrapAlg = Kdf.KeyWrapAlg.Default,
    string keyString = "",
    int count = 0,
    Cms.ContentEncrAlg contEncrAlg = Cms.ContentEncrAlg.Aes128
)

Parameters

outputFile String

Output file to be created

inputData Byte[]

Input data.

certList String

List of one or more recipient X.509 certificate filenames, separated by semicolons (;). A certificate’s representation in base64 or as a PEM string may be used instead of a filename. Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).

Special cases: Set as "type=@pwri" to create a single recipientInfo of the PasswordRecipientInfo (pwri) type; or set as "type=@kekri,keyid=<string>" to create a single recipientInfo of the KEKRecipientInfo (kekri) type. See Remarks.

cipherAlg CipherAlgorithm (Optional)

Content encryption algorithm [default=ignored]. Deprecated: use contEncrAlg. (This parameter will be removed in a future update)

keyEncrAlg Cms.KeyEncrAlgorithm (Optional)

Key encryption algorithm for ktri type [default=RSAES-PKCS-v1_5)]

hashAlg HashAlgorithm (Optional)

Hash function where applicable. Must be one of the SHA-* family [default=SHA-1; SHA-256 for RSA-KEM]

advOptions Cms.EnvDataOptions (Optional)

Advanced options. See Cms.EnvDataOptions.

kdfAlg Kdf.KdfAlg (Optional)

Key derivation function (KDF) (where applicable)

keyWrapAlg Kdf.KeyWrapAlg (Optional)

Key wrap algorithm for ECDH key agreement scheme or kekri type (default=match content encryption algorithm)

keyString String (Optional)

(formerly ukmString) Use to pass optional additional user key material (ukm) for KDF where KeyAgreement (kari) type or RSA-KEM is used. Or use to pass the password for a pwri type or the key encryption key (KEK) for a kekri type. Either pass a plain ASCII string, e.g. "abc" or use the format "#x<hex-digits>" to pass a string of arbitrary octet values, e.g. "#xdeadbeef01" to pass the 5 bytes 0xde,0xad,0xbe,0xef,0x01. Required for pwri and kekri types.

count Int32 (Optional)

Optional iteration count for KDF in pwri type (default=4096) or tag length for AuthEnvelopedData (in range 12-16, default=16). Otherwise ignored.

contEncrAlg Cms.ContentEncrAlg (Optional)

Alternative way to specify content encryption algorithm with more options. Takes precedence over cipherAlg. [default=AES128-CBC]

Return Value

Int32
Number of successful recipients or negative error code

Remarks

See remarks for MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.EnvDataOptions) Method

Create a CMS enveloped-data object from an ASCII string (default recipient parameters).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int MakeEnvDataFromString(
    string outputFile,
    string inputData,
    string certList,
    CipherAlgorithm cipherAlg,
    Cms.EnvDataOptions advOptions
)

Parameters

outputFile String

Output file to be created

inputData String

Input data string, expected plain ASCII text.

certList String

List of recipient X.509 certificate filename(s), separated by semi-colons (;). Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).

cipherAlg CipherAlgorithm

Content encryption algorithm [default=Triple DES]

advOptions Cms.EnvDataOptions

Advanced options. See Cms.EnvDataOptions.

Return Value

Int32
Number of successful recipients or negative error code

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeEnvDataFromString(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg) Method

Create a CMS enveloped-data object from an ASCII string (advanced options).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int MakeEnvDataFromString(
    string outputFile,
    string inputData,
    string certList,
    CipherAlgorithm cipherAlg = ,
    Cms.KeyEncrAlgorithm keyEncrAlg = Cms.KeyEncrAlgorithm.Default,
    HashAlgorithm hashAlg = HashAlgorithm.Sha1,
    Cms.EnvDataOptions advOptions = Cms.EnvDataOptions.None,
    Kdf.KdfAlg kdfAlg = Kdf.KdfAlg.X963,
    Kdf.KeyWrapAlg keyWrapAlg = Kdf.KeyWrapAlg.Default,
    string keyString = "",
    int count = 0,
    Cms.ContentEncrAlg contEncrAlg = Cms.ContentEncrAlg.Aes128
)

Parameters

outputFile String

Output file to be created

inputData String

Input data string, expected plain ASCII text.

certList String

List of recipient X.509 certificate filename(s), separated by semi-colons (;). Alternatively, specify a single PKCS#7 certificate chain file (.p7c/.p7b).

Special cases: Set as "type=@pwri" to create a single recipientInfo of the PasswordRecipientInfo type (pwri); or set as "type=@kekri,keyid=<string>" to create a single recipientInfo of the KEKRecipientInfo type (kekri). See Remarks.

cipherAlg CipherAlgorithm (Optional)

Content encryption algorithm [default=ignored]. Deprecated: use contEncrAlg. (This parameter will be removed in a future update)

keyEncrAlg Cms.KeyEncrAlgorithm (Optional)

Key encryption algorithm [default=rsaEncryption)]

hashAlg HashAlgorithm (Optional)

Hash function where applicable. Must be one of the SHA-* family [default=SHA-1; SHA-256 for RSA-KEM]

advOptions Cms.EnvDataOptions (Optional)

Advanced options. See Cms.EnvDataOptions.

kdfAlg Kdf.KdfAlg (Optional)

Key derivation function (KDF) for ECDH key agreement scheme (where applicable)

keyWrapAlg Kdf.KeyWrapAlg (Optional)

Key wrap algorithm for ECDH key agreement scheme (default=match content encryption algorithm)

keyString String (Optional)

(formerly ukmString) Use to pass optional additional user key material (ukm) for KDF where KeyAgreement (kari) type or RSA-KEM is used. Or use to pass the password for a pwri type or the key encryption key (KEK) for a kekri type. Either pass a plain ASCII string, e.g. "abc" or use the format "#x<hex-digits>" to pass a string of arbitrary octet values, e.g. "#xdeadbeef01" to pass the 5 bytes 0xde,0xad,0xbe,0xef,0x01. Optional for kari types but required for pwri and kekri types.

count Int32 (Optional)

Optional iteration count for KDF in pwri type (default=4096) or tag length for AuthEnvelopedData (in range 12-16, default=16). Otherwise ignored.

contEncrAlg Cms.ContentEncrAlg (Optional)

Alternative way to specify content encryption algorithm with more options. Takes precedence over cipherAlg. [default=AES128-CBC]

Return Value

Int32
Number of successful recipients or negative error code

Remarks

See remarks for MakeEnvData(String, String, String, CipherAlgorithm, Cms.KeyEncrAlgorithm, HashAlgorithm, Cms.EnvDataOptions, Kdf.KdfAlg, Kdf.KeyWrapAlg, String, Int32, Cms.ContentEncrAlg)

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeSigData(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions) Method

Create a CMS object of type SignedData from an input data file (advanced options including RSA-PSS).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int MakeSigData(
    string outputFile,
    string inputFile,
    string certList,
    string privateKey,
    Cms.SigAlg sigAlg,
    Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)

Parameters

outputFile String

name of output file to be created

inputFile String

name of file containing message data to be signed

certList String

filename of the signer’s certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer’s certificate.

privateKey String

private key data for the sender

sigAlg Cms.SigAlg

Signature algorithm.

advOptions Cms.SigDataOptions (Optional)

Advanced option flags. See Cms.SigDataOptions.

Return Value

Int32
Zero if successful; otherwise it returns an error code

Example

StringBuilder sbPrivateKey = Rsa.ReadPrivateKey("AlicePrivRSASign.p8e", "password");
string fnameOutput = "BasicSignByAlice.bin";
string fnameInput = "excontent.txt";
string fnameCert = "AliceRSASignByCarl.cer";
int n = Cms.MakeSigData(fnameOutput, fnameInput, fnameCert, sbPrivateKey.ToString(), Cms.SigAlg.Default, 0);

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeSigData(String, String, String, String, HashAlgorithm, Cms.SigDataOptions) Method

Create a CMS object of type SignedData from an input data file using RSASSA-PKCS1V1_5 with options.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int MakeSigData(
    string outputFile,
    string inputFile,
    string certList,
    string privateKey,
    HashAlgorithm hashAlg = HashAlgorithm.Sha1,
    Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)

Parameters

outputFile String

name of output file to be created

inputFile String

name of file containing message data to be signed

certList String

filename of the signer’s certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer’s certificate.

privateKey String

private key data for the sender

hashAlg HashAlgorithm (Optional)

Message digest algorithm to be used in signature [default=SHA-1].

advOptions Cms.SigDataOptions (Optional)

Advanced option flags. See Cms.SigDataOptions.

Return Value

Int32
Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeSigDataFromBytes Method

Create a CMS object of type SignedData from an array of bytes.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int MakeSigDataFromBytes(
    string outputFile,
    byte[] inputData,
    string certList,
    string privateKey,
    Cms.SigAlg sigAlg,
    Cms.SigDataOptions advOptions
)

Parameters

outputFile String

name of output file to be created.

inputData Byte[]

message data to be signed in a byte array.

certList String

filename of the signer’s certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer’s certificate.

privateKey String

Private key data for the sender.

sigAlg Cms.SigAlg

Signature algorithm.

advOptions Cms.SigDataOptions

Advanced option flags. See Cms.SigDataOptions.

Return Value

Int32
Zero if successful; otherwise it returns an error code

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeSigDataFromPseudo Method

Create a SignedData object from a “pseudo” object.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int MakeSigDataFromPseudo(
    string outputFile,
    string inputPseudoFile,
    byte[] sigValue,
    Cms.Format format = Cms.Format.Default
)

Parameters

outputFile String

Name of output file to be created.

inputPseudoFile String

Input “pseudo” file with dummy placeholder signature.

sigValue Byte[]

Signature value computed by external service.

format Cms.Format (Optional)

Output format (default = binary)

Return Value

Int32
Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeSigDataFromSigValue Method

Create a CMS object of type SignedData using a pre-computed signature (advanced algorithms).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int MakeSigDataFromSigValue(
    string outputFile,
    byte[] sigValue,
    byte[] contentData,
    string certList,
    HashAlgorithm hashAlg = HashAlgorithm.Sha1,
    Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)

Parameters

outputFile String

name of output file to be created

sigValue Byte[]

signature value

contentData Byte[]

string containing content data that has been signed

certList String

filename of the signer’s certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer’s certificate.

hashAlg HashAlgorithm (Optional)

Message digest algorithm to be used in signature [default=SHA-1]

advOptions Cms.SigDataOptions (Optional)

Advanced option flags. See Cms.SigDataOptions.

Return Value

Int32
Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeSigDataFromString(String, String, String, String, Cms.SigAlg, Cms.SigDataOptions) Method

Create a CMS object of type SignedData from an input string (advanced options including RSA-PSS).

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int MakeSigDataFromString(
    string outputFile,
    string inputData,
    string certList,
    string privateKey,
    Cms.SigAlg sigAlg,
    Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)

Parameters

outputFile String

name of output file to be created

inputData String

string containing message data to be signed

certList String

filename of the signer’s certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer’s certificate.

privateKey String

private key data for the sender

sigAlg Cms.SigAlg

Signature algorithm.

advOptions Cms.SigDataOptions (Optional)

Advanced option flags. See Cms.SigDataOptions.

Return Value

Int32
Zero if successful; otherwise it returns an error code

See Also

Cms Class
CryptoSysPKI Namespace

Cms.MakeSigDataFromString(String, String, String, String, HashAlgorithm, Cms.SigDataOptions) Method

Create a CMS object of type SignedData from an input string using RSASSA-PKCS1V1_5 with options.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static int MakeSigDataFromString(
    string outputFile,
    string inputData,
    string certList,
    string privateKey,
    HashAlgorithm hashAlg = HashAlgorithm.Sha1,
    Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)

Parameters

outputFile String

name of output file to be created

inputData String

string containing message data to be signed

certList String

filename of the signer’s certificate and (optionally) a list of other certificates to be included in the output, separated by semi-colons (;) Alternatively specify a single PKCS#7 certificate chain file (.p7c/.p7b) containing the signer’s certificate.

privateKey String

private key data for the sender

hashAlg HashAlgorithm (Optional)

Message digest algorithm to be used in signature [default=SHA-1]

advOptions Cms.SigDataOptions (Optional)

Advanced option flags. See Cms.SigDataOptions.

Return Value

Int32
Zero if successful; otherwise it returns an error code

Remarks

RSASSA-PKCS1V1_5 only.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.QueryEnvData Method

Query a CMS enveloped-data object file for selected information.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string QueryEnvData(
    string inputFile,
    string query
)

Parameters

inputFile String

file containing CMS enveloped-data object

query String

Query string (case insensitive)

Return Value

String
String containing the result or an empty string if not found or error.

Remarks

Valid queries are:

By default, the function queries the first recipientInfo in the file. To query the Nth recipientInfo append "/N" to the query string, e.g. "recipientInfoVersion/2" to find the version number of the second recipientInfo in the file.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.QuerySigData Method

Query a CMS signed-data object for selected information.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string QuerySigData(
    string inputFile,
    string query
)

Parameters

inputFile String

file containing CMS signed-data object

query String

Query string (case insensitive)

Return Value

String
String containing the result or an empty string if not found or error.

Remarks

Valid queries are:

By default, the function queries the first signerInfo in the file. To query the Nth signerInfo append "/N" to the query string, e.g. "signerInfoVersion/2" to find the version number of the second signerInfo in the file.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.ReadComprData Method

Read and extract the decompressed contents of a CMS compressed-data file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int ReadComprData(
    string outputFile,
    string inputFile,
    Cms.ComprDataOptions opts
)

Parameters

outputFile String

Output file to be created

inputFile String

Input data file

opts Cms.ComprDataOptions

Options [default=inflate contents]

Return Value

Int32
If successful the return value is the number of bytes in the output file; otherwise it returns a non-zero error code

See Also

Cms Class
CryptoSysPKI Namespace

Cms.ReadEnvDataToBytes Method

Read and decrypt a CMS enveloped-data object to a byte array.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] ReadEnvDataToBytes(
    string inputFile,
    string x509File,
    string privateKey
)

Parameters

inputFile String

Name of file containing CMS enveloped-data object (binary or base64-encoded) or the data as a base64 or PEM string.

x509File String

(optional) filename of the recipient’s X.509 certificate.

privateKey String

Internal representation of private key.

Return Value

Byte[]
Decrypted content in a byte array, or empty array on error.

Example

// Read in content to a byte array
byte[] b = Cms.ReadEnvDataToBytes(inputFile, "", privateKey);
// Convert to a .NET string (assuming UTF-8 encoded)
string s = System.Text.Encoding.UTF8.GetString(b);

See Also

Cms Class
CryptoSysPKI Namespace

Cms.ReadEnvDataToFile Method

Read and decrypt a CMS enveloped-data object to a file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int ReadEnvDataToFile(
    string outputFile,
    string inputFile,
    string x509File,
    string privateKey,
    Cms.ReadOptions opts = Cms.ReadOptions.None
)

Parameters

outputFile String

Name of output file to be created.

inputFile String

Name of file containing CMS enveloped-data object (binary or base64-encoded) or the data as a base64 or PEM string.

x509File String

(optional) filename of the recipient’s X.509 certificate.

privateKey String

Internal representation of private key.

opts Cms.ReadOptions (Optional)

Use Cms.ReadOptions for faster handling of large files (binary only).

Return Value

Int32
Zero if successful; otherwise it returns an error code.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.ReadEnvDataToString Method

Read and decrypt a CMS enveloped-data object to a string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string ReadEnvDataToString(
    string inputFile,
    string x509File,
    string privateKey
)

Parameters

inputFile String

Name of file containing CMS enveloped-data object (binary or base64-encoded) or the data as a base64 or PEM string.

x509File String

(optional) filename of the recipient’s X.509 certificate

privateKey String

Internal representation of private key.

Return Value

String
Decrypted content in a string or empty string on error.

Remarks

Use this only when the decrypted text is known to be plain ASCII text, otherwise use ReadEnvDataToBytes.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.ReadSigDataToBytes Method

Read the content from a CMS signed-data object directly into a byte array.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] ReadSigDataToBytes(
    string inputFile
)

Parameters

inputFile String

Name of file containing CMS signed-data object (binary or base64-encoded) or the data as a base64 or PEM string.

Return Value

Byte[]
Byte array containing the content or a zero-length array if error.

Remarks

Use this if the content contains non-ASCII characters, e.g. UTF-8 encoded.

Example

// Read in content to a byte array
byte[] b = Cms.ReadSigDataToBytes(inputFile);
// Convert to a .NET string (assumed UTF-8 encoded)
string s = System.Text.Encoding.UTF8.GetString(b);

See Also

Cms Class
CryptoSysPKI Namespace

Cms.ReadSigDataToFile Method

Read the content from a CMS signed-data object file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int ReadSigDataToFile(
    string outputFile,
    string inputFile,
    Cms.ReadOptions opts = Cms.ReadOptions.None
)

Parameters

outputFile String

file to receive content

inputFile String

Name of file containing CMS signed-data object (binary or base64-encoded) or the data as a base64 or PEM string.

opts Cms.ReadOptions (Optional)

Option flags: set as zero for defaults.

Return Value

Int32
If successful, the return value is a positive number indicating the number of bytes in the content; otherwise it returns a negative error code.

See Also

Cms Class
CryptoSysPKI Namespace

Cms.ReadSigDataToString Method

Read the content from a CMS signed-data object directly into a string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string ReadSigDataToString(
    string inputFile
)

Parameters

inputFile String

Name of file containing CMS signed-data object (binary or base64-encoded) or the data as a base64 or PEM string.

Return Value

String
String containing the content or an empty string if error

See Also

Cms Class
CryptoSysPKI Namespace

Cms.VerifySigData Method

Verify the signature and content of a signed-data CMS object file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int VerifySigData(
    string inputFile,
    string certFile = "",
    string hexDigest = "",
    Cms.SigDataOptions advOptions = Cms.SigDataOptions.Default
)

Parameters

inputFile String

file containing CMS signed-data object

certFile String (Optional)

an (optional) X.509 certificate file of the signer

hexDigest String (Optional)

(optional) digest of eContent to be verified (use for “detached-signature” form)

advOptions Cms.SigDataOptions (Optional)

Use for BigFile option, otherwise ignored

Return Value

Int32
Zero if successfully verified; otherwise it returns a non-zero error code

See Also

Cms Class
CryptoSysPKI Namespace

Cnv Class

Character conversion routines

Inheritance Hierarchy

System.Object
CryptoSysPKI.Cnv

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public class Cnv

The Cnv type exposes the following members.

Methods

See Also

CryptoSysPKI Namespace

Cnv.Base64Filter Method

Filter non-base64 characters from a string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string Base64Filter(
    string s
)

Parameters

s String

String to be filtered

Return Value

String
Filtered string

Remarks

Valid base64 characters are [0-9A-Za-z+/=]

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.Base64FromHex Method

Convert hexadecimal-encoded data into base64-encoded data.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string Base64FromHex(
    string s
)

Parameters

s String

Hex-encoded data

Return Value

String
Base64-encoded data

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.ByteEncoding Method

Convert encoding of byte array between UTF-8 and Latin-1.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] ByteEncoding(
    byte[] data,
    Cnv.EncodingConversion direction
)

Parameters

data Byte[]

Input data to be converted

direction Cnv.EncodingConversion

Direction of conversion

Return Value

Byte[]
Converted data (or empty array on error)

Remarks

Converting UTF-8 from Latin-1 assumes the input is from the 8-bit Latin-1 character set and so will always produce output that is valid UTF-8. However, for Latin-1 from UTF-8, the input must contain a valid sequence of UTF-8-encoded bytes and this must be convertible to a single-byte character set, or an error will be returned.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.CheckUTF8 Method

Check that a byte array contains only valid UTF-8 encoded characters.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int CheckUTF8(
    byte[] b
)

Parameters

b Byte[]

input byte array to check

Return Value

Int32

Zero if the encoded bytes is invalid UTF-8, or a positive number if the input contains valid UTF-8 data, where the value of the number indicates the nature of the encoded characters:

Remarks

‘Overlong’ UTF-8 sequences and illegal surrogates are rejected as invalid.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.CheckUTF8File Method

Check that a file contains only valid UTF-8 encoded characters.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int CheckUTF8File(
    string fileName
)

Parameters

fileName String

name of file to check

Return Value

Int32

Zero if the encoded bytes is invalid UTF-8, or a positive number if the input contains valid UTF-8 data, where the value of the number indicates the nature of the encoded characters:

Remarks

‘Overlong’ UTF-8 sequences and illegal surrogates are rejected as invalid.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.FromBase58 Method

Convert a base58-encoded string to an equivalent array of 8-bit unsigned integers.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] FromBase58(
    string s
)

Parameters

s String

Base58-encoded data

Return Value

Byte[]
Data as array of bytes

Remarks

This uses the “Bitcoin” scheme of base58 encoding where the leading character ‘1’ is reserved for representing an entire leading zero byte.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.FromBase64 Method

Convert a base64-encoded string to an equivalent array of 8-bit unsigned integers.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] FromBase64(
    string s
)

Parameters

s String

Base64-encoded data

Return Value

Byte[]
Binary data in byte array, or an empty array on error.

Remarks

Whitespace characters are ignored, but other non-base64 characters will cause an error.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.FromHex Method

Convert the specified string representation of a value consisting of hexadecimal (base 16) digits to an equivalent array of 8-bit unsigned integers.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] FromHex(
    string s
)

Parameters

s String

Hex-encoded string

Return Value

Byte[]
Binary data in byte array, or an empty array on error.

Remarks

Whitespace and ASCII punctuation characters are ignored, but other non-hex characters will cause an error.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.HexFilter Method

Filter non-hexadecimal characters from a string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string HexFilter(
    string s
)

Parameters

s String

Input string to be filtered

Return Value

String
Filtered string

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.HexFromBase64 Method

Convert base64-encoded data into hexadecimal-encoded data.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string HexFromBase64(
    string s
)

Parameters

s String

Base64-encoded data

Return Value

String
Hex-encoded data

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.NumFromBytes Method

Convert the leftmost four bytes of an array to an unsigned 32-bit integer.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static uint NumFromBytes(
    byte[] b,
    Cnv.EndianNess endn = Cnv.EndianNess.BigEndian
)

Parameters

b Byte[]

Byte array to be converted

endn Cnv.EndianNess (Optional)

Byte order

Return Value

UInt32
Integer value

Remarks

An array shorter than 4 bytes will be padded on the right with zeros

Example

byte[] b = new byte[4] { 0xde, 0xad, 0xbe, 0xef };
uint nb = Cnv.NumFromBytes(b, Cnv.EndianNess.BigEndian);
Console.WriteLine("0x" + nb.ToString("x8"));  // 0xdeadbeef
uint nl = Cnv.NumFromBytes(b, Cnv.EndianNess.LittleEndian);
Console.WriteLine("0x" + nl.ToString("x8"));  // 0xefbeadde

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.NumToBytes Method

Convert a 32-bit integer to an array of 4 bytes.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] NumToBytes(
    uint n,
    Cnv.EndianNess endn = Cnv.EndianNess.BigEndian
)

Parameters

n UInt32

Integer to be converted

endn Cnv.EndianNess (Optional)

Byte order

Return Value

Byte[]
Byte array containing representation of integer in given order

Example

byte[] bb = Cnv.NumToBytes(0xdeadbeef, Cnv.EndianNess.BigEndian);
Console.WriteLine(Cnv.ToHex(bb));  // DEADBEEF
byte[] bl = Cnv.NumToBytes(0xdeadbeef, Cnv.EndianNess.LittleEndian);
Console.WriteLine(Cnv.ToHex(bl));  // EFBEADDE

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.ReverseBytes Method

Reverse the order of a byte array.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] ReverseBytes(
    byte[] data
)

Parameters

data Byte[]

Input data to be reversed

Return Value

Byte[]
Byte array in reverse order

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.ShortPathName Method

Retrieve the Windows short path form of the specified path.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string ShortPathName(
    string pathName
)

Parameters

pathName String

File path name.

Return Value

String
Windows short path name of file or the empty string if file does not exist.

Remarks

Windows platforms only. The file path must exist. The short path name is guaranteed to be ASCII.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.StringFromBase64 Method

Convert a base64-encoded string into a text string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string StringFromBase64(
    string s
)

Parameters

s String

Base64-encoded data

Return Value

String
String value

Remarks

Uses the ‘Default’ encoding for the system’s current ANSI code page. This assumes the user knows the resulting characters are all printable.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.StringFromHex Method

Convert a hexadecimal-encoded string into a text string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string StringFromHex(
    string s
)

Parameters

s String

Hex-encoded data

Return Value

String
String value

Remarks

Uses the ‘Default’ encoding for the system’s current ANSI code page, usually code page 1252 (similar to Latin-1). This assumes the user knows the resulting characters are all printable.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.ToBase58 Method

Convert 8-bit binary data to equivalent base58-encoded string format.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string ToBase58(
    byte[] binaryData
)

Parameters

binaryData Byte[]

binary data

Return Value

String
Base58-encoded string

Remarks

This uses the “Bitcoin” scheme of base58 encoding where the leading character ‘1’ is reserved for representing an entire leading zero byte.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.ToBase64(Byte[]) Method

Convert 8-bit binary data to equivalent base64-encoded string format.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string ToBase64(
    byte[] binaryData
)

Parameters

binaryData Byte[]

binary data

Return Value

String
Base64-encoded string

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.ToBase64(String) Method

Convert a string of ANSI characters to equivalent base64-encoded string format.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string ToBase64(
    string s
)

Parameters

s String

String of data to be encoded

Return Value

String
Base64-encoded data

Remarks

Uses the ‘Default’ encoding for the system’s current ANSI code page

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.ToHex(Byte[]) Method

Convert 8-bit binary data to equivalent hexadecimal string format.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string ToHex(
    byte[] binaryData
)

Parameters

binaryData Byte[]

binary data in byte array

Return Value

String
Hex-encoded string.

See Also

Cnv Class
CryptoSysPKI Namespace

Cnv.ToHex(String) Method

Converts a string of ANSI characters to equivalent hexadecimal string format

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Overloads

Syntax

public static string ToHex(
    string s
)

Parameters

s String

String of data to be encoded

Return Value

String
Hex-encoded data

Remarks

Uses the ‘Default’ encoding for the system’s current ANSI code page

See Also

Cnv Class
CryptoSysPKI Namespace

Compr Class

Compression utilities

Inheritance Hierarchy

System.Object
CryptoSysPKI.Compr

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public class Compr

The Compr type exposes the following members.

Methods

See Also

CryptoSysPKI Namespace

Compr.Compress Method

Compress data using zlib compression.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] Compress(
    byte[] data
)

Parameters

data Byte[]

Data to be compressed.

Return Value

Byte[]
Compressed data, or an empty array on error.

See Also

Compr Class
CryptoSysPKI Namespace

Compr.Uncompress Method

Uncompress data using zlib compression.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] Uncompress(
    byte[] data
)

Parameters

data Byte[]

Compressed data to be uncompressed.

Return Value

Byte[]
Uncompressed data, or an empty array on error.

Remarks

An empty array may also be returned if the original data was the empty array itself.

See Also

Compr Class
CryptoSysPKI Namespace

Ecc Class

Elliptic curve cryptography

Inheritance Hierarchy

System.Object
CryptoSysPKI.Ecc

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public class Ecc

The Ecc type exposes the following members.

Methods

See Also

CryptoSysPKI Namespace

Ecc.DHSharedSecret Method

Compute EC Diffie-Hellman (ECDH) shared secret.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static byte[] DHSharedSecret(
    string ourIntPrivateKey,
    string theirIntPublicKey
)

Parameters

ourIntPrivateKey String

Our own private key in ephemeral “internal” form.

theirIntPublicKey String

Other party’s public key in “internal” form.

Return Value

Byte[]
The Diffie-Hellman shared secret.

See Also

Ecc Class
CryptoSysPKI Namespace

Ecc.KeyHashCode Method

Compute the hash code of an “internal” ECC public or private key string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int KeyHashCode(
    string intKeyString
)

Parameters

intKeyString String

Internal key string

Return Value

Int32
A 32-bit hash code for the key, or zero on error.

Remarks

Should be the same for a matching private and public key.

See Also

Ecc Class
CryptoSysPKI Namespace

Ecc.MakeKeys Method

Generate an EC public/private key pair and save as two key files.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int MakeKeys(
    string publicKeyfile,
    string privateKeyFile,
    Ecc.CurveName curveName,
    string password,
    Ecc.PbeScheme pbes = Ecc.PbeScheme.Default,
    string paramString = "",
    Ecc.Format fileFormat = Ecc.Format.Default
)

Parameters

publicKeyfile String

name of public key file to be created

privateKeyFile String

name of encrypted private key file to be created

curveName Ecc.CurveName

name of elliptic curve

password String

password to be used for the encrypted key file.

pbes Ecc.PbeScheme (Optional)

(optional) Password-based encryption scheme to encrypt private key [default = pbeWithSHAAnd3-KeyTripleDES-CBC]

paramString String (Optional)

Optional parameters. A set of attribute name=value pairs separated by a semicolon “;” (see remarks).

fileFormat Ecc.Format (Optional)

(optional) Format to save file [default = DER binary]

Return Value

Int32
Zero if successful or non-zero error code

Remarks

Valid name-value pairs for paramString are:

Valid values for hmac-name are one of {hmacWithSHA1, hmacWithSHA224, hmacWithSHA256, hmacWithSHA384, hmacWithSHA512}.

Example

// All default settings...
n = Ecc.MakeKeys(pubkeyfile, prikeyfile, Ecc.CurveName.Prime192v1, "password");
// With specialist options...
n = Ecc.MakeKeys(pubkeyfile, prikeyfile, Ecc.CurveName.Prime192v1, "password", 
       Ecc.PbeScheme.Pbe_Pbkdf2_aes128_CBC, "count=3999;prf=hmacWithSha256", Ecc.Format.PEM);

See Also

Ecc Class
CryptoSysPKI Namespace

Ecc.PublicKeyFromPrivate Method

Convert an internal EC private key string into an internal EC public key string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string PublicKeyFromPrivate(
    string internalKey
)

Parameters

internalKey String

the private key as an internal key string

Return Value

String
The public key in ephemeral “internal” representation, or the empty string on error

See Also

Ecc Class
CryptoSysPKI Namespace

Ecc.QueryKey Method

Query an EC key string for selected information.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string QueryKey(
    string internalKey,
    string query
)

Parameters

internalKey String

containing the key as an internal key string

query String

Query string (case insensitive)

Return Value

String
String containing the result or an empty string if not found or error.

Remarks

Valid queries are:

See Also

Ecc Class
CryptoSysPKI Namespace

Ecc.ReadKeyByCurve Method

Read an EC key from its hexadecimal representation with options for safe curves.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static string ReadKeyByCurve(
    string hexKey,
    Ecc.CurveName curveName,
    Ecc.KeyType keyType = Ecc.KeyType.Default
)

Parameters

hexKey String

hexadecimal representation of the key, private or public

curveName Ecc.CurveName

name of the elliptic curve

keyType Ecc.KeyType (Optional)

(optional) Specify PrivateKey or PublicKey (safe curves Ed25519 and X25519 only, otherwise ignored)

Return Value

String
The key in ephemeral “internal” representation, or the empty string on error

Remarks

The safe curves Ed25519 and X25519 have the same length for both private and public keys, so, for these safe curves, you must specify whether the key value represents a public or a private key.

See Also

Ecc Class
CryptoSysPKI Namespace

Ecc.ReadPrivateKey Method

Read from a file or string containing an EC private key into an “internal” private key string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static StringBuilder ReadPrivateKey(
    string keyFileOrString,
    string password = ""
)

Parameters

keyFileOrString String

Name of private key file or a PEM String containing the key

password String (Optional)

Password for private key, if encrypted; or "" if not

Return Value

StringBuilder
StringBuilder containing an internal representation of the private key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string, to allow secure wiping. Use sb.ToString() to obtain a string. Use Wipe.String(sb) to clear.

See Also

Ecc Class
CryptoSysPKI Namespace

Wipe.String Method

Zeroise a StringBuilder.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static bool String(
    StringBuilder sb
)

Parameters

sb StringBuilder

StringBuilder to be wiped

Return Value

Boolean
true if successful; false if fails

Remarks

NB You can’t wipe an ordinary string as they are immutable in C#, so store any sensitive string data in a StringBuilder.

Example

StringBuilder sbPrivateKey = Rsa.ReadPrivateKey("BobPrivRSAEncrypt.p8e", "password");
Console.WriteLine("Before Wipe.String, sbPrivateKey contains {0} characters.", sbPrivateKey.Length);
Wipe.String(sbPrivateKey);
Console.WriteLine("After Wipe.String, sbPrivateKey = [{0}]", sbPrivateKey.ToString());
// Before Wipe.String, sbPrivateKey contains 848 characters.
// After Wipe.String, sbPrivateKey = []

See Also

Wipe Class
CryptoSysPKI Namespace

Ecc.ReadPublicKey Method

Read from a file or string containing an EC public key into an “internal” public key string.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static StringBuilder ReadPublicKey(
    string keyFileOrString
)

Parameters

keyFileOrString String

Name of public key file or a PEM String containing the key

Return Value

StringBuilder
StringBuilder containing an internal representation of the public key; or an empty StringBuilder if error

Remarks

This returns a StringBuilder, not a string. Use sb.ToString() to obtain a string.

See Also

Ecc Class
CryptoSysPKI Namespace

Ecc.SaveEncKey Method

Save an internal EC private key string to an encrypted private key file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int SaveEncKey(
    string outputFile,
    string internalKey,
    string password,
    Ecc.PbeScheme pbes,
    string paramString,
    Ecc.Format fileFormat
)

Parameters

outputFile String

name of key file to be created

internalKey String

the private key in an internal key string

password String

the password to be used for the encrypted key file

pbes Ecc.PbeScheme

Password-based encryption scheme to encrypt private key [default = pbeWithSHAAnd3-KeyTripleDES-CBC]

paramString String

Optional parameters. A set of attribute name=value pairs separated by a semicolon “;” (see remarks). Set as "" for defaults.

fileFormat Ecc.Format

Format to save file [default = DER binary]

Return Value

Int32
Zero if successful or non-zero error code

Remarks

Valid name-value pairs for paramString are:

Valid values for hmac-name are one of {hmacWithSHA1, hmacWithSHA224, hmacWithSHA256, hmacWithSHA384, hmacWithSHA512}.

See Also

Ecc Class
CryptoSysPKI Namespace

Ecc.SaveKey Method

Save an internal EC key string (public or private) to an unencrypted key file.

Namespace: CryptoSysPKI
Assembly: diCrSysPKINet (in diCrSysPKINet.dll) Version: 23.0.0.36009 (23.0.0.0)

Syntax

public static int SaveKey(
    string outputFile,
    string internalKey,
    Ecc.KeyType keyType = Ecc.KeyType.Default,
    Ecc.Format fileFormat = Ecc.Format.Default
)