A cryptography project using Bouncy Castle

The Legion of the Bouncy Castle

Bouncy Castle describes itself as a a collection of APIs used in cryptography. And that’s exactly what it is :mrgreen:

There are methods for signing data, encrypting data, exchanging data, … All sort of things you want to do with data to make it secure.
More technical: X.509 certificates, PKCS, S/MIME, TLS, OpenPGP. But also raw algorithms like RSA-PSS, AES, SHA-256, and many others. Full details can be found at their website.

Here, I’ll show you a couple of tricks using this c# (and java) library.

Signing messages.

Signing is a process of having a message M, and wanting to send it to someone. This someone then can verify it’s send by you, and you alone, and the message isn’t modified.
Well make use of an algorithm developed by the RSA Laboratories called “RSA-PSS”.
This scheme takes a hash (we’ll take sha-224), combines it with a salt, takes another hash and produces a encoded message EM, the signature of our original message.

All info can be found on the pages of RSA Laboratories.

This RSA-PSS algorithm is also part of the PKCS#1-2.0 standard.

I spend some time figuring out how to use this, so I’ll give you what I know 🙂
The project is created in basic .net and some c#.

Generating a signature

Creating a signature in Bouncy Castle, we’re going to need the PSSsigner()

First some global things

1. byte arrays

We need everything to be byte arrays. This because every algorithm in information security works on bit level. So a method converting utf8 to bytes is needed.

static byte[] StrToArray(string str)
{
    System.Text.UTF8Encoding encoding = new System.Text.UTF8Encoding();
    return encoding.GetBytes(str);
}
2. key management

The signature scheme makes use of a pair os assymetric RSA keys.

In this post I’ll be using the keys given by bouncy castle. In our project we used keys generated by .net’s System.Security.Cryptography.

RsaKeyParameters privatekey = new RsaPrivateCrtKeyParameters(
 new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137", 16),
 new BigInteger("010001", 16),
 new BigInteger("33a5042a90b27d4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b325", 16),
 new BigInteger("e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e86296b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b3b6dcd3eda8e6443", 16),
 new BigInteger("b69dca1cf7d4d7ec81e75b90fcca874abcde123fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc723e6963364a1f9425452b269a6799fd", 16),
 new BigInteger("28fa13938655be1f8a159cbaca5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8dd3ede2448328f385d81b30e8e43b2fffa027861979", 16),
 new BigInteger("1a8b38f398fa712049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729", 16),
 new BigInteger("27156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24a79f4d", 16));

and

RsaKeyParameters publickey = new RsaKeyParameters(
false,
new BigInteger("a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cffb2249bd9a2137", 16),
new BigInteger("010001", 16));

So we have a private key en a public key. The public key can be known by everyone. For more information about asymmetric cryptography I’ll forward you to Wikipedia

3.Generation

So, let’s do something useful now.

We’ll be using some random information called a “salt”. Just to add some randomness to the signature.

byte[] slt = Hex.Decode("dee959c7e06411361420ff80185ed57f3e6776af"); //a random salt  
PssSigner eng = new PssSigner(new RsaEngine(), new Sha224Digest(), 20); //creation of PssSigner 
eng.Init(true, new ParametersWithRandom(privatekey , new FixedRandom(slt))); //initiation of PssSigner 
eng.BlockUpdate(unsigned, 0, unsigned.Length);
byte[] signed = eng.GenerateSignature(); //generation of signature

A psssigner is initiated. with our private key.
And a signature is created 🙂

That’s it….

4. Verification

Ofcourse, you’ll need to verify if the signature is correct.
This is done with the following piece of code.

bool correctsignature = false; //a boolean to indicate if the signature is correct
PssSigner eng = new PssSigner(new RsaEngine(), new Sha224Digest(), 20); //create new pss
eng.Init(false, publickey); //initiate this one
eng.BlockUpdate(message, 0, message.Length);
if (eng.VerifySignature(signature)) //verify with public key
{
    Console.WriteLine("message " + ArrayToStr(message) + " succeeded verification");
    correctsignature = true;
}
else
    Console.WriteLine("failed verification");

So, I hope I didn’t lie somewhere here 🙂
And is also hope someone will ever use this blogpost as reference :mrgreen:

Advertenties

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit / Bijwerken )

Twitter-afbeelding

Je reageert onder je Twitter account. Log uit / Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit / Bijwerken )

Google+ photo

Je reageert onder je Google+ account. Log uit / Bijwerken )

Verbinden met %s

%d bloggers liken dit: