Encrypt And Decrypt Using Digital Signatures

Now in continutaion to my earlier artcile the mirroe link of the article here I am going to describe how we can use the digital signatures for the purpose of Encryption and Decryption.

The Following code will show how we can encrypt the plain text.

Encryption

#region Encryption

public string GetEncryptedText(string PlainStringToEncrypt)

{

try

{

string PlainString = PlainStringToEncrypt.Trim();

byte[] cipherbytes = ASCIIEncoding.ASCII.GetBytes(PlainString);

RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509_2.PublicKey.Key;

byte[] cipher = rsa.Encrypt(cipherbytes, false);

return Convert.ToBase64String(cipher);

}

catch (Exception e)

{

throw e;

}

}

#endregion

Now once we have encrypted text we need to decrypt it. the following section of code will demonstrate how to decrypt that encrypted text.

Decryption

#region Decryption

public string GetDecryptedText(string EncryptedStringToDecrypt)

{

try

{



try

{

byte[] cipherbytes = Convert.FromBase64String(EncryptedStringToDecrypt);

if (x509_2.HasPrivateKey)

{

RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509_2.PrivateKey;

byte[] plainbytes = rsa.Decrypt(cipherbytes, false);

System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();

return enc.GetString(plainbytes);

}

else

{

throw new Exception("Certificate used for has no private key.");

}

}

catch (Exception e)

{

return e.Message;

}

}

catch

{

return EncryptedStringToDecrypt;

}

}

#endregion

---

Thanks and Regards

Meetu Choudhary

Accessing the properties of a digital signature

Now once we have selected the certificate. We need to access the properties of the certificate. Here is a small piece of code to access all the properties which may be helpful to us for any context.

before accessing these properties we have to set the certificate object. for that you can get the code from any of the two previous articles.
1. Article link , Mirror link
2. Article link , Mirror link


Now once we have the certificate (X509Certificate2 x509_2;)
we can o with the following code

[code]

///

/// Set All the Properties of the Certificate

///

public Boolean SetProperties()

{

if (x509_2 != null)

{

RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)x509_2.PublicKey.Key;

_PublicKey_Key =_PublicKeyXML = rsa.ToXmlString(false);

//_PrivateKeyXML = rsa.ToXmlString(true );

_PrivateKeyXML=_Private_Key = x509_2.PrivateKey.ToXmlString(false);

_PKeyExchangeAlgorithm = x509_2.PrivateKey.KeyExchangeAlgorithm;

_PublicKey = x509_2.GetPublicKeyString();

//_PublicKey_Key = Convert.ToString(x509_2.PublicKey.Key);

_SerialNumber = x509_2.GetPublicKeyString();

_Thumbprint = x509_2.Thumbprint;

_RawCertDataString = x509_2.GetRawCertDataString();

_FriendlyName = x509_2.FriendlyName;

_HashString = x509_2.GetCertHashString();

_EffectiveDate = x509_2.GetEffectiveDateString();

_ExpirationDate = x509_2.GetExpirationDateString();

_Format = x509_2.GetFormat();

_IssuerName = x509_2.GetIssuerName();

_KeyAlgorithm = x509_2.GetKeyAlgorithm();

_KeyAlgorithmParameters = x509_2.GetKeyAlgorithmParametersString();

_CertName = x509_2.GetName();

_CertSubject = x509_2.Subject;

_CertVersion = x509_2.Version;

_SignatureAlgorithm_Value = x509_2.SignatureAlgorithm.Value;

_SignatureAlgorithm_ToString = x509_2.SignatureAlgorithm.ToString();

_SignatureAlgorithm_FriendlyName = x509_2.SignatureAlgorithm.FriendlyName;

return true;

}

else { return false; }

}

[/code]

---

Thanks and Regards
Meetu Choudhary

Open Certificate Stores Including Certificates in Token

In My Previous article Mirror Link I have shown how to open a certificate store (Machine certificate store which is displayed in the Internet Explorer.) but the drawback of that code was it can't open the certificates stored in the token. so here is another method which will overcome the drawback stated above. It will open the certificates of the machine store as well as of the tokens.

[code]
///

/// Opens the Certificate Store of IE including the Certificates in Token

///

/// The variable passed to store the reason if function returns false

/// True if a certificate is selected and false if no certificate is selected

public Boolean OpenStoreToken(ref string popupScript)

{

x509_2 = null;

//Create and Initilaize a variable of x509Store providing the store name and the store location

X509Store st = new X509Store(StoreName.My, StoreLocation.CurrentUser);

//Create X509Certificate2Collection

X509Certificate2Collection col = new X509Certificate2Collection();

//Create X509Certificate2Collection

X509Certificate2Collection sel = new X509Certificate2Collection();

//Create X509Certificate2Enumerator

X509Certificate2Enumerator en;// =new X509Certificate2Enumerator();

//Open the Store for readonly purpose

st.Open(OpenFlags.ReadOnly);

//set the col i.e. X509Certificate2Collection to the collection of the certificates stored in the IE and the Token

col = st.Certificates;

//set the sel i.e. X509Certificate2Collection which actuly displays a dialog box for selecting an X.509 certificate from a certificate collection.

sel = X509Certificate2UI.SelectFromCollection(col, "Certificates", "Select one to sign", X509SelectionFlag.SingleSelection);

if (sel.Count > 0)

{

en = sel.GetEnumerator();

en.MoveNext();

x509_2 = en.Current;

}

st.Close();

if (x509_2 == null)

{

popupScript = "You didn't select a certificate!!!";

return false;

}

else

{

return true;

}

}



[/code]

---

Thanks and Regards
Meetu Choudhary

Open Certificate Stores

I am working on Digital Signatures with ASP.Net. Once in a life time for a programmer we get a chance to work for security or with security and even myself is not an exception . I have to work with digital signatures to achieve security and I searched a lot in internet to achieve what i need and I am still in the process to learn more but in this journey I have found many things but most of them were related to java and applets as I was form .net domain I had to work on it. So here I am Starting the discussion with the first obstacle I met, it is to open a certificate store as of Internet Explorer... I am calling it first as I need not to generate the digital signature as I have them which were already issued by the authorized CA. still if you want to have a look then you can go through the link where i have explained how to create a certificate.. or the mirror link...

Proceeding further... I have encountered two ways to open a certificate store discussing them here..

Method One:

Certfun is a class which i found on the Internet which i don't remember where exactly but i have modified that class as i found that code in vb and i need that in C# so i will paste the code at the end

Limitation:-- This will not open the certificate in the token.

[code]
///

/// Opens the Certificate Store of IE Excluding the Certificates in Token

///

/// The variable passed to store the reason if function returns false

/// True if a certificate is selected and false if no certificate is selected

public Boolean OpenStoreIE(ref string popupScript)

{

x509_2 = null;

//declare a pointer and initilize it with Zero This pointer will hold the value returened by opening the Store

IntPtr hCertStore = IntPtr.Zero;

//declare a pointer and initilize it with Zero This pointer will hold the value returened by selecting the certificate from the store

IntPtr pCertContext = IntPtr.Zero;

//Declare a string and Intilaize it with the store name to open by default it is 'My' Stroe from where we store or install the certificates

string kk = "MY";

//Declaring a StringBuilder Object to hold the NameString of the certificate

StringBuilder NS = new StringBuilder(128);

//To hold the size

int provinfosize = 0;

//Opens the Store and returns a pointer handler of the Store.

hCertStore = CertFun.CertOpenSystemStore(IntPtr.Zero, kk);

//Will returns the pointer handler of the selected certificate

pCertContext = CertFun.CryptUIDlgSelectCertificateFromStore(hCertStore, IntPtr.Zero, "Personal Store", "Please select a PKC12 (.pfx) Certificate and press ok", cf.CRYPTUI_SELECT_LOCATION_COLUMN, 0, IntPtr.Zero);

//Testing if the pointer handler is equal to zero then informing the user that no certificate is selected and exiting the function

if (pCertContext.Equals(IntPtr.Zero))

{

popupScript = "You didn't select a certificate!!!";

//ScriptManager.RegisterClientScriptBlock(Page, this.GetType(), "nocert", popupScript, false);

return false;

}

//check certificate is PKCS12

if (!CertFun.CertGetCertificateContextProperty(pCertContext, cf.CERT_KEY_PROV_INFO_PROP_ID, IntPtr.Zero, ref provinfosize))

{

//Check the pointer handler if it is not eqal to zero then

if (!(pCertContext.Equals(IntPtr.Zero)))

{

//free the pointer handler as the certificate is not PKCS12

CertFun.CertFreeCertificateContext(pCertContext);

}

//Display a message and exit from the function

popupScript = "Selected certificate is not PKCS12. Please select a PKCS12 certificate!!!";

//ScriptManager.RegisterClientScriptBlock(Page, this.GetType(), "invalidcert", popupScript, false);

return false;



}

else

{

// yes pkcs12

//need not to do anything here

}

//Get Name String for the Certificate into your stringbuilder created above

if ((CertFun.CertGetNameString(pCertContext, cf.CERT_NAME_SIMPLE_DISPLAY_TYPE, 0, IntPtr.Zero, NS, 128)))

{

}

else

{

// Can Display the message here that certificate name failed

//in my case no requirement to display this message

}

//Now store the user selected certificate into the global static variable for later use

x509_2 = new X509Certificate2(pCertContext);

return true;

}
[/code]

CertFun

[code]
using

System;

using

System.Runtime.InteropServices;

using

System.Security.Cryptography;

using

System.Text;

namespace

Secure_Login

{

///

/// Summary description for CertFun

/// class which will handle and implemet the delegates

///

public class CertFun

{

[StructLayout(LayoutKind.Sequential)]

public struct CRYPTUI_CERT_MGR_STRUCT

{

public int dwSize;

public IntPtr hwndParent;

public int dwFlags;

public string pwszTitle;

public IntPtr pszInitUsageOID;

}

[StructLayout(LayoutKind.Sequential)]

public struct CRYPT_KEY_PROV_INFO

{

[MarshalAs(UnmanagedType.LPWStr)]

public string ContainerName;

[MarshalAs(UnmanagedType.LPWStr)]

public string ProvName;

public int ProvType;

public int Flags;

public int ProvParam;

public IntPtr rgProvParam;

public int KeySpec;

}

[DllImport("cryptui.dll", SetLastError = true)]

public static extern IntPtr CryptUIDlgSelectCertificateFromStore(IntPtr hCertStore, IntPtr hwnd, [MarshalAs(UnmanagedType.LPWStr)]

string

pwszTitle, [MarshalAs(UnmanagedType.LPWStr)]

string

pwszDisplayString, int dwDontUseColumn, int dwFlags, IntPtr pvReserved);

[DllImport("crypt32.dll", SetLastError = true)]

public static extern IntPtr CertEnumCertificatesInStore(IntPtr hCertStore, IntPtr pPrevCertContext);

[DllImport("crypt32.dll", SetLastError = true)]

public static extern bool CertGetNameString(IntPtr pCertContext, int dwType, int dwFlags, IntPtr pvTypePara, StringBuilder pszNameString, Int32 cchNameString);

[DllImport("crypt32.dll", SetLastError = true)]

public static extern bool CertGetCertificateContextProperty(IntPtr pCertContext, int dwPropId, IntPtr pvData, ref int pcbData);

[DllImport("crypt32.dll", CharSet = CharSet.Auto, SetLastError = true)]

public static extern IntPtr CertOpenSystemStore(IntPtr hCryptProv, string storename);

[DllImport("crypt32.dll", SetLastError = true)]

public static extern bool CertFreeCertificateContext(IntPtr hCertStore);

[DllImport("crypt32.dll", SetLastError = true)]

public static extern bool CertCloseStore(IntPtr hCertStore, int dwFlags);

[DllImport("cryptui.dll", SetLastError = true)]

public static extern bool CryptUIDlgCertMgr(ref CRYPTUI_CERT_MGR_STRUCT pCryptUICertMgr);

[DllImport("crypt32.dll")]

public static extern bool CryptDecodeObject(int CertEncodingType, int lpszStructType, byte[] pbEncoded, int cbEncoded, int flags, [In(), Out()]

byte

[] pvStructInfo, ref int cbStructInfo);



[DllImport("crypt32.dll", SetLastError = true)]

public static extern IntPtr CertFindCertificateInStore(IntPtr hCertStore, int dwCertEncodingType, int dwFindFlags, int dwFindType, [In(), MarshalAs(UnmanagedType.LPWStr)]

string

pszFindString, IntPtr pPrevCertContext);

[StructLayout(LayoutKind.Sequential)]

public struct PUBKEYBLOBHEADERS

{

////BLOBHEADER

public byte bType;

// //BLOBHEADER

public byte bVersion;

////BLOBHEADER

public short reserved;

////BLOBHEADER

public Int32 aiKeyAlg;

// //RSAPUBKEY

public int magic;

//; '//RSAPUBKEY

public int bitlen;

//; //RSAPUBKEY

public int pubexp;

}

public int CERT_NAME_SIMPLE_DISPLAY_TYPE = 0x4;

public int CRYPTUI_SELECT_LOCATION_COLUMN = 0x10;

public int CERT_KEY_PROV_INFO_PROP_ID = 0x2;

static public int X509_ASN_ENCODING = 0x1;

static public int PKCS_7_ASN_ENCODING = 0x10000;

public int RSA_CSP_PUBLICKEYBLOB = 19;

static public int ENCODING_TYPE = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING;

public int CERT_FIND_SUBJECT_STR = 0x80007;

public byte[] pubblob;

public string PKC12CertSelectedName = "";

public byte[] EncKey;

public byte[] EncIv;

public byte[] EncData;

//creates new instance of Rinjndael

public RijndaelManaged Rin = new RijndaelManaged();

public byte[] SignedData;

public string CertForEnc = "";

public string CertForSig = "";

}

}

[/code]

I will Cover the next method in my next resource which will overcome the limitation of the method one

---

Thanks and Regards
Meetu Choudhary