diff --git a/DigitalData.Core.Abstractions/Security/IRSAFactory.cs b/DigitalData.Core.Abstractions/Security/IRSAFactory.cs index 96ece10..d1347ff 100644 --- a/DigitalData.Core.Abstractions/Security/IRSAFactory.cs +++ b/DigitalData.Core.Abstractions/Security/IRSAFactory.cs @@ -4,14 +4,19 @@ namespace DigitalData.Core.Abstractions.Security { public interface IRSAFactory { - string CreateRSAPrivateKeyPem(int? keySizeInBits = null); + string CreatePrivateKeyPem(int? keySizeInBits = null); - string CreateEncryptedPrivateKeyPem( - int? keySizeInBits = null, - string? password = null, + public string CreateEncryptedPrivateKeyPem( PbeEncryptionAlgorithm? pbeEncryptionAlgorithm = null, HashAlgorithmName? hashAlgorithmName = null, - int? iterationCount = null); + int? iterationCount = null, + int? keySizeInBits = null, + string? password = null); + + public string CreateEncryptedPrivateKeyPem( + PbeParameters pbeParameters, + int? keySizeInBits = null, + string? password = null); } public interface IRSAFactory : IRSAFactory { } diff --git a/DigitalData.Core.Security/Config/AsymCryptParams.cs b/DigitalData.Core.Security/Config/AsymCryptParams.cs index 304397a..a2a2a24 100644 --- a/DigitalData.Core.Security/Config/AsymCryptParams.cs +++ b/DigitalData.Core.Security/Config/AsymCryptParams.cs @@ -16,9 +16,8 @@ namespace DigitalData.Core.Security.Config private string CreateFileName(params object[] objs) => string.Join(Separator, objs); private string CreatePem(bool isEncrypted) => isEncrypted - ? Instance.RSAFactory.CreateEncryptedPrivateKeyPem(keySizeInBits: KeySizeInBits, password: Secrets.PBE_PASSWORD, - pbeEncryptionAlgorithm: PbeEncryptionAlgorithm, hashAlgorithmName: PbeHashAlgorithmName, iterationCount: PbeIterationCount) - : Instance.RSAFactory.CreateRSAPrivateKeyPem(keySizeInBits: KeySizeInBits); + ? Instance.RSAFactory.CreateEncryptedPrivateKeyPem(pbeParameters: PbeParameters, keySizeInBits: KeySizeInBits, password: Secrets.PBE_PASSWORD) + : Instance.RSAFactory.CreatePrivateKeyPem(keySizeInBits: KeySizeInBits); public override void OnDeserialized() { diff --git a/DigitalData.Core.Security/Cryptographer/RSAFactory.cs b/DigitalData.Core.Security/Cryptographer/RSAFactory.cs index a6a4a88..9f10a06 100644 --- a/DigitalData.Core.Security/Cryptographer/RSAFactory.cs +++ b/DigitalData.Core.Security/Cryptographer/RSAFactory.cs @@ -11,15 +11,15 @@ namespace DigitalData.Core.Security.Cryptographer public RSAFactory(IOptions options) => _params = options.Value; - public string CreateRSAPrivateKeyPem(int? keySizeInBits = null) + public string CreatePrivateKeyPem(int? keySizeInBits = null) => RSA.Create(keySizeInBits ?? _params.KeySizeInBits).ExportRSAPrivateKeyPem(); public string CreateEncryptedPrivateKeyPem( - int? keySizeInBits = null, - string? password = null, PbeEncryptionAlgorithm? pbeEncryptionAlgorithm = null, HashAlgorithmName? hashAlgorithmName = null, - int? iterationCount = null) + int? iterationCount = null, + int? keySizeInBits = null, + string? password = null) { password ??= _params.PbePassword; @@ -36,5 +36,19 @@ namespace DigitalData.Core.Security.Cryptographer return new string(pemChars); } + + public string CreateEncryptedPrivateKeyPem( + PbeParameters pbeParameters, + int? keySizeInBits = null, + string? password = null) + { + password ??= _params.PbePassword; + + var encryptedPrivateKey = RSA.Create(keySizeInBits ?? _params.KeySizeInBits).ExportEncryptedPkcs8PrivateKey(password.AsSpan(), pbeParameters); + + var pemChars = PemEncoding.Write(_params.EncryptedPrivateKeyPemLabel, encryptedPrivateKey); + + return new string(pemChars); + } } } \ No newline at end of file