diff options
| author | Alexander Scheel <alexander.scheel@keyfactor.com> | 2024-02-14 09:33:03 -0500 |
|---|---|---|
| committer | Alexander Scheel <alexander.scheel@keyfactor.com> | 2024-02-14 10:22:16 -0500 |
| commit | 89e04f3a8b0cfbadd8ff1cca8de77c6393ebfdb6 (patch) | |
| tree | 24e41b35c011ba105b0a7ea6c7bb5ee23358e9ca /crypto/src/cms | |
| parent | Refactoring in Pqc.Crypto.Utilities (diff) | |
| download | BouncyCastle.NET-ed25519-89e04f3a8b0cfbadd8ff1cca8de77c6393ebfdb6.tar.xz | |
Add explicit algorithm parameter in AddKeyTransRecipient
This allows callers to select between OAEP and PKCS#1v1.5 independent of the underlying certificate OID. In some instances, callers may wish to use OAEP for transport (e.g., due to FIPS sunset) with PKCS#1v1.5 OID certificates for compatibility. Note that Asn1KeyWrapper involves /NONE/ in the parameter name (whereas some other places reference it with just //). Signed-off-by: Alexander Scheel <alexander.scheel@keyfactor.com>
Diffstat (limited to 'crypto/src/cms')
| -rw-r--r-- | crypto/src/cms/CMSEnvelopedGenerator.cs | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/crypto/src/cms/CMSEnvelopedGenerator.cs b/crypto/src/cms/CMSEnvelopedGenerator.cs index 89a7f4576..a0c73be67 100644 --- a/crypto/src/cms/CMSEnvelopedGenerator.cs +++ b/crypto/src/cms/CMSEnvelopedGenerator.cs @@ -156,7 +156,20 @@ namespace Org.BouncyCastle.Cms { var algorithm = cert.SubjectPublicKeyInfo.Algorithm; var keyWrapper = new Asn1KeyWrapper(algorithm, cert); - AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(cert, keyWrapper)); + AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(cert, keyWrapper)); + } + + /** + * add a recipient. + * + * @param algorithm to override automatic selection (useful for OAEP with PKCS#1v1.5 certs) + * @param cert recipient's public key certificate + * @exception ArgumentException if there is a problem with the certificate + */ + public void AddKeyTransRecipient(string algorithm, X509Certificate cert) + { + var keyWrapper = new Asn1KeyWrapper(algorithm, cert); + AddRecipientInfoGenerator(new KeyTransRecipientInfoGenerator(cert, keyWrapper)); } /** @@ -174,6 +187,21 @@ namespace Org.BouncyCastle.Cms } /** + * add a recipient + * + * @param algorithm to override automatic selection (useful for OAEP with PKCS#1v1.5 certs) + * @param key the public key used by the recipient + * @param subKeyId the identifier for the recipient's public key + * @exception ArgumentException if there is a problem with the key + */ + public void AddKeyTransRecipient(string algorithm, AsymmetricKeyParameter pubKey, byte[] subKeyId) + { + SubjectPublicKeyInfo info = SubjectPublicKeyInfoFactory.CreateSubjectPublicKeyInfo(pubKey); + AddRecipientInfoGenerator( + new KeyTransRecipientInfoGenerator(subKeyId, new Asn1KeyWrapper(algorithm, pubKey))); + } + + /** * add a KEK recipient. * @param key the secret key to use for wrapping * @param keyIdentifier the byte string that identifies the key |