Programming .NET Security : Extending the .NET Framework (part 1) - Defining the Key Exchange Formatter

4/18/2011 11:31:48 AM

1. ElGamal Key Exchange Explained

Our implementation of the ElGamal encryption functions exposes the "raw" algorithm; that is, unlike the Microsoft RSA implementation, our ElGamalManaged class does not format data prior to encryption.

To provide support for session key exchange, we must provide classes that extend the AsymmetricExchangeFormatter and AsymmetricExchangeDeformatter classes that we discussed in the previous section. We have selected the OAEP formatting scheme for our key exchange; we have listed the complete code for our formatting classes, which naturally includes the details of the OAEP scheme. We do not discuss the details of OAEP, and you should refer to the PKCS #1 standard (which defines both the OAEP and PKCS #1 v1.5 formatting schemes) for details.

2. Defining the Key Exchange Formatter

We begin by defining ElGamalOAEPKeyExchangeFormatter, which is our formatter class, extending the AsymmetricKeyExchangeFormatter class that we discussed in the previous section:

using System;
using System.IO;
using System.Security.Cryptography;

public class ElGamalOAEPKeyExchangeFormatter : AsymmetricKeyExchangeFormatter {
private ElGamalManaged o_algorithm;
private Random o_random;
private PKCS1MaskGenerationMethod o_mask_generator;

The constructor creates an instance of the ElGamal implementation class, ElGamalManaged. As you see in the SetKey method, you can import the keys from any implementation class that extends the abstract ElGamal class using the common parameter import and export methods. The other instance variables are related to the OAEP formatting process:

        public ElGamalOAEPKeyExchangeFormatter(  ) {
// create the instance of the algorithm
o_algorithm = new ElGamalManaged( );
// init the rnd
o_random = new Random( );
// init the mask generator
o_mask_generator = new PKCS1MaskGenerationMethod( );

The Parameters property returns the parameters of the public key that will be used to encrypt the session key; we create the result by using the ToXmlString method defined in the AsymmetricAlgorithm class:

    public override string Parameters {
get {
return o_algorithm.ToXmlString(false);

The SetKey method allows the user to specify an instance of the ElGamal algorithm that should be used for encryption; if the class is not an instance of our abstract ElGamal class, throw an exception; otherwise, import the public key parameters into the ElGamal instance created by the constructor:

    public override void SetKey(AsymmetricAlgorithm p_key) {
// encure that we are dealing with an ElGamal algorithm
if (p_key is ElGamal) {
// export the key and push it into the algorithm
} else {
// we can't continue because the algorithm
// is the one for this class
throw new ArgumentException("Key Algorithm is not ElGamal", "p_key");

The CreateKeyExchange method is responsible for formatting the session key and encrypting the result using the ElGamal implementation class; there are two overloaded versions of this method, but they are functionality equivalent, because the differentiating argument is not currently used by the .NET Framework:

    public override byte[] CreateKeyExchange(byte[] p_byte, Type p_type) {
// the Type parameter is not curently supported by the
// .NET Framework, so we just need to work with the byte array
return CreateKeyExchange(p_byte);

public override byte[] CreateKeyExchange(byte[] p_byte) {
// create the OAEP padded data
byte[] x_padded_data = CreateOAEPPaddedData(p_byte);
// create the ciphertext from the padded data
byte[] x_ciphertext = o_algorithm.EncryptData(x_padded_data);
// return the ciphertext
return x_ciphertext;

The remaining methods in this class are responsible for applying the OAEP formatting, which is outside the scope of this book:

    // the lHash value which is the preamble to an OAEP block
private byte[] o_lhash
= new BigInteger("da39a3ee5e6b4b0d3255bfef95601890afd80709", 16).getBytes( );

private byte[] CreateOAEPPaddedData(byte[] p_data) {
// create a memory stream to hold the padded data
MemoryStream x_stream = new MemoryStream( );

// define K
int x_K = o_algorithm.KeySize/8 -1;

// determine the block size
int x_max_bytes = x_K - (2 * o_lhash.Length) - 2;
// determine how many complete blocks there are
int x_complete_blocks = p_data.Length / x_max_bytes;

// run through and process the complete blocks
int i = 0;
byte[] x_block;
for (; i < x_complete_blocks; i++) {
x_block = CreateSingleOAEPBlock(p_data, i * x_max_bytes,
x_max_bytes, x_K);
x_stream.Write(x_block, 0, x_block.Length);

// process any remaining data
x_block = CreateSingleOAEPBlock(p_data, i * x_max_bytes,
p_data.Length - (i * x_max_bytes), x_K);
x_stream.Write(x_block, 0, x_block.Length);

// return the padded data
return x_stream.ToArray( );

private byte[] CreateSingleOAEPBlock(byte[] p_data, int p_offset,
int p_count, int p_K) {

// b. Generate an octet string PS consisting of
// k - mLen - 2hLen - 2 zero octets.
// The length of PS may be zero.
byte[] x_PS = new byte[p_K - p_count - (2*o_lhash.Length) -2];

// c. Concatenate lHash, PS, a single octet with
// hexadecimal value 0x01, and the message M to form a data
// block DB of length k - hLen - 1 octets as
// DB = lHash || PS || 0x01 || M .
byte[] x_DB = new byte[o_lhash.Length + x_PS.Length + 1 + p_count];
Array.Copy(o_lhash, 0, x_DB, 0, o_lhash.Length);
Array.Copy(x_PS, 0, x_DB, o_lhash.Length, x_PS.Length);
x_DB[o_lhash.Length + x_PS.Length] = 0x01;
Array.Copy(p_data, p_offset, x_DB,
o_lhash.Length + x_PS.Length + 1, p_count);

// d. Generate a random octet string seed of length hLen
BigInteger x_temp = new BigInteger( );
x_temp.genRandomBits(o_lhash.Length * 8, o_random);
byte[] x_seed = x_temp.getBytes( );

// e. Let dbMask = MGF (seed, k - hLen - 1)
byte[] x_dbMask = o_mask_generator.GenerateMask(x_seed,
p_K - o_lhash.Length -1);

// f. Let maskedDB = DB XOR dbMask.
byte[] x_maskedDB = new byte[x_DB.Length];
byte[] x_temp_arr =
(new BigInteger(x_DB) ^ new BigInteger(x_dbMask)).getBytes( );
Array.Copy(x_temp_arr, 0, x_maskedDB,
x_maskedDB.Length - x_temp_arr.Length, x_temp_arr.Length);

// g. Let seedMask = MGF (maskedDB, hLen).
byte[] x_seedMask = o_mask_generator.GenerateMask(x_maskedDB,

// h. Let maskedSeed = seed XOR seedMask.
byte[] x_maskedSeed
= (new BigInteger(x_seed) ^ new BigInteger(x_seedMask)).getBytes( );

// i. Concatenate a single octet with hexadecimal value 0x00, maskedSeed,
// and maskedDB to form an encoded message EM of length k octets as
// EM = 0x00 || maskedSeed || maskedDB
byte[] x_EM = new byte[1 + o_lhash.Length + x_DB.Length];
Array.Copy(x_maskedSeed, 0, x_EM, x_EM.Length - x_DB.Length
- x_maskedSeed.Length, x_maskedSeed.Length);
Array.Copy(x_maskedDB, 0, x_EM, x_EM.Length - x_maskedDB.Length,

// return the result
return x_EM;

  •  Programming .NET Security : Programming Cryptographic Keys (part 3) - Key Exchange Formatting
  •  Programming .NET Security : Programming Cryptographic Keys (part 2) - Using Key Persistence
  •  Programming .NET Security : Programming Cryptographic Keys (part 1) - Creating Keys
  •  Deploying a Windows Server 2008 R2 Network Policy Server
  •  Understanding Network Access Protection (NAP) in Windows Server 2008 R2
  •  Programming .NET Security : Cryptographic Keys Explained
  •  Windows Server 2008 : Transport-Level Security - Using IPSec Encryption with Windows Server 2008 R2
  •  Windows Server 2008 : Transport-Level Security - Active Directory Rights Management Services
  •  Understanding Active Directory Certificate Services (AD CS) in Windows Server 2008 R2
  •  Deploying a Public Key Infrastructure with Windows Server 2008 R2
    Top 10
    Review : Sigma 24mm f/1.4 DG HSM Art
    Review : Canon EF11-24mm f/4L USM
    Review : Creative Sound Blaster Roar 2
    Review : Philips Fidelio M2L
    Review : Alienware 17 - Dell's Alienware laptops
    Review Smartwatch : Wellograph
    Review : Xiaomi Redmi 2
    Extending LINQ to Objects : Writing a Single Element Operator (part 2) - Building the RandomElement Operator
    Extending LINQ to Objects : Writing a Single Element Operator (part 1) - Building Our Own Last Operator
    3 Tips for Maintaining Your Cell Phone Battery (part 2) - Discharge Smart, Use Smart
    - First look: Apple Watch

    - 3 Tips for Maintaining Your Cell Phone Battery (part 1)

    - 3 Tips for Maintaining Your Cell Phone Battery (part 2)
    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 1)

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 2)

    - How to create your first Swimlane Diagram or Cross-Functional Flowchart Diagram by using Microsoft Visio 2010 (Part 3)
    Popular Tags
    Microsoft Access Microsoft Excel Microsoft OneNote Microsoft PowerPoint Microsoft Project Microsoft Visio Microsoft Word Active Directory Biztalk Exchange Server Microsoft LynC Server Microsoft Dynamic Sharepoint Sql Server Windows Server 2008 Windows Server 2012 Windows 7 Windows 8 Adobe Indesign Adobe Flash Professional Dreamweaver Adobe Illustrator Adobe After Effects Adobe Photoshop Adobe Fireworks Adobe Flash Catalyst Corel Painter X CorelDRAW X5 CorelDraw 10 QuarkXPress 8 windows Phone 7 windows Phone 8