interlockledger
diff --git a/‎InterlockLedger.Tags.UnitTests/InterlockLedger.Tags.UnitTests.csproj‎
Lines changed: 1 addition & 0 deletions b/‎InterlockLedger.Tags.UnitTests/InterlockLedger.Tags.UnitTests.csproj‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎InterlockLedger.Tags/Core/ILTagId.cs‎
Lines changed: 4 additions & 3 deletions b/‎InterlockLedger.Tags/Core/ILTagId.cs‎
Lines changed: 4 additions & 3 deletions
diff --git a/‎InterlockLedger.Tags/Core/Tags/TagProvider.cs‎
Lines changed: 3 additions & 1 deletion b/‎InterlockLedger.Tags/Core/Tags/TagProvider.cs‎
Lines changed: 3 additions & 1 deletion
diff --git a/‎InterlockLedger.Tags/Crypto/Tags/TagPubKey.cs‎
Lines changed: 12 additions & 22 deletions b/‎InterlockLedger.Tags/Crypto/Tags/TagPubKey.cs‎
Lines changed: 12 additions & 22 deletions
diff --git a/‎InterlockLedger.Tags/Crypto/Types/Keys/BaseCertificateSigningKey.cs‎
Lines changed: 65 additions & 0 deletions b/‎InterlockLedger.Tags/Crypto/Types/Keys/BaseCertificateSigningKey.cs‎
Lines changed: 65 additions & 0 deletions
diff --git a/‎InterlockLedger.Tags/Crypto/Types/Keys/EcDSA/ECParametersExtensions.cs‎
Lines changed: 126 additions & 0 deletions b/‎InterlockLedger.Tags/Crypto/Types/Keys/EcDSA/ECParametersExtensions.cs‎
Lines changed: 126 additions & 0 deletions
diff --git a/‎InterlockLedger.Tags/Crypto/Types/Keys/EcDSA/EcDSACertificateSigningKey.cs‎
Lines changed: 53 additions & 0 deletions b/‎InterlockLedger.Tags/Crypto/Types/Keys/EcDSA/EcDSACertificateSigningKey.cs‎
Lines changed: 53 additions & 0 deletions
@@ -40,4 +40,5 @@
     </ItemGroup>
     <Target Name="TagSources" />
     <Target Name="NugetOrg" />
+    <Target Name="PublishLocally" />
 </Project>
@@ -97,13 +97,14 @@ public struct ILTagId
     public const ulong ECParameters = 58;
     // EdDSA
     public const ulong EdDSAParameters = 59;
-    public const ulong EdDSAPublicParameters = 60;
+    public const ulong EdDSAParametersPublic = 60;
+    // ECDSA
+    public const ulong ECParametersPublic = 61;
 
-    // ********** Free range 61-126 **************
+    // ********** Free range 62-126 **************
 
     // Metadata
     public const ulong DataField = 225;         //  DataField for Published Apps Records
-
     public const ulong DataIndex = 226;         //  DataIndex for Published Apps Records
     public const ulong DataModel = 224;         //  DataModel for Published Apps Records
 }
@@ -123,7 +123,9 @@ public static void RegisterDeserializersFrom(params ITagDeserializersProvider[]
         [ILTagId.InterlockKeyAppPermission] = (s => new AppPermissions.Tag(s), NoJson),
         [ILTagId.EncryptedText] = (s => new EncryptedText.Payload(ILTagId.EncryptedText, s), NoJson),
         [ILTagId.EdDSAParameters] = (s => new TagEdDSAParameters(s), NoJson),
-        [ILTagId.EdDSAPublicParameters] = (s => new TagEdDSAPublicParameters(s), NoJson),
+        [ILTagId.EdDSAParametersPublic] = (s => new TagEdDSAPublicParameters(s), NoJson),
+        [ILTagId.ECParameters] = (s => new TagEcDSAParameters(s), NoJson),
+        [ILTagId.ECParametersPublic] = (s => new TagEcDSAPublicParameters(s), NoJson),
         [ILTagId.DataModel] = (s => new ILTagDataModel(s), NoJson),
         [ILTagId.DataField] = (s => new ILTagDataField(s), NoJson),
         [ILTagId.DataIndex] = (s => new ILTagDataIndex(s), NoJson),
 
@@ -30,7 +30,6 @@
 //
 // ******************************************************************************************************************************
 
-
 using System.Security.Cryptography.X509Certificates;
 
 namespace InterlockLedger.Tags;
@@ -45,25 +44,27 @@ public partial class TagPubKey : ILTagOfExplicitTextual<TagKeyParts>, ITextual<T
     public TagHash Hash => TagHash.HashSha256Of(Data);
     public virtual KeyStrength Strength => KeyStrength.Normal;
     public bool IsEmpty { get; private init; }
-
     public static TagPubKey Resolve(X509Certificate2 certificate) {
-        var RSA = certificate.GetRSAPublicKey() ?? throw new NotSupportedException("Not yet supporting other kinds of certificates!");
-        return new TagPubRSAKey(RSA.ExportParameters(false));
+        var RSA = certificate.GetRSAPublicKey();
+        var EcDSA = certificate.GetECDsaPublicKey();
+        return RSA is not null
+            ? new TagPubRSAKey(RSA.ExportParameters(false))
+            : EcDSA is not null
+            ? new TagPubEcDSAKey(EcDSA.ExportParameters(false))
+            : throw new NotSupportedException("Not yet supporting other kinds of certificates, than RSA and EcDSA!");
     }
-
     private static TagPubKey ResolveAs(Algorithm algorithm, byte[] data)
         => algorithm switch {
             Algorithm.RSA => new TagPubRSAKey(data),
+            Algorithm.EcDSA => new TagPubEcDSAKey(data),
             Algorithm.EdDSA => new TagPublicEdDSAKey(data),
-            _ => throw new NotSupportedException("Only support RSA/EdDSA for now!!!")
+            _ => throw new NotSupportedException("Only support RSA/EcDSA/EdDSA for now!!!")
         };
-
     public static TagPubKey InvalidBy(string cause) => throw new NotSupportedException(cause);
     public static bool TryParse([NotNullWhen(true)] string? s, IFormatProvider? provider, [MaybeNullWhen(false)] out TagPubKey result) {
         result = Parse(s.Safe(), provider);
         return !result.IsInvalid();
     }
-
     public static TagPubKey Parse(string s, IFormatProvider? provider) {
         if (string.IsNullOrWhiteSpace(s))
             throw new ArgumentException("Can't have empty pubkey textual representation!!!", nameof(s));
@@ -74,37 +75,26 @@ public static TagPubKey Parse(string s, IFormatProvider? provider) {
             ? throw new ArgumentException($"Bad format of pubkey textual representation: '{s}'!!!", nameof(s))
             : ResolveAs(algorithm, parts[1].FromSafeBase64());
     }
-
     public static TagPubKey Empty { get; } = new TagPubKey() { IsEmpty = true };
-    public static Regex Mask { get; } = AnythingRegex();
+    public static Regex Mask { get; } = PubKeyRegex();
     public ITextual<TagPubKey> Textual => this;
-
-    [GeneratedRegex(".+")]
-    private static partial Regex AnythingRegex();
-
+    [GeneratedRegex(@"PubKey!.+#\w+")]
+    private static partial Regex PubKeyRegex();
     public virtual byte[] Encrypt(byte[] bytes) => throw new NotImplementedException();
     protected override bool AreEquivalent(ILTagOf<TagKeyParts?> other) => other.Value is not null && other.Value.Algorithm == Algorithm && other.Value.Data.HasSameBytesAs(Data);
     public override string ToString() => Textual.FullRepresentation();
-
     public bool Equals(TagPubKey? other) => other is not null && (Algorithm == other.Algorithm) && Data.HasSameBytesAs(other.Data);
-
-//    public virtual bool Verify<T>(T data, TagSignature signature) where T : Signable<T>, new() => false;
-
     public virtual bool Verify(Stream dataStream, TagSignature signature) => false;
-
     internal static TagPubKey Resolve(Stream s) {
         var pubKey = new TagPubKey(s);
         return ResolveAs(pubKey.Algorithm, pubKey.Data);
     }
-
     protected TagPubKey(Algorithm algorithm, byte[] data) : base(ILTagId.PubKey, new TagKeyParts(algorithm, data)) { }
-
     private TagPubKey(Stream s) : base(ILTagId.PubKey, s) { }
     protected override string BuildTextualRepresentation() => $"PubKey!{Data.ToSafeBase64()}#{Algorithm}";
     protected override async Task<TagKeyParts?> ValueFromStreamAsync(WrappedReadonlyStream s) =>
         new((Algorithm)s.BigEndianReadUShort(), await s.ReadAllBytesAsync().ConfigureAwait(false));
     protected override Task<Stream> ValueToStreamAsync(Stream s) =>
         Task.FromResult(s.BigEndianWriteUShort((ushort)Value!.Algorithm).WriteBytes(Value.Data));
-
     private TagPubKey() : this(Algorithm.Invalid, []) { }
 }
@@ -0,0 +1,65 @@
+// ******************************************************************************************************************************
+//  
+// Copyright (c) 2018-2025 InterlockLedger Network
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met
+//
+// * Redistributions of source code must retain the above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+//
+// * Neither the name of the copyright holder nor the names of its
+//   contributors may be used to endorse or promote products derived from
+//   this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES, LOSS OF USE, DATA, OR PROFITS, OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// ******************************************************************************************************************************
+
+using System.Security.Cryptography.X509Certificates;
+
+namespace InterlockLedger.Tags;
+
+public abstract class BaseCertificateSigningKey : InterlockSigningKey
+{
+    public BaseCertificateSigningKey(InterlockSigningKeyData data, byte[] certificateBytes, string password) :
+        this(data, BuildCert(certificateBytes, password)) {
+    }
+    public BaseCertificateSigningKey(InterlockSigningKeyData data, X509Certificate2 x509Certificate) :
+        base(data) {
+        _x509Certificate = x509Certificate;
+        if (data.Required().EncryptedContentType != EncryptedContentType.EmbeddedCertificate)
+            throw new ArgumentException($"Wrong kind of EncryptedContentType {data.EncryptedContentType}", nameof(data));
+        if (!_x509Certificate.HasPrivateKey)
+            throw new InvalidOperationException("The private key is missing");
+        if (!_hasCorrectPrivateKey)
+            throw new InvalidOperationException($"The private key is of the incorrect type - certificate key type is {_x509Certificate.GetKeyAlgorithm}");
+    }
+    protected readonly X509Certificate2 _x509Certificate;
+    private bool _hasCorrectPrivateKey =>
+        KeyData.PublicKey.Algorithm switch {
+            Algorithm.RSA => _x509Certificate.GetRSAPrivateKey() is not null,
+            Algorithm.EcDSA => _x509Certificate.GetECDsaPrivateKey() is not null,
+            _ => throw new NotSupportedException($"Unsupported certificate key algorithm {KeyData.PublicKey.Algorithm}")
+        };
+    protected sealed override void DisposeManagedResources() =>
+        _x509Certificate?.Dispose();
+    private static X509Certificate2 BuildCert(byte[] certificateBytes, string password) =>
+        new(certificateBytes.Required(),
+            password.Required(),
+            X509KeyStorageFlags.Exportable | X509KeyStorageFlags.PersistKeySet);
+}
@@ -0,0 +1,126 @@
+// ******************************************************************************************************************************
+//  
+// Copyright (c) 2018-2025 InterlockLedger Network
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met
+//
+// * Redistributions of source code must retain the above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+//
+// * Neither the name of the copyright holder nor the names of its
+//   contributors may be used to endorse or promote products derived from
+//   this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES, LOSS OF USE, DATA, OR PROFITS, OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// ******************************************************************************************************************************
+
+using System.Security.Cryptography;
+
+
+namespace InterlockLedger.Tags;
+
+public static class ECParametersExtensions
+{
+    public static Stream EncodeHashAlgorithm(this Stream s, HashAlgorithmName? hashAlgorithm) =>
+        s.EncodeString(hashAlgorithm?.Name);
+
+    public static HashAlgorithmName? DecodeHashAlgorithm(this WrappedReadonlyStream s) {
+        var name = s.DecodeString();
+        return name is null ? null : new HashAlgorithmName(name);
+    }
+
+    public static Stream EncodeCurveType(this Stream s, ECCurve.ECCurveType curveType) =>
+        s.EncodeILInt((ulong)curveType);
+
+    public static ECCurve.ECCurveType DecodeCurveType(this WrappedReadonlyStream s) =>
+        (ECCurve.ECCurveType)s.DecodeILInt();
+
+
+    public static Stream EncodeECParametersPublicParts(this Stream s, ECParameters parameters) {
+        s.Required();
+        if (parameters.Curve.Oid is null) {
+            s.EncodeString(null) // No OID
+             .EncodeByteArray(parameters.Curve.A)
+             .EncodeByteArray(parameters.Curve.B)
+             .EncodeByteArray(parameters.Curve.Cofactor)
+             .EncodeCurveType(parameters.Curve.CurveType)
+             .EncodeByteArray(parameters.Curve.G.X)
+             .EncodeByteArray(parameters.Curve.G.Y)
+             .EncodeHashAlgorithm(parameters.Curve.Hash)
+             .EncodeByteArray(parameters.Curve.Order)
+             .EncodeByteArray(parameters.Curve.Polynomial)
+             .EncodeByteArray(parameters.Curve.Prime)
+             .EncodeByteArray(parameters.Curve.Seed);
+        } else {
+            s.EncodeString(parameters.Curve.Oid.Value); // OID
+        }
+        s.EncodeByteArray(parameters.Q.X)
+         .EncodeByteArray(parameters.Q.Y);
+        return s;
+    }
+    public static Stream EncodeECParameters(this Stream s, ECParameters parameters) =>
+        s.EncodeByteArray(parameters.D.Required())
+         .EncodeECParametersPublicParts(parameters);
+
+    public static ECParameters DecodeECParameters(this WrappedReadonlyStream s) {
+        var privateKey = s.DecodeByteArray().Required("ECParameters.PrivateKey");
+        var publicParts = s.DecodeECParametersPublicParts();
+        var result = new ECParameters {
+            D = privateKey,
+            Curve = publicParts.Curve,
+            Q = publicParts.Q
+        };
+        result.Validate();
+        return result;
+    }
+    public static ECParameters DecodeECParametersPublicParts(this WrappedReadonlyStream s) {
+        var oid = s.DecodeString();
+        ECCurve Curve;
+        if (string.IsNullOrEmpty(oid)) {
+            Curve = new ECCurve() {
+                A = s.DecodeByteArray(),
+                B = s.DecodeByteArray(),
+                Cofactor = s.DecodeByteArray(),
+                CurveType = s.DecodeCurveType(),
+                G = new ECPoint {
+                    X = s.DecodeByteArray(),
+                    Y = s.DecodeByteArray()
+                },
+                Hash = s.DecodeHashAlgorithm(),
+                Order = s.DecodeByteArray(),
+                Polynomial = s.DecodeByteArray(),
+                Prime = s.DecodeByteArray(),
+                Seed = s.DecodeByteArray()
+            };
+        } else {
+            // New format
+            Curve = ECCurve.CreateFromOid(new Oid(oid));
+        }
+        var result = new ECParameters {
+            Curve = Curve,
+            // Q is the public key point
+            Q = new ECPoint {
+                X = s.DecodeByteArray(),
+                Y = s.DecodeByteArray()
+            }
+        };
+        return result;
+    }
+
+}
@@ -0,0 +1,53 @@
+// ******************************************************************************************************************************
+//  
+// Copyright (c) 2018-2025 InterlockLedger Network
+// All rights reserved.
+//
+// Redistribution and use in source and binary forms, with or without
+// modification, are permitted provided that the following conditions are met
+//
+// * Redistributions of source code must retain the above copyright notice, this
+//   list of conditions and the following disclaimer.
+//
+// * Redistributions in binary form must reproduce the above copyright notice,
+//   this list of conditions and the following disclaimer in the documentation
+//   and/or other materials provided with the distribution.
+//
+// * Neither the name of the copyright holder nor the names of its
+//   contributors may be used to endorse or promote products derived from
+//   this software without specific prior written permission.
+//
+// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+// AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+// IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
+// DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
+// FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+// DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
+// SERVICES, LOSS OF USE, DATA, OR PROFITS, OR BUSINESS INTERRUPTION) HOWEVER
+// CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+// OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+// OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+//
+// ******************************************************************************************************************************
+
+using System.Security.Cryptography;
+using System.Security.Cryptography.X509Certificates;
+
+namespace InterlockLedger.Tags;
+
+public sealed class ECDsaCertificateSigningKey : BaseCertificateSigningKey
+{
+    public ECDsaCertificateSigningKey(InterlockSigningKeyData data, byte[] certificateBytes, string password)
+        : base(data, certificateBytes, password) { }
+    public ECDsaCertificateSigningKey(InterlockSigningKeyData data, X509Certificate2 certificate)
+        : base(data, certificate) { }
+    protected override byte[] HashAndSignStream(Stream dataStream) {
+        using var ecdsa = _x509Certificate.GetECDsaPrivateKey().Required();
+        return ecdsa.SignData(dataStream, HashAlgorithmName.SHA256, DSASignatureFormat.Rfc3279DerSequence);
+    }
+
+    protected override bool VerifySignatureOnStream(Stream dataStream, TagSignature signature) {
+        using var ecdsa = _x509Certificate.GetECDsaPublicKey().Required();
+        return ecdsa.VerifyData(dataStream, signature.Data, HashAlgorithmName.SHA256, DSASignatureFormat.Rfc3279DerSequence);
+    }
+}