public void TestAsymmetricEncryptionNonPersistedKey()
{
byte[] plainBytes = ByteUtil.Utf8NoBOM.GetBytes("Secret String For Testing");
AsymmetricEncryption.GenerateNewKeys(out string publicKey, out string privateKey);
byte[] encryptedBytes = AsymmetricEncryption.EncryptWithKey(publicKey, plainBytes);
Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes));
byte[] decryptedBytes = AsymmetricEncryption.DecryptWithKey(privateKey, encryptedBytes);
Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes));
// Try encrypting with the private key (usually done with only the public key).
byte[] encryptedBytes2 = AsymmetricEncryption.EncryptWithKey(privateKey, plainBytes);
Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes2));
// Try decrypting with the public key (should fail)
try
{
byte[] decryptedBytes2 = AsymmetricEncryption.DecryptWithKey(publicKey, encryptedBytes);
Assert.Fail("Expected exception when trying to decrypt with public key.");
}
catch { }
// Verify that private-key-encryption worked as intended
byte[] decryptedBytes3 = AsymmetricEncryption.DecryptWithKey(privateKey, encryptedBytes);
Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes3));
}
private void TestRSAPayloadSizeLimitAtKeySize(int keySize, int expectedPayloadSizeLimit, int startTestAt = -1)
{
AsymmetricKeypair keys = GetStaticKeys(keySize);
if (startTestAt < 1)
{
startTestAt = expectedPayloadSizeLimit;
}
int expectedFailureAt = expectedPayloadSizeLimit + 1;
for (int i = startTestAt; i <= expectedFailureAt; i++)
{
byte[] plainBytes = new byte[i];
SecureRandom.NextBytes(plainBytes);
byte[] encryptedBytes = null;
try
{
encryptedBytes = AsymmetricEncryption.EncryptWithKey(keys.publicKey, plainBytes);
}
catch (Exception ex)
{
if (i == expectedFailureAt)
{
return;
}
Assert.Fail(keySize + "-bit key failed at payload size " + i + " bytes. Expected failure at " + expectedFailureAt + "-byte payload size. Exception: " + ex.ToString());
}
if (i == expectedFailureAt)
{
Assert.Fail("Expected exception when encrypting " + expectedFailureAt + "-byte payload size. Did not get exception. " + keySize + "-bit key test failed.");
}
Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes));
byte[] decryptedBytes = AsymmetricEncryption.DecryptWithKey(keys.privateKey, encryptedBytes);
Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes));
}
}
private void TestAsymmetricEncryptionWithKeystore(Keystore correctKeystore, string correctKeyContainerName, Keystore wrongKeystore, string wrongKeyContainerName)
{
CleanupKeystores();
byte[] plainBytes = ByteUtil.Utf8NoBOM.GetBytes("Secret String For Testing");
try
{
// Key should be automatically generated
byte[] encryptedBytes = AsymmetricEncryption.EncryptWithKeyFromKeystore(correctKeystore, correctKeyContainerName, plainBytes);
Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes));
byte[] decryptedBytes = AsymmetricEncryption.DecryptWithKeyFromKeystore(correctKeystore, correctKeyContainerName, encryptedBytes);
Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes));
// Key should be retrievable from correct keystore
string publicKeyLoaded = AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, false);
Assert.IsNotNull(publicKeyLoaded);
// Key should NOT be retrievable from incorrect keystore
string publicKeyFromWrongKeystore = AsymmetricEncryption.GetKeyFromKeystore(wrongKeystore, correctKeyContainerName, false);
Assert.IsNull(publicKeyFromWrongKeystore);
Assert.IsTrue(KeystoreContainsKeyContainer(correctKeystore, correctKeyContainerName));
Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, correctKeyContainerName));
Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, wrongKeyContainerName));
Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, wrongKeyContainerName));
// Test encryption using exported public key.
byte[] encryptedBytes2 = AsymmetricEncryption.EncryptWithKey(publicKeyLoaded, plainBytes);
Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes2));
byte[] decryptedBytes2 = AsymmetricEncryption.DecryptWithKeyFromKeystore(correctKeystore, correctKeyContainerName, encryptedBytes2);
Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes2));
// Should be possible to replace existing keys by calling GenerateNewKeysInKeystore
AsymmetricEncryption.GenerateNewKeysInKeystore(correctKeystore, correctKeyContainerName, out string publicKey2);
Assert.AreNotEqual(publicKeyLoaded, publicKey2);
// Getting the key should now return the new key
string publicKeyLoaded2 = AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, false);
Assert.AreEqual(publicKey2, publicKeyLoaded2);
// Delete the key
AsymmetricEncryption.DeletePublicKeyFromKeystore(correctKeystore, correctKeyContainerName);
Assert.IsNull(AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, false));
// Try to generate a new one using the "Get" method.
string publicKeyLoaded3 = AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, true);
Assert.AreNotEqual(publicKeyLoaded, publicKeyLoaded3);
Assert.AreNotEqual(publicKey2, publicKeyLoaded3);
}
finally
{
AsymmetricEncryption.DeletePublicKeyFromKeystore(correctKeystore, correctKeyContainerName);
Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, correctKeyContainerName));
// Confirm the delete can be done redundantly without negative effect
AsymmetricEncryption.DeletePublicKeyFromKeystore(correctKeystore, correctKeyContainerName);
Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, correctKeyContainerName));
Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, correctKeyContainerName));
Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, wrongKeyContainerName));
Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, wrongKeyContainerName));
}
}