Beispiel #1
0
        public void TestAsymmetricEncryptionNonPersistedKey()
        {
            byte[] plainBytes = ByteUtil.Utf8NoBOM.GetBytes("Secret String For Testing");

            AsymmetricEncryption.GenerateNewKeys(out string publicKey, out string privateKey);

            byte[] encryptedBytes = AsymmetricEncryption.EncryptWithKey(publicKey, plainBytes);
            Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes));

            byte[] decryptedBytes = AsymmetricEncryption.DecryptWithKey(privateKey, encryptedBytes);
            Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes));

            // Try encrypting with the private key (usually done with only the public key).
            byte[] encryptedBytes2 = AsymmetricEncryption.EncryptWithKey(privateKey, plainBytes);
            Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes2));

            // Try decrypting with the public key (should fail)
            try
            {
                byte[] decryptedBytes2 = AsymmetricEncryption.DecryptWithKey(publicKey, encryptedBytes);
                Assert.Fail("Expected exception when trying to decrypt with public key.");
            }
            catch { }

            // Verify that private-key-encryption worked as intended
            byte[] decryptedBytes3 = AsymmetricEncryption.DecryptWithKey(privateKey, encryptedBytes);
            Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes3));
        }
Beispiel #2
0
        private void TestRSAPayloadSizeLimitAtKeySize(int keySize, int expectedPayloadSizeLimit, int startTestAt = -1)
        {
            AsymmetricKeypair keys = GetStaticKeys(keySize);

            if (startTestAt < 1)
            {
                startTestAt = expectedPayloadSizeLimit;
            }
            int expectedFailureAt = expectedPayloadSizeLimit + 1;

            for (int i = startTestAt; i <= expectedFailureAt; i++)
            {
                byte[] plainBytes = new byte[i];
                SecureRandom.NextBytes(plainBytes);

                byte[] encryptedBytes = null;
                try
                {
                    encryptedBytes = AsymmetricEncryption.EncryptWithKey(keys.publicKey, plainBytes);
                }
                catch (Exception ex)
                {
                    if (i == expectedFailureAt)
                    {
                        return;
                    }
                    Assert.Fail(keySize + "-bit key failed at payload size " + i + " bytes. Expected failure at " + expectedFailureAt + "-byte payload size. Exception: " + ex.ToString());
                }
                if (i == expectedFailureAt)
                {
                    Assert.Fail("Expected exception when encrypting " + expectedFailureAt + "-byte payload size. Did not get exception. " + keySize + "-bit key test failed.");
                }
                Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes));

                byte[] decryptedBytes = AsymmetricEncryption.DecryptWithKey(keys.privateKey, encryptedBytes);
                Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes));
            }
        }
Beispiel #3
0
        private void TestAsymmetricEncryptionWithKeystore(Keystore correctKeystore, string correctKeyContainerName, Keystore wrongKeystore, string wrongKeyContainerName)
        {
            CleanupKeystores();
            byte[] plainBytes = ByteUtil.Utf8NoBOM.GetBytes("Secret String For Testing");

            try
            {
                // Key should be automatically generated
                byte[] encryptedBytes = AsymmetricEncryption.EncryptWithKeyFromKeystore(correctKeystore, correctKeyContainerName, plainBytes);
                Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes));

                byte[] decryptedBytes = AsymmetricEncryption.DecryptWithKeyFromKeystore(correctKeystore, correctKeyContainerName, encryptedBytes);
                Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes));

                // Key should be retrievable from correct keystore
                string publicKeyLoaded = AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, false);
                Assert.IsNotNull(publicKeyLoaded);

                // Key should NOT be retrievable from incorrect keystore
                string publicKeyFromWrongKeystore = AsymmetricEncryption.GetKeyFromKeystore(wrongKeystore, correctKeyContainerName, false);
                Assert.IsNull(publicKeyFromWrongKeystore);

                Assert.IsTrue(KeystoreContainsKeyContainer(correctKeystore, correctKeyContainerName));
                Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, correctKeyContainerName));
                Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, wrongKeyContainerName));
                Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, wrongKeyContainerName));

                // Test encryption using exported public key.
                byte[] encryptedBytes2 = AsymmetricEncryption.EncryptWithKey(publicKeyLoaded, plainBytes);
                Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes2));

                byte[] decryptedBytes2 = AsymmetricEncryption.DecryptWithKeyFromKeystore(correctKeystore, correctKeyContainerName, encryptedBytes2);
                Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes2));

                // Should be possible to replace existing keys by calling GenerateNewKeysInKeystore
                AsymmetricEncryption.GenerateNewKeysInKeystore(correctKeystore, correctKeyContainerName, out string publicKey2);
                Assert.AreNotEqual(publicKeyLoaded, publicKey2);

                // Getting the key should now return the new key
                string publicKeyLoaded2 = AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, false);
                Assert.AreEqual(publicKey2, publicKeyLoaded2);

                // Delete the key
                AsymmetricEncryption.DeletePublicKeyFromKeystore(correctKeystore, correctKeyContainerName);
                Assert.IsNull(AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, false));

                // Try to generate a new one using the "Get" method.
                string publicKeyLoaded3 = AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, true);
                Assert.AreNotEqual(publicKeyLoaded, publicKeyLoaded3);
                Assert.AreNotEqual(publicKey2, publicKeyLoaded3);
            }
            finally
            {
                AsymmetricEncryption.DeletePublicKeyFromKeystore(correctKeystore, correctKeyContainerName);
                Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, correctKeyContainerName));

                // Confirm the delete can be done redundantly without negative effect
                AsymmetricEncryption.DeletePublicKeyFromKeystore(correctKeystore, correctKeyContainerName);

                Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, correctKeyContainerName));
                Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, correctKeyContainerName));
                Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, wrongKeyContainerName));
                Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, wrongKeyContainerName));
            }
        }