Beispiel #1
0
        public static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg)
        {
            // Check the arguments.
            if (Doc == null)
            {
                throw new ArgumentNullException("Doc");
            }
            if (Alg == null)
            {
                throw new ArgumentNullException("Alg");
            }

            // Find the EncryptedData element in the XmlDocument.
            // <snippet10>
            XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;

            // </snippet10>

            // If the EncryptedData element was not found, throw an exception.
            if (encryptedElement == null)
            {
                throw new XmlException("The EncryptedData element was not found.");
            }


            // Create an EncryptedData object and populate it.
            // <snippet11>
            EncryptedData edElement = new EncryptedData();

            edElement.LoadXml(encryptedElement);
            // </snippet11>

            // Create a new EncryptedXml object.
            // <snippet12>
            EncryptedXml exml = new EncryptedXml();


            // Decrypt the element using the symmetric key.
            byte[] rgbOutput = exml.DecryptData(edElement, Alg);
            // </snippet12>

            // Replace the encryptedData element with the plaintext XML element.
            // <snippet13>
            exml.ReplaceData(encryptedElement, rgbOutput);
            // </snippet13>
        }
Beispiel #2
0
        public void RsaDecryption(string resourceName)
        {
            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;
            string originalXml;

            using (Stream stream = LoadResourceStream(resourceName))
                using (StreamReader streamReader = new StreamReader(stream))
                {
                    originalXml = streamReader.ReadToEnd();
                    doc.LoadXml(originalXml);
                }

            EncryptedXml encxml = new EncryptedXml(doc);

            using (RSA rsa = new X509Certificate2(Convert.FromBase64String(SamplePfx), "mono").GetRSAPrivateKey())
            {
                Assert.NotNull(rsa);

                XmlNamespaceManager nm = new XmlNamespaceManager(doc.NameTable);
                nm.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope");
                nm.AddNamespace("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
                nm.AddNamespace("e", EncryptedXml.XmlEncNamespaceUrl);
                XmlElement   el   = doc.SelectSingleNode("/s:Envelope/s:Header/o:Security/e:EncryptedKey", nm) as XmlElement;
                EncryptedKey ekey = new EncryptedKey();
                ekey.LoadXml(el);
                byte[] key = rsa.Decrypt(ekey.CipherData.CipherValue, RSAEncryptionPadding.OaepSHA1);
                using (Aes aes = Aes.Create())
                {
                    aes.Key  = key;
                    aes.Mode = CipherMode.CBC;
                    List <XmlElement> elements = new List <XmlElement>();
                    foreach (XmlElement encryptedDataElement in doc.SelectNodes("//e:EncryptedData", nm))
                    {
                        elements.Add(encryptedDataElement);
                    }
                    foreach (XmlElement encryptedDataElement in elements)
                    {
                        EncryptedData edata = new EncryptedData();
                        edata.LoadXml(encryptedDataElement);
                        encxml.ReplaceData(encryptedDataElement, encxml.DecryptData(edata, aes));
                    }
                }
            }
        }
Beispiel #3
0
        private void DecryptData(byte[] symmetricKey)
        {
            using (Aes cipher = new AesCryptoServiceProvider())
            {
                var dataElement   = (XmlElement)(document.GetElementsByTagName("EncryptedData", manager.LookupNamespace("xenc"))[0]);
                var encryptedData = new EncryptedData();
                encryptedData.LoadXml(dataElement);
                if (encryptedData.EncryptionMethod == null || !encryptedData.EncryptionMethod.KeyAlgorithm.Equals(EncryptedXml.XmlEncAES256Url))
                {
                    throw new SecurityException("Illegal symmetric encryption algorithm used");
                }

                cipher.Key = symmetricKey;
                var encryptedXml  = new EncryptedXml();
                var decryptedData = encryptedXml.DecryptData(encryptedData, cipher);
                encryptedXml.ReplaceData(dataElement, decryptedData);
            }
        }
Beispiel #4
0
        public void Sample2()
        {
            using (Aes aes = Aes.Create())
            {
                aes.Mode    = CipherMode.CBC;
                aes.KeySize = 256;
                aes.Key     = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
                aes.Padding = PaddingMode.Zeros;

                XmlDocument doc = new XmlDocument();
                doc.PreserveWhitespace = true;
                doc.Load(LoadResourceStream("System.Security.Cryptography.Xml.Tests.EncryptedXmlSample2.xml"));
                EncryptedXml  encxml = new EncryptedXml(doc);
                EncryptedData edata  = new EncryptedData();
                edata.LoadXml(doc.DocumentElement);
                encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes));
            }
        }
Beispiel #5
0
        public static bool DecryptXmlNode(XmlElement encryptedElement, SymmetricAlgorithm salgKey)
        {
            try
            {
                EncryptedData edElement = new EncryptedData();
                edElement.LoadXml(encryptedElement);

                EncryptedXml eXml      = new EncryptedXml();
                byte[]       rgbOutput = eXml.DecryptData(edElement, salgKey);

                eXml.ReplaceData(encryptedElement, rgbOutput);
                return(true);
            }
            catch (System.Exception ex)
            {
            }
            return(false);
        }
Beispiel #6
0
        protected virtual void DecryptElement(
            XmlElement element)
        {
            if (element == null)
            {
                throw new ArgumentNullException(nameof(element));
            }

            var encryptedElement = new EncryptedData();

            encryptedElement.LoadXml(element);

            var encryptedXml = new EncryptedXml();

            encryptedXml.ReplaceData(
                element,
                encryptedXml.DecryptData(encryptedElement, Symmetric));
        }
Beispiel #7
0
        private bool TryReadEncryptedData(out EncryptedData encryptedData)
        {
            if (!InnerReader.IsStartElement("EncryptedData", EncryptedXml.XmlEncNamespaceUrl))
            {
                return(Out.False(out encryptedData));
            }

            var xml      = InnerReader.ReadOuterXml();
            var document = new XmlDocument();

            document.LoadXml(xml);
            var data = new EncryptedData();

            data.LoadXml(document.DocumentElement);

            encryptedData = data;
            return(true);
        }
Beispiel #8
0
        public static void Decrypt(XmlDocument doc, SymmetricAlgorithm key)
        {
            // Create an EncryptedData object and populate it.
            EncryptedData edElement = new EncryptedData();

            // Create a new EncryptedXml object.
            EncryptedXml exml = new EncryptedXml();

            // Find the EncryptedData element in the XmlDocument.
            XmlElement encryptedElement = doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;

            edElement.LoadXml(encryptedElement as XmlElement);

            // Decrypt the element using the symmetric key.
            byte[] rgbOutput = exml.DecryptData(edElement, key);
            // Replace the encryptedData element with the plaintext XML element.
            exml.ReplaceData(encryptedElement, rgbOutput);
        }
Beispiel #9
0
        /// <summary>
        /// Decrypts a saml element.
        /// </summary>
        /// <param name="samlElement">Saml element.</param>
        /// <param name="namespaceManager">Namespace manager.</param>
        /// <param name="signingCertificate">Certificate used to decrypt the element.</param>
        /// <returns>Decrypted consumer.</returns>
        public static Consumer DecryptSaml(
            this XmlElement samlElement,
            XmlNamespaceManager namespaceManager,
            X509Certificate2 signingCertificate)
        {
            var encryptedNodesList = samlElement.GetElementsByTagName(
                "EncryptedData",
                XmlNamespaces.XMLEncryptionSyntax);

            var attributes   = new Dictionary <string, string>();
            var encryptedXml = new EncryptedXml();

            foreach (XmlElement node in encryptedNodesList)
            {
                var encryptedData = new EncryptedData();
                encryptedData.LoadXml(node);

                var plaintext = encryptedXml.DecryptData(
                    encryptedData,
                    node.ExtractSessionKey(
                        namespaceManager,
                        signingCertificate));

                var newNode = XDocument
                              .Parse(Encoding.UTF8.GetString(plaintext))
                              .Root;

                var name = newNode.Attribute("Name")?.Value ??
                           newNode.LastAttribute.Value;

                var localName = newNode.Name.LocalName;
                if (localName == "NameID")
                {
                    name = $"urn:nl:bvn:bankid:1.0:consumer.{localName}";
                }

                attributes.Add(name, newNode.Value);
            }

            return(new Consumer {
                Attributes = attributes
            });
        }
Beispiel #10
0
        public void Sample2()
        {
            using (Aes aes = Aes.Create())
            {
                aes.Mode    = CipherMode.CBC;
                aes.KeySize = 256;
                // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")]
                aes.Key     = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
                aes.Padding = PaddingMode.Zeros;

                XmlDocument doc = new XmlDocument();
                doc.PreserveWhitespace = true;
                doc.Load(TestHelpers.LoadResourceStream("System.Security.Cryptography.Xml.Tests.EncryptedXmlSample2.xml"));
                EncryptedXml  encxml = new EncryptedXml(doc);
                EncryptedData edata  = new EncryptedData();
                edata.LoadXml(doc.DocumentElement);
                encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes));
            }
        }
Beispiel #11
0
        public void Sample2()
        {
            RijndaelManaged aes = new RijndaelManaged();

            aes.Mode    = CipherMode.CBC;
            aes.KeySize = 256;
            aes.Key     = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
            aes.Padding = PaddingMode.Zeros;

            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;
            doc.Load(TestResourceHelper.GetFullPathOfResource("Test/System.Security.Cryptography.Xml/EncryptedXmlSample2.xml"));
            EncryptedXml  encxml = new EncryptedXml(doc);
            EncryptedData edata  = new EncryptedData();

            edata.LoadXml(doc.DocumentElement);
            encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes));
        }
Beispiel #12
0
        private void DecryptDocument(X509Certificate2 decryptionSertificate)
        {
            var encryptedNode =
                ResponseContainer.EncryptedBody;

            if (encryptedNode == null)
            {
                return;
            }

            var encryptedXml  = new EncryptedXml(ResponseContainer.Envelope);
            var encryptedData = new EncryptedData();

            encryptedData.LoadXml(encryptedNode);

            var aes = AesManaged(decryptionSertificate);

            encryptedXml.ReplaceData(encryptedNode, encryptedXml.DecryptData(encryptedData, aes));
        }
Beispiel #13
0
        public bool DecryptBody(XmlDocument xmlDoc)
        {
            Algorithm                keyEncryptionAlgorithm = _soapEnvelopeConfiguration.ApplyElement(Direction.Incoming, Usage.KeyEncryption).Algorithm;
            X509Certificate2         cert = _certstore.ClientEncryptionCertificate();
            RSACryptoServiceProvider privateKeyProvider = (RSACryptoServiceProvider)cert.PrivateKey;

            // Get encrypted key
            var encryptedKeyNodes = xmlDoc.GetElementsByTagName("xenc:EncryptedKey");

            if (encryptedKeyNodes.Count == 0)
            {
                return(false);
            }

            var          encryptedKeyElement = encryptedKeyNodes[0] as XmlElement;
            EncryptedKey encKey = new EncryptedKey();

            encKey.LoadXml(encryptedKeyElement);

            // Decrypt key
            bool useOaep;

            encKey.EncryptionMethod = CalculateEncryptedKey(keyEncryptionAlgorithm, out useOaep);
            var decryptedKey = EncryptedXml.DecryptKey(encKey.CipherData.CipherValue, privateKeyProvider, useOaep);

            // Create tripledes key
            var sessionKey = TripleDES.Create();

            sessionKey.Key = decryptedKey;

            // Get encrypted data
            XmlElement    encryptedElement = xmlDoc.GetElementsByTagName("xenc:EncryptedData")[0] as XmlElement;
            EncryptedData edElement        = new EncryptedData();

            edElement.LoadXml(encryptedElement);

            EncryptedXml exml          = new EncryptedXml(xmlDoc);
            var          decryptedData = exml.DecryptData(edElement, sessionKey);

            exml.ReplaceData(encryptedElement, decryptedData);
            return(true);
        }
Beispiel #14
0
        public string Decrypt(string cxFileName)
        {
            var Doc = cipherXmlDoc_;

            Doc.Load(cxFileName);
            SymmetricAlgorithm Alg = rijndaelManaged_;

            // Check the arguments.
            if (Doc == null)
            {
                throw new ArgumentNullException("Doc");
            }
            if (Alg == null)
            {
                throw new ArgumentNullException("Alg");
            }

            // Find the EncryptedData element in the XmlDocument.
            XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;

            // If the EncryptedData element was not found, throw an exception.
            if (encryptedElement == null)
            {
                throw new XmlException("The EncryptedData element was not found.");
            }

            // Create an EncryptedData object and populate it.
            EncryptedData edElement = new EncryptedData();

            edElement.LoadXml(encryptedElement);

            // Create a new EncryptedXml object.
            EncryptedXml exml = new EncryptedXml();

            // Decrypt the element using the symmetric key.
            byte[] rgbOutput = exml.DecryptData(edElement, Alg);

            // Replace the encryptedData element with the plaintext XML element.
            exml.ReplaceData(encryptedElement, rgbOutput);

            return(Doc.InnerXml);
        }
Beispiel #15
0
        /// <summary>
        /// Decrypt document
        /// </summary>
        /// <param name="Doc">XmlDocument to decrypt</param>
        /// <param name="Alg">Encryption key to use</param>
        private static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg)
        {
            // Check the arguments.
            if (Doc == null)
            {
                throw new ArgumentNullException("Doc");
            }
            if (Alg == null)
            {
                throw new ArgumentNullException("Alg");
            }

            // Find the EncryptedData element in the XmlDocument.
            //XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;
            XmlNodeList lst = Doc.GetElementsByTagName("EncryptedData");

            for (int i = lst.Count - 1; i >= 0; i--)
            {
                XmlElement encryptedElement = (XmlElement)lst[i];

                // If the EncryptedData element was not found, throw an exception.
                if (encryptedElement == null)
                {
                    throw new XmlException("The EncryptedData element was not found.");
                }


                // Create an EncryptedData object and populate it.
                EncryptedData edElement = new EncryptedData();
                edElement.LoadXml(encryptedElement);

                // Create a new EncryptedXml object.
                EncryptedXml exml = new EncryptedXml();


                // Decrypt the element using the symmetric key.
                byte[] rgbOutput = exml.DecryptData(edElement, Alg);

                // Replace the encryptedData element with the plaintext XML element.
                exml.ReplaceData(encryptedElement, rgbOutput);
            }
        }
Beispiel #16
0
            private static void DecryptXmlElement(XmlDocument Doc, SymmetricAlgorithm Alg)
            {
                if (Doc == null || Alg == null)
                {
                    throw new ArgumentNullException("NullArg");
                }
                XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;

                if (encryptedElement == null)
                {
                    throw new XmlException("The EncryptedData element was not found.");
                }
                EncryptedData edElement = new EncryptedData();

                edElement.LoadXml(encryptedElement);
                EncryptedXml exml = new EncryptedXml();

                byte[] rgbOutput = exml.DecryptData(edElement, Alg);
                exml.ReplaceData(encryptedElement, rgbOutput);
            }
Beispiel #17
0
        public void Sample2()
        {
            var aes     = CipherUtilities.GetCipher("AES/CBC/ZEROBYTEPADDING");
            var random  = new SecureRandom();
            var ivdata  = new byte[aes.GetBlockSize()];
            var keydata = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");

            random.NextBytes(ivdata);
            var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);

            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;
            doc.Load(TestHelpers.LoadResourceStream("Org.BouncyCastle.Crypto.Xml.Tests.EncryptedXmlSample2.xml"));
            EncryptedXml  encxml = new EncryptedXml(doc);
            EncryptedData edata  = new EncryptedData();

            edata.LoadXml(doc.DocumentElement);
            encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, param));
        }
Beispiel #18
0
        public void ReplaceData2NonDocumentElementTest()
        {
            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;
            doc.LoadXml(InputXml);

            using (Rijndael aes = new RijndaelManaged())
            {
                aes.GenerateKey();
                aes.GenerateIV();

                // Encrypt the XML document
                EncryptedXml encryptedXml = new EncryptedXml(doc);
                encryptedXml.AddKeyNameMapping("key", aes);

                XmlElement    secretElement = doc.GetElementsByTagName("child")[0] as XmlElement;
                EncryptedData encrypted     = encryptedXml.Encrypt(secretElement, "key");
                EncryptedXml.ReplaceElement(secretElement, encrypted, false);

                // Decrypt it back
                XmlElement encryptedElement = doc.GetElementsByTagName("EncryptedData", EncryptedXml.XmlEncNamespaceUrl)[0] as XmlElement;

                EncryptedData encryptedData = new EncryptedData();
                encryptedData.LoadXml(encryptedElement);

                EncryptedXml decryptXml = new EncryptedXml(doc);
                decryptXml.AddKeyNameMapping("key", aes);

                byte[] decryptedData = decryptXml.DecryptData(encryptedData,
                                                              decryptXml.GetDecryptionKey(encryptedData, null));
                decryptXml.ReplaceData2(encryptedElement, decryptedData);
            }

            // Now that we've encrypted and decrypted the data, ensure that we have both the XML
            // declaration, and the root node in place.
            Assert.IsTrue(doc.FirstChild.NodeType == XmlNodeType.XmlDeclaration);
            Assert.AreEqual("root", doc.FirstChild.NextSibling.Name);
            Assert.AreEqual(InputXml, doc.OuterXml);
        }
Beispiel #19
0
        // Расшифрование узла XML документа на симметричном ключе
        private static void Decrypt(string srcName, string destName, SymmetricAlgorithm Alg)
        {
            // Создаем новый объект xml документа.
            XmlDocument xmlDoc = new XmlDocument();

            // Пробельные символы участвуют в вычислении подписи и должны быть сохранены для совместимости с другими реализациями.
            xmlDoc.PreserveWhitespace = true;

            // Загружаем в объект созданный XML документ.
            xmlDoc.Load(srcName);

            // Ищем узел для расшифрования.
            XmlElement encryptedElement = xmlDoc.GetElementsByTagName(
                "EncryptedData")[0] as XmlElement;

            if (encryptedElement == null)
            {
                throw new XmlException("Узел EncryptedData не найден");
            }

            // Создаем объект EncryptedData.
            EncryptedData edElement = new EncryptedData();

            // и загружаем в него зашифрованный узел
            edElement.LoadXml(encryptedElement);

            // Создаем объект EncryptedXml
            EncryptedXml exml = new EncryptedXml();

            // Расшифровываем элемент используя
            // симметричный ключ.
            byte[] rgbOutput = exml.DecryptData(edElement, Alg);

            // Заменяем зашифрованный узел расшифрованным
            exml.ReplaceData(encryptedElement, rgbOutput);

            // Сохраняем расшифрованный документ.
            xmlDoc.Save(destName);
        }
Beispiel #20
0
        public void DecryptIfNeeded(X509Certificate2 spCert)
        {
            if (spCert == null)
            {
                throw new ArgumentNullException(nameof(spCert));
            }

            var responseNode           = SelectSingleNode("/samlp:Response");
            var encryptedAssertionNode = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion");

            if (encryptedAssertionNode != null)
            {
                var encryptedDataNode            = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion/xenc:EncryptedData");
                var encryptionMethodAlgorithm    = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion/xenc:EncryptedData/xenc:EncryptionMethod")?.Attributes["Algorithm"]?.Value;
                var encryptionMethodKeyAlgorithm = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion/xenc:EncryptedData/ds:KeyInfo/e:EncryptedKey/e:EncryptionMethod")?.Attributes["Algorithm"]?.Value;
                var cypherText = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion/xenc:EncryptedData/ds:KeyInfo/e:EncryptedKey/e:CipherData/e:CipherValue")?.InnerText;

                var key = Rijndael.Create(encryptionMethodAlgorithm);
                key.Key = EncryptedXml.DecryptKey(
                    Convert.FromBase64String(cypherText),
                    (RSA)spCert.PrivateKey,
                    useOAEP: encryptionMethodKeyAlgorithm == EncryptedXml.XmlEncRSAOAEPUrl
                    );

                var encryptedXml  = new EncryptedXml();
                var encryptedData = new EncryptedData();
                encryptedData.LoadXml((XmlElement)encryptedDataNode);

                var plaintext = encryptedXml.DecryptData(encryptedData, key);
                var xmlString = Encoding.UTF8.GetString(plaintext);

                var tempDoc = new XmlDocument();
                tempDoc.LoadXml(xmlString);

                var importNode = responseNode.OwnerDocument.ImportNode(tempDoc.DocumentElement, true);
                responseNode.ReplaceChild(importNode, encryptedAssertionNode);
            }
        }
Beispiel #21
0
        public static String DecryptXML(String xml, SymmetricAlgorithm key = null)
        {
            if (String.IsNullOrEmpty(xml))
            {
                throw new ArgumentNullException("xml");
            }

            if (key == null)
            {
                key = DefaultCryptographyKey;
            }

            var xmlDoc    = default(XmlDocument);
            var element   = default(XmlElement);
            var edElement = default(EncryptedData);
            var exml      = default(EncryptedXml);
            var rgbOutput = default(Byte[]);

            xmlDoc = new XmlDocument();
            xmlDoc.LoadXml(xml);

            element = xmlDoc.DocumentElement;

            // Create an EncryptedData object and populate it.
            edElement = new EncryptedData();

            Contract.Assert(element != null, "element != null");
            edElement.LoadXml(element);
            // Create a new EncryptedXml object.
            exml = new EncryptedXml();

            // Decrypt the element using the symmetric key.
            rgbOutput = exml.DecryptData(edElement, key);
            // Replace the encryptedData element with the plaintext XML element.
            exml.ReplaceData(element, rgbOutput);

            return(xmlDoc.OuterXml);
        }
Beispiel #22
0
        public static XmlDocument DecryptAssertion(XmlDocument responseWithEncryptedAssertion)
        {
            XmlElement    encryptedDataElement = (XmlElement)responseWithEncryptedAssertion.GetElementsByTagName("EncryptedData", "http://www.w3.org/2001/04/xmlenc#")[0];
            EncryptedData encryptedData        = new EncryptedData();

            encryptedData.LoadXml(encryptedDataElement);

            var sessionKey = ExtractSessionKey(encryptedDataElement, encryptedData?.EncryptionMethod?.KeyAlgorithm ?? String.Empty);

            EncryptedXml encryptedXml = new EncryptedXml();

            byte[] assertionBytes = encryptedXml.DecryptData(encryptedData, sessionKey);

            XmlDocument assertionXml = new XmlDocument
            {
                XmlResolver        = null,
                PreserveWhitespace = true
            };

            assertionXml.Load(new StringReader(Encoding.UTF8.GetString(assertionBytes)));

            return(assertionXml);
        }
Beispiel #23
0
    static void InspectElement(XmlDocument Doc)
    {
        // Get the EncryptedData element from the XMLDocument object.
        XmlElement encryptedData = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;

        // Create a new EncryptedData object.
        EncryptedData encData = new EncryptedData();

        // Load the XML from the document to
        // initialize the EncryptedData object.
        encData.LoadXml(encryptedData);

        // Display the properties.
        // Most values are Null by default.

        Console.WriteLine("EncryptedData.CipherData: " + encData.CipherData.GetXml().InnerXml);
        Console.WriteLine("EncryptedData.Encoding: " + encData.Encoding);
        Console.WriteLine("EncryptedData.EncryptionMethod: " + encData.EncryptionMethod.GetXml().InnerXml);

        EncryptionPropertyCollection encPropCollection = encData.EncryptionProperties;

        Console.WriteLine("Number of elements in the EncryptionPropertyCollection: " + encPropCollection.Count);
        //encPropCollection.

        foreach (EncryptionProperty encProp in encPropCollection)
        {
            Console.WriteLine("EncryptionProperty.ID: " + encProp.Id);
            Console.WriteLine("EncryptionProperty.PropertyElement: " + encProp.PropertyElement.InnerXml);
            Console.WriteLine("EncryptionProperty.Target: " + encProp.Target);
        }



        Console.WriteLine("EncryptedData.Id: " + encData.Id);
        Console.WriteLine("EncryptedData.KeyInfo: " + encData.KeyInfo.GetXml().InnerXml);
        Console.WriteLine("EncryptedData.MimeType: " + encData.MimeType);
    }
Beispiel #24
0
        private static XmlDocument DecryptXmlDocument(XmlDocument encryptedXmlDocument)
        {
            // Создание объекта для дешифрации XML
            var encryptedXml = new GostEncryptedXml(encryptedXmlDocument);

            var nsManager = new XmlNamespaceManager(encryptedXmlDocument.NameTable);

            nsManager.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl);

            // Поиск всех зашифрованных XML-элементов
            var encryptedDataList = encryptedXmlDocument.SelectNodes("//enc:EncryptedData", nsManager);

            if (encryptedDataList != null)
            {
                foreach (XmlElement encryptedData in encryptedDataList)
                {
                    // Загрузка элемента EncryptedData
                    var elementEncryptedData = new EncryptedData();
                    elementEncryptedData.LoadXml(encryptedData);

                    // Извлечение симметричный ключ для расшифровки элемента EncryptedData
                    var sessionKey = GetDecryptionKey(elementEncryptedData);

                    if (sessionKey != null)
                    {
                        // Расшифровка элемента EncryptedData
                        var decryptedData = encryptedXml.DecryptData(elementEncryptedData, sessionKey);

                        // Замена элемента EncryptedData его расшифрованным представлением
                        encryptedXml.ReplaceData(encryptedData, decryptedData);
                    }
                }
            }

            return(encryptedXmlDocument);
        }
Beispiel #25
0
        public static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg)
        {
            XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;

            // If the EncryptedData element was not found, throw an exception.
            if (encryptedElement == null)
            {
                throw new XmlException("The EncryptedData element was not found.");
            }

            // Create an EncryptedData object and populate it.
            EncryptedData edElement = new EncryptedData();

            edElement.LoadXml(encryptedElement);

            // Create a new EncryptedXml object.
            EncryptedXml exml = new EncryptedXml();

            // Decrypt the element using the symmetric key.
            byte[] rgbOutput = exml.DecryptData(edElement, Alg);

            // Replace the encryptedData element with the plaintext XML element.
            exml.ReplaceData(encryptedElement, rgbOutput);
        }
Beispiel #26
0
        public static (OuterContainer ContainerOuter, InnerContainer ContainerInner, byte[] Key) DecryptOuterContainer(byte[] fileBytes, string password)
        {
            byte[] outerContainerBytes;

            try
            {
                outerContainerBytes = Shared.Utility.Decompress(fileBytes);
            }
            catch (Exception ex)
            {
                throw new Exception(string.Format("failed to decompress (corrupted or not a valid container file): {0}", ex.Message));
            }

            XmlDocument outerContainerXml = new XmlDocument();

            outerContainerXml.LoadXml(Encoding.UTF8.GetString(outerContainerBytes));

            string version;

            try
            {
                version = outerContainerXml.SelectSingleNode("/OuterContainer/@version").Value;
            }
            catch (Exception ex)
            {
                throw new Exception(string.Format("unable to read /OuterContainer/@version: {0}", ex.Message));
            }

            Version parsedVersion = new Version(version);

            if (parsedVersion.Major != 1)
            {
                throw new Exception(string.Format("outer container version too new (this container was written on a newer software version) - expected 1, got {0}", parsedVersion.Major));
            }

            OuterContainer outerContainer = new OuterContainer();

            string outerVersion = "1.0";

            outerContainer.Version       = outerVersion;
            outerContainer.KeyDerivation = new KeyDerivation();

            byte[] key;

            string derivationAlgorithm;

            try
            {
                derivationAlgorithm = outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/DerivationAlgorithm").InnerText;
            }
            catch (Exception ex)
            {
                throw new Exception(string.Format("invalid KeyDerivation DerivationAlgorithm: {0}", ex.Message));
            }

            outerContainer.KeyDerivation.DerivationAlgorithm = derivationAlgorithm;

            if (derivationAlgorithm == "PBKDF2")
            {
                string hashAlgorithm;

                try
                {
                    hashAlgorithm = outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/HashAlgorithm").InnerText;
                }
                catch (Exception ex)
                {
                    throw new Exception(string.Format("invalid KeyDerivation HashAlgorithm: {0}", ex.Message));
                }

                outerContainer.KeyDerivation.HashAlgorithm = hashAlgorithm;

                byte[] salt;

                try
                {
                    salt = Convert.FromBase64String(outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/Salt").InnerText);
                }
                catch (Exception ex)
                {
                    throw new Exception(string.Format("invalid KeyDerivation Salt: {0}", ex.Message));
                }

                outerContainer.KeyDerivation.Salt = salt;

                int iterationCount;

                try
                {
                    iterationCount = Convert.ToInt32(outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/IterationCount").InnerText);
                }
                catch (Exception ex)
                {
                    throw new Exception(string.Format("invalid KeyDerivation IterationCount: {0}", ex.Message));
                }

                outerContainer.KeyDerivation.IterationCount = iterationCount;

                int keyLength;

                try
                {
                    keyLength = Convert.ToInt32(outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/KeyLength").InnerText);
                }
                catch (Exception ex)
                {
                    throw new Exception(string.Format("invalid KeyDerivation KeyLength: {0}", ex.Message));
                }

                outerContainer.KeyDerivation.KeyLength = keyLength;

                key = Pbkdf2DeriveKeyFromPassword(password, salt, iterationCount, hashAlgorithm, keyLength);
            }
            else
            {
                throw new Exception(string.Format("unsupported KeyDerivation DerivationAlgorithm: {0}", derivationAlgorithm));
            }

            outerContainer.EncryptedDataPlaceholder = "placeholder";

            XmlElement encryptedDataElement = outerContainerXml.GetElementsByTagName("EncryptedData")[0] as XmlElement;

            if (encryptedDataElement == null)
            {
                throw new Exception("unable to find EncryptedData");
            }

            EncryptedData encryptedData = new EncryptedData();

            encryptedData.LoadXml(encryptedDataElement);

            EncryptedXml encryptedXml = new EncryptedXml();

            byte[] innerContainerBytes;

            using (AesCryptoServiceProvider aesCsp = new AesCryptoServiceProvider())
            {
                aesCsp.KeySize = 256;            // critical security parameter
                aesCsp.Key     = key;            // critical security parameter
                aesCsp.Mode    = CipherMode.CBC; // critical security parameter
                aesCsp.GenerateIV();             // critical security parameter

                try
                {
                    innerContainerBytes = encryptedXml.DecryptData(encryptedData, aesCsp);
                }
                catch (Exception ex)
                {
                    throw new Exception(string.Format("unable to decrypt InnerContainer (check password): {0}", ex.Message));
                }
            }

            XmlDocument innerContainerXml = new XmlDocument();

            try
            {
                innerContainerXml.LoadXml(Encoding.UTF8.GetString(innerContainerBytes));
            }
            catch (Exception ex)
            {
                throw new Exception(string.Format("unable to parse InnerContainer (check password): {0}", ex.Message));
            }

            string innerReadVersion;

            try
            {
                innerReadVersion = innerContainerXml.SelectSingleNode("/InnerContainer/@version").Value;
            }
            catch (Exception ex)
            {
                throw new Exception(string.Format("unable to read /InnerContainer/@version: {0}", ex.Message));
            }

            Version innerReadVersionParsed = new Version(innerReadVersion);

            if (innerReadVersionParsed.Major != 1)
            {
                throw new Exception(string.Format("inner container version too new (this container was written on a newer software version) - expected 1, got {0}", innerReadVersionParsed.Major));
            }

            InnerContainer innerContainer;

            using (XmlReader xmlReader = new XmlNodeReader(innerContainerXml))
            {
                try
                {
                    innerContainer = (InnerContainer) new XmlSerializer(typeof(InnerContainer)).Deserialize(xmlReader);
                }
                catch (Exception ex)
                {
                    throw new Exception(string.Format("unable to deserialize InnerContainer: {0}", ex.Message));
                }
            }

            return(outerContainer, innerContainer, key);
        }
Beispiel #27
0
        /// <summary>
        /// Gets the assertion.
        /// </summary>
        /// <param name="idpSamlResponseToken">The idp saml response token.</param>
        /// <param name="options">The options.</param>
        /// <returns></returns>
        /// <exception cref="Exception">Missing assertion
        /// or
        /// Unable to parse the decrypted assertion.</exception>
        /// <exception cref="System.Exception">Missing assertion
        /// or
        /// Unable to parse the decrypted assertion.</exception>
        public string GetAssertion(ResponseType idpSamlResponseToken, Saml2Options options)
        {
            string token;
            string xmlTemplate;
            var    assertion = idpSamlResponseToken.Items[0];

            if (assertion == null)
            {
                throw new Exception("Missing assertion");
            }

            //check if its a decrypted assertion
            if (assertion.GetType() == typeof(EncryptedElementType))
            {
                EncryptedElementType encryptedElement = (EncryptedElementType)assertion;
                SymmetricAlgorithm   sessionKey;

                if (encryptedElement.EncryptedData.EncryptionMethod != null)
                {
                    sessionKey = ExtractSessionKey(encryptedElement, options.ServiceProvider.X509Certificate2.PrivateKey);

                    var           encryptedXml  = new EncryptedXml();
                    XmlSerializer xmlSerializer = new XmlSerializer(typeof(EncryptedDataType));
                    using (MemoryStream memStm = new MemoryStream())
                    {
                        xmlSerializer.Serialize(memStm, encryptedElement.EncryptedData);
                        memStm.Position = 0;
                        xmlTemplate     = new StreamReader(memStm).ReadToEnd();
                    }

                    var doc = new XmlDocument();
                    doc.PreserveWhitespace = true;
                    doc.LoadXml(xmlTemplate);
                    var t             = doc.GetElementsByTagName("EncryptedData");
                    var encryptedData = new EncryptedData();
                    encryptedData.LoadXml((XmlElement)t[0]);

                    byte[] plaintext = encryptedXml.DecryptData(encryptedData, sessionKey);
                    token = Encoding.UTF8.GetString(plaintext);
                    return(token);
                }
            }
            else
            {
                XmlSerializer xmlSerializer = new XmlSerializer(typeof(AssertionType));
                using (MemoryStream memStm = new MemoryStream())
                {
                    xmlSerializer.Serialize(memStm, assertion);
                    memStm.Position = 0;
                    xmlTemplate     = new StreamReader(memStm).ReadToEnd();
                }

                var doc = new XmlDocument();
                doc.PreserveWhitespace = false;
                doc.LoadXml(xmlTemplate);

                string request = doc.OuterXml;
                return(request);
            }
            throw new Exception("Unable to parse the decrypted assertion.");
        }
Beispiel #28
0
        protected override void DecryptElement(XmlElement element, string password)
        {
            var saltXmlAttribute = XmlHelpers.GetAttributeNode(element, "Salt");

            if (string.IsNullOrEmpty(saltXmlAttribute?.Value))
            {
                throw new InvalidXmlException($"Encrypted node {element.Name} does not contain required Attribute \"Salt\"", element);
            }
            byte[] rgbSalt;
            try
            {
                rgbSalt = Convert.FromBase64String(saltXmlAttribute.Value);
            }
            catch (FormatException)
            {
                throw new InvalidXmlException($"Invalid value of Attribute \"Salt\" ({saltXmlAttribute.Value}) in encrypted node {element.Name} ", element);
            }
            var ivXmlAttribute = XmlHelpers.GetAttributeNode(element, "IV");

            if (string.IsNullOrEmpty(ivXmlAttribute?.Value))
            {
                throw new InvalidXmlException($"Encrypted node {element.Name} does not contain required Attribute \"IV\"", element);
            }
            byte[] numArray;
            try
            {
                numArray = Convert.FromBase64String(ivXmlAttribute.Value);
            }
            catch (FormatException)
            {
                throw new InvalidXmlException($"Invalid value of Attribute \"IV\" ({ivXmlAttribute.Value}) in encrypted node {element.Name} ", element);
            }
            var cryptoServiceProvider = new TripleDESCryptoServiceProvider {
                IV = numArray
            };

            var passwordDeriveBytes = new PasswordDeriveBytes(password, rgbSalt);

            var encryptedData = new EncryptedData();

            encryptedData.LoadXml(element);


            cryptoServiceProvider.Key = passwordDeriveBytes.CryptDeriveKey("TripleDES", "SHA1", 192,
                                                                           cryptoServiceProvider.IV);

            // weird edge case - if this is a parameter value, then it must replace one more parent level up
            var elementToReplace = element.ParentNode?.Name == "DTS:Property" && (element.ParentNode as XmlElement) != null && element.ParentNode?.ParentNode?.Name == "DTS:PackageParameter"
                ? (XmlElement)element.ParentNode
                : element;

            var exml = new EncryptedXml();

            try
            {
                var output = exml.DecryptData(encryptedData, cryptoServiceProvider);
                exml.ReplaceData(elementToReplace, output);
            }
            catch (CryptographicException)
            {
                throw new InvalidPaswordException();
            }
        }
Beispiel #29
0
 public void Decrypt(string xmlFileName)
 {
     TripleDESCryptoServiceProvider encryptionKey = new TripleDESCryptoServiceProvider();
     encryptionKey.Key = UTF8Encoding.UTF8.GetBytes("");  // your salt value
     XmlDocument document = new XmlDocument();
     document.Load(xmlFileName);
     XmlElement encOrderElem = document.GetElementsByTagName("EncryptedData")[0] as XmlElement;
     EncryptedData encData = new EncryptedData();
     encData.LoadXml(encOrderElem);
     EncryptedXml encryptedXml = new EncryptedXml();
     byte[] decryptedOrder = encryptedXml.DecryptData(encData, encryptionKey);
     encryptedXml.ReplaceData(encOrderElem, decryptedOrder);
     document.Save(xmlFileName);
 }
Beispiel #30
0
        XmlElement VerifyInput2(MessageBuffer buf)
        {
            Message      msg2 = buf.CreateMessage();
            StringWriter sw   = new StringWriter();

            using (XmlDictionaryWriter w = XmlDictionaryWriter.CreateDictionaryWriter(XmlWriter.Create(sw))) {
                msg2.WriteMessage(w);
            }
            XmlDocument doc = new XmlDocument();

            doc.PreserveWhitespace = true;
            doc.LoadXml(sw.ToString());

            // decrypt the key with service certificate privkey
            PaddingMode  mode   = PaddingMode.PKCS7;          // not sure which is correct ... ANSIX923, ISO10126, PKCS7, Zeros, None.
            EncryptedXml encXml = new EncryptedXml(doc);

            encXml.Padding = mode;
            X509Certificate2    cert2 = new X509Certificate2("Test/Resources/test.pfx", "mono");
            XmlNamespaceManager nsmgr = new XmlNamespaceManager(doc.NameTable);

            nsmgr.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope");
            nsmgr.AddNamespace("c", "http://schemas.xmlsoap.org/ws/2005/02/sc");
            nsmgr.AddNamespace("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd");
            nsmgr.AddNamespace("e", "http://www.w3.org/2001/04/xmlenc#");
            nsmgr.AddNamespace("dsig", "http://www.w3.org/2000/09/xmldsig#");
            XmlNode n = doc.SelectSingleNode("//o:Security/e:EncryptedKey/e:CipherData/e:CipherValue", nsmgr);

            Assert.IsNotNull(n, "premise: enckey does not exist");
            string raw = n.InnerText;

            byte [] rawbytes             = Convert.FromBase64String(raw);
            RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert2.PrivateKey;

            byte [] decryptedKey = EncryptedXml.DecryptKey(rawbytes, rsa, true);             //rsa.Decrypt (rawbytes, true);

#if false
            // create derived keys
            Dictionary <string, byte[]>  keys = new Dictionary <string, byte[]> ();
            InMemorySymmetricSecurityKey skey =
                new InMemorySymmetricSecurityKey(decryptedKey);
            foreach (XmlElement el in doc.SelectNodes("//o:Security/c:DerivedKeyToken", nsmgr))
            {
                n = el.SelectSingleNode("c:Offset", nsmgr);
                int offset = (n == null) ? 0 :
                             int.Parse(n.InnerText, CultureInfo.InvariantCulture);
                n = el.SelectSingleNode("c:Length", nsmgr);
                int length = (n == null) ? 32 :
                             int.Parse(n.InnerText, CultureInfo.InvariantCulture);
                n = el.SelectSingleNode("c:Label", nsmgr);
                byte [] label = (n == null) ? decryptedKey :
                                Convert.FromBase64String(n.InnerText);
                n = el.SelectSingleNode("c:Nonce", nsmgr);
                byte [] nonce = (n == null) ? new byte [0] :
                                Convert.FromBase64String(n.InnerText);
                byte [] derkey = skey.GenerateDerivedKey(
                    //SecurityAlgorithms.Psha1KeyDerivation,
                    "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1",
// FIXME: maybe due to the label, this key resolution somehow does not seem to work.
                    label,
                    nonce,
                    length * 8,
                    offset);

                keys [el.GetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")] = derkey;
            }
#endif

            // decrypt the signature with the decrypted key
#if true
            n = doc.SelectSingleNode("//o:Security/e:EncryptedData/e:CipherData/e:CipherValue", nsmgr);
            Assert.IsNotNull(n, "premise: encdata does not exist");
            raw      = n.InnerText;
            rawbytes = Convert.FromBase64String(raw);
            Rijndael aes = RijndaelManaged.Create();
//			aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
            aes.Key     = decryptedKey;
            aes.Mode    = CipherMode.CBC;
            aes.Padding = mode;
            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write);
            cs.Write(rawbytes, 0, rawbytes.Length);
            cs.Close();
            byte [] decryptedSignature = ms.ToArray();
#else
            Rijndael aes = RijndaelManaged.Create();
//			aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
            aes.Key     = decryptedKey;
            aes.Mode    = CipherMode.CBC;
            aes.Padding = mode;

            EncryptedData ed = new EncryptedData();
            n = doc.SelectSingleNode("//o:Security/e:EncryptedData", nsmgr);
            Assert.IsNotNull(n, "premise: encdata does not exist");
            ed.LoadXml(n as XmlElement);
            byte [] decryptedSignature = encXml.DecryptData(ed, aes);
#endif
//Console.Error.WriteLine (Encoding.UTF8.GetString (decryptedSignature));
//Console.Error.WriteLine ("============= Decrypted Signature End ===========");

            // decrypt the body with the decrypted key
#if true
            n = doc.SelectSingleNode("//s:Body/e:EncryptedData/e:CipherData/e:CipherValue", nsmgr);
            Assert.IsNotNull(n, "premise: encdata does not exist");
            raw      = n.InnerText;
            rawbytes = Convert.FromBase64String(raw);
//			aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
            aes.Key = decryptedKey;
            ms      = new MemoryStream();
            cs      = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write);
            cs.Write(rawbytes, 0, rawbytes.Length);
            cs.Close();
            byte [] decryptedBody = ms.ToArray();
#else
            // decrypt the body with the decrypted key
            EncryptedData ed2 = new EncryptedData();
            XmlElement    el  = doc.SelectSingleNode("/s:Envelope/s:Body/e:EncryptedData", nsmgr) as XmlElement;
            ed2.LoadXml(el);
//			aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)];
            aes.Key = decryptedKey;
            byte [] decryptedBody = encXml.DecryptData(ed2, aes);
#endif
//foreach (byte b in decryptedBody) Console.Error.Write ("{0:X02} ", b);
            Console.Error.WriteLine(Encoding.UTF8.GetString(decryptedBody));
            Console.Error.WriteLine("============= Decrypted Body End ===========");

            // FIXME: find out what first 16 bytes mean.
            for (int mmm = 0; mmm < 16; mmm++)
            {
                decryptedBody [mmm] = 0x20;
            }
            doc.LoadXml(Encoding.UTF8.GetString(decryptedBody));
            Assert.AreEqual("RequestSecurityToken", doc.DocumentElement.LocalName, "#b-1");
            Assert.AreEqual("http://schemas.xmlsoap.org/ws/2005/02/trust", doc.DocumentElement.NamespaceURI, "#b-2");

            return(doc.DocumentElement);
        }
Beispiel #31
0
        public void RoundtripSample1()
        {
            using (StringWriter sw = new StringWriter())
            {
                // Encryption
                {
                    XmlDocument doc = new XmlDocument();
                    doc.PreserveWhitespace = true;
                    doc.LoadXml("<root>  <child>sample</child>   </root>");

                    XmlElement body = doc.DocumentElement;

                    using (Aes aes = Aes.Create())
                    {
                        aes.Mode    = CipherMode.CBC;
                        aes.KeySize = 256;
                        aes.IV      = Convert.FromBase64String("pBUM5P03rZ6AE4ZK5EyBrw==");
                        aes.Key     = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
                        aes.Padding = PaddingMode.Zeros;

                        EncryptedXml  exml      = new EncryptedXml();
                        byte[]        encrypted = exml.EncryptData(body, aes, false);
                        EncryptedData edata     = new EncryptedData();
                        edata.Type             = EncryptedXml.XmlEncElementUrl;
                        edata.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
                        EncryptedKey ekey = new EncryptedKey();
                        // omit key encryption, here for testing
                        byte[] encKeyBytes = aes.Key;
                        ekey.CipherData       = new CipherData(encKeyBytes);
                        ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
                        DataReference dr = new DataReference();
                        dr.Uri = "_0";
                        ekey.AddReference(dr);
                        edata.KeyInfo.AddClause(new KeyInfoEncryptedKey(ekey));
                        edata.KeyInfo = new KeyInfo();
                        ekey.KeyInfo.AddClause(new RSAKeyValue(RSA.Create()));
                        edata.CipherData.CipherValue = encrypted;
                        EncryptedXml.ReplaceElement(doc.DocumentElement, edata, false);
                        doc.Save(new XmlTextWriter(sw));
                    }
                }

                // Decryption
                {
                    using (Aes aes = Aes.Create())
                    {
                        aes.Mode    = CipherMode.CBC;
                        aes.KeySize = 256;
                        aes.Key     = Convert.FromBase64String(
                            "o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
                        aes.Padding = PaddingMode.Zeros;

                        XmlDocument doc = new XmlDocument();
                        doc.PreserveWhitespace = true;
                        doc.LoadXml(sw.ToString());
                        EncryptedXml  encxml = new EncryptedXml(doc);
                        EncryptedData edata  = new EncryptedData();
                        edata.LoadXml(doc.DocumentElement);
                        encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes));
                    }
                }
            }
        }