C# (CSharp) RsaKey.WrapKeyAsync Beispiele

Beispiel #1

Datei: RsaKeyTests.cs Projekt: azuresdkci1x/azure-sdk-for-net-1722

        public async Task KeyVault_RsaKeyRSAOAEP()
        {
            // Arrange
            byte[] KEK = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 };
            byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
            byte[] EK  = { 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D };

            RsaKey key = new RsaKey("KEK");

            var wrapped = await key.WrapKeyAsync(CEK, RsaOaep.AlgorithmName).ConfigureAwait(false);

            var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, RsaOaep.AlgorithmName).ConfigureAwait(false);

            // Assert
            Assert.True(wrapped.Item2.Equals("RSA-OAEP"));
            Assert.True(unwrapped.SequenceEqual(CEK));

            var encrypted = await key.EncryptAsync(CEK, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false);

            var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false);

            // Assert
            Assert.True(encrypted.Item3.Equals("RSA-OAEP"));
            Assert.True(decrypted.SequenceEqual(CEK));
        }

Beispiel #2

Datei: RsaKeyTests.cs Projekt: azuresdkci1x/azure-sdk-for-net-1722

        public async Task KeyVault_RsaKeyRSA15()
        {
            // Arrange
            byte[] KEK = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F };
            byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF };
            byte[] EK  = { 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 };

            RsaKey key = new RsaKey("KEK");


            var wrapped = await key.WrapKeyAsync(CEK, Rsa15.AlgorithmName).ConfigureAwait(false);

            var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, Rsa15.AlgorithmName).ConfigureAwait(false);

            // Assert
            Assert.True(wrapped.Item2.Equals("RSA_15"));
            Assert.True(unwrapped.SequenceEqual(CEK));

            var encrypted = await key.EncryptAsync(CEK, null, null, Rsa15.AlgorithmName).ConfigureAwait(false);

            var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, Rsa15.AlgorithmName).ConfigureAwait(false);

            // Assert
            Assert.True(encrypted.Item3.Equals("RSA_15"));
            Assert.True(decrypted.SequenceEqual(CEK));
        }

Beispiel #3

        public async Task KeyVault_RsaKeyRSAOAEP()
        {
            RsaKey key = GetTestRsaKey();

            var wrapped = await key.WrapKeyAsync(CEK, RsaOaep.AlgorithmName).ConfigureAwait(false);

            var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, RsaOaep.AlgorithmName).ConfigureAwait(false);

            // Assert
            Assert.Equal("RSA-OAEP", wrapped.Item2);
            Assert.True(unwrapped.SequenceEqual(CEK));

            var encrypted = await key.EncryptAsync(CEK, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false);

            var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false);

            // Assert
            Assert.Equal("RSA-OAEP", encrypted.Item3);
            Assert.True(decrypted.SequenceEqual(CEK));
        }

Beispiel #4

        public async Task KeyVault_RsaKeyRSA15()
        {
            RsaKey key = GetTestRsaKey();

            // Wrap and Unwrap
            var wrapped = await key.WrapKeyAsync(CEK, Rsa15.AlgorithmName).ConfigureAwait(false);

            var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, Rsa15.AlgorithmName).ConfigureAwait(false);

            // Assert
            Assert.True(wrapped.Item2.Equals("RSA_15"));
            Assert.True(unwrapped.SequenceEqual(CEK));

            // Encrypt and Decrypt
            var encrypted = await key.EncryptAsync(CEK, null, null, Rsa15.AlgorithmName).ConfigureAwait(false);

            var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, Rsa15.AlgorithmName).ConfigureAwait(false);

            // Assert
            Assert.True(encrypted.Item3.Equals("RSA_15"));
            Assert.True(decrypted.SequenceEqual(CEK));
        }

Beispiel #5

        public async Task KeyVault_RsaKeyDefaultAlgorithm()
        {
            RsaKey key = GetTestRsaKey();

            Assert.Equal("RSA-OAEP", key.DefaultEncryptionAlgorithm);
            Assert.Equal("RSA-OAEP", key.DefaultKeyWrapAlgorithm);
            Assert.Equal("RS256", key.DefaultSignatureAlgorithm);

            var wrapped = await key.WrapKeyAsync(CEK, null).ConfigureAwait(false);

            var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, null).ConfigureAwait(false);

            // Assert
            Assert.Equal("RSA-OAEP", wrapped.Item2);
            Assert.True(unwrapped.SequenceEqual(CEK));

            var encrypted = await key.EncryptAsync(CEK, null, null, null).ConfigureAwait(false);

            var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, null).ConfigureAwait(false);

            // Assert
            Assert.Equal("RSA-OAEP", encrypted.Item3);
            Assert.True(decrypted.SequenceEqual(CEK));
        }

Beispiel #6

Datei: Program.cs Projekt: jpovey/key-vault-spike

        private static async Task Process(string textToEncrypt)
        {
            var plainTextBytes = Encoding.UTF8.GetBytes(textToEncrypt);

            Console.WriteLine("\n===Encrypt Data===");
            Console.WriteLine("- Generate data access key");
            var dataAccessKey = new byte[32];

            using (var random = new RNGCryptoServiceProvider())
            {
                random.GetBytes(dataAccessKey);
            }

            Console.WriteLine("- Encrypt data using data access key");
            byte[] encryptedBytes;
            using (var aes = new AesManaged())
            {
                try
                {
                    aes.GenerateIV();

                    aes.Key  = dataAccessKey;
                    aes.Mode = CipherMode.CBC;

                    using (var cipherStream = new MemoryStream())
                        using (var encryptor = aes.CreateEncryptor(aes.Key, aes.IV))
                            using (var cryptostream = new CryptoStream(cipherStream, encryptor, CryptoStreamMode.Write))
                            {
                                cipherStream.Write(aes.IV, 0, aes.IV.Length);
                                cryptostream.Write(plainTextBytes, 0, plainTextBytes.Length);
                                cryptostream.FlushFinalBlock();

                                encryptedBytes = cipherStream.ToArray();
                            }
                }
                finally
                {
                    aes.Clear();
                }
            }

            Console.WriteLine("- Wrap the data access key using public master key");
            var wrappedKey = await _rsaKey.WrapKeyAsync(dataAccessKey, JsonWebKeyEncryptionAlgorithm.RSAOAEP);

            Console.WriteLine("- Serialize data to store in database");
            var serializedData       = JsonConvert.SerializeObject(encryptedBytes);
            var serializedWrappedKey = JsonConvert.SerializeObject(wrappedKey.Item1);

            Console.WriteLine("- Remove references to keys and data");
            wrappedKey     = null;
            encryptedBytes = null;

            Console.WriteLine("\n===Encryption Result===");
            Console.WriteLine($"Encrypted data: {serializedData}");
            Console.WriteLine($"KeyId: {_masterKeyId}");
            Console.WriteLine($"Wrapped key: {serializedWrappedKey}");

            Console.WriteLine("\n===Decrypt Data===");
            Console.WriteLine("- Deserialize data and wrapped key from storage");
            var dataBytes       = JsonConvert.DeserializeObject <byte[]>(serializedData);
            var wrappedKeyBytes = JsonConvert.DeserializeObject <byte[]>(serializedWrappedKey);

            Console.WriteLine("- Get unwrapped data access key rom key vault");
            var xyz = await _keyVaultClient.UnwrapKeyAsync(VaultBaseUrl, KeyName, _masterKeyId, JsonWebKeyEncryptionAlgorithm.RSAOAEP, wrappedKeyBytes);


            Console.WriteLine("- Decrypt data");
            byte[] decryptedBytes;
            using (var aes = new AesManaged())
            {
                try
                {
                    byte[] iv = new byte[16];

                    Array.Copy(dataBytes, iv, 16);

                    aes.Key  = xyz.Result;
                    aes.Mode = CipherMode.CBC;

                    using (var plainTextStream = new MemoryStream())
                        using (var cryptoTransform = aes.CreateDecryptor(aes.Key, iv))
                            using (var cryptoStream = new CryptoStream(plainTextStream, cryptoTransform, CryptoStreamMode.Write))
                            {
                                cryptoStream.Write(dataBytes, 16, dataBytes.Length - 16);
                                cryptoStream.FlushFinalBlock();

                                decryptedBytes = plainTextStream.ToArray();
                            }
                }
                finally
                {
                    aes.Clear();
                }
            }

            var decryptedText = Encoding.UTF8.GetString(decryptedBytes);

            Console.WriteLine("\n===Decryption Result===");
            Console.WriteLine($"{decryptedText}");
        }