public virtual byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, string> header)
{
var privateKey = Ensure.Type <CngKey>(key, "EcdhKeyManagement alg expects key to be of CngKey type.");
Ensure.Contains(header, new[] { "epk" }, "EcdhKeyManagement algorithm expects 'epk' key param in JWT header, but was not found");
Ensure.Contains(header, new[] { algIdHeader }, "EcdhKeyManagement algorithm expects 'enc' header to be present in JWT header, but was not found");
IDictionary <string, object> epk = new Dictionary <string, object>();// (IDictionary<string, object>)header["epk"];
Ensure.Contains(epk, new[] { "x", "y", "crv" }, "EcdhKeyManagement algorithm expects 'epk' key to contain 'x','y' and 'crv' fields.");
var x = Base64Url.Decode((string)epk["x"]);
var y = Base64Url.Decode((string)epk["y"]);
var externalPublicKey = EccKey.New(x, y, usage: CngKeyUsages.KeyAgreement);
return(DeriveKey(header, cekSizeBits, externalPublicKey, privateKey));
}
private byte[] NewKey(int keyLength, object key, IDictionary <string, string> header)
{
var recieverPubKey = Ensure.Type <CngKey>(key, "EcdhKeyManagement alg expects key to be of CngKey type.");
EccKey ephemeral = EccKey.Generate(recieverPubKey);
IDictionary <string, string> epk = new Dictionary <string, string>();
epk["kty"] = "EC";
epk["x"] = Base64Url.Encode(ephemeral.X);
epk["y"] = Base64Url.Encode(ephemeral.Y);
epk["crv"] = Curve(recieverPubKey);
//header["epk"] = epk;
//return DeriveKey(header, keyLength, recieverPubKey, ephemeral.Key);
return(null);
}
