public void TestFullEndToEndEncryptDecrypt()
{
string certPath = MasterCard.Core.Util.GetCurrenyAssemblyPath() + "\\Test\\certificate.p12";
X509Certificate2 cert = new X509Certificate2(certPath, "", X509KeyStorageFlags.Exportable);
var publicKey = cert.GetRSAPublicKey() as RSACng;
var privateKey = cert.GetRSAPrivateKey() as RSACng;
String data = "*****@*****.**";
Tuple <byte[], byte[], byte[]> aesResult = CryptUtil.EncryptAES(Encoding.UTF8.GetBytes(data), 128, CipherMode.CBC, PaddingMode.PKCS7);
byte[] ivBytes = aesResult.Item1;
// 5) generate AES SecretKey
byte[] secretKeyBytes = aesResult.Item2;
// 6) encrypt payload
byte[] encryptedDataBytes = aesResult.Item3;
byte[] encryptedSecretKey = CryptUtil.EncrytptRSA(secretKeyBytes, publicKey, RSAEncryptionPadding.OaepSHA256);
byte[] decryptedSecretKey = CryptUtil.DecryptRSA(encryptedSecretKey, privateKey, RSAEncryptionPadding.OaepSHA256);
byte[] decryptedDataBytes = CryptUtil.DecryptAES(ivBytes, decryptedSecretKey, encryptedDataBytes, 128, CipherMode.CBC, PaddingMode.PKCS7);
String dataOut = System.Text.Encoding.UTF8.GetString(decryptedDataBytes);
Assert.AreEqual(data, dataOut);
}
public Dictionary <String, Object> Decrypt(IDictionary <String, Object> map)
{
if (map.ContainsKey("token"))
{
// 1) extract the encryptedData from map
IDictionary <String, Object> tokenMap = (IDictionary <String, Object>)map["token"];
if (tokenMap.ContainsKey("") && tokenMap.ContainsKey(""))
{
//need to read the key
String encryptedKey = (String)tokenMap["encryptedKey"];
byte[] encryptedKeyByteArray = CryptUtil.HexDecode(encryptedKey);
//need to decryt with RSA
byte[] decryptedKeyByteArray = CryptUtil.DecryptRSA(encryptedKeyByteArray, this.privateKey);
//need to read the iv
String ivString = (String)tokenMap["iv"];
byte[] ivByteArray = CryptUtil.HexDecode(ivString);
//need to decrypt the data
String encryptedData = (String)tokenMap["encryptedData"];
byte[] encryptedDataByteArray = CryptUtil.HexDecode(encryptedData);
byte[] decryptedDataArray = CryptUtil.DecryptAES(ivByteArray, decryptedKeyByteArray, encryptedDataByteArray);
String decryptedDataString = System.Text.Encoding.UTF8.GetString(decryptedDataArray);
// remove the field that are not required in the map
foreach (String toHide in fieldsToHide)
{
tokenMap.Remove(toHide);
}
// add the decrypted data map to the token.
Dictionary <String, Object> decryptedDataMap = (Dictionary <String, Object>)RequestMap.AsDictionary(decryptedDataString);
foreach (KeyValuePair <String, Object> pair in decryptedDataMap)
{
tokenMap.Add(pair.Key, pair.Value);
}
}
}
return(new Dictionary <String, Object>(map));
}
public void TestEncryptDecryptRSA()
{
string certPath = MasterCard.Core.Util.GetCurrenyAssemblyPath() + "\\certificate.p12";
X509Certificate2 cert = new X509Certificate2(certPath, "", X509KeyStorageFlags.Exportable);
var publicKey = cert.GetRSAPublicKey();
var privateKey = cert.GetRSAPrivateKey();
String data = "*****@*****.**";
byte[] encryptedData = CryptUtil.EncrytptRSA(Encoding.UTF8.GetBytes(data), publicKey);
Assert.NotNull(encryptedData);
byte[] decryptedData = CryptUtil.DecryptRSA(encryptedData, privateKey);
String dataOut = System.Text.Encoding.UTF8.GetString(decryptedData);
Assert.AreEqual(data, dataOut);
}
public IDictionary <string, object> Decrypt(IDictionary <string, object> map)
{
if (map.ContainsKey("token"))
{
IDictionary <string, object> dictionary = (IDictionary <string, object>)map["token"];
if (dictionary.ContainsKey("") && dictionary.ContainsKey(""))
{
byte[] encryptionKey = CryptUtil.DecryptRSA(CryptUtil.HexDecode((string)dictionary["encryptedKey"]), this.privateKey);
byte[] arg_8F_0 = CryptUtil.HexDecode((string)dictionary["iv"]);
byte[] encryptedData = CryptUtil.HexDecode((string)dictionary["encryptedData"]);
byte[] bytes = CryptUtil.DecryptAES(arg_8F_0, encryptionKey, encryptedData);
string @string = Encoding.UTF8.GetString(bytes);
foreach (string current in this.fieldsToHide)
{
dictionary.Remove(current);
}
foreach (KeyValuePair <string, object> current2 in ((Dictionary <string, object>)RequestMap.AsDictionary(@string)))
{
dictionary.Add(current2.Key, current2.Value);
}
}
}
return(map);
}
public IDictionary <String, Object> Decrypt(IDictionary <String, Object> map)
{
SmartMap smartMap = new SmartMap(map);
foreach (String fieldToDecrypt in configuration.FieldsToDecrypt)
{
if (smartMap.ContainsKey(fieldToDecrypt))
{
String baseKey = "";
if (fieldToDecrypt.IndexOf(".") > 0)
{
baseKey = fieldToDecrypt.Substring(0, fieldToDecrypt.LastIndexOf("."));
baseKey += ".";
}
//need to read the key
String encryptedKey = (String)smartMap.Get(baseKey + configuration.EncryptedKeyFiledName);
smartMap.Remove(baseKey + configuration.EncryptedKeyFiledName);
byte[] encryptedKeyByteArray = CryptUtil.Decode(encryptedKey, configuration.DataEncoding);
//need to decryt with RSA
byte[] secretKeyBytes = null;
if (smartMap.ContainsKey(baseKey + configuration.OaepHashingAlgorithmFieldName))
{
string oaepHashingAlgorithm = (String)smartMap.Get(baseKey + configuration.OaepHashingAlgorithmFieldName);
oaepHashingAlgorithm = oaepHashingAlgorithm.Replace("SHA", "SHA-");
RSAEncryptionPadding customEncryptionPadding = configuration.OaepEncryptionPadding;
if (oaepHashingAlgorithm.Equals("SHA-256"))
{
customEncryptionPadding = RSAEncryptionPadding.OaepSHA256;
}
else if (oaepHashingAlgorithm.Equals("SHA-512"))
{
customEncryptionPadding = RSAEncryptionPadding.OaepSHA512;
}
secretKeyBytes = CryptUtil.DecryptRSA(encryptedKeyByteArray, this.privateKey, customEncryptionPadding);
}
else
{
secretKeyBytes = CryptUtil.DecryptRSA(encryptedKeyByteArray, this.privateKey, configuration.OaepEncryptionPadding);
}
//need to read the iv
String ivString = (String)smartMap.Get(baseKey + configuration.IvFieldName);
smartMap.Remove(baseKey + configuration.IvFieldName);
byte[] ivByteArray = CryptUtil.Decode(ivString.ToString(), configuration.DataEncoding);
// remove the field that are not required in the map
if (smartMap.ContainsKey(configuration.PublicKeyFingerprintFiledName))
{
smartMap.Remove(configuration.PublicKeyFingerprintFiledName);
}
//need to decrypt the data
String encryptedData = (String)smartMap.Get(baseKey + configuration.EncryptedDataFieldName);
smartMap.Remove(baseKey + configuration.EncryptedDataFieldName);
byte[] encryptedDataByteArray = CryptUtil.Decode(encryptedData, configuration.DataEncoding);
byte[] decryptedDataByteArray = CryptUtil.DecryptAES(ivByteArray, secretKeyBytes, encryptedDataByteArray, configuration.SymmetricKeysize, configuration.SymmetricMode, configuration.SymmetricPadding);
String decryptedDataString = System.Text.Encoding.UTF8.GetString(decryptedDataByteArray);
if (decryptedDataString.StartsWith("{"))
{
Dictionary <String, Object> decryptedDataMap = JsonConvert.DeserializeObject <Dictionary <String, Object> >(decryptedDataString);
foreach (KeyValuePair <String, Object> entry in decryptedDataMap)
{
smartMap.Add(baseKey + configuration.EncryptedDataFieldName + "." + entry.Key, entry.Value);
}
}
else
{
smartMap.Add(baseKey + configuration.EncryptedDataFieldName, decryptedDataString);
}
break;
}
}
return(smartMap);
}