public async Task <object> Process(JsonDocument request, ILambdaContext context)
{
var s3 = new AmazonS3Client();
// easier than doing math on the timestamps in logs
var timer = new Stopwatch();
timer.Start();
context.Logger.LogLine($"{timer.Elapsed}: Getting started.");
using var data = new SeekableS3Stream(s3, BUCKET, PGP_DATA, 5 * 1024 * 1024, 10);
using var key = new SeekableS3Stream(s3, BUCKET, PGP_PRIVATE_KEY, 32 * 1024);
using var pgp = new PGP();
using (var output = new S3UploadStream(s3, BUCKET, OUTPUT_KEY)) {
await pgp.DecryptStreamAsync(data, output, key, PGP_PASSWORD);
}
context.Logger.LogLine($"{timer.Elapsed}: Done copying.");
timer.Stop();
return(new {
PgpFile = $"s3://{BUCKET}/{PGP_DATA}",
CsvFile = $"s3://{BUCKET}/{OUTPUT_KEY}",
Status = "ok"
});
}
public async Task DecryptStreamAsync_DecryptSignedAndEncryptedStream(KeyType keyType)
{
// Arrange
TestFactory testFactory = new TestFactory();
await testFactory.ArrangeAsync(keyType, FileType.Known);
PGP pgp = new PGP();
// Act
using (FileStream inputFileStream = new FileStream(testFactory.ContentFilePath, FileMode.Open, FileAccess.Read))
using (Stream outputFileStream = File.Create(testFactory.EncryptedContentFilePath))
using (Stream publicKeyStream = new FileStream(testFactory.PublicKeyFilePath, FileMode.Open, FileAccess.Read))
using (Stream privateKeyStream = new FileStream(testFactory.PrivateKeyFilePath, FileMode.Open, FileAccess.Read))
await pgp.EncryptStreamAndSignAsync(inputFileStream, outputFileStream, publicKeyStream, privateKeyStream, testFactory.Password);
using (FileStream inputFileStream = new FileStream(testFactory.EncryptedContentFilePath, FileMode.Open, FileAccess.Read))
using (Stream outputFileStream = File.Create(testFactory.DecryptedContentFilePath))
using (Stream privateKeyStream = new FileStream(testFactory.PrivateKeyFilePath, FileMode.Open, FileAccess.Read))
await pgp.DecryptStreamAsync(inputFileStream, outputFileStream, privateKeyStream, testFactory.Password);
string decryptedContent = await File.ReadAllTextAsync(testFactory.DecryptedContentFilePath);
bool verified = pgp.VerifyFile(testFactory.EncryptedContentFilePath, testFactory.PublicKeyFilePath);
// Assert
Assert.True(File.Exists(testFactory.EncryptedContentFilePath));
Assert.True(File.Exists(testFactory.DecryptedContentFilePath));
Assert.Equal(testFactory.Content, decryptedContent.Trim());
Assert.True(verified);
// Teardown
testFactory.Teardown();
}
public async Task DecryptStreamAsync_DecryptEncryptedStreamWithMultipleKeys(KeyType keyType)
{
// Arrange
TestFactory testFactory = new TestFactory();
TestFactory testFactory2 = new TestFactory();
await testFactory.ArrangeAsync(keyType, FileType.Known);
await testFactory2.ArrangeAsync(KeyType.Generated, FileType.Known);
PGP pgp = new PGP();
// Act
using (FileStream inputFileStream = new FileStream(testFactory.ContentFilePath, FileMode.Open, FileAccess.Read))
using (Stream outputFileStream = File.Create(testFactory.EncryptedContentFilePath))
using (Stream publicKeyStream1 = new FileStream(testFactory.PublicKeyFilePath, FileMode.Open, FileAccess.Read))
using (Stream publicKeyStream2 = new FileStream(testFactory2.PublicKeyFilePath, FileMode.Open, FileAccess.Read))
await pgp.EncryptStreamAsync(inputFileStream, outputFileStream, new List <Stream>() { publicKeyStream1, publicKeyStream2 });
using (FileStream inputFileStream = new FileStream(testFactory.EncryptedContentFilePath, FileMode.Open, FileAccess.Read))
using (Stream outputFileStream = File.Create(testFactory.DecryptedContentFilePath))
using (Stream privateKeyStream = new FileStream(testFactory.PrivateKeyFilePath, FileMode.Open, FileAccess.Read))
await pgp.DecryptStreamAsync(inputFileStream, outputFileStream, privateKeyStream, testFactory.Password);
using (FileStream inputFileStream = new FileStream(testFactory.EncryptedContentFilePath, FileMode.Open, FileAccess.Read))
using (Stream outputFileStream = File.Create(testFactory2.DecryptedContentFilePath))
using (Stream privateKeyStream = new FileStream(testFactory2.PrivateKeyFilePath, FileMode.Open, FileAccess.Read))
await pgp.DecryptStreamAsync(inputFileStream, outputFileStream, privateKeyStream, testFactory2.Password);
string decryptedContent1 = await File.ReadAllTextAsync(testFactory.DecryptedContentFilePath);
string decryptedContent2 = await File.ReadAllTextAsync(testFactory2.DecryptedContentFilePath);
// Assert
Assert.True(File.Exists(testFactory.EncryptedContentFilePath));
Assert.True(File.Exists(testFactory.DecryptedContentFilePath));
Assert.True(File.Exists(testFactory2.DecryptedContentFilePath));
Assert.Equal(testFactory.Content, decryptedContent1.Trim());
Assert.Equal(testFactory.Content, decryptedContent2.Trim());
// Teardown
testFactory.Teardown();
}
internal static async Task <string> DecryptStringAsync(this PGP pgp, string data, byte[] key, SecureString password)
{
using (var ks = new MemoryStream(key))
using (var ds = new MemoryStream(Encoding.UTF8.GetBytes(data)))
using (var os = new MemoryStream())
{
var bStrPtr = Marshal.SecureStringToBSTR(password);
var decryptedStr = Marshal.PtrToStringBSTR(bStrPtr);
Marshal.ZeroFreeBSTR(bStrPtr);
await pgp.DecryptStreamAsync(ds, os, ks, decryptedStr);
return(Encoding.UTF8.GetString(os.ToArray()));
}
}
private static async Task <Stream> DecryptAsync(Stream inputStream, string privateKey, string passPhrase)
{
using (PGP pgp = new PGP())
{
Stream outputStream = new MemoryStream();
using (inputStream)
using (Stream privateKeyStream = GenerateStreamFromString(privateKey))
{
await pgp.DecryptStreamAsync(inputStream, outputStream, privateKeyStream, passPhrase);
outputStream.Seek(0, SeekOrigin.Begin);
return(outputStream);
}
}
}
public async Task <string> DecryptAsync(string data)
{
using (PGP pgp = new PGP())
{
var inputStream = GenerateStreamFromString(data);
var outputStream = new MemoryStream();
var privateKey = _config["PGP_PrivateKey"];
var passphrase = _config["PGP_Passphrase"];
byte[] b = Convert.FromBase64String(privateKey);
var strOriginal = System.Text.Encoding.UTF8.GetString(b);
using (Stream privateKeyStream = GenerateStreamFromString(strOriginal))
{
await pgp.DecryptStreamAsync(inputStream, outputStream, privateKeyStream, passphrase);
outputStream.Seek(0, SeekOrigin.Begin);
return(GenerateStringFromStream(outputStream));
}
}
}
static async Task Main(string[] args)
{
Console.WriteLine("Hello World!");
X509Store certStore = new X509Store(StoreName.My, StoreLocation.CurrentUser);
certStore.Open(OpenFlags.ReadOnly);
X509Certificate2Collection certCollection = certStore.Certificates.Find(
X509FindType.FindByThumbprint,
// Replace below with your certificate's thumbprint
Environment.GetEnvironmentVariable("WEBSITE_LOAD_CERTIFICATES"),
false);
// Get the first cert with the thumbprint
Console.WriteLine($"cert collection count: {certCollection.Count}");
if (certCollection.Count > 0)
{
X509Certificate2 rawCert = certCollection[0];
// Use certificate
Console.WriteLine($"friendly name: {rawCert.FriendlyName}");
Console.WriteLine($"subject: {rawCert.Subject}");
var appId = Environment.GetEnvironmentVariable("APPLICATION_ID");
Cert = Cert ?? new ClientAssertionCertificate(appId, rawCert);
var vaultKeyPrefix = Environment.GetEnvironmentVariable("VAULT_KEY_PREFIX");
var vaultUrl = Environment.GetEnvironmentVariable("VAULT_URL");
Client = Client ?? new KeyVaultClient(GetAccessTokenAsync);
var secret = new SecretBundle();
secret = await Client.GetSecretAsync(vaultUrl, $"{vaultKeyPrefix}-public");
var publicKey = Regex.Unescape(secret.Value);
Console.WriteLine($"public fetched");
secret = await Client.GetSecretAsync(vaultUrl, $"{vaultKeyPrefix}-private");
var privateKey = Regex.Unescape(secret.Value);
Console.WriteLine($"private fetched");
secret = await Client.GetSecretAsync(vaultUrl, $"{vaultKeyPrefix}-pass");
var PassPhrase = Regex.Unescape(secret.Value);
Console.WriteLine($"passphrase fetched");
try
{
Console.WriteLine("Opening file streams");
/*
* Replace this PGP file with one you have encrypted with your private key already.
* It is unlikely that this key will work.
*/
var inputStream = File.Open("./samplepgpfile.txt.txt.pgp", FileMode.Open, FileAccess.ReadWrite);
var outStream = new MemoryStream();
Console.WriteLine("Creating Private Key Stream");
var privateKeyStream = new MemoryStream(Encoding.UTF8.GetBytes(privateKey));
PassPhrase = PassPhrase == "0" ? null : PassPhrase;
Console.WriteLine("decrypting");
await _pgp.DecryptStreamAsync(inputStream, outStream, privateKeyStream, PassPhrase);
Console.WriteLine("Decrypted");
using (var outputStream = File.Open("./output.txt", FileMode.Create, FileAccess.Write))
outStream.WriteTo(outputStream);
outStream.Dispose();
Console.WriteLine("File created");
}
catch (Exception ex)
{
Console.WriteLine("Error");
Console.WriteLine(ex.Message); //A Message of No key found would indicate that we have the wrong key.
}
}
else
{
Console.WriteLine("no certs fetched");
}
certStore.Close();
Console.WriteLine("it's over");
}
public async Task DecryptStreamAsync(Stream inputStream, Stream outputStream, PrivateKey privateKey, Func <string> passwordFinder)
{
using var pgp = new PGP();
using var privateKeyStream = GetPrivateKey(privateKey);
await pgp.DecryptStreamAsync(inputStream, outputStream, privateKeyStream, null);
}