Ejemplo n.º 1
0
        public void TestWrapUnwrapSecretKey_ShouldReturnTheOriginalKey()
        {
            // GIVEN
            var config           = TestUtils.GetTestFieldLevelEncryptionConfigBuilder().Build();
            var originalKeyBytes = Convert.FromBase64String("mZzmzoURXI3Vk0vdsPkcFw==");

            // WHEN
            var wrappedKeyBytes   = RsaEncryption.WrapSecretKey(config.EncryptionCertificate.GetRSAPublicKey(), originalKeyBytes, config.OaepPaddingDigestAlgorithm);
            var unwrappedKeyBytes = RsaEncryption.UnwrapSecretKey(config, wrappedKeyBytes, config.OaepPaddingDigestAlgorithm);

            // THEN
            Assert.IsTrue(originalKeyBytes.SequenceEqual(unwrappedKeyBytes));
        }
Ejemplo n.º 2
0
        public static string Encrypt(JweConfig config, String payload, JweHeader header)
        {
            byte[] cek = AesEncryption.GenerateCek(256);
            byte[] encryptedSecretKeyBytes = RsaEncryption.WrapSecretKey(config.EncryptionCertificate.GetRSAPublicKey(), cek, "SHA-256");
            string encryptedKey            = Base64Utils.URLEncode(encryptedSecretKeyBytes);

            byte[] iv           = AesEncryption.GenerateIV();
            byte[] payloadBytes = Encoding.UTF8.GetBytes(payload);

            string headerString  = header.Json.ToString();
            string encodedHeader = Base64Utils.URLEncode(Encoding.UTF8.GetBytes(headerString));

            byte[] aad = Encoding.ASCII.GetBytes(encodedHeader);

            var encrypted = AesGcm.Encrypt(cek, iv, payloadBytes, aad);

            return(Serialize(encodedHeader, encryptedKey, Base64Utils.URLEncode(iv), Base64Utils.URLEncode(encrypted.Ciphertext), Base64Utils.URLEncode(encrypted.AuthTag)));
        }