Ejemplo n.º 1
0
        /// <summary>
        ///     Peel the onion until we can return the original plain data. Remember that the calling environment must contain all
        ///     necessary private keys.
        /// </summary>
        public byte[] PeelAll()
        {
            if (AsymmetricEncryptedKey == null)
            {
                throw new Exception(
                          "AsymmetricEncryptedKey not found. Are you sure this onion doesn't have more layers?");
            }

            byte[] plainData;
            var    onion = this;

            while (!onion.IsRoot)
            {
                onion = onion.PeelOne();
            }

            using (var aes = new AESCryptoAgent())
                using (var rsa = new RSACryptoAgent(onion.AsymmetricThumbprint))
                {
                    var decryptedSymmetricKey = rsa.Decrypt(onion.AsymmetricEncryptedKey);
                    plainData = aes.Decrypt(onion.SymmetricEncryptedData, decryptedSymmetricKey,
                                            onion.SymmetricAlgorithmIV);
                }

            return(plainData);
        }
Ejemplo n.º 2
0
        /// <summary>
        ///     N-level encryption of existing onion ctor
        /// </summary>
        public PublicKeyEncryptionOnion(PublicKeyEncryptionOnion innerOnion, string asymmetricThumbprint)
        {
            Mandate.That(innerOnion, nameof(innerOnion)).IsNotNull();
            Mandate.That(asymmetricThumbprint, nameof(asymmetricThumbprint)).IsNotNullOrEmpty();


            AsymmetricThumbprint = asymmetricThumbprint;
            InnerOnion           = innerOnion.Clone();
            // allocate a new object so we're self contained and the calling code can do whatever it wants with the parameter object
            InnerOnion.AsymmetricEncryptedKey = null;

            using (var aes = new AESCryptoAgent())
                using (var rsa = new RSACryptoAgent(asymmetricThumbprint))
                {
                    // generate the aes key and use it to re-encrypt the original key
                    var symmetricKey = aes.GenerateKey();
                    SymmetricAlgorithmIV   = aes.GenerateIV();
                    SymmetricEncryptedData = aes.Encrypt(innerOnion.AsymmetricEncryptedKey, symmetricKey,
                                                         SymmetricAlgorithmIV);

                    // encrypt the aes key with the public key
                    AsymmetricEncryptedKey = rsa.Encrypt(symmetricKey);
                }

            // even though we're not using the param onion, we don't want to let it retain the data that's at a lower level of encryption
            innerOnion.AsymmetricEncryptedKey = null;
        }
Ejemplo n.º 3
0
        /// <summary>
        ///     Return an onion with the top layer removed
        /// </summary>
        public PublicKeyEncryptionOnion PeelOne()
        {
            if (IsRoot)
            {
                throw new Exception(
                          "This object is the root of the onion so there are no more layers to peel. Call 'PeelAll()' instead.");
            }

            if (AsymmetricEncryptedKey == null)
            {
                throw new Exception(
                          "AsymmetricEncryptedKey not found. Are you sure this onion doesn't have more layers?");
            }

            var rv = InnerOnion.Clone();

            // here we want to generate a new object to return since we don't want to decrease the security of the current object
            using (var aes = new AESCryptoAgent())
                using (var rsa = new RSACryptoAgent(AsymmetricThumbprint))
                {
                    // decrypt the previously encrypted key
                    var decryptedSymmetricKey = rsa.Decrypt(AsymmetricEncryptedKey);
                    rv.AsymmetricEncryptedKey = aes.Decrypt(SymmetricEncryptedData, decryptedSymmetricKey,
                                                            SymmetricAlgorithmIV);
                }

            return(rv);
        }
Ejemplo n.º 4
0
        /// <summary>
        ///     Root-level encryption of plain text ctor
        /// </summary>
        public PublicKeyEncryptionOnion(byte[] plainData, string asymmetricThumbprint)
        {
            if (null == plainData || !plainData.Any())
            {
                throw new ArgumentNullException(nameof(plainData));
            }

            Mandate.That(asymmetricThumbprint, nameof(asymmetricThumbprint)).IsNotNullOrEmpty();


            AsymmetricThumbprint = asymmetricThumbprint;
            InnerOnion           = null;

            using (var aes = new AESCryptoAgent())
                using (var rsa = new RSACryptoAgent(asymmetricThumbprint))
                {
                    // generate the aes key and use it to encrypt the original plaintext
                    var symmetricKey = aes.GenerateKey();
                    SymmetricAlgorithmIV   = aes.GenerateIV();
                    SymmetricEncryptedData = aes.Encrypt(plainData, symmetricKey, SymmetricAlgorithmIV);

                    // encrypt the aes key with the public key
                    AsymmetricEncryptedKey = rsa.Encrypt(symmetricKey);
                }
        }