/// <summary>
/// Generate encryption parameters.
/// </summary>
/// <exception cref="EncryptionException"/>
public static FieldLevelEncryptionParams Generate(FieldLevelEncryptionConfig config)
{
// Generate a random IV
var ivBytes = GenerateIv();
var ivValue = EncodingUtils.EncodeBytes(ivBytes, config.ValueEncoding);
// Generate an AES secret key
var secretKeyBytes = GenerateSecretKey();
// Encrypt the secret key
var encryptedSecretKeyBytes = RsaEncryption.WrapSecretKey(config.EncryptionCertificate.GetRSAPublicKey(), secretKeyBytes, config.OaepPaddingDigestAlgorithm);
var encryptedKeyValue = EncodingUtils.EncodeBytes(encryptedSecretKeyBytes, config.ValueEncoding);
// Compute the OAEP padding digest algorithm
var oaepPaddingDigestAlgorithmValue = config.OaepPaddingDigestAlgorithm.Replace("-", string.Empty);
return(new FieldLevelEncryptionParams
{
IvValue = ivValue,
EncryptedKeyValue = encryptedKeyValue,
OaepPaddingDigestAlgorithmValue = oaepPaddingDigestAlgorithmValue,
Config = config,
SecretKeyBytes = secretKeyBytes,
IvBytes = ivBytes
});
}
internal byte[] GetSecretKeyBytes()
{
try
{
if (SecretKeyBytes != null)
{
return(SecretKeyBytes);
}
// Decrypt the AES secret key
var encryptedSecretKeyBytes = EncodingUtils.DecodeValue(EncryptedKeyValue, Config.ValueEncoding);
SecretKeyBytes = RsaEncryption.UnwrapSecretKey(Config, encryptedSecretKeyBytes, OaepPaddingDigestAlgorithmValue);
return(SecretKeyBytes);
}
catch (Exception e)
{
throw new EncryptionException("Failed to decode and unwrap the provided secret key value!", e);
}
}