/// <summary>
/// Decrypts the specified ciphertext expression
/// </summary>
/// <param name="thumbprint">The thumbprint of the certificate corresponding to the public key used to encrypt the file</param>
/// <param name="ciphertext">The ciphertext expression to decrypt</param>
/// <param name="Context">The certificate store location where the specified private key resides</param>
/// <param name="verbose">True enables verbose logging</param>
/// <returns>Plaintext string expression resulting from decryption of the specified ciphertext expression</returns>
/// <example>
/// <code>
/// string thumbprint = @"ccdc673c40ebb2a433300c0c8a2ba6f443da5688";
/// <see cref="X509Context"/> Context = <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>;
/// string ciphertext = File.ReadAllText(@"C:\data\connectionString.txt");
/// string plaintext = <see cref="X509Utils"/>.DecryptText(thumbprint, ciphertext, Context);
/// </code>
/// </example>
public static string DecryptText(string thumbprint, string ciphertext, X509Context Context, bool verbose = false)
{
using (X509CryptoAgent cryptoAgent = new X509CryptoAgent(FormatThumbprint(thumbprint), Context))
{
return(cryptoAgent.DecryptText(ciphertext));
}
}
/// <summary>
/// Decrypts the specified Base64-encoded ciphertext expression
/// </summary>
/// <param name="ciphertext">The Base64-encoded ciphertext expression to be decrypted</param>
/// <returns>A recovered plaintext string</returns>
public string DecryptText(string ciphertext)
{
string plaintext = string.Empty;
using (X509CryptoAgent Agent = new X509CryptoAgent(Thumbprint, Context))
{
plaintext = Agent.DecryptText(ciphertext);
}
return(plaintext);
}
internal string Reveal(X509Alias Alias)
{
try
{
using (X509CryptoAgent Agent = new X509CryptoAgent(Alias))
{
return(Agent.DecryptText(Value));
}
}
catch (Exception ex)
{
throw new X509CryptoException($"Could not decrypt secret named \"{Key}\" in Alias \"{Alias.Name}\"", ex);
}
}
/// <summary>
/// Re-encrypts a ciphertext expression using a different certificate
/// </summary>
/// <param name="oldThumbprint">The thumbprint of the old certificate used for prior encryption</param>
/// <param name="newThumbprint">The thumbprint of the new certificate to be used for re-encryption</param>
/// <param name="ciphertext">The ciphertext expression to be re-encrypted</param>
/// <param name="OldContext">(Optional) The X509Context where the old encryption certificate resides (Default: <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>)</param>
/// <param name="NewContext">(Optional) The X509Context where the new encryption certificate resides (Default: <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>)</param>
/// <param name="verbose">(Optional) True enables verbose logging (Default: false)</param>
/// <returns>The text expression re-encrypted using the new certificate</returns>
/// <example>
/// <code>
/// string oldThumbprint = @"ccdc673c40ebb2a433300c0c8a2ba6f443da5688";
/// string newThumbprint = @"0e7e327aab74e47a702c02d90c659da1115b29f7";
/// string ciphertext = File.ReadAllText(@"C:\data\connectionString.txt");
/// string updatedCiphertext = <see cref="X509Utils"/>.ReEncryptText(oldThumbprint, newThumbprint, ciphertext);
/// File.WriteAllText(@"C:\data\connectionString.txt", updatedCiphertext);
/// </code>
/// </example>
public static string ReEncryptText(string oldThumbprint, string newThumbprint, string ciphertext, X509Context OldContext = null, X509Context NewContext = null, bool verbose = false)
{
if (OldContext == null)
{
OldContext = X509Context.UserReadOnly;
}
if (NewContext == null)
{
NewContext = X509Context.UserReadOnly;
}
using (X509CryptoAgent oldAgent = new X509CryptoAgent(FormatThumbprint(oldThumbprint), OldContext))
{
using (X509CryptoAgent newAgent = new X509CryptoAgent(FormatThumbprint(newThumbprint), NewContext))
{
return(newAgent.EncryptText(oldAgent.DecryptText(ciphertext)));
}
}
}
