public string Decrypt(string cipherText)
{
byte[] cipherBytes = Convert.FromBase64String(cipherText);
var envelopedData = new CmsEnvelopedData(cipherBytes);
RecipientInformationStore recipientsStore = envelopedData.GetRecipientInfos();
ICollection recipientsCollection = recipientsStore.GetRecipients();
IList recipients = recipientsCollection as IList;
byte[] plainBytes = new byte[] { };
int index = 0;
foreach (KeyTransRecipientInformation recipientInfo in recipients)
{
// todo: better approach than catching n exceptions.
RecipientInformation recipient = recipientsStore.GetFirstRecipient(recipientInfo.RecipientID);
try
{
plainBytes = recipient.GetContent(this.privateKey);
break;
}
catch (CmsException e) when(index != recipientsStore.Count - 1)
{
}
index++;
}
return(Encoding.UTF8.GetString(plainBytes));
}
/// <summary>
/// Get the key ID for a recipient.
/// </summary>
/// <param name="ri">
/// A recepient of the message.
/// </param>
/// <returns>
/// The key ID of the recepient or <b>null</b> if the recepient info
/// is not understood or does not contain an IPFS key id.
/// </returns>
/// <remarks>
/// The key ID is either the Subject Key Identifier (preferred) or the
/// issuer's distinguished name with the form "CN=<kid>,OU=keystore,O=ipfs".
/// </remarks>
MultiHash GetKeyId(RecipientInformation ri)
{
// Any errors are simply ignored.
try
{
// Subject Key Identifier is the key ID.
if (ri.RecipientID.SubjectKeyIdentifier is byte[] ski)
{
return(new MultiHash(ski));
}
// Issuer is CN=<kid>,OU=keystore,O=ipfs
var issuer = ri.RecipientID.Issuer;
if (issuer != null &&
issuer.GetValueList(X509Name.OU).Contains("keystore") &&
issuer.GetValueList(X509Name.O).Contains("ipfs"))
{
var cn = issuer.GetValueList(X509Name.CN)[0] as string;
return(new MultiHash(cn));
}
}
catch (Exception e)
{
log.Warn("Failed reading CMS recipient info.", e);
}
return(null);
}
private void VerifyEnvelopedData(CmsEnvelopedDataParser envelopedParser, string symAlgorithmOID)
{
byte[] privKeyData = GetRfc4134Data("BobPrivRSAEncrypt.pri");
IAsymmetricKeyParameter privKey = PrivateKeyFactory.CreateKey(privKeyData);
Assert.IsTrue(privKey.IsPrivate);
Assert.IsTrue(privKey is RsaKeyParameters);
RecipientInformationStore recipients = envelopedParser.GetRecipientInfos();
Assert.AreEqual(envelopedParser.EncryptionAlgOid, symAlgorithmOID);
ArrayList c = new ArrayList(recipients.GetRecipients());
Assert.LessOrEqual(1, c.Count);
Assert.GreaterOrEqual(2, c.Count);
VerifyRecipient((RecipientInformation)c[0], privKey);
if (c.Count == 2)
{
RecipientInformation recInfo = (RecipientInformation)c[1];
Assert.AreEqual(PkcsObjectIdentifiers.IdAlgCmsRC2Wrap.Id, recInfo.KeyEncryptionAlgOid);
}
}
private void VerifyRecipient(RecipientInformation recipient, IAsymmetricKeyParameter privKey)
{
Assert.IsTrue(privKey.IsPrivate);
Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id);
byte[] recData = recipient.GetContent(privKey);
Assert.IsTrue(Arrays.AreEqual(exContent, recData));
}
public static byte[] DekrypterData2(byte[] kryptertData, AsymmetricKeyParameter privateKey)
{
CmsEnvelopedDataParser cmsEnvelopedDataParser = new CmsEnvelopedDataParser(kryptertData);
RecipientInformationStore recipientInformationStore = cmsEnvelopedDataParser.GetRecipientInfos();
IEnumerator enumerator = recipientInformationStore.GetRecipients().GetEnumerator();
enumerator.MoveNext();
RecipientInformation recipientInformation = enumerator.Current as RecipientInformation;
return(recipientInformation.GetContent(privateKey));
}
private static void ConfirmDataReceived(RecipientInformationStore recipients,
byte[] expectedData, X509Certificate reciCert, AsymmetricKeyParameter reciPrivKey)
{
RecipientID rid = new RecipientID();
rid.Issuer = PrincipalUtilities.GetIssuerX509Principal(reciCert);
rid.SerialNumber = reciCert.SerialNumber;
RecipientInformation recipient = recipients[rid];
Assert.IsNotNull(recipient);
byte[] actualData = recipient.GetContent(reciPrivKey);
Assert.IsTrue(Arrays.AreEqual(expectedData, actualData));
}
public void TestTwoAesKek()
{
byte[] data = Encoding.ASCII.GetBytes("WallaWallaWashington");
KeyParameter kek1 = CmsTestUtil.MakeAes192Key();
KeyParameter kek2 = CmsTestUtil.MakeAes192Key();
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
byte[] kekId1 = new byte[] { 1, 2, 3, 4, 5 };
byte[] kekId2 = new byte[] { 5, 4, 3, 2, 1 };
edGen.AddKekRecipient("AES192", kek1, kekId1);
edGen.AddKekRecipient("AES192", kek2, kekId2);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut,
CmsEnvelopedDataGenerator.DesEde3Cbc);
outStream.Write(data, 0, data.Length);
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.DesEde3Cbc);
RecipientID recSel = new RecipientID();
recSel.KeyIdentifier = kekId2;
RecipientInformation recipient = recipients.GetFirstRecipient(recSel);
Assert.AreEqual(recipient.KeyEncryptionAlgOid, "2.16.840.1.101.3.4.1.25");
CmsTypedStream recData = recipient.GetContentStream(kek2);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
ep.Close();
}
public void TestECKeyAgree()
{
byte[] data = Hex.Decode("504b492d4320434d5320456e76656c6f706564446174612053616d706c65");
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.AddKeyAgreementRecipient(
CmsEnvelopedDataGenerator.ECDHSha1Kdf,
OrigECKP.Private,
OrigECKP.Public,
ReciECCert,
CmsEnvelopedDataGenerator.Aes128Wrap);
MemoryStream bOut = new MemoryStream();
Stream outStr = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
outStr.Write(data, 0, data.Length);
outStr.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.Aes128Cbc);
RecipientID recSel = new RecipientID();
// recSel.SetIssuer(PrincipalUtilities.GetIssuerX509Principal(ReciECCert).GetEncoded());
recSel.Issuer = PrincipalUtilities.GetIssuerX509Principal(ReciECCert);
recSel.SerialNumber = ReciECCert.SerialNumber;
RecipientInformation recipient = recipients.GetFirstRecipient(recSel);
CmsTypedStream recData = recipient.GetContentStream(ReciECKP.Private);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
ep.Close();
}
public void TestRfc4134Ex5_2()
{
byte[] data = Hex.Decode("5468697320697320736f6d652073616d706c6520636f6e74656e742e");
// KeyFactory kFact = KeyFactory.GetInstance("RSA");
// Key key = kFact.generatePrivate(new PKCS8EncodedKeySpec(bobPrivRsaEncrypt));
AsymmetricKeyParameter key = PrivateKeyFactory.CreateKey(bobPrivRsaEncrypt);
CmsEnvelopedData ed = new CmsEnvelopedData(rfc4134ex5_2);
RecipientInformationStore recipients = ed.GetRecipientInfos();
Assert.AreEqual("1.2.840.113549.3.2", ed.EncryptionAlgOid);
ICollection c = recipients.GetRecipients();
IEnumerator e = c.GetEnumerator();
if (e.MoveNext())
{
do
{
RecipientInformation recipient = (RecipientInformation)e.Current;
if (recipient is KeyTransRecipientInformation)
{
byte[] recData = recipient.GetContent(key);
Assert.IsTrue(Arrays.AreEqual(data, recData));
}
}while (e.MoveNext());
}
else
{
Assert.Fail("no recipient found");
}
}
public void TestKeyTransAes128Throughput()
{
byte[] data = new byte[40001];
for (int i = 0; i != data.Length; i++)
{
data[i] = (byte)(i & 0xff);
}
//
// buffered
//
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
edGen.SetBufferSize(BufferSize);
edGen.AddKeyTransRecipient(ReciCert);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(bOut, CmsEnvelopedDataGenerator.Aes128Cbc);
for (int i = 0; i != data.Length; i++)
{
outStream.WriteByte(data[i]);
}
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
ICollection c = recipients.GetRecipients();
IEnumerator e = c.GetEnumerator();
if (e.MoveNext())
{
RecipientInformation recipient = (RecipientInformation)e.Current;
Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id);
CmsTypedStream recData = recipient.GetContentStream(ReciKP.Private);
Stream dataStream = recData.ContentStream;
MemoryStream dataOut = new MemoryStream();
int len;
byte[] buf = new byte[BufferSize];
int count = 0;
while (count != 10 && (len = dataStream.Read(buf, 0, buf.Length)) > 0)
{
Assert.AreEqual(buf.Length, len);
dataOut.Write(buf, 0, buf.Length);
count++;
}
len = dataStream.Read(buf, 0, buf.Length);
dataOut.Write(buf, 0, len);
Assert.IsTrue(Arrays.AreEqual(data, dataOut.ToArray()));
}
else
{
Assert.Fail("recipient not found.");
}
}
private void VerifyRecipient(RecipientInformation recipient, AsymmetricKeyParameter privKey)
{
Assert.IsTrue(privKey.IsPrivate);
Assert.AreEqual(recipient.KeyEncryptionAlgOid, PkcsObjectIdentifiers.RsaEncryption.Id);
byte[] recData = recipient.GetContent(privKey);
Assert.IsTrue(Arrays.AreEqual(exContent, recData));
}
