public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
{
var sharedPassphrase = Ensure.Type <string>(key, "Pbse2HmacShaKeyManagementWithAesKeyWrap management algorithm expectes key to be string.");
byte[] sharedKey = Encoding.UTF8.GetBytes(sharedPassphrase);
byte[] algId = Encoding.UTF8.GetBytes((string)header["alg"]);
int iterationCount = 8192;
byte[] saltInput = Arrays.Random(96); //12 bytes
header["p2c"] = iterationCount;
header["p2s"] = Compact.Base64UrlEncode(saltInput);
byte[] salt = Arrays.Concat(algId, Arrays.Zero, saltInput);
byte[] kek;
using (var prf = PRF)
{
kek = PBKDF2.DeriveKey(sharedKey, salt, iterationCount, keyLengthBits, prf);
}
return(aesKW.WrapNewKey(cekSizeBits, kek, header));
}
public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header)
{
byte[] sharedKey = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.");
Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8));
byte[] iv = Arrays.Random(96);
byte[] cek = Arrays.Random(cekSizeBits);
byte[][] cipherAndTag = AesGcm.Encrypt(sharedKey, iv, null, cek);
header["iv"] = Compact.Base64UrlEncode(iv);
header["tag"] = Compact.Base64UrlEncode(cipherAndTag[1]);
return(new[] { cek, cipherAndTag[0] });
}
public virtual byte[] NewKey(int keyLength, object key, IDictionary <string, object> header)
{
var recieverPubKey = Ensure.Type <CngKey>(key, "EcdhKeyManagement alg expects key to be of CngKey type.");
EccKey ephemeral = EccKey.Generate(recieverPubKey);
IDictionary <string, object> epk = new Dictionary <string, object>();
epk["kty"] = "EC";
epk["x"] = Compact.Base64UrlEncode(ephemeral.X);
epk["y"] = Compact.Base64UrlEncode(ephemeral.Y);
epk["crv"] = Curve(recieverPubKey);
header["epk"] = epk;
return(DeriveKey(header, keyLength, recieverPubKey, ephemeral.Key));
}
