Example #1
0
        public async Task <string> Encrypt(string data, string serviceAccountId, bool createKeyIfMissing = true)
        {
            var masterKeyAlias = $"alias/{mCmkPrefix}kamus/{KeyIdCreator.Create(serviceAccountId)}";

            var(dataKey, encryptedDataKey) = await GenerateEncryptionKey(masterKeyAlias);

            var(encryptedData, iv) = RijndaelUtils.Encrypt(dataKey.ToArray(), Encoding.UTF8.GetBytes(data));

            return(EnvelopeEncryptionUtils.Wrap(encryptedDataKey, iv, encryptedData));
        }
Example #2
0
        public async Task <string> Decrypt(string encryptedData, string serviceAccountId)
        {
            var tuple = EnvelopeEncryptionUtils.Unwrap(encryptedData).ValueOrFailure("Invalid encrypted data format");

            var(encryptedDataKey, iv, actualEncryptedData) = tuple;

            var decryptionResult = await mAmazonKeyManagementService.DecryptAsync(new DecryptRequest
            {
                CiphertextBlob = new MemoryStream(Convert.FromBase64String(encryptedDataKey)),
            });

            var decrypted = RijndaelUtils.Decrypt(decryptionResult.Plaintext.ToArray(), iv, actualEncryptedData);

            return(Encoding.UTF8.GetString(decrypted));
        }
Example #3
0
        public Task <string> Decrypt(string encryptedData, string serviceAccountId)
        {
            return(EnvelopeEncryptionUtils.Unwrap(encryptedData).Match(
                       some: async t =>
            {
                (string encryptedDataKey, byte[] iv, byte[] actualEncryptedData) = t;

                var key = await mMasterKeyManagement.Decrypt(encryptedDataKey, serviceAccountId);

                var decrypted = RijndaelUtils.Decrypt(Convert.FromBase64String(key), iv, actualEncryptedData);
                return Encoding.UTF8.GetString(decrypted);
            },
                       none: () => mMasterKeyManagement.Decrypt(encryptedData, serviceAccountId)
                       ));
        }
Example #4
0
        public async Task <string> Encrypt(string data, string serviceAccountId, bool createKeyIfMissing = true)
        {
            if (data.Length <= mMaximumDataLength)
            {
                return(await mMasterKeyManagement.Encrypt(data, serviceAccountId, createKeyIfMissing));
            }

            mLogger.Information("Encryption data too length, using envelope encryption");

            var dataKey = RijndaelUtils.GenerateKey(256);

            var(encryptedData, iv) = RijndaelUtils.Encrypt(dataKey, Encoding.UTF8.GetBytes(data));
            var encryptedDataKey = await mMasterKeyManagement.Encrypt(Convert.ToBase64String(dataKey), serviceAccountId, createKeyIfMissing);

            return(EnvelopeEncryptionUtils.Wrap(encryptedDataKey, iv, encryptedData));
        }