public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, EncryptedData encryptedData)
{
user.ThrowIfNull(nameof(user));
keyName.ThrowIfNull(nameof(keyName));
keyId.ThrowIfNull(nameof(keyId));
encryptedData.ThrowIfNull(nameof(encryptedData));
var keyData = keyStore.GetKey(keyName, keyId);
keyData.KeyAuth.CanUserAccessKey(user, keyData);
if (encryptedData.Algorithm != "RSA-OAEP-256")
{
throw new ArgumentException(encryptedData.Algorithm + " is not supported");
}
var decryptedData = keyData.Key.Decrypt(Convert.FromBase64String(encryptedData.Value));
return(new DecryptedData(Convert.ToBase64String(decryptedData)));
}
public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, EncryptedData encryptedData)
{
_logger.LogInformation("decrypt called from key manager class for keyName : " + keyName + " and keyID : " + keyId);
Console.WriteLine("decrypt called");
user.ThrowIfNull(nameof(user));
keyName.ThrowIfNull(nameof(keyName));
keyId.ThrowIfNull(nameof(keyId));
encryptedData.ThrowIfNull(nameof(encryptedData));
//use ukc to decrypt
byte[] keyNameBytes = Encoding.UTF8.GetBytes(keyName);
ulong keyUID = (ulong)Convert.ToUInt64(keyId, 16);
CK_OBJECT_HANDLE pubKey;
CK_OBJECT_HANDLE prvKey;
CK_OBJECT_HANDLE publicTest;
Library.C_Initialize();
CK_SLOT_ID[] slots = Library.C_GetSlotList(true);
CK_SLOT_ID slot = slots[0];
CK_SESSION_HANDLE session = Library.C_OpenSession(slot);
Library.C_FindObjectsInit(session, new CK_ATTRIBUTE[]
{
new CK_ATTRIBUTE(CK.CKA_TOKEN, true),
new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PRIVATE_KEY),
new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_RSA),
//new CK_ATTRIBUTE(CK.CKA_ID, keyNameBytes),
new CK_ATTRIBUTE(CK.DYCKA_UID, keyUID)
});
CK_OBJECT_HANDLE[] foundKeyHandles = Library.C_FindObjects(session, 1);
Library.C_FindObjectsFinal(session);
CK_ATTRIBUTE n = new CK_ATTRIBUTE(CK.CKA_MODULUS);
CK_ATTRIBUTE e = new CK_ATTRIBUTE(CK.CKA_PUBLIC_EXPONENT);
CK_ATTRIBUTE privateKeyUid = new CK_ATTRIBUTE(CK.DYCKA_UID);
if (foundKeyHandles.Length == 0)
{
throw new Exception("key" + keyName + " not found");
}
//CK_OBJECT_HANDLE hKey = new CK_OBJECT_HANDLE(vOut);
_logger.LogInformation("encryptedData.Value = " + encryptedData.Value);
//byte[] plainData = Encoding.UTF8.GetBytes(encryptedData.Value);
byte[] plainData = Convert.FromBase64String(encryptedData.Value);
Console.WriteLine("Set RSA padding params");
CK_RSA_PKCS_OAEP_PARAMS oaepParams = new CK_RSA_PKCS_OAEP_PARAMS();
oaepParams.hashAlg = CK.CKM_SHA256;
oaepParams.mgf = CK.CKG_MGF1_SHA256;
CK_MECHANISM mech_rsa = new CK_MECHANISM(CK.CKM_RSA_PKCS_OAEP, oaepParams);
Library.C_DecryptInit(session, mech_rsa, foundKeyHandles[0]);
byte[] decrypted = Library.C_Decrypt(session, plainData);
return(new DecryptedData(Convert.ToBase64String(decrypted)));
_logger.LogInformation("Faild to decrypt");
throw new Exception("Faild to decrypt");
}