public void TestTwoAesKek()
{
byte[] data = Encoding.ASCII.GetBytes("WallaWallaWashington");
KeyParameter kek1 = CmsTestUtil.MakeAes192Key();
KeyParameter kek2 = CmsTestUtil.MakeAes192Key();
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
byte[] kekId1 = new byte[] { 1, 2, 3, 4, 5 };
byte[] kekId2 = new byte[] { 5, 4, 3, 2, 1 };
edGen.AddKekRecipient("AES192", kek1, kekId1);
edGen.AddKekRecipient("AES192", kek2, kekId2);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut,
CmsEnvelopedDataGenerator.DesEde3Cbc);
outStream.Write(data, 0, data.Length);
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.DesEde3Cbc);
RecipientID recSel = new RecipientID();
recSel.KeyIdentifier = kekId2;
RecipientInformation recipient = recipients.GetFirstRecipient(recSel);
Assert.AreEqual(recipient.KeyEncryptionAlgOid, "2.16.840.1.101.3.4.1.25");
CmsTypedStream recData = recipient.GetContentStream(kek2);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
ep.Close();
}
public void TestAesKek()
{
byte[] data = Encoding.ASCII.GetBytes("WallaWallaWashington");
KeyParameter kek = CmsTestUtil.MakeAes192Key();
CmsEnvelopedDataStreamGenerator edGen = new CmsEnvelopedDataStreamGenerator();
byte[] kekId = new byte[] { 1, 2, 3, 4, 5 };
edGen.AddKekRecipient("AES192", kek, kekId);
MemoryStream bOut = new MemoryStream();
Stream outStream = edGen.Open(
bOut,
CmsEnvelopedDataGenerator.DesEde3Cbc);
outStream.Write(data, 0, data.Length);
outStream.Close();
CmsEnvelopedDataParser ep = new CmsEnvelopedDataParser(bOut.ToArray());
RecipientInformationStore recipients = ep.GetRecipientInfos();
Assert.AreEqual(ep.EncryptionAlgOid, CmsEnvelopedDataGenerator.DesEde3Cbc);
ICollection c = recipients.GetRecipients();
foreach (RecipientInformation recipient in c)
{
Assert.AreEqual(recipient.KeyEncryptionAlgOid, "2.16.840.1.101.3.4.1.25");
CmsTypedStream recData = recipient.GetContentStream(kek);
Assert.IsTrue(Arrays.AreEqual(data, CmsTestUtil.StreamToByteArray(recData.ContentStream)));
}
ep.Close();
}
protected void Encrypt(Stream cipher, Stream clear, ICollection <X509Certificate2> certs, SecretKey key, WebKey[] webKeys)
{
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Information, 0, "Encrypting message for {0} known and {1} unknown recipient",
certs == null ? 0 : certs.Count, key == null ? 0 : 1);
#else
logger.LogInformation("Encrypting message for {0} known and {1} unknown recipient",
certs == null ? 0 : certs.Count, key == null ? 0 : 1);
#endif
CmsEnvelopedDataStreamGenerator encryptGenerator = new CmsEnvelopedDataStreamGenerator();
if (certs != null)
{
foreach (X509Certificate2 cert in certs)
{
BC::X509.X509Certificate bcCert = DotNetUtilities.FromX509Certificate(cert);
encryptGenerator.AddKeyTransRecipient(bcCert);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Added known recipient: {0} ({1})", bcCert.SubjectDN.ToString(), bcCert.IssuerDN.ToString());
#else
logger.LogDebug("Added known recipient: {0} ({1})", bcCert.SubjectDN.ToString(), bcCert.IssuerDN.ToString());
#endif
}
}
if (key != null)
{
encryptGenerator.AddKekRecipient("AES", key.BCKey, key.Id);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Added unknown recipient [Algorithm={0}, keyId={1}]", "AES", key.IdString);
#else
logger.LogDebug("Added unknown recipient [Algorithm={0}, keyId={1}]", "AES", key.IdString);
#endif
}
if (webKeys != null)
{
foreach (WebKey webKey in webKeys)
{
encryptGenerator.AddKeyTransRecipient(webKey.BCPublicKey, webKey.Id);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Added web recipient [Algorithm={0}, keyId={1}]", "RSA", webKey.IdString);
#else
logger.LogDebug("Added web recipient [Algorithm={0}, keyId={1}]", "RSA", webKey.IdString);
#endif
}
}
Stream encryptingStream = encryptGenerator.Open(cipher, EteeActiveConfig.Seal.EncryptionAlgorithm.Value);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Create encrypted message (still empty) [EncAlgo={0} ({1})]",
EteeActiveConfig.Seal.EncryptionAlgorithm.FriendlyName, EteeActiveConfig.Seal.EncryptionAlgorithm.Value);
#else
logger.LogDebug("Create encrypted message (still empty) [EncAlgo={0} ({1})]",
EteeActiveConfig.Seal.EncryptionAlgorithm.FriendlyName, EteeActiveConfig.Seal.EncryptionAlgorithm.Value);
#endif
try
{
clear.CopyTo(encryptingStream);
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Message encrypted");
#else
logger.LogDebug("Message encrypted");
#endif
}
finally
{
encryptingStream.Close();
#if NETFRAMEWORK
trace.TraceEvent(TraceEventType.Verbose, 0, "Recipient infos added");
#else
logger.LogDebug("Recipient infos added");
#endif
}
}
