public async Task EncryptLocalDecryptOnKeyVault([EnumValues(nameof(EncryptionAlgorithm.Rsa15), nameof(EncryptionAlgorithm.RsaOaep), nameof(EncryptionAlgorithm.RsaOaep256))] EncryptionAlgorithm algorithm)
{
KeyVaultKey key = await CreateTestKey(algorithm);
RegisterForCleanup(key.Name);
CryptographyClient remoteClient = GetCryptoClient(key.Id, forceRemote: true);
CryptographyClient localClient = GetLocalCryptoClient(key.Key);
byte[] plaintext = new byte[32];
Recording.Random.NextBytes(plaintext);
EncryptResult encrypted = await localClient.EncryptAsync(algorithm, plaintext);
Assert.AreEqual(algorithm, encrypted.Algorithm);
Assert.AreEqual(key.Id, encrypted.KeyId);
Assert.IsNotNull(encrypted.Ciphertext);
DecryptResult decrypted = await remoteClient.DecryptAsync(algorithm, encrypted.Ciphertext);
Assert.AreEqual(algorithm, decrypted.Algorithm);
Assert.AreEqual(key.Id, decrypted.KeyId);
Assert.IsNotNull(decrypted.Plaintext);
CollectionAssert.AreEqual(plaintext, decrypted.Plaintext);
}
public async Task EncryptDecryptRoundTrip([Fields] EncryptionAlgorithm algorithm)
{
Key key = await CreateTestKey(algorithm);
RegisterForCleanup(key.Name);
CryptographyClient cryptoClient = GetCryptoClient(key.Id, forceRemote: true);
byte[] data = new byte[32];
Recording.Random.NextBytes(data);
EncryptResult encResult = await cryptoClient.EncryptAsync(algorithm, data);
Assert.AreEqual(algorithm, encResult.Algorithm);
Assert.AreEqual(key.Id, encResult.KeyId);
Assert.IsNotNull(encResult.Ciphertext);
DecryptResult decResult = await cryptoClient.DecryptAsync(algorithm, encResult.Ciphertext);
Assert.AreEqual(algorithm, decResult.Algorithm);
Assert.AreEqual(key.Id, decResult.KeyId);
Assert.IsNotNull(decResult.Plaintext);
CollectionAssert.AreEqual(data, decResult.Plaintext);
}
static void Main(string[] args)
{
string keyVaultUrl = "https://demovault2090.vault.azure.net/";
var client = new KeyClient(vaultUri: new Uri(keyVaultUrl), credential: new DefaultAzureCredential());
// Getting the Encryption key from the key vault
KeyVaultKey key = client.GetKey("newkey");
var cryptoClient = new CryptographyClient(keyId: key.Id, credential: new DefaultAzureCredential());
byte[] plaintext = Encoding.UTF8.GetBytes("This is sensitive data");
// Encrypting data
EncryptResult encryptResult = cryptoClient.Encrypt(EncryptionAlgorithm.RsaOaep256, plaintext);
//Decrypting data
DecryptResult decryptResult = cryptoClient.Decrypt(EncryptionAlgorithm.RsaOaep256, encryptResult.Ciphertext);
Console.WriteLine("Plain text");
string txt = Encoding.UTF8.GetString(decryptResult.Plaintext);
Console.WriteLine(txt);
Console.ReadLine();
}
public void Test_Attachment_DecryptFailOnBadKey()
{
string?cipherFile = null;
bool hitCorrectException = false;
try
{
byte[] key = Util.GetSecretBytes(64);
byte[] plaintextInput = Encoding.UTF8.GetBytes("Gwen Stacy");
EncryptResult encryptResult = EncryptData(plaintextInput, key);
byte[] badKey = new byte[64];
cipherFile = WriteToFile(encryptResult.ciphertext);
using FileStream fileStream = File.Open(cipherFile, FileMode.Open);
AttachmentCipherInputStream.CreateForAttachment(fileStream, plaintextInput.Length, badKey, encryptResult.digest);
}
catch (InvalidMessageException)
{
hitCorrectException = true;
}
finally
{
if (cipherFile != null)
{
DeleteFile(cipherFile);
}
}
Assert.IsTrue(hitCorrectException);
}
static void Main(string[] args)
{
string valid128BitString = "AAECAwQFBgcICQoLDA0ODw==";
string inputValue = "MyTest";
string keyValue = valid128BitString;
//Turns our text in to binary data
byte[] byteValForString = Encoding.UTF8.GetBytes(inputValue);
EncryptResult result = Aes128Utility.EncryptData(byteValForString, keyValue);
EncryptResult encyptedValue = new EncryptResult();
//(Snip)
encyptedValue.IV = resultingIV;
encyptedValue.EncryptedMsg = result.EncryptedMsg;
string finalResult = Encoding.UTF8.GetString(Aes128Utility.DecryptData(encyptedValue, keyValue));
Console.WriteLine(finalResult);
if (String.Equals(inputValue, finalResult))
{
Console.WriteLine("Match");
}
else
{
Console.WriteLine("Differ");
}
Console.ReadLine();
}
public void InitializesIv(EncryptionAlgorithm algorithm)
{
// Use a 256-bit key which will be truncated based on the selected algorithm.
byte[] k = new byte[] { 0xe2, 0x7e, 0xd0, 0xc8, 0x45, 0x12, 0xbb, 0xd5, 0x5b, 0x6a, 0xf4, 0x34, 0xd2, 0x37, 0xc1, 0x1f, 0xeb, 0xa3, 0x11, 0x87, 0x0f, 0x80, 0xf2, 0xc2, 0xe3, 0x36, 0x42, 0x60, 0xf3, 0x1c, 0x82, 0xc8 };
JsonWebKey key = new JsonWebKey(new[] { KeyOperation.Encrypt, KeyOperation.Decrypt })
{
K = k,
};
AesCryptographyProvider provider = new AesCryptographyProvider(key, null);
byte[] plaintext = Encoding.UTF8.GetBytes("plaintext");
EncryptOptions encryptOptions = new EncryptOptions(algorithm, plaintext, null, null);
EncryptResult encrypted = provider.Encrypt(encryptOptions, default);
Assert.IsNotNull(encryptOptions.Iv);
CollectionAssert.AreEqual(encryptOptions.Iv, encrypted.Iv);
DecryptOptions decryptOptions = new DecryptOptions(algorithm, encrypted.Ciphertext, encrypted.Iv);
DecryptResult decrypted = provider.Decrypt(decryptOptions, default);
Assert.IsNotNull(decrypted);
// AES-CBC will be zero-padded.
StringAssert.StartsWith("plaintext", Encoding.UTF8.GetString(decrypted.Plaintext));
}
//public string GatewayName = "Premium Payment Gateway";
public async Task <string> EncryptStringAsync(CryptographyClient cryptoClient, string input)
{
byte[] inputAsByteArray = Encoding.UTF8.GetBytes(input);
EncryptResult encryptResult = await cryptoClient.EncryptAsync(EncryptionAlgorithm.RsaOaep, inputAsByteArray).ConfigureAwait(false);
return(Convert.ToBase64String(encryptResult.Ciphertext));
}
/// <summary>
/// Encrypt an image message.
/// </summary>
/// <param name="encryptResult">result of the image encryption</param>
/// <param name="uploadResult">result of the upload</param>
/// <param name="senderPrivateKey">the private key of the sending ID</param>
/// <param name="recipientPublicKey">the public key of the receiving ID</param>
/// <returns>encrypted result</returns>
public static EncryptResult EncryptImageMessage(EncryptResult encryptResult, UploadResult uploadResult, byte[] senderPrivateKey, byte[] recipientPublicKey)
{
return(EncryptMessage(
new ImageMessage(uploadResult.BlobId,
encryptResult.Size,
encryptResult.Nonce),
senderPrivateKey,
recipientPublicKey));
}
/// <summary>
/// Upload a file.
/// </summary>
/// <param name="fileEncryptionResult">The result of the file encryption (i.e. encrypted file data)</param>
/// <returns>the result of the upload</returns>
public UploadResult UploadFile(EncryptResult fileEncryptionResult)
{
string attachmentName = "blob";
string attachmentFileName = "blob.file";
string crlf = "\r\n";
string twoHyphens = "--";
char[] chars = "-_1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".ToCharArray();
string boundary = string.Empty;
Random rand = new Random();
int count = rand.Next(11) + 30;
for (int i = 0; i < count; i++)
{
boundary += chars[rand.Next(chars.Length)];
}
byte[] header = Encoding.UTF8.GetBytes(twoHyphens + boundary + crlf +
"Content-Disposition: form-data; name=\"" + attachmentName + "\";filename=\"" + attachmentFileName + "\"" + crlf + crlf
);
byte[] footer = Encoding.UTF8.GetBytes(crlf + twoHyphens + boundary + twoHyphens + crlf);
byte[] postData = new byte[header.Length + fileEncryptionResult.Result.Length + footer.Length];
header.CopyTo(postData, 0);
fileEncryptionResult.Result.CopyTo(postData, header.Length);
footer.CopyTo(postData, header.Length + fileEncryptionResult.Result.Length);
string queryString = MakeUrlEncoded(MakeRequestParams());
Uri url = new Uri(this.apiUrl + "upload_blob?" + queryString);
WebRequest request = WebRequest.CreateHttp(url);
request.Method = "POST";
if (!WebHeaderCollection.IsRestricted("Connection"))
{
request.Headers.Set(HttpRequestHeader.Connection, "Keep-Alive");
}
if (!WebHeaderCollection.IsRestricted("CacheControl"))
{
request.Headers.Add(HttpRequestHeader.CacheControl, "no-cache");
}
request.ContentType = "multipart/form-data;boundary=" + boundary;
request.ContentLength = postData.Length;
using (Stream stream = request.GetRequestStream())
{
stream.Write(postData, 0, postData.Length);
stream.Close();
}
string responseData;
HttpStatusCode responseCode = GetResponse(request, out responseData);
return(new UploadResult((int)responseCode, responseData != null ? DataUtils.HexStringToByteArray(responseData) : null));
}
public async Task DecryptRequiresPrivateKey()
{
JsonWebKey jwk = CreateKey(KeyType.Rsa, keyOps: new[] { KeyOperation.Encrypt, KeyOperation.Decrypt });
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
EncryptResult encrypted = await client.EncryptAsync(EncryptionAlgorithm.RsaOaep, TestData);
Assert.ThrowsAsync(new InstanceOfTypeConstraint(typeof(CryptographicException)), async() => await client.DecryptAsync(EncryptionAlgorithm.RsaOaep, encrypted.Ciphertext));
}
public void EncryptDecryptSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
// Instantiate a key client that will be used to create a key. Notice that the client is using default Azure
// credentials. To make default credentials work, ensure that environment variables 'AZURE_CLIENT_ID',
// 'AZURE_CLIENT_KEY' and 'AZURE_TENANT_ID' are set with the service principal credentials.
var keyClient = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
// Let's create a RSA key which will be used to encrypt and decrypt
string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}";
var rsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false)
{
KeySize = 2048,
};
KeyVaultKey cloudRsaKey = keyClient.CreateRsaKey(rsaKey);
Debug.WriteLine($"Key is returned with name {cloudRsaKey.Name} and type {cloudRsaKey.KeyType}");
// Let's create the CryptographyClient which can perform cryptographic operations with the key we just created.
// Again we are using the default Azure credential as above.
var cryptoClient = new CryptographyClient(cloudRsaKey.Id, new DefaultAzureCredential());
// Next we'll encrypt some arbitrary plain text with the key using the CryptographyClient. Note that RSA encryption
// algorithms have no chaining so they can only encrypt a single block of plaintext securely. For RSAOAEP this can be
// calculated as (keysize / 8) - 42, or in our case (2048 / 8) - 42 = 214 bytes.
byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext");
// First encrypt the data using RSAOAEP with the created key.
EncryptResult encryptResult = cryptoClient.Encrypt(EncryptionAlgorithm.RsaOaep, plaintext);
Debug.WriteLine($"Encrypted data using the algorithm {encryptResult.Algorithm}, with key {encryptResult.KeyId}. The resulting encrypted data is {Convert.ToBase64String(encryptResult.Ciphertext)}");
// Now decrypt the encrypted data. Note that the same algorithm must always be used for both encrypt and decrypt
DecryptResult decryptResult = cryptoClient.Decrypt(EncryptionAlgorithm.RsaOaep, encryptResult.Ciphertext);
Debug.WriteLine($"Decrypted data using the algorithm {decryptResult.Algorithm}, with key {decryptResult.KeyId}. The resulting decrypted data is {Encoding.UTF8.GetString(decryptResult.Plaintext)}");
// The Cloud RSA Key is no longer needed, need to delete it from the Key Vault.
DeleteKeyOperation operation = keyClient.StartDeleteKey(rsaKeyName);
// To ensure the key is deleted on server before we try to purge it.
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged.
keyClient.PurgeDeletedKey(rsaKeyName);
}
public void Test_Sticker_EncryptDecryptEmpty()
{
byte[] packKey = Util.GetSecretBytes(32);
byte[] plaintextInput = Encoding.UTF8.GetBytes(string.Empty);
EncryptResult encryptResult = EncryptData(plaintextInput, ExpandPackKey(packKey));
using Stream inputStream = AttachmentCipherInputStream.CreateForStickerData(encryptResult.ciphertext, packKey);
byte[] plaintextOutput = ReadInputStreamFully(inputStream);
CollectionAssert.AreEqual(plaintextInput, plaintextOutput);
}
public void EncryptDecrypt()
{
#region Snippet:EncryptDecrypt
byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext");
// encrypt the data using the algorithm RSAOAEP
EncryptResult encryptResult = cryptoClient.Encrypt(EncryptionAlgorithm.RsaOaep, plaintext);
// decrypt the encrypted data.
DecryptResult decryptResult = cryptoClient.Decrypt(EncryptionAlgorithm.RsaOaep, encryptResult.Ciphertext);
#endregion
}
public IActionResult Get()
{
BlowFish blowFish = new BlowFish("@dm1n1z7r@t0r!!!");
EncryptResult encryptResult = new EncryptResult();
encryptResult.serverName = blowFish.Encrypt_CBC("localhost");
encryptResult.dbName = blowFish.Encrypt_CBC("DatingApp");
encryptResult.userName = blowFish.Encrypt_CBC("sa");
encryptResult.password = blowFish.Encrypt_CBC("password1");
return(Ok(encryptResult));
}
public string Encode(string value)
{
if (string.IsNullOrEmpty(value))
{
throw new ArgumentException("Value cannot be null or empty.", nameof(value));
}
byte[] valueByteArray = Encoding.UTF8.GetBytes(value);
EncryptResult encryptResult = _cryptoClient.Encrypt(EncryptionAlgorithm.RsaOaep, valueByteArray);
return(Convert.ToBase64String(encryptResult.Ciphertext));
}
public void OctEncryptDecryptSync()
{
TestEnvironment.AssertManagedHsm();
string managedHsmUrl = TestEnvironment.ManagedHsmUrl;
#region Snippet:OctKeysSample4CreateKey
var managedHsmClient = new KeyClient(new Uri(managedHsmUrl), new DefaultAzureCredential());
var octKeyOptions = new CreateOctKeyOptions($"CloudOctKey-{Guid.NewGuid()}")
{
KeySize = 256,
};
KeyVaultKey cloudOctKey = managedHsmClient.CreateOctKey(octKeyOptions);
#endregion
#region Snippet:OctKeySample4Encrypt
var cryptoClient = new CryptographyClient(cloudOctKey.Id, new DefaultAzureCredential());
byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext");
byte[] aad = Encoding.UTF8.GetBytes("additional authenticated data");
EncryptParameters encryptParams = EncryptParameters.A256GcmParameters(plaintext, aad);
EncryptResult encryptResult = cryptoClient.Encrypt(encryptParams);
#endregion
#region Snippet:OctKeySample4Decrypt
DecryptParameters decryptParams = DecryptParameters.A256GcmParameters(
encryptResult.Ciphertext,
encryptResult.Iv,
encryptResult.AuthenticationTag,
encryptResult.AdditionalAuthenticatedData);
DecryptResult decryptResult = cryptoClient.Decrypt(decryptParams);
#endregion
Assert.AreEqual(plaintext, decryptResult.Plaintext);
// Delete and purge the key.
DeleteKeyOperation operation = managedHsmClient.StartDeleteKey(octKeyOptions.Name);
// You only need to wait for completion if you want to purge or recover the key.
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
managedHsmClient.PurgeDeletedKey(operation.Value.Name);
}
/// <summary>
/// Encrypt a text message and send it to the given recipient.
/// </summary>
/// <param name="threemaId">target Threema ID</param>
/// <param name="text">the text to send</param>
/// <returns>generated message ID</returns>
public string SendTextMessage(string threemaId, string text)
{
//fetch public key
byte[] publicKey = this.apiConnector.LookupKey(threemaId);
if (publicKey == null)
{
throw new InvalidKeyException("invalid threema id");
}
EncryptResult res = CryptTool.EncryptTextMessage(text, this.privateKey, publicKey);
return(this.apiConnector.SendE2EMessage(threemaId, res.Nonce, res.Result));
}
public async Task EncryptDecryptRoundtrip([EnumValues(nameof(EncryptionAlgorithm.Rsa15), nameof(EncryptionAlgorithm.RsaOaep))] EncryptionAlgorithm algorithm)
{
JsonWebKey jwk = CreateKey(KeyType.Rsa, includePrivateParameters: true);
LocalCryptographyClient client = CreateClient <LocalCryptographyClient>(jwk);
EncryptResult encrypted = await client.EncryptAsync(algorithm, TestData);
DecryptResult decrypted = await client.DecryptAsync(algorithm, encrypted.Ciphertext);
string actual = Encoding.UTF8.GetString(decrypted.Plaintext);
Assert.AreEqual("test", actual);
}
public override async Task SetupAsync()
{
await base.SetupAsync();
// Generate new plaintext with each iteration to avoid potential caching of results.
_plaintext = new byte[32];
Random.NextBytes(_plaintext);
// CryptographyClient caches the public key so encrypting now removes the initial request from metrics.
EncryptResult result = await CryptographyClient.EncryptAsync(s_algorithm, _plaintext);
_ciphertext = result.Ciphertext;
}
public void EncryptDecryptSync()
{
// Environment variable with the Key Vault endpoint.
string keyVaultUrl = Environment.GetEnvironmentVariable("AZURE_KEYVAULT_URL");
#region Snippet:KeysSample4KeyClient
var keyClient = new KeyClient(new Uri(keyVaultUrl), new DefaultAzureCredential());
#endregion
#region Snippet:KeysSample4CreateKey
// Let's create a RSA key which will be used to encrypt and decrypt
string rsaKeyName = $"CloudRsaKey-{Guid.NewGuid()}";
var rsaKey = new CreateRsaKeyOptions(rsaKeyName, hardwareProtected: false)
{
KeySize = 2048,
};
KeyVaultKey cloudRsaKey = keyClient.CreateRsaKey(rsaKey);
Debug.WriteLine($"Key is returned with name {cloudRsaKey.Name} and type {cloudRsaKey.KeyType}");
#endregion
#region Snippet:KeysSample4CryptographyClient
var cryptoClient = new CryptographyClient(cloudRsaKey.Id, new DefaultAzureCredential());
#endregion
#region Snippet:KeysSample4EncryptKey
byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext");
EncryptResult encryptResult = cryptoClient.Encrypt(EncryptionAlgorithm.RsaOaep, plaintext);
Debug.WriteLine($"Encrypted data using the algorithm {encryptResult.Algorithm}, with key {encryptResult.KeyId}. The resulting encrypted data is {Convert.ToBase64String(encryptResult.Ciphertext)}");
#endregion
#region Snippet:KeysSample4DecryptKey
DecryptResult decryptResult = cryptoClient.Decrypt(EncryptionAlgorithm.RsaOaep, encryptResult.Ciphertext);
Debug.WriteLine($"Decrypted data using the algorithm {decryptResult.Algorithm}, with key {decryptResult.KeyId}. The resulting decrypted data is {Encoding.UTF8.GetString(decryptResult.Plaintext)}");
#endregion
#region Snippet:KeysSample4DeleteKey
DeleteKeyOperation operation = keyClient.StartDeleteKey(rsaKeyName);
// You only need to wait for completion if you want to purge or recover the key.
while (!operation.HasCompleted)
{
Thread.Sleep(2000);
operation.UpdateStatus();
}
#endregion
// If the keyvault is soft-delete enabled, then for permanent deletion, deleted key needs to be purged.
keyClient.PurgeDeletedKey(rsaKeyName);
}
public void Test_Attachment_EncryptDecryptEmpty()
{
byte[] key = Util.GetSecretBytes(64);
byte[] plaintextInput = Encoding.UTF8.GetBytes(string.Empty);
EncryptResult encryptResult = EncryptData(plaintextInput, key);
string cipherFile = WriteToFile(encryptResult.ciphertext);
using Stream inputStream = AttachmentCipherInputStream.CreateForAttachment(File.Open(cipherFile, FileMode.Open), plaintextInput.Length, key, encryptResult.digest);
byte[] plaintextOutput = ReadInputStreamFully(inputStream);
CollectionAssert.AreEqual(plaintextInput, plaintextOutput);
DeleteFile(cipherFile);
}
protected override void Execute()
{
byte[] privateKey = this.privateKeyField.GetValue();
byte[] publicKey = this.publicKeyField.GetValue();
/* read text from stdin */
//string text = ReadStream(System.Console.In).Trim();
string text = DataUtils.Utf8Endcode(System.Console.ReadLine().Trim());
EncryptResult res = CryptTool.EncryptTextMessage(text, privateKey, publicKey);
System.Console.WriteLine(DataUtils.ByteArrayToHexString(res.Nonce));
System.Console.WriteLine(DataUtils.ByteArrayToHexString(res.Result));
}
public void TestEncrypt()
{
string text = "Dies ist eine Testnachricht. äöü";
Key privateKey = Key.DecodeKey(Common.myPrivateKey);
Key publicKey = Key.DecodeKey(Common.otherPublicKey);
EncryptResult res = CryptTool.EncryptTextMessage(text, privateKey.key, publicKey.key);
Assert.IsNotNull(res);
Assert.IsNotNull(res.Nonce);
Assert.IsNotNull(res.Result);
Assert.IsFalse(res.Nonce.SequenceEqual(new byte[res.Nonce.Length]));
Assert.IsFalse(res.Result.SequenceEqual(new byte[res.Result.Length]));
}
/// <summary>
/// Wrapper to encrypt text <see cref="Threema.MsgApi.CryptTool.EncryptTextMessage"/>
/// </summary>
/// <param name="text">Text to encrypt</param>
/// <param name="senderPrivateKey">Sender private key as hex-string</param>
/// <param name="recipientPublicKey">Recipient public key as hex-string</param>
/// <returns>Array with encrypted text, nonce and size</returns>
public ArrayList EncryptTextMessage(string text, string senderPrivateKey, string recipientPublicKey)
{
byte[] privateKey = GetKey(senderPrivateKey, Key.KeyType.PRIVATE);
byte[] publicKey = GetKey(recipientPublicKey, Key.KeyType.PUBLIC);
string textEncoded = DataUtils.Utf8Endcode(text);
EncryptResult encryptResult = CryptTool.EncryptTextMessage(textEncoded, privateKey, publicKey);
var result = new ArrayList();
result.Add(DataUtils.ByteArrayToHexString(encryptResult.Result));
result.Add(DataUtils.ByteArrayToHexString(encryptResult.Nonce));
result.Add(encryptResult.Size.ToString());
return(result);
}
public async Task EncryptDecryptFromKeyClient()
{
KeyVaultKey key = await CreateTestKey(EncryptionAlgorithm.RsaOaep);
RegisterForCleanup(key.Name);
byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext");
// Make sure the same (instrumented) pipeline is used from the KeyClient.
CryptographyClient cryptoClient = Client.GetCryptographyClient(key.Name, key.Properties.Version);
EncryptResult encryptResult = await cryptoClient.EncryptAsync(EncryptionAlgorithm.RsaOaep, plaintext);
DecryptResult decryptResult = await cryptoClient.DecryptAsync(EncryptionAlgorithm.RsaOaep, encryptResult.Ciphertext);
Assert.AreEqual(plaintext, decryptResult.Plaintext);
}
public async Task <IActionResult> Encrypt(EncryptDto toEncrypt)
{
byte[] toEncryptInBytes = Encoding.UTF8.GetBytes(toEncrypt.Payload);
if (toEncryptInBytes.Length > 245)
{
return(BadRequest());
}
KeyVaultKey key = await _keyClient.GetKeyAsync("test");
CryptographyClient crypto = new CryptographyClient(key.Id, new DefaultAzureCredential());
EncryptResult result = await crypto.EncryptAsync(EncryptionAlgorithm.RsaOaep256, toEncryptInBytes);
return(new OkObjectResult(Convert.ToBase64String(result.Ciphertext)));
}
public void Test_Attachment_EncryptDecryptMultipleTimes()
{
// Test that the file passed to AttachmentCipherInputStream can be reused.
byte[] key = Util.GetSecretBytes(64);
byte[] plaintextInput = Encoding.UTF8.GetBytes("Peter Parker");
EncryptResult encryptResult = EncryptData(plaintextInput, key);
string cipherFile = WriteToFile(encryptResult.ciphertext);
for (int i = 0; i < 10; i++)
{
using Stream inputStream = AttachmentCipherInputStream.CreateForAttachment(File.Open(cipherFile, FileMode.Open), plaintextInput.Length, key, encryptResult.digest);
byte[] plaintextOutput = ReadInputStreamFully(inputStream);
CollectionAssert.AreEqual(plaintextInput, plaintextOutput);
}
DeleteFile(cipherFile);
}
public async Task EncryptWithKeyNameReturnsFullKeyId()
{
KeyVaultKey key = await CreateTestKey(EncryptionAlgorithm.RsaOaep);
RegisterForCleanup(key.Name);
byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext");
Uri keyId = new UriBuilder(Client.VaultUri)
{
Path = KeyClient.KeysPath + key.Name,
}.Uri;
CryptographyClient client = GetCryptoClient(keyId, forceRemote: true);
EncryptResult encrypted = await client.EncryptAsync(EncryptionAlgorithm.RsaOaep, plaintext);
Assert.AreEqual(key.Id.ToString(), encrypted.KeyId);
}
/// <summary>
/// Encrypt a file message.
/// </summary>
/// <param name="encryptResult">result of the file data encryption</param>
/// <param name="uploadResult">result of the upload</param>
/// <param name="mimeType">MIME type of the file</param>
/// <param name="fileName">File name</param>
/// <param name="fileSize">Size of the file, in bytes</param>
/// <param name="uploadResultThumbnail">result of thumbnail upload</param>
/// <param name="senderPrivateKey">Private key of sender</param>
/// <param name="recipientPublicKey">Public key of recipient</param>
/// <returns>Result of the file message encryption (not the same as the file data encryption!)</returns>
public static EncryptResult EncryptFileMessage(EncryptResult encryptResult,
UploadResult uploadResult,
String mimeType,
String fileName,
int fileSize,
UploadResult uploadResultThumbnail,
byte[] senderPrivateKey, byte[] recipientPublicKey)
{
return(EncryptMessage(
new FileMessage(uploadResult.BlobId,
encryptResult.Secret,
mimeType,
fileName,
fileSize,
uploadResultThumbnail != null ? uploadResultThumbnail.BlobId : null),
senderPrivateKey,
recipientPublicKey));
}
public void EncryptDecrypt()
{
#region Snippet:EncryptDecrypt
#if SNIPPET
// Create a new cryptography client using the same Key Vault or Managed HSM endpoint, service version,
// and options as the KeyClient created earlier.
var cryptoClient = client.GetCryptographyClient(key.Name, key.Properties.Version);
#endif
byte[] plaintext = Encoding.UTF8.GetBytes("A single block of plaintext");
// encrypt the data using the algorithm RSAOAEP
EncryptResult encryptResult = cryptoClient.Encrypt(EncryptionAlgorithm.RsaOaep, plaintext);
// decrypt the encrypted data.
DecryptResult decryptResult = cryptoClient.Decrypt(EncryptionAlgorithm.RsaOaep, encryptResult.Ciphertext);
#endregion
}