public void RoundtripSample1() { StringWriter sw = new StringWriter(); // Encryption { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml("<root> <child>sample</child> </root>"); XmlElement body = doc.DocumentElement; RijndaelManaged aes = new RijndaelManaged(); aes.Mode = CipherMode.CBC; aes.KeySize = 256; // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a secret.")] aes.IV = Convert.FromBase64String("pBUM5P03rZ6AE4ZK5EyBrw=="); // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a secret.")] aes.Key = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; EncryptedXml exml = new EncryptedXml(); byte [] encrypted = exml.EncryptData(body, aes, false); EncryptedData edata = new EncryptedData(); edata.Type = EncryptedXml.XmlEncElementUrl; edata.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); EncryptedKey ekey = new EncryptedKey(); // omit key encryption, here for testing byte [] encKeyBytes = aes.Key; ekey.CipherData = new CipherData(encKeyBytes); ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); DataReference dr = new DataReference(); dr.Uri = "_0"; ekey.AddReference(dr); edata.KeyInfo.AddClause(new KeyInfoEncryptedKey(ekey)); edata.KeyInfo = new KeyInfo(); ekey.KeyInfo.AddClause(new RSAKeyValue(RSA.Create())); edata.CipherData.CipherValue = encrypted; EncryptedXml.ReplaceElement(doc.DocumentElement, edata, false); doc.Save(new XmlTextWriter(sw)); } // Decryption { RijndaelManaged aes = new RijndaelManaged(); aes.Mode = CipherMode.CBC; aes.KeySize = 256; aes.Key = Convert.FromBase64String( "o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(sw.ToString()); EncryptedXml encxml = new EncryptedXml(doc); EncryptedData edata = new EncryptedData(); edata.LoadXml(doc.DocumentElement); encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes)); } }
public void RoundtripSample1() { using (StringWriter sw = new StringWriter()) { // Encryption { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml("<root> <child>sample</child> </root>"); XmlElement body = doc.DocumentElement; var aes = CipherUtilities.GetCipher("AES/CBC/ZEROBYTEPADDING"); var ivdata = Convert.FromBase64String("pBUM5P03rZ6AE4ZK5EyBrw=="); var keydata = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); var param = new ParametersWithIV(new KeyParameter(keydata), ivdata); EncryptedXml exml = new EncryptedXml(); byte[] encrypted = exml.EncryptData(body, param, false); EncryptedData edata = new EncryptedData(); edata.Type = EncryptedXml.XmlEncElementUrl; edata.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); EncryptedKey ekey = new EncryptedKey(); // omit key encryption, here for testing byte[] encKeyBytes = keydata; ekey.CipherData = new CipherData(encKeyBytes); ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); DataReference dr = new DataReference(); dr.Uri = "_0"; ekey.AddReference(dr); edata.KeyInfo.AddClause(new KeyInfoEncryptedKey(ekey)); ekey.KeyInfo.AddClause(new RSAKeyValue()); edata.CipherData.CipherValue = encrypted; EncryptedXml.ReplaceElement(doc.DocumentElement, edata, false); doc.Save(new XmlTextWriter(sw)); } // Decryption { var aes = CipherUtilities.GetCipher("AES/CBC/ZEROBYTEPADDING"); var random = new SecureRandom(); var ivdata = new byte[aes.GetBlockSize()]; var keydata = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); random.NextBytes(ivdata); var param = new ParametersWithIV(new KeyParameter(keydata), ivdata); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(sw.ToString()); EncryptedXml encxml = new EncryptedXml(doc); EncryptedData edata = new EncryptedData(); edata.LoadXml(doc.DocumentElement); encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, param)); } } }
private static XmlDocument EncryptXmlDocument(XmlDocument xmlDocument, IEnumerable <X509Certificate2> certificates) { // Создание объекта для шифрации XML var encryptedXml = new GostEncryptedXml(); // Поиск элементов для шифрации var elements = xmlDocument.SelectNodes("//SomeElement[@Encrypt='true']"); if (elements != null) { var elementIndex = 0; foreach (XmlElement element in elements) { // Формирование элемента EncryptedData var elementEncryptedData = new EncryptedData(); elementEncryptedData.Id = "EncryptedElement" + elementIndex++; elementEncryptedData.Type = EncryptedXml.XmlEncElementUrl; elementEncryptedData.KeyInfo = new KeyInfo(); using (var sessionKey = new Gost_28147_89_SymmetricAlgorithm()) { elementEncryptedData.EncryptionMethod = new EncryptionMethod(sessionKey.AlgorithmName); // Шифрация элемента с использованием симметричного ключа var encryptedElement = encryptedXml.EncryptData(element, sessionKey, false); foreach (var certificate in certificates) { // Шифрация сессионного ключа с использованием открытого ключа сертификата var encryptedSessionKeyData = GostEncryptedXml.EncryptKey(sessionKey, (GostAsymmetricAlgorithm)certificate.GetPublicKeyAlgorithm()); // Формирование информации о зашифрованном сессионном ключе var encryptedSessionKey = new EncryptedKey(); encryptedSessionKey.CipherData = new CipherData(encryptedSessionKeyData); encryptedSessionKey.EncryptionMethod = new EncryptionMethod(GostEncryptedXml.XmlEncGostCryptoProKeyExportUrl); encryptedSessionKey.AddReference(new DataReference { Uri = "#" + elementEncryptedData.Id }); encryptedSessionKey.KeyInfo.AddClause(new KeyInfoX509Data(certificate)); // Добавление ссылки на зашифрованный ключ, используемый при шифровании данных elementEncryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedSessionKey)); } // Установка зашифрованных данных у объекта EncryptedData elementEncryptedData.CipherData.CipherValue = encryptedElement; } // Замена элемента его зашифрованным представлением GostEncryptedXml.ReplaceElement(element, elementEncryptedData, false); } } return(xmlDocument); }
private static XmlDocument EncryptXmlDocument(XmlDocument xmlDocument, Gost28147 sharedKey) { // Создание объекта для шифрации XML var encryptedXml = new GostEncryptedXml(); // Поиск элементов для шифрации var elements = xmlDocument.SelectNodes("//SomeElement[@Encrypt='true']"); if (elements != null) { var elementIndex = 0; foreach (XmlElement element in elements) { // Создание случайного сессионного ключа using (var sessionKey = new Gost28147SymmetricAlgorithm()) { // Шифрация элемента var encryptedData = encryptedXml.EncryptData(element, sessionKey, false); // Шифрация сессионного ключа с использованием общего симметричного ключа var encryptedSessionKeyData = GostEncryptedXml.EncryptKey(sessionKey, sharedKey, GostKeyExchangeExportMethod.CryptoProKeyExport); // Формирование элемента EncryptedData var elementEncryptedData = new EncryptedData(); elementEncryptedData.Id = "EncryptedElement" + elementIndex++; elementEncryptedData.Type = EncryptedXml.XmlEncElementUrl; elementEncryptedData.EncryptionMethod = new EncryptionMethod(GostEncryptedXml.XmlEncGost28147Url); elementEncryptedData.CipherData.CipherValue = encryptedData; elementEncryptedData.KeyInfo = new KeyInfo(); // Формирование информации о зашифрованном сессионном ключе var encryptedSessionKey = new EncryptedKey(); encryptedSessionKey.CipherData = new CipherData(encryptedSessionKeyData); encryptedSessionKey.EncryptionMethod = new EncryptionMethod(GostEncryptedXml.XmlEncGostCryptoProKeyExportUrl); encryptedSessionKey.AddReference(new DataReference { Uri = "#" + elementEncryptedData.Id }); encryptedSessionKey.KeyInfo.AddClause(new KeyInfoName { Value = "SharedKey1" }); // Добавление ссылки на зашифрованный ключ, используемый при шифровании данных elementEncryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedSessionKey)); // Замена элемента его зашифрованным представлением GostEncryptedXml.ReplaceElement(element, elementEncryptedData, false); } } } return(xmlDocument); }
private EncryptedKey CreatedEncryptedKey(SymmetricAlgorithm aes, string dataReferenceId, string keyId) { var encryptedKey = new EncryptedKey(); encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl); encryptedKey.Id = keyId; var cert = new X509Certificate2(certificate); encryptedKey.CipherData.CipherValue = EncryptedXml.EncryptKey(aes.Key, cert.PublicKey.Key as RSA, true); var dataReference = new DataReference("#" + dataReferenceId); encryptedKey.AddReference(dataReference); return(encryptedKey); }
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, RSA rsaKey, string keyName, bool useOAEP) { var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0]; using (var sessionKey = Aes.Create()) { sessionKey.KeySize = 256; // Encrypt the session key and add it to an EncryptedKey element. var encryptedKey = new EncryptedKey() { CipherData = new CipherData(EncryptedXml.EncryptKey(sessionKey.Key, rsaKey, useOAEP)), EncryptionMethod = new EncryptionMethod(useOAEP ? EncryptedXml.XmlEncRSAOAEPUrl : EncryptedXml.XmlEncRSA15Url) }; // Specify which EncryptedData // uses this key. An XML document can have // multiple EncryptedData elements that use // different keys. encryptedKey.AddReference(new DataReference() { Uri = "#" + encryptionElementID }); var encryptedData = new EncryptedData() { Type = EncryptedXml.XmlEncElementUrl, Id = encryptionElementID, // Create an EncryptionMethod element so that the // receiver knows which algorithm to use for decryption. EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url) }; encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); encryptedKey.KeyInfo.AddClause(new KeyInfoName() { Value = keyName }); var encryptedXml = new EncryptedXml(); encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, sessionKey, false); EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false); } }
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, SymmetricAlgorithm key, string keyName, SymmetricAlgorithmFactory innerKeyFactory) { var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0]; using (SymmetricAlgorithm innerKey = innerKeyFactory.Create()) { // Encrypt the key with another key var encryptedKey = new EncryptedKey() { CipherData = new CipherData(EncryptedXml.EncryptKey(innerKey.Key, key)), EncryptionMethod = new EncryptionMethod(TestHelpers.GetEncryptionMethodName(key, keyWrap: true)) }; // Specify which EncryptedData // uses this key. An XML document can have // multiple EncryptedData elements that use // different keys. encryptedKey.AddReference(new DataReference() { Uri = "#" + encryptionElementID }); var encryptedData = new EncryptedData() { Type = EncryptedXml.XmlEncElementUrl, Id = encryptionElementID, // Create an EncryptionMethod element so that the // receiver knows which algorithm to use for decryption. EncryptionMethod = new EncryptionMethod(TestHelpers.GetEncryptionMethodName(innerKey)) }; encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); encryptedKey.KeyInfo.AddClause(new KeyInfoName() { Value = keyName }); var encryptedXml = new EncryptedXml(); encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, innerKey, false); EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false); } }
public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName) { XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement; if (elementToEncrypt == null) { throw new XmlException("The specified element was not found"); } RijndaelManaged sessionKey = null; try { sessionKey = new RijndaelManaged(); sessionKey.KeySize = 256; EncryptedXml eXml = new EncryptedXml(); byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false); EncryptedData edElement = new EncryptedData(); edElement.Type = EncryptedXml.XmlEncElementUrl; edElement.Id = EncryptionElementID; edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); EncryptedKey ek = new EncryptedKey(); byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false); ek.CipherData = new CipherData(encryptedKey); ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); DataReference dRef = new DataReference(); dRef.Uri = "#" + EncryptionElementID; ek.AddReference(dRef); edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek)); KeyInfoName kin = new KeyInfoName(); kin.Value = KeyName; ek.KeyInfo.AddClause(kin); edElement.CipherData.CipherValue = encryptedElement; EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); } catch (Exception e) { throw e; } finally { if (sessionKey != null) { sessionKey.Clear(); } } }
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, RsaKeyParameters rsaKey, string keyName, bool useOAEP) { var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0]; var sessionKeyData = EncryptingAndDecryptingSymmetric.GenerateBlock(256); var sessionKeyIV = EncryptingAndDecryptingSymmetric.GenerateBlock(128); var sessionKey = new ParametersWithIV(new KeyParameter(sessionKeyData), sessionKeyIV); var encryptedKey = new EncryptedKey() { CipherData = new CipherData(XmlEncryption.EncryptKey(sessionKeyData, rsaKey, useOAEP)), EncryptionMethod = new EncryptionMethod(useOAEP ? NS.XmlEncRSAOAEPUrl : NS.XmlEncRSA15Url) }; encryptedKey.AddReference(new DataReference() { Uri = "#" + encryptionElementID }); var encryptedData = new EncryptedData() { Type = XmlNameSpace.Url[NS.XmlEncElementUrl], Id = encryptionElementID, EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url) }; encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); encryptedKey.KeyInfo.AddClause(new KeyInfoName() { Value = keyName }); var encryptedXml = new XmlEncryption(); encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, sessionKey, false); XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false); }
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, ICipherParameters key, string keyName, Func <ICipherParameters> innerKeyFactory) { var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0]; ICipherParameters innerKey = innerKeyFactory(); var encryptedKey = new EncryptedKey() { CipherData = new CipherData(XmlEncryption.EncryptKey(((KeyParameter)((ParametersWithIV)innerKey).Parameters).GetKey(), (KeyParameter)((ParametersWithIV)key).Parameters)), EncryptionMethod = new EncryptionMethod(EncryptingAndDecryptingSymmetric.GetEncryptionMethodName(key, keyWrap: true)) }; encryptedKey.AddReference(new DataReference() { Uri = "#" + encryptionElementID }); var encryptedData = new EncryptedData() { Type = XmlNameSpace.Url[NS.XmlEncElementUrl], Id = encryptionElementID, EncryptionMethod = new EncryptionMethod(EncryptingAndDecryptingSymmetric.GetEncryptionMethodName(innerKey, keyWrap: false)) }; encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); encryptedKey.KeyInfo.AddClause(new KeyInfoName() { Value = keyName }); var encryptedXml = new XmlEncryption(); encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, innerKey, false); XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false); }
/// <summary> /// Método para criptografia /// </summary> /// <param name="doc">XML documento</param> /// <param name="tagToEncrypt">Tag para criptografia</param> /// <param name="encryptionElementId">Tag de identificação da criptografia</param> /// <param name="alg">RSA</param> /// <param name="keyName">chave para criptografia</param> public static void Encrypt(XmlDocument doc, string tagToEncrypt, string encryptionElementId, RSA alg, string keyName) { if (doc == null) { throw new ArgumentNullException("doc"); } if (tagToEncrypt == null) { throw new ArgumentNullException("ElementToEncrypt"); } if (encryptionElementId == null) { throw new ArgumentNullException("encryptionElementId"); } if (alg == null) { throw new ArgumentNullException("alg"); } if (keyName == null) { throw new ArgumentNullException("keyName"); } //////////////////////////////////////////////// // Find the specified element in the XmlDocument // object and create a new XmlElemnt object. //////////////////////////////////////////////// XmlElement elementToEncrypt = doc.GetElementsByTagName(tagToEncrypt)[0] as XmlElement; // Throw an XmlException if the element was not found. if (elementToEncrypt == null) { throw new XmlException("The specified element was not found"); } RijndaelManaged sessionKey = null; try { ////////////////////////////////////////////////// // Create a new instance of the EncryptedXml class // and use it to encrypt the XmlElement with the // a new random symmetric key. ////////////////////////////////////////////////// // Create a 256 bit Rijndael key. sessionKey = new RijndaelManaged(); sessionKey.KeySize = 256; EncryptedXml eXml = new EncryptedXml(); byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false); //////////////////////////////////////////////// // Construct an EncryptedData object and populate // it with the desired encryption information. //////////////////////////////////////////////// EncryptedData edElement = new EncryptedData(); edElement.Type = EncryptedXml.XmlEncElementUrl; edElement.Id = encryptionElementId; // Create an EncryptionMethod element so that the // receiver knows which algorithm to use for decryption. edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); // Encrypt the session key and add it to an EncryptedKey element. EncryptedKey ek = new EncryptedKey(); byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, alg, false); ek.CipherData = new CipherData(encryptedKey); ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); // Create a new DataReference element // for the KeyInfo element. This optional // element specifies which EncryptedData // uses this key. An XML document can have // multiple EncryptedData elements that use // different keys. DataReference dRef = new DataReference(); // Specify the EncryptedData URI. dRef.Uri = "#" + encryptionElementId; // Add the DataReference to the EncryptedKey. ek.AddReference(dRef); // Add the encrypted key to the // EncryptedData object. edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek)); // Set the KeyInfo element to specify the // name of the RSA key. // Create a new KeyInfoName element. KeyInfoName kin = new KeyInfoName(); // Specify a name for the key. kin.Value = keyName; // Add the KeyInfoName element to the // EncryptedKey object. ek.KeyInfo.AddClause(kin); // Add the encrypted element data to the // EncryptedData object. edElement.CipherData.CipherValue = encryptedElement; //////////////////////////////////////////////////// // Replace the element from the original XmlDocument // object with the EncryptedData element. //////////////////////////////////////////////////// EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); } catch (Exception e) { // re-throw the exception. throw e; } finally { if (sessionKey != null) { sessionKey.Clear(); } } }
// Зашифрование узла XML документа на ассиметричном ключе private static void Encrypt(string srcName, string destName, string xpath, string EncryptionElementID, AsymmetricAlgorithm alg, string KeyName) { // Создаем новый объект xml документа. XmlDocument xmlDoc = new XmlDocument(); // Пробельные символы участвуют в вычислении подписи и должны быть сохранены для совместимости с другими реализациями xmlDoc.PreserveWhitespace = true; // Загружаем в объект созданный XML документ. xmlDoc.Load(srcName); // Ищем заданный элемент для заширования. XmlElement elementToEncrypt = xmlDoc.SelectSingleNode(xpath) as XmlElement; if (elementToEncrypt == null) { throw new XmlException("Узел не найден"); } // Создаем случайный симметричный ключ. // В целях безопасности удаляем ключ из памяти после использования. using (Gost28147CryptoServiceProvider sessionKey = new Gost28147CryptoServiceProvider()) { // Создаем объект класса EncryptedXml и используем // его для зашифрования узла на случайной симметричном ключе. EncryptedXml eXml = new EncryptedXml(); // Зашифровываем элемент на сессионном ключе. byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false); // Создаем объект EncryptedData и заполняем его // необходимой информацией. EncryptedData edElement = new EncryptedData(); // Тип элемента зашифрованный узел edElement.Type = EncryptedXml.XmlEncElementUrl; // Созданный элемент помечаем EncryptionElementID edElement.Id = EncryptionElementID; // Заполняем алгоритм зашифрования данных. // Он будет использован при расшифровании. edElement.EncryptionMethod = new EncryptionMethod( EncryptedXml.XmlEncGost28147Url); // Зашифровываем сессионный ключ и добавляем эти зашифрованные данные // к узлу EncryptedKey. EncryptedKey ek = new EncryptedKey(); byte[] encryptedKey; if (alg is Gost3410 gost3410) { encryptedKey = EncryptedXml.EncryptKey(sessionKey, gost3410); } else if (alg is Gost3410_2012_256 gost3410_2012_256) { encryptedKey = EncryptedXml.EncryptKey(sessionKey, gost3410_2012_256); } else if (alg is Gost3410_2012_512 gost3410_2012_512) { encryptedKey = EncryptedXml.EncryptKey(sessionKey, gost3410_2012_512); } else { throw new NotSupportedException(); } ek.CipherData = new CipherData(encryptedKey); ek.EncryptionMethod = new EncryptionMethod( EncryptedXml.XmlEncGostKeyTransportUrl); // Создаем элемент DataReference для KeyInfo. // Эта необязательная операция позволяет указать // какие данные используют данный ключ. // XML документ может содержвать несколько // элементов EncryptedData с различными ключами. DataReference dRef = new DataReference(); // Указываем URI EncryptedData. // Для этого используем ранее проставленную ссылку // EncryptionElementID dRef.Uri = "#" + EncryptionElementID; // Добавляем к EncryptedKey ссылку на зашифрованные // данные. ek.AddReference(dRef); // Создаем новую ссылку на ключ. edElement.KeyInfo = new KeyInfo(); // Добавляем ссылку на зашифрованный ключ к // зашифрованным данным. edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek)); // Указываем имя ассиметричного ключа. // Создаем новый элемент KeyInfoName KeyInfoName kin = new KeyInfoName(); // Указываем имя ассиметричного ключа. kin.Value = KeyName; // Добавляем элемент KeyInfoName к // объекту EncryptedKey. ek.KeyInfo.AddClause(kin); // Добавляем зашифрованные данные // к объекту EncryptedData. edElement.CipherData.CipherValue = encryptedElement; // Заменяем исходный узел на зашифрованный. EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); // Сохраняем зашифрованный документ. xmlDoc.Save(destName); } }
public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName) { // Check the arguments. if (Doc == null) { throw new ArgumentNullException("Doc"); } if (ElementToEncrypt == null) { throw new ArgumentNullException("ElementToEncrypt"); } if (EncryptionElementID == null) { throw new ArgumentNullException("EncryptionElementID"); } if (Alg == null) { throw new ArgumentNullException("Alg"); } if (KeyName == null) { throw new ArgumentNullException("KeyName"); } //////////////////////////////////////////////// // Find the specified element in the XmlDocument // object and create a new XmlElement object. //////////////////////////////////////////////// // <snippet5> XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement; // Throw an XmlException if the element was not found. if (elementToEncrypt == null) { throw new XmlException("The specified element was not found"); } // </snippet5> Aes sessionKey = null; try { ////////////////////////////////////////////////// // Create a new instance of the EncryptedXml class // and use it to encrypt the XmlElement with the // a new random symmetric key. ////////////////////////////////////////////////// // <snippet6> // Create an AES key. sessionKey = Aes.Create(); // </snippet6> // <snippet7> EncryptedXml eXml = new EncryptedXml(); byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false); // </snippet7> //////////////////////////////////////////////// // Construct an EncryptedData object and populate // it with the desired encryption information. //////////////////////////////////////////////// // <snippet8> EncryptedData edElement = new EncryptedData(); edElement.Type = EncryptedXml.XmlEncElementUrl; edElement.Id = EncryptionElementID; // </snippet8> // Create an EncryptionMethod element so that the // receiver knows which algorithm to use for decryption. // <snippet9> edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); // </snippet9> // Encrypt the session key and add it to an EncryptedKey element. // <snippet10> EncryptedKey ek = new EncryptedKey(); byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false); ek.CipherData = new CipherData(encryptedKey); ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); // </snippet10> // Create a new DataReference element // for the KeyInfo element. This optional // element specifies which EncryptedData // uses this key. An XML document can have // multiple EncryptedData elements that use // different keys. // <snippet11> DataReference dRef = new DataReference(); // Specify the EncryptedData URI. dRef.Uri = "#" + EncryptionElementID; // Add the DataReference to the EncryptedKey. ek.AddReference(dRef); // </snippet11> // Add the encrypted key to the // EncryptedData object. // <snippet12> edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek)); // </snippet12> // Set the KeyInfo element to specify the // name of the RSA key. // <snippet13> // Create a new KeyInfoName element. KeyInfoName kin = new KeyInfoName(); // Specify a name for the key. kin.Value = KeyName; // Add the KeyInfoName element to the // EncryptedKey object. ek.KeyInfo.AddClause(kin); // </snippet13> // Add the encrypted element data to the // EncryptedData object. // <snippet14> edElement.CipherData.CipherValue = encryptedElement; // </snippet14> //////////////////////////////////////////////////// // Replace the element from the original XmlDocument // object with the EncryptedData element. //////////////////////////////////////////////////// // <snippet15> EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); // </snippet15> } catch (Exception e) { // re-throw the exception. throw e; } finally { if (sessionKey != null) { sessionKey.Clear(); } } }
/** * Doc = documentul xml * ElementToEncrypt = numele elementului de criptat * EncryptionElementID = id-ul elementului ce va fi criptat * RSA = algoritmul de criptare (algoritm asimetric) * KeyNane = numele cheii de criptare */ public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName) { // Verificarea argumentelor if (Doc == null) { throw new ArgumentNullException("Doc"); } if (ElementToEncrypt == null) { throw new ArgumentNullException("ElementToEncrypt"); } if (EncryptionElementID == null) { throw new ArgumentNullException("EncryptionElementID"); } if (Alg == null) { throw new ArgumentNullException("Alg"); } if (KeyName == null) { throw new ArgumentNullException("KeyName"); } //////////////////////////////////////////////// // Identificarea elementului de criptat //////////////////////////////////////////////// XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement; // Daca nu este gasit se arunca o exceptie if (elementToEncrypt == null) { throw new XmlException("The specified element was not found"); } RijndaelManaged sessionKey = null; try { ////////////////////////////////////////////////// // Se creeaza o noua instanta a clasei EncryptedXml // si se foloseste pentru criptarea elementului xml // cu o noua cheie simetrica generata random. ////////////////////////////////////////////////// // Se creaza o cheie de sesiune SIMETRICA Rijndael de 256 de biti sessionKey = new RijndaelManaged(); sessionKey.KeySize = 256; EncryptedXml eXml = new EncryptedXml(); byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false); //////////////////////////////////////////////// // Se creeaza un obiect EncryptedData si se populeaza // cu informatia criptata. //////////////////////////////////////////////// EncryptedData edElement = new EncryptedData(); edElement.Type = EncryptedXml.XmlEncElementUrl; edElement.Id = EncryptionElementID; // Se creeaza un element de tip EncryptionMethod astfel incat // destinatarul sa stie ce algoritm va folosi pentru decriptare. edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); // Cripteaza cheia de sesiune si se adauga intr-un element de tip EncryptedKey. EncryptedKey ek = new EncryptedKey(); byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false); ek.CipherData = new CipherData(encryptedKey); ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); // Din cauza faptului ca un document xml poate avea // mai multe elemente EncrypredData criptate cu mai multe chei // este nevoie de specificarea unui element de tip DataReference // care sa indice elementul criptat cu aceasta cheie DataReference dRef = new DataReference(); // Se specifica URI-ul dRef.Uri = "#" + EncryptionElementID; // Se adauga DataReference la EncryptedKey. ek.AddReference(dRef); // Se adauga cheia criptata la obiectul EncryptedData // EncryptedData object. edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek)); // Se seteaza numele cheii RSA KeyInfoName kin = new KeyInfoName(); kin.Value = KeyName; // Adauga obiectul kin la cheia criptata ek.KeyInfo.AddClause(kin); // Se adauga elementul criptat edElement.CipherData.CipherValue = encryptedElement; //////////////////////////////////////////////////// // Se inlocuieste elementul original cu elementul criptat //////////////////////////////////////////////////// EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); } catch (Exception e) { // re-throw the exception. throw e; } finally { if (sessionKey != null) { sessionKey.Clear(); } } }
/// <summary> /// Encrypts the specified XML element. /// </summary> /// <param name="plaintextElement">The plaintext to encrypt.</param> /// <returns> /// An <see cref="EncryptedXmlInfo" /> that contains the encrypted value of /// <paramref name="plaintextElement" /> along with information about how to /// decrypt it. /// </returns> /// <exception cref="System.ArgumentNullException"> /// Thrown if <paramref name="plaintextElement" /> is <see langword="null" />. /// </exception> /// <exception cref="ObjectDisposedException"> /// Thrown if this method is called after <see cref="Dispose()"/> is called. /// </exception> public EncryptedXmlInfo Encrypt(XElement plaintextElement) { if (plaintextElement == null) { throw new ArgumentNullException(nameof(plaintextElement)); } if (this._disposed) { throw new ObjectDisposedException("Unable to encrypt after the object has been disposed."); } this.Logger.LogDebug("Encrypting XML with certificate {0}.", this._keyName); // Create a faux XML document from the XElement so we can use EncryptedXml. var xmlDocument = plaintextElement.ToXmlDocumentWithRootNode(); var elementToEncrypt = xmlDocument.ElementToProcess(); // Do the actual encryption. Algorithm based on MSDN docs: // https://msdn.microsoft.com/en-us/library/ms229746(v=vs.110).aspx var encryptedXml = new EncryptedXml(); var encryptedElement = encryptedXml.EncryptData(elementToEncrypt, this._sessionKey, false); // Build the wrapper elements that provide information about // the algorithms used, the name of the key used, and so on. var encryptedData = new EncryptedData { Type = EncryptedXml.XmlEncElementUrl, Id = EncryptedElementId, EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url), }; var encryptedKey = new EncryptedKey { CipherData = new CipherData(EncryptedXml.EncryptKey(this._sessionKey.Key, this._keyProvider, false)), EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url), }; // "Connect" the encrypted data and encrypted key with // element references. var encryptedElementDataReference = new DataReference { Uri = "#" + EncryptedElementId, }; encryptedKey.AddReference(encryptedElementDataReference); encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); var keyName = new KeyInfoName { Value = this._keyName, }; encryptedKey.KeyInfo.AddClause(keyName); encryptedData.CipherData.CipherValue = encryptedElement; // Swap the plaintext element for the encrypted element. EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false); return(new EncryptedXmlInfo(xmlDocument.ElementToProcess().ToXElement(), typeof(CertificateXmlDecryptor))); }