public void RoundtripSample1()
{
StringWriter sw = new StringWriter();
// Encryption
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml("<root> <child>sample</child> </root>");
XmlElement body = doc.DocumentElement;
RijndaelManaged aes = new RijndaelManaged();
aes.Mode = CipherMode.CBC;
aes.KeySize = 256;
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a secret.")]
aes.IV = Convert.FromBase64String("pBUM5P03rZ6AE4ZK5EyBrw==");
// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Not a secret.")]
aes.Key = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
aes.Padding = PaddingMode.Zeros;
EncryptedXml exml = new EncryptedXml();
byte [] encrypted = exml.EncryptData(body, aes, false);
EncryptedData edata = new EncryptedData();
edata.Type = EncryptedXml.XmlEncElementUrl;
edata.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
EncryptedKey ekey = new EncryptedKey();
// omit key encryption, here for testing
byte [] encKeyBytes = aes.Key;
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
DataReference dr = new DataReference();
dr.Uri = "_0";
ekey.AddReference(dr);
edata.KeyInfo.AddClause(new KeyInfoEncryptedKey(ekey));
edata.KeyInfo = new KeyInfo();
ekey.KeyInfo.AddClause(new RSAKeyValue(RSA.Create()));
edata.CipherData.CipherValue = encrypted;
EncryptedXml.ReplaceElement(doc.DocumentElement, edata, false);
doc.Save(new XmlTextWriter(sw));
}
// Decryption
{
RijndaelManaged aes = new RijndaelManaged();
aes.Mode = CipherMode.CBC;
aes.KeySize = 256;
aes.Key = Convert.FromBase64String(
"o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
aes.Padding = PaddingMode.Zeros;
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(sw.ToString());
EncryptedXml encxml = new EncryptedXml(doc);
EncryptedData edata = new EncryptedData();
edata.LoadXml(doc.DocumentElement);
encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes));
}
}
public void RoundtripSample1()
{
using (StringWriter sw = new StringWriter())
{
// Encryption
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml("<root> <child>sample</child> </root>");
XmlElement body = doc.DocumentElement;
var aes = CipherUtilities.GetCipher("AES/CBC/ZEROBYTEPADDING");
var ivdata = Convert.FromBase64String("pBUM5P03rZ6AE4ZK5EyBrw==");
var keydata = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
EncryptedXml exml = new EncryptedXml();
byte[] encrypted = exml.EncryptData(body, param, false);
EncryptedData edata = new EncryptedData();
edata.Type = EncryptedXml.XmlEncElementUrl;
edata.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
EncryptedKey ekey = new EncryptedKey();
// omit key encryption, here for testing
byte[] encKeyBytes = keydata;
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
DataReference dr = new DataReference();
dr.Uri = "_0";
ekey.AddReference(dr);
edata.KeyInfo.AddClause(new KeyInfoEncryptedKey(ekey));
ekey.KeyInfo.AddClause(new RSAKeyValue());
edata.CipherData.CipherValue = encrypted;
EncryptedXml.ReplaceElement(doc.DocumentElement, edata, false);
doc.Save(new XmlTextWriter(sw));
}
// Decryption
{
var aes = CipherUtilities.GetCipher("AES/CBC/ZEROBYTEPADDING");
var random = new SecureRandom();
var ivdata = new byte[aes.GetBlockSize()];
var keydata = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640=");
random.NextBytes(ivdata);
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
doc.LoadXml(sw.ToString());
EncryptedXml encxml = new EncryptedXml(doc);
EncryptedData edata = new EncryptedData();
edata.LoadXml(doc.DocumentElement);
encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, param));
}
}
}
private static XmlDocument EncryptXmlDocument(XmlDocument xmlDocument, IEnumerable <X509Certificate2> certificates)
{
// Создание объекта для шифрации XML
var encryptedXml = new GostEncryptedXml();
// Поиск элементов для шифрации
var elements = xmlDocument.SelectNodes("//SomeElement[@Encrypt='true']");
if (elements != null)
{
var elementIndex = 0;
foreach (XmlElement element in elements)
{
// Формирование элемента EncryptedData
var elementEncryptedData = new EncryptedData();
elementEncryptedData.Id = "EncryptedElement" + elementIndex++;
elementEncryptedData.Type = EncryptedXml.XmlEncElementUrl;
elementEncryptedData.KeyInfo = new KeyInfo();
using (var sessionKey = new Gost_28147_89_SymmetricAlgorithm())
{
elementEncryptedData.EncryptionMethod = new EncryptionMethod(sessionKey.AlgorithmName);
// Шифрация элемента с использованием симметричного ключа
var encryptedElement = encryptedXml.EncryptData(element, sessionKey, false);
foreach (var certificate in certificates)
{
// Шифрация сессионного ключа с использованием открытого ключа сертификата
var encryptedSessionKeyData = GostEncryptedXml.EncryptKey(sessionKey, (GostAsymmetricAlgorithm)certificate.GetPublicKeyAlgorithm());
// Формирование информации о зашифрованном сессионном ключе
var encryptedSessionKey = new EncryptedKey();
encryptedSessionKey.CipherData = new CipherData(encryptedSessionKeyData);
encryptedSessionKey.EncryptionMethod = new EncryptionMethod(GostEncryptedXml.XmlEncGostCryptoProKeyExportUrl);
encryptedSessionKey.AddReference(new DataReference {
Uri = "#" + elementEncryptedData.Id
});
encryptedSessionKey.KeyInfo.AddClause(new KeyInfoX509Data(certificate));
// Добавление ссылки на зашифрованный ключ, используемый при шифровании данных
elementEncryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedSessionKey));
}
// Установка зашифрованных данных у объекта EncryptedData
elementEncryptedData.CipherData.CipherValue = encryptedElement;
}
// Замена элемента его зашифрованным представлением
GostEncryptedXml.ReplaceElement(element, elementEncryptedData, false);
}
}
return(xmlDocument);
}
private static XmlDocument EncryptXmlDocument(XmlDocument xmlDocument, Gost28147 sharedKey)
{
// Создание объекта для шифрации XML
var encryptedXml = new GostEncryptedXml();
// Поиск элементов для шифрации
var elements = xmlDocument.SelectNodes("//SomeElement[@Encrypt='true']");
if (elements != null)
{
var elementIndex = 0;
foreach (XmlElement element in elements)
{
// Создание случайного сессионного ключа
using (var sessionKey = new Gost28147SymmetricAlgorithm())
{
// Шифрация элемента
var encryptedData = encryptedXml.EncryptData(element, sessionKey, false);
// Шифрация сессионного ключа с использованием общего симметричного ключа
var encryptedSessionKeyData = GostEncryptedXml.EncryptKey(sessionKey, sharedKey, GostKeyExchangeExportMethod.CryptoProKeyExport);
// Формирование элемента EncryptedData
var elementEncryptedData = new EncryptedData();
elementEncryptedData.Id = "EncryptedElement" + elementIndex++;
elementEncryptedData.Type = EncryptedXml.XmlEncElementUrl;
elementEncryptedData.EncryptionMethod = new EncryptionMethod(GostEncryptedXml.XmlEncGost28147Url);
elementEncryptedData.CipherData.CipherValue = encryptedData;
elementEncryptedData.KeyInfo = new KeyInfo();
// Формирование информации о зашифрованном сессионном ключе
var encryptedSessionKey = new EncryptedKey();
encryptedSessionKey.CipherData = new CipherData(encryptedSessionKeyData);
encryptedSessionKey.EncryptionMethod = new EncryptionMethod(GostEncryptedXml.XmlEncGostCryptoProKeyExportUrl);
encryptedSessionKey.AddReference(new DataReference {
Uri = "#" + elementEncryptedData.Id
});
encryptedSessionKey.KeyInfo.AddClause(new KeyInfoName {
Value = "SharedKey1"
});
// Добавление ссылки на зашифрованный ключ, используемый при шифровании данных
elementEncryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedSessionKey));
// Замена элемента его зашифрованным представлением
GostEncryptedXml.ReplaceElement(element, elementEncryptedData, false);
}
}
}
return(xmlDocument);
}
private EncryptedKey CreatedEncryptedKey(SymmetricAlgorithm aes, string dataReferenceId, string keyId)
{
var encryptedKey = new EncryptedKey();
encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl);
encryptedKey.Id = keyId;
var cert = new X509Certificate2(certificate);
encryptedKey.CipherData.CipherValue = EncryptedXml.EncryptKey(aes.Key, cert.PublicKey.Key as RSA, true);
var dataReference = new DataReference("#" + dataReferenceId);
encryptedKey.AddReference(dataReference);
return(encryptedKey);
}
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, RSA rsaKey, string keyName, bool useOAEP)
{
var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0];
using (var sessionKey = Aes.Create())
{
sessionKey.KeySize = 256;
// Encrypt the session key and add it to an EncryptedKey element.
var encryptedKey = new EncryptedKey()
{
CipherData = new CipherData(EncryptedXml.EncryptKey(sessionKey.Key, rsaKey, useOAEP)),
EncryptionMethod = new EncryptionMethod(useOAEP ? EncryptedXml.XmlEncRSAOAEPUrl : EncryptedXml.XmlEncRSA15Url)
};
// Specify which EncryptedData
// uses this key. An XML document can have
// multiple EncryptedData elements that use
// different keys.
encryptedKey.AddReference(new DataReference()
{
Uri = "#" + encryptionElementID
});
var encryptedData = new EncryptedData()
{
Type = EncryptedXml.XmlEncElementUrl,
Id = encryptionElementID,
// Create an EncryptionMethod element so that the
// receiver knows which algorithm to use for decryption.
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url)
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
encryptedKey.KeyInfo.AddClause(new KeyInfoName()
{
Value = keyName
});
var encryptedXml = new EncryptedXml();
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, sessionKey, false);
EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false);
}
}
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, SymmetricAlgorithm key, string keyName, SymmetricAlgorithmFactory innerKeyFactory)
{
var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0];
using (SymmetricAlgorithm innerKey = innerKeyFactory.Create())
{
// Encrypt the key with another key
var encryptedKey = new EncryptedKey()
{
CipherData = new CipherData(EncryptedXml.EncryptKey(innerKey.Key, key)),
EncryptionMethod = new EncryptionMethod(TestHelpers.GetEncryptionMethodName(key, keyWrap: true))
};
// Specify which EncryptedData
// uses this key. An XML document can have
// multiple EncryptedData elements that use
// different keys.
encryptedKey.AddReference(new DataReference()
{
Uri = "#" + encryptionElementID
});
var encryptedData = new EncryptedData()
{
Type = EncryptedXml.XmlEncElementUrl,
Id = encryptionElementID,
// Create an EncryptionMethod element so that the
// receiver knows which algorithm to use for decryption.
EncryptionMethod = new EncryptionMethod(TestHelpers.GetEncryptionMethodName(innerKey))
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
encryptedKey.KeyInfo.AddClause(new KeyInfoName()
{
Value = keyName
});
var encryptedXml = new EncryptedXml();
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, innerKey, false);
EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false);
}
}
public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName)
{
XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;
if (elementToEncrypt == null)
{
throw new XmlException("The specified element was not found");
}
RijndaelManaged sessionKey = null;
try {
sessionKey = new RijndaelManaged();
sessionKey.KeySize = 256;
EncryptedXml eXml = new EncryptedXml();
byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
EncryptedData edElement = new EncryptedData();
edElement.Type = EncryptedXml.XmlEncElementUrl;
edElement.Id = EncryptionElementID;
edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
EncryptedKey ek = new EncryptedKey();
byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);
ek.CipherData = new CipherData(encryptedKey);
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
DataReference dRef = new DataReference();
dRef.Uri = "#" + EncryptionElementID;
ek.AddReference(dRef);
edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
KeyInfoName kin = new KeyInfoName();
kin.Value = KeyName;
ek.KeyInfo.AddClause(kin);
edElement.CipherData.CipherValue = encryptedElement;
EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
} catch (Exception e) {
throw e;
} finally {
if (sessionKey != null)
{
sessionKey.Clear();
}
}
}
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, RsaKeyParameters rsaKey, string keyName, bool useOAEP)
{
var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0];
var sessionKeyData = EncryptingAndDecryptingSymmetric.GenerateBlock(256);
var sessionKeyIV = EncryptingAndDecryptingSymmetric.GenerateBlock(128);
var sessionKey = new ParametersWithIV(new KeyParameter(sessionKeyData), sessionKeyIV);
var encryptedKey = new EncryptedKey()
{
CipherData = new CipherData(XmlEncryption.EncryptKey(sessionKeyData, rsaKey, useOAEP)),
EncryptionMethod = new EncryptionMethod(useOAEP ? NS.XmlEncRSAOAEPUrl : NS.XmlEncRSA15Url)
};
encryptedKey.AddReference(new DataReference()
{
Uri = "#" + encryptionElementID
});
var encryptedData = new EncryptedData()
{
Type = XmlNameSpace.Url[NS.XmlEncElementUrl],
Id = encryptionElementID,
EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url)
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
encryptedKey.KeyInfo.AddClause(new KeyInfoName()
{
Value = keyName
});
var encryptedXml = new XmlEncryption();
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, sessionKey, false);
XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false);
}
private static void Encrypt(XmlDocument doc, string elementName, string encryptionElementID, ICipherParameters key, string keyName, Func <ICipherParameters> innerKeyFactory)
{
var elementToEncrypt = (XmlElement)doc.GetElementsByTagName(elementName)[0];
ICipherParameters innerKey = innerKeyFactory();
var encryptedKey = new EncryptedKey()
{
CipherData = new CipherData(XmlEncryption.EncryptKey(((KeyParameter)((ParametersWithIV)innerKey).Parameters).GetKey(), (KeyParameter)((ParametersWithIV)key).Parameters)),
EncryptionMethod = new EncryptionMethod(EncryptingAndDecryptingSymmetric.GetEncryptionMethodName(key, keyWrap: true))
};
encryptedKey.AddReference(new DataReference()
{
Uri = "#" + encryptionElementID
});
var encryptedData = new EncryptedData()
{
Type = XmlNameSpace.Url[NS.XmlEncElementUrl],
Id = encryptionElementID,
EncryptionMethod = new EncryptionMethod(EncryptingAndDecryptingSymmetric.GetEncryptionMethodName(innerKey, keyWrap: false))
};
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
encryptedKey.KeyInfo.AddClause(new KeyInfoName()
{
Value = keyName
});
var encryptedXml = new XmlEncryption();
encryptedData.CipherData.CipherValue = encryptedXml.EncryptData(elementToEncrypt, innerKey, false);
XmlDecryption.ReplaceElement(elementToEncrypt, encryptedData, false);
}
/// <summary>
/// Método para criptografia
/// </summary>
/// <param name="doc">XML documento</param>
/// <param name="tagToEncrypt">Tag para criptografia</param>
/// <param name="encryptionElementId">Tag de identificação da criptografia</param>
/// <param name="alg">RSA</param>
/// <param name="keyName">chave para criptografia</param>
public static void Encrypt(XmlDocument doc, string tagToEncrypt, string encryptionElementId, RSA alg, string keyName)
{
if (doc == null)
{
throw new ArgumentNullException("doc");
}
if (tagToEncrypt == null)
{
throw new ArgumentNullException("ElementToEncrypt");
}
if (encryptionElementId == null)
{
throw new ArgumentNullException("encryptionElementId");
}
if (alg == null)
{
throw new ArgumentNullException("alg");
}
if (keyName == null)
{
throw new ArgumentNullException("keyName");
}
////////////////////////////////////////////////
// Find the specified element in the XmlDocument
// object and create a new XmlElemnt object.
////////////////////////////////////////////////
XmlElement elementToEncrypt = doc.GetElementsByTagName(tagToEncrypt)[0] as XmlElement;
// Throw an XmlException if the element was not found.
if (elementToEncrypt == null)
{
throw new XmlException("The specified element was not found");
}
RijndaelManaged sessionKey = null;
try
{
//////////////////////////////////////////////////
// Create a new instance of the EncryptedXml class
// and use it to encrypt the XmlElement with the
// a new random symmetric key.
//////////////////////////////////////////////////
// Create a 256 bit Rijndael key.
sessionKey = new RijndaelManaged();
sessionKey.KeySize = 256;
EncryptedXml eXml = new EncryptedXml();
byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
////////////////////////////////////////////////
// Construct an EncryptedData object and populate
// it with the desired encryption information.
////////////////////////////////////////////////
EncryptedData edElement = new EncryptedData();
edElement.Type = EncryptedXml.XmlEncElementUrl;
edElement.Id = encryptionElementId;
// Create an EncryptionMethod element so that the
// receiver knows which algorithm to use for decryption.
edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Encrypt the session key and add it to an EncryptedKey element.
EncryptedKey ek = new EncryptedKey();
byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, alg, false);
ek.CipherData = new CipherData(encryptedKey);
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
// Create a new DataReference element
// for the KeyInfo element. This optional
// element specifies which EncryptedData
// uses this key. An XML document can have
// multiple EncryptedData elements that use
// different keys.
DataReference dRef = new DataReference();
// Specify the EncryptedData URI.
dRef.Uri = "#" + encryptionElementId;
// Add the DataReference to the EncryptedKey.
ek.AddReference(dRef);
// Add the encrypted key to the
// EncryptedData object.
edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
// Set the KeyInfo element to specify the
// name of the RSA key.
// Create a new KeyInfoName element.
KeyInfoName kin = new KeyInfoName();
// Specify a name for the key.
kin.Value = keyName;
// Add the KeyInfoName element to the
// EncryptedKey object.
ek.KeyInfo.AddClause(kin);
// Add the encrypted element data to the
// EncryptedData object.
edElement.CipherData.CipherValue = encryptedElement;
////////////////////////////////////////////////////
// Replace the element from the original XmlDocument
// object with the EncryptedData element.
////////////////////////////////////////////////////
EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
}
catch (Exception e)
{
// re-throw the exception.
throw e;
}
finally
{
if (sessionKey != null)
{
sessionKey.Clear();
}
}
}
// Зашифрование узла XML документа на ассиметричном ключе
private static void Encrypt(string srcName, string destName,
string xpath, string EncryptionElementID, AsymmetricAlgorithm alg,
string KeyName)
{
// Создаем новый объект xml документа.
XmlDocument xmlDoc = new XmlDocument();
// Пробельные символы участвуют в вычислении подписи и должны быть сохранены для совместимости с другими реализациями
xmlDoc.PreserveWhitespace = true;
// Загружаем в объект созданный XML документ.
xmlDoc.Load(srcName);
// Ищем заданный элемент для заширования.
XmlElement elementToEncrypt = xmlDoc.SelectSingleNode(xpath)
as XmlElement;
if (elementToEncrypt == null)
{
throw new XmlException("Узел не найден");
}
// Создаем случайный симметричный ключ.
// В целях безопасности удаляем ключ из памяти после использования.
using (Gost28147CryptoServiceProvider sessionKey =
new Gost28147CryptoServiceProvider())
{
// Создаем объект класса EncryptedXml и используем
// его для зашифрования узла на случайной симметричном ключе.
EncryptedXml eXml = new EncryptedXml();
// Зашифровываем элемент на сессионном ключе.
byte[] encryptedElement = eXml.EncryptData(elementToEncrypt,
sessionKey, false);
// Создаем объект EncryptedData и заполняем его
// необходимой информацией.
EncryptedData edElement = new EncryptedData();
// Тип элемента зашифрованный узел
edElement.Type = EncryptedXml.XmlEncElementUrl;
// Созданный элемент помечаем EncryptionElementID
edElement.Id = EncryptionElementID;
// Заполняем алгоритм зашифрования данных.
// Он будет использован при расшифровании.
edElement.EncryptionMethod = new EncryptionMethod(
EncryptedXml.XmlEncGost28147Url);
// Зашифровываем сессионный ключ и добавляем эти зашифрованные данные
// к узлу EncryptedKey.
EncryptedKey ek = new EncryptedKey();
byte[] encryptedKey;
if (alg is Gost3410 gost3410)
{
encryptedKey = EncryptedXml.EncryptKey(sessionKey, gost3410);
}
else if (alg is Gost3410_2012_256 gost3410_2012_256)
{
encryptedKey = EncryptedXml.EncryptKey(sessionKey, gost3410_2012_256);
}
else if (alg is Gost3410_2012_512 gost3410_2012_512)
{
encryptedKey = EncryptedXml.EncryptKey(sessionKey, gost3410_2012_512);
}
else
{
throw new NotSupportedException();
}
ek.CipherData = new CipherData(encryptedKey);
ek.EncryptionMethod = new EncryptionMethod(
EncryptedXml.XmlEncGostKeyTransportUrl);
// Создаем элемент DataReference для KeyInfo.
// Эта необязательная операция позволяет указать
// какие данные используют данный ключ.
// XML документ может содержвать несколько
// элементов EncryptedData с различными ключами.
DataReference dRef = new DataReference();
// Указываем URI EncryptedData.
// Для этого используем ранее проставленную ссылку
// EncryptionElementID
dRef.Uri = "#" + EncryptionElementID;
// Добавляем к EncryptedKey ссылку на зашифрованные
// данные.
ek.AddReference(dRef);
// Создаем новую ссылку на ключ.
edElement.KeyInfo = new KeyInfo();
// Добавляем ссылку на зашифрованный ключ к
// зашифрованным данным.
edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
// Указываем имя ассиметричного ключа.
// Создаем новый элемент KeyInfoName
KeyInfoName kin = new KeyInfoName();
// Указываем имя ассиметричного ключа.
kin.Value = KeyName;
// Добавляем элемент KeyInfoName к
// объекту EncryptedKey.
ek.KeyInfo.AddClause(kin);
// Добавляем зашифрованные данные
// к объекту EncryptedData.
edElement.CipherData.CipherValue = encryptedElement;
// Заменяем исходный узел на зашифрованный.
EncryptedXml.ReplaceElement(elementToEncrypt,
edElement, false);
// Сохраняем зашифрованный документ.
xmlDoc.Save(destName);
}
}
public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName)
{
// Check the arguments.
if (Doc == null)
{
throw new ArgumentNullException("Doc");
}
if (ElementToEncrypt == null)
{
throw new ArgumentNullException("ElementToEncrypt");
}
if (EncryptionElementID == null)
{
throw new ArgumentNullException("EncryptionElementID");
}
if (Alg == null)
{
throw new ArgumentNullException("Alg");
}
if (KeyName == null)
{
throw new ArgumentNullException("KeyName");
}
////////////////////////////////////////////////
// Find the specified element in the XmlDocument
// object and create a new XmlElement object.
////////////////////////////////////////////////
// <snippet5>
XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;
// Throw an XmlException if the element was not found.
if (elementToEncrypt == null)
{
throw new XmlException("The specified element was not found");
}
// </snippet5>
Aes sessionKey = null;
try
{
//////////////////////////////////////////////////
// Create a new instance of the EncryptedXml class
// and use it to encrypt the XmlElement with the
// a new random symmetric key.
//////////////////////////////////////////////////
// <snippet6>
// Create an AES key.
sessionKey = Aes.Create();
// </snippet6>
// <snippet7>
EncryptedXml eXml = new EncryptedXml();
byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
// </snippet7>
////////////////////////////////////////////////
// Construct an EncryptedData object and populate
// it with the desired encryption information.
////////////////////////////////////////////////
// <snippet8>
EncryptedData edElement = new EncryptedData();
edElement.Type = EncryptedXml.XmlEncElementUrl;
edElement.Id = EncryptionElementID;
// </snippet8>
// Create an EncryptionMethod element so that the
// receiver knows which algorithm to use for decryption.
// <snippet9>
edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// </snippet9>
// Encrypt the session key and add it to an EncryptedKey element.
// <snippet10>
EncryptedKey ek = new EncryptedKey();
byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);
ek.CipherData = new CipherData(encryptedKey);
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
// </snippet10>
// Create a new DataReference element
// for the KeyInfo element. This optional
// element specifies which EncryptedData
// uses this key. An XML document can have
// multiple EncryptedData elements that use
// different keys.
// <snippet11>
DataReference dRef = new DataReference();
// Specify the EncryptedData URI.
dRef.Uri = "#" + EncryptionElementID;
// Add the DataReference to the EncryptedKey.
ek.AddReference(dRef);
// </snippet11>
// Add the encrypted key to the
// EncryptedData object.
// <snippet12>
edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
// </snippet12>
// Set the KeyInfo element to specify the
// name of the RSA key.
// <snippet13>
// Create a new KeyInfoName element.
KeyInfoName kin = new KeyInfoName();
// Specify a name for the key.
kin.Value = KeyName;
// Add the KeyInfoName element to the
// EncryptedKey object.
ek.KeyInfo.AddClause(kin);
// </snippet13>
// Add the encrypted element data to the
// EncryptedData object.
// <snippet14>
edElement.CipherData.CipherValue = encryptedElement;
// </snippet14>
////////////////////////////////////////////////////
// Replace the element from the original XmlDocument
// object with the EncryptedData element.
////////////////////////////////////////////////////
// <snippet15>
EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
// </snippet15>
}
catch (Exception e)
{
// re-throw the exception.
throw e;
}
finally
{
if (sessionKey != null)
{
sessionKey.Clear();
}
}
}
/**
* Doc = documentul xml
* ElementToEncrypt = numele elementului de criptat
* EncryptionElementID = id-ul elementului ce va fi criptat
* RSA = algoritmul de criptare (algoritm asimetric)
* KeyNane = numele cheii de criptare
*/
public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string KeyName)
{
// Verificarea argumentelor
if (Doc == null)
{
throw new ArgumentNullException("Doc");
}
if (ElementToEncrypt == null)
{
throw new ArgumentNullException("ElementToEncrypt");
}
if (EncryptionElementID == null)
{
throw new ArgumentNullException("EncryptionElementID");
}
if (Alg == null)
{
throw new ArgumentNullException("Alg");
}
if (KeyName == null)
{
throw new ArgumentNullException("KeyName");
}
////////////////////////////////////////////////
// Identificarea elementului de criptat
////////////////////////////////////////////////
XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;
// Daca nu este gasit se arunca o exceptie
if (elementToEncrypt == null)
{
throw new XmlException("The specified element was not found");
}
RijndaelManaged sessionKey = null;
try
{
//////////////////////////////////////////////////
// Se creeaza o noua instanta a clasei EncryptedXml
// si se foloseste pentru criptarea elementului xml
// cu o noua cheie simetrica generata random.
//////////////////////////////////////////////////
// Se creaza o cheie de sesiune SIMETRICA Rijndael de 256 de biti
sessionKey = new RijndaelManaged();
sessionKey.KeySize = 256;
EncryptedXml eXml = new EncryptedXml();
byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false);
////////////////////////////////////////////////
// Se creeaza un obiect EncryptedData si se populeaza
// cu informatia criptata.
////////////////////////////////////////////////
EncryptedData edElement = new EncryptedData();
edElement.Type = EncryptedXml.XmlEncElementUrl;
edElement.Id = EncryptionElementID;
// Se creeaza un element de tip EncryptionMethod astfel incat
// destinatarul sa stie ce algoritm va folosi pentru decriptare.
edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Cripteaza cheia de sesiune si se adauga intr-un element de tip EncryptedKey.
EncryptedKey ek = new EncryptedKey();
byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, Alg, false);
ek.CipherData = new CipherData(encryptedKey);
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
// Din cauza faptului ca un document xml poate avea
// mai multe elemente EncrypredData criptate cu mai multe chei
// este nevoie de specificarea unui element de tip DataReference
// care sa indice elementul criptat cu aceasta cheie
DataReference dRef = new DataReference();
// Se specifica URI-ul
dRef.Uri = "#" + EncryptionElementID;
// Se adauga DataReference la EncryptedKey.
ek.AddReference(dRef);
// Se adauga cheia criptata la obiectul EncryptedData
// EncryptedData object.
edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
// Se seteaza numele cheii RSA
KeyInfoName kin = new KeyInfoName();
kin.Value = KeyName;
// Adauga obiectul kin la cheia criptata
ek.KeyInfo.AddClause(kin);
// Se adauga elementul criptat
edElement.CipherData.CipherValue = encryptedElement;
////////////////////////////////////////////////////
// Se inlocuieste elementul original cu elementul criptat
////////////////////////////////////////////////////
EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
}
catch (Exception e)
{
// re-throw the exception.
throw e;
}
finally
{
if (sessionKey != null)
{
sessionKey.Clear();
}
}
}
/// <summary>
/// Encrypts the specified XML element.
/// </summary>
/// <param name="plaintextElement">The plaintext to encrypt.</param>
/// <returns>
/// An <see cref="EncryptedXmlInfo" /> that contains the encrypted value of
/// <paramref name="plaintextElement" /> along with information about how to
/// decrypt it.
/// </returns>
/// <exception cref="System.ArgumentNullException">
/// Thrown if <paramref name="plaintextElement" /> is <see langword="null" />.
/// </exception>
/// <exception cref="ObjectDisposedException">
/// Thrown if this method is called after <see cref="Dispose()"/> is called.
/// </exception>
public EncryptedXmlInfo Encrypt(XElement plaintextElement)
{
if (plaintextElement == null)
{
throw new ArgumentNullException(nameof(plaintextElement));
}
if (this._disposed)
{
throw new ObjectDisposedException("Unable to encrypt after the object has been disposed.");
}
this.Logger.LogDebug("Encrypting XML with certificate {0}.", this._keyName);
// Create a faux XML document from the XElement so we can use EncryptedXml.
var xmlDocument = plaintextElement.ToXmlDocumentWithRootNode();
var elementToEncrypt = xmlDocument.ElementToProcess();
// Do the actual encryption. Algorithm based on MSDN docs:
// https://msdn.microsoft.com/en-us/library/ms229746(v=vs.110).aspx
var encryptedXml = new EncryptedXml();
var encryptedElement = encryptedXml.EncryptData(elementToEncrypt, this._sessionKey, false);
// Build the wrapper elements that provide information about
// the algorithms used, the name of the key used, and so on.
var encryptedData = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
Id = EncryptedElementId,
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url),
};
var encryptedKey = new EncryptedKey
{
CipherData = new CipherData(EncryptedXml.EncryptKey(this._sessionKey.Key, this._keyProvider, false)),
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url),
};
// "Connect" the encrypted data and encrypted key with
// element references.
var encryptedElementDataReference = new DataReference
{
Uri = "#" + EncryptedElementId,
};
encryptedKey.AddReference(encryptedElementDataReference);
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
var keyName = new KeyInfoName
{
Value = this._keyName,
};
encryptedKey.KeyInfo.AddClause(keyName);
encryptedData.CipherData.CipherValue = encryptedElement;
// Swap the plaintext element for the encrypted element.
EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false);
return(new EncryptedXmlInfo(xmlDocument.ElementToProcess().ToXElement(), typeof(CertificateXmlDecryptor)));
}
