public string GetEncryptionAlgorithm() { string xpath = ".//*[local-name()='EncryptionMethod']"; var node = _encryptedKey.GetXml().SelectSingleNode(xpath) as XmlElement; return(node?.GetAttribute("Algorithm")); }
public XmlElement DecryptSingleElementByKeyNumber(int encryptedKeyNumber) { EncryptedKey encryptedKey = new EncryptedKey(); encryptedKey.LoadXml((XmlElement)this._encryptedKeyElements[encryptedKeyNumber]); ReferenceList referenceList = encryptedKey.ReferenceList; EncryptedReference encryptedReference = referenceList.Item(0); string uri = encryptedReference.Uri; KeyInfo keyInfo = encryptedKey.KeyInfo; this._referenceList.Clear(); ArrayList referenceElementList = new ArrayList(); referenceElementList = this.FindXmlElementByURI(uri, this._tempdocument.ChildNodes[1]); XmlElement keyInfoElement = this._tempdocument.CreateElement("KeyInfo", SignedXml.XmlDsigNamespaceUrl); keyInfoElement.AppendChild(_tempdocument.ImportNode((XmlNode)encryptedKey.GetXml(), true)); XmlElement encryptedDataElement = (XmlElement)referenceElementList[0]; RSACryptoServiceProvider provider = this._webService.RSACryptoServiceProvider; EncryptedXml encXml = new EncryptedXml(this._tempdocument); encXml.AddKeyNameMapping("Web Service Public Key", provider); EncryptedData data = new EncryptedData(); data.LoadXml((XmlElement)encryptedDataElement); SymmetricAlgorithm algo = SymmetricAlgorithm.Create(); algo.Key = encXml.DecryptEncryptedKey(encryptedKey); byte[] t = encXml.DecryptData(data, algo); encXml.ReplaceData(encryptedDataElement, t); this._tempdocument.GetElementsByTagName("wsse:Security")[0].RemoveChild(_tempdocument.GetElementsByTagName("xenc:EncryptedKey")[0]); XmlElement root = (XmlElement)this._decryptedDataList[encryptedKeyNumber]; return((XmlElement)root); }
public void GetDecryptionKey_CarriedKeyName() { using (Aes aes = Aes.Create()) using (Aes innerAes = Aes.Create()) { innerAes.KeySize = 128; EncryptedData edata = new EncryptedData(); edata.KeyInfo = new KeyInfo(); edata.KeyInfo.AddClause(new KeyInfoName("aes")); EncryptedKey ekey = new EncryptedKey(); byte[] encKeyBytes = EncryptedXml.EncryptKey(innerAes.Key, aes); ekey.CipherData = new CipherData(encKeyBytes); ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); ekey.CarriedKeyName = "aes"; ekey.KeyInfo = new KeyInfo(); ekey.KeyInfo.AddClause(new KeyInfoName("another_aes")); XmlDocument doc = new XmlDocument(); doc.LoadXml(ekey.GetXml().OuterXml); EncryptedXml exml = new EncryptedXml(doc); exml.AddKeyNameMapping("another_aes", aes); SymmetricAlgorithm decryptedAlg = exml.GetDecryptionKey(edata, EncryptedXml.XmlEncAES256Url); Assert.Equal(innerAes.Key, decryptedAlg.Key); } }
private static string GetDigestAlgorithm(EncryptedKey encryptedKey) { string xpath = $".//*[local-name()='EncryptionMethod']/*[local-name()='DigestMethod' and namespace-uri()='{Constants.Namespaces.XmlDsig}']"; var digestNode = encryptedKey.GetXml().SelectSingleNode(xpath) as XmlElement; return(digestNode?.GetAttribute("Algorithm")); }
public void Encrypt() { var encryptionAlgorithm = new AesGcm { KeySize = 128 }; encryptionAlgorithm.GenerateKey(); byte[] encryptedSymmetricKey = RsaOaepSha256.Encrypt(encryptionAlgorithm.Key, PublicKeyInAsn1Format); var encryptedKey = new EncryptedKey { Id = "ek-" + Guid.NewGuid(), EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl), CipherData = new CipherData { CipherValue = encryptedSymmetricKey } }; var encryptedDataList = new List <EncryptedData>(); foreach (Attachment attachment in Attachments) { attachment.Stream.Position = 0; Stream encryptedStream = new MemoryStream(); encryptedStream.Write(encryptionAlgorithm.IV, 0, encryptionAlgorithm.IV.Length); var cryptoStream = new CryptoStream(encryptedStream, encryptionAlgorithm.CreateEncryptor(), CryptoStreamMode.Write); attachment.Stream.CopyTo(cryptoStream); cryptoStream.FlushFinalBlock(); attachment.Stream = encryptedStream; var encryptedData = new EncryptedData { Id = "ed-" + Guid.NewGuid(), Type = "http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Only", EncryptionMethod = new EncryptionMethod("http://www.w3.org/2009/xmlenc11#aes128-gcm"), CipherData = new CipherData { CipherReference = new CipherReference("cid:" + attachment.ContentId) } }; encryptedData.KeyInfo.AddClause(new SecurityTokenReference(encryptedKey.Id)); encryptedData.CipherData.CipherReference.TransformChain.Add(new AttachmentCiphertextTransform()); encryptedDataList.Add(encryptedData); encryptedKey.ReferenceList.Add(new DataReference(encryptedData.Id)); } var securityXml = GetSecurity() ?? CreateSecurity(); foreach (var encryptedData in encryptedDataList) { Insert(encryptedData.GetXml(), securityXml); } Insert(encryptedKey.GetXml(), securityXml); }
public void DecryptEncryptedKey_KeyInfoEncryptedKey() { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; string xml = "<root> <child>sample</child> </root>"; doc.LoadXml(xml); var random = new SecureRandom(); var keydata = new byte[256 / 8]; random.NextBytes(keydata); var param = new KeyParameter(keydata); keydata = new byte[128 / 8]; random.NextBytes(keydata); var innerParam = new KeyParameter(keydata); keydata = new byte[192 / 8]; random.NextBytes(keydata); var outerParam = new KeyParameter(keydata); EncryptedXml exml = new EncryptedXml(doc); exml.AddKeyNameMapping("aes", param); EncryptedKey ekey = new EncryptedKey(); byte[] encKeyBytes = EncryptedXml.EncryptKey(outerParam.GetKey(), param); ekey.CipherData = new CipherData(encKeyBytes); ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); ekey.Id = "Key_ID"; ekey.KeyInfo = new KeyInfo(); ekey.KeyInfo.AddClause(new KeyInfoName("aes")); KeyInfo topLevelKeyInfo = new KeyInfo(); topLevelKeyInfo.AddClause(new KeyInfoEncryptedKey(ekey)); EncryptedKey ekeyTopLevel = new EncryptedKey(); byte[] encTopKeyBytes = EncryptedXml.EncryptKey(innerParam.GetKey(), outerParam); ekeyTopLevel.CipherData = new CipherData(encTopKeyBytes); ekeyTopLevel.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); ekeyTopLevel.KeyInfo = topLevelKeyInfo; doc.LoadXml(ekeyTopLevel.GetXml().OuterXml); byte[] decryptedKey = exml.DecryptEncryptedKey(ekeyTopLevel); Assert.Equal(innerParam.GetKey(), decryptedKey); EncryptedData eData = new EncryptedData(); eData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); eData.KeyInfo = topLevelKeyInfo; var decryptedAlg = exml.GetDecryptionKey(eData, null); Assert.Equal(outerParam.GetKey(), ((KeyParameter)decryptedAlg).GetKey()); }
private static string GetMgfAlgorithm(EncryptedKey encryptedKey) { string xpath = ".//*[local-name()='EncryptionMethod']/*[local-name()='MGF']"; var node = encryptedKey.GetXml().SelectSingleNode(xpath) as XmlElement; return(node?.GetAttribute("Algorithm")); }
public void DecryptEncryptedKey_KeyInfoRetrievalMethod() { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; string xml = "<root> <child>sample</child> </root>"; doc.LoadXml(xml); var random = new SecureRandom(); var ivdata = new byte[128 / 8]; var keydata = new byte[256 / 8]; random.NextBytes(ivdata); random.NextBytes(keydata); var param = new ParametersWithIV(new KeyParameter(keydata), ivdata); keydata = new byte[128 / 8]; random.NextBytes(ivdata); random.NextBytes(keydata); var innerParam = new ParametersWithIV(new KeyParameter(keydata), ivdata); XmlDecryption exml = new XmlDecryption(doc); exml.AddKeyNameMapping("aes", param); EncryptedKey ekey = new EncryptedKey(); byte[] encKeyBytes = XmlEncryption.EncryptKey(((KeyParameter)innerParam.Parameters).GetKey(), (KeyParameter)param.Parameters); ekey.CipherData = new CipherData(encKeyBytes); ekey.EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url); ekey.Id = "Key_ID"; ekey.KeyInfo = new KeyInfo(); ekey.KeyInfo.AddClause(new KeyInfoName("aes")); doc.LoadXml(ekey.GetXml().OuterXml); EncryptedKey ekeyRetrieval = new EncryptedKey(); KeyInfo keyInfoRetrieval = new KeyInfo(); keyInfoRetrieval.AddClause(new KeyInfoRetrievalMethod("#Key_ID")); ekeyRetrieval.KeyInfo = keyInfoRetrieval; byte[] decryptedKey = exml.DecryptEncryptedKey(ekeyRetrieval); Assert.Equal(((KeyParameter)innerParam.Parameters).GetKey(), decryptedKey); EncryptedData eData = new EncryptedData(); eData.EncryptionMethod = new EncryptionMethod(NS.XmlEncAES256Url); eData.KeyInfo = keyInfoRetrieval; var decryptedAlg = exml.GetDecryptionKey(eData, NS.None); Assert.Equal(((KeyParameter)innerParam.Parameters).GetKey(), ((KeyParameter)decryptedAlg).GetKey()); }
public void DecryptEncryptedKey_KeyInfoEncryptedKey() { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; string xml = "<root> <child>sample</child> </root>"; doc.LoadXml(xml); using (Aes aes = Aes.Create()) using (Aes outerAes = Aes.Create()) using (Aes innerAes = Aes.Create()) { outerAes.KeySize = 192; innerAes.KeySize = 128; EncryptedXml exml = new EncryptedXml(doc); exml.AddKeyNameMapping("aes", aes); EncryptedKey ekey = new EncryptedKey(); byte[] encKeyBytes = EncryptedXml.EncryptKey(outerAes.Key, aes); ekey.CipherData = new CipherData(encKeyBytes); ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); ekey.Id = "Key_ID"; ekey.KeyInfo = new KeyInfo(); ekey.KeyInfo.AddClause(new KeyInfoName("aes")); KeyInfo topLevelKeyInfo = new KeyInfo(); topLevelKeyInfo.AddClause(new KeyInfoEncryptedKey(ekey)); EncryptedKey ekeyTopLevel = new EncryptedKey(); byte[] encTopKeyBytes = EncryptedXml.EncryptKey(innerAes.Key, outerAes); ekeyTopLevel.CipherData = new CipherData(encTopKeyBytes); ekeyTopLevel.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); ekeyTopLevel.KeyInfo = topLevelKeyInfo; doc.LoadXml(ekeyTopLevel.GetXml().OuterXml); byte[] decryptedKey = exml.DecryptEncryptedKey(ekeyTopLevel); Assert.Equal(innerAes.Key, decryptedKey); EncryptedData eData = new EncryptedData(); eData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); eData.KeyInfo = topLevelKeyInfo; SymmetricAlgorithm decryptedAlg = exml.GetDecryptionKey(eData, null); Assert.Equal(outerAes.Key, decryptedAlg.Key); } }
public void GetDecryptionKey_CarriedKeyName() { var random = new SecureRandom(); var ivdata = new byte[128 / 8]; var keydata = new byte[256 / 8]; random.NextBytes(ivdata); random.NextBytes(keydata); var param = new ParametersWithIV(new KeyParameter(keydata), ivdata); keydata = new byte[128 / 8]; random.NextBytes(ivdata); random.NextBytes(keydata); var innerParam = new ParametersWithIV(new KeyParameter(keydata), ivdata); EncryptedData edata = new EncryptedData(); edata.KeyInfo = new KeyInfo(); edata.KeyInfo.AddClause(new KeyInfoName("aes")); EncryptedKey ekey = new EncryptedKey(); byte[] encKeyBytes = EncryptedXml.EncryptKey(((KeyParameter)innerParam.Parameters).GetKey(), (KeyParameter)param.Parameters); ekey.CipherData = new CipherData(encKeyBytes); ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); ekey.CarriedKeyName = "aes"; ekey.KeyInfo = new KeyInfo(); ekey.KeyInfo.AddClause(new KeyInfoName("another_aes")); XmlDocument doc = new XmlDocument(); doc.LoadXml(ekey.GetXml().OuterXml); EncryptedXml exml = new EncryptedXml(doc); exml.AddKeyNameMapping("another_aes", param); var decryptedAlg = exml.GetDecryptionKey(edata, EncryptedXml.XmlEncAES256Url); Assert.IsType <KeyParameter>(decryptedAlg); Assert.Equal(((KeyParameter)innerParam.Parameters).GetKey(), ((KeyParameter)decryptedAlg).GetKey()); }
/// <summary> /// Encrypts the NameID attribute of the AttributeQuery request. /// </summary> /// <param name="certFriendlyName"> /// Friendly Name of the X509Certificate to be retrieved /// from the LocalMachine keystore and used to encrypt generated symmetric key. /// Be sure to have appropriate permissions set on the keystore. /// </param> /// <param name="xmlDoc"> /// XML document to be encrypted. /// </param> /// <param name="symmetricAlgorithmUri"> /// Symmetric algorithm uri used for encryption. /// </param> public static void EncryptAttributeQueryNameID(string certFriendlyName, string symmetricAlgorithmUri, XmlDocument xmlDoc) { if (string.IsNullOrWhiteSpace(certFriendlyName)) { throw new Saml2Exception(Resources.EncryptedXmlInvalidCertFriendlyName); } if (string.IsNullOrWhiteSpace(symmetricAlgorithmUri)) { throw new Saml2Exception(Resources.EncryptedXmlInvalidEncrAlgorithm); } if (xmlDoc == null) { throw new Saml2Exception(Resources.SignedXmlInvalidXml); } X509Certificate2 cert = FedletCertificateFactory.GetCertificateByFriendlyName(certFriendlyName); if (cert == null) { throw new Saml2Exception(Resources.EncryptedXmlCertNotFound); } XmlNamespaceManager nsMgr = new XmlNamespaceManager(xmlDoc.NameTable); nsMgr.AddNamespace("ds", SignedXml.XmlDsigNamespaceUrl); nsMgr.AddNamespace("saml", Saml2Constants.NamespaceSamlAssertion); nsMgr.AddNamespace("samlp", Saml2Constants.NamespaceSamlProtocol); string xpath = "/samlp:AttributeQuery/saml:Subject/saml:NameID"; XmlNode root = xmlDoc.DocumentElement; XmlNode node = root.SelectSingleNode(xpath, nsMgr); XmlNode encryptedID = xmlDoc.CreateNode(XmlNodeType.Element, "EncryptedID", Saml2Constants.NamespaceSamlAssertion); node.ParentNode.PrependChild(encryptedID); XmlElement elementToEncrypt = (XmlElement)encryptedID.AppendChild(node.Clone()); if (elementToEncrypt == null) { throw new Saml2Exception(Resources.EncryptedXmlInvalidXml); } encryptedID.ParentNode.RemoveChild(node); SymmetricAlgorithm alg = Saml2Utils.GetAlgorithm(symmetricAlgorithmUri); if (alg == null) { throw new Saml2Exception(Resources.EncryptedXmlInvalidEncrAlgorithm); } alg.GenerateKey(); string encryptionElementID = Saml2Utils.GenerateId(); string encryptionKeyElementID = Saml2Utils.GenerateId(); EncryptedData encryptedData = new EncryptedData(); encryptedData.Type = EncryptedXml.XmlEncElementUrl; encryptedData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128Url); encryptedData.Id = encryptionElementID; EncryptedXml encryptedXml = new EncryptedXml(); byte[] encryptedElement = encryptedXml.EncryptData(elementToEncrypt, alg, false); encryptedData.CipherData.CipherValue = encryptedElement; encryptedData.KeyInfo = new KeyInfo(); EncryptedKey encryptedKey = new EncryptedKey(); encryptedKey.Id = encryptionKeyElementID; RSA publicKeyRSA = cert.PublicKey.Key as RSA; encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(alg.Key, publicKeyRSA, false)); encryptedData.KeyInfo.AddClause(new KeyInfoRetrievalMethod("#" + encryptionKeyElementID, "http://www.w3.org/2001/04/xmlenc#EncryptedKey")); KeyInfoName kin = new KeyInfoName(); kin.Value = cert.SubjectName.Name; encryptedKey.KeyInfo.AddClause(kin); EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false); XmlNode importKeyNode = xmlDoc.ImportNode(encryptedKey.GetXml(), true); encryptedID.AppendChild(importKeyNode); }
/// <summary> /// Encrypts a list of elements. /// </summary> /// <param name="elementToAddEncKeysTo"></param> /// <param name="elementsToEncrypt"></param> /// <param name="certificates"></param> /// <param name="cipherKey"></param> public void Encrypt(XmlElement elementToAddEncKeysTo, IList <XmlElement> elementsToEncrypt, X509Certificate2Collection certificates, byte[] cipherKey) { ArgumentUtils.CheckNotNull(elementToAddEncKeysTo, "elementToAddEncKeysTo"); ArgumentUtils.CheckNotNullNorEmpty(elementsToEncrypt, "elementsToEncrypt"); CertificateUtils.CheckNotNullOrEmpty(certificates, "certificates"); // Check all the elements to encrypt are not the same as the element // to add the keys to and check they belong to the same document. foreach (XmlElement elementToEncrypt in elementsToEncrypt) { if (elementToEncrypt == elementToAddEncKeysTo) { throw new XspException( "Cannot add keys to an element that is being encrypted"); } if (elementToAddEncKeysTo.OwnerDocument != elementToEncrypt.OwnerDocument) { throw new XspException( "Elements to encrypt must belong to the same document as the " + "keys element"); } if (XmlUtils.IsDescendant(elementToEncrypt, elementToAddEncKeysTo)) { throw new XspException( "Element the keys are added to cannot be a child element of an " + "element to encrypt"); } } // Get the container document XmlDocument containerDoc = elementToAddEncKeysTo.OwnerDocument; // Create a random session key RijndaelManaged sessionKey = new RijndaelManaged(); sessionKey.KeySize = 256; if (cipherKey != null) { sessionKey.Key = cipherKey; } IList <string> referenceIdList = new List <string>(); foreach (XmlElement elementToEncrypt in elementsToEncrypt) { // Generate a unique reference identifier string referenceId = "_" + Guid.NewGuid().ToString(); // Add it to the reference list referenceIdList.Add(referenceId); // Create the encrypted data EncryptedData encryptedData = XmlSecurityUtils.Encrypt( sessionKey, elementToEncrypt, referenceId); // Replace the original element with the encrypted data EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false); } foreach (X509Certificate2 certificate in certificates) { // Create the encrypted key EncryptedKey encryptedKey = XmlSecurityUtils.CreateEncryptedKey( sessionKey, certificate, referenceIdList); // Import the encrypted key element into the container document XmlNode encryptedKeyElem = containerDoc.ImportNode(encryptedKey.GetXml(), true); elementToAddEncKeysTo.AppendChild(encryptedKeyElem); } }