public Task<string> Encrypt(IEnclaveKey key, object value) { Jose.JweAlgorithm algorithm; Jose.JweEncryption encryption; switch (key.KeyType.ToLowerInvariant()) { case "rsa": algorithm = Jose.JweAlgorithm.RSA_OAEP; encryption = Jose.JweEncryption.A128CBC_HS256; break; case "aes": algorithm = Jose.JweAlgorithm.A128KW; encryption = Jose.JweEncryption.A128CBC_HS256; break; case "ecc": algorithm = Jose.JweAlgorithm.ECDH_ES; encryption = Jose.JweEncryption.A128CBC_HS256; break; default: throw new NotSupportedException($"Unknown KeyType {key.KeyType}"); } var encrypted = Jose.JWT.Encode(value, key.RetrieveKey(), algorithm, encryption); return Task.FromResult(encrypted); }
public Task <IKeyIdentifier> AddKey(IEnclaveKey key) { var kvKey = (KeyVaultKey)key; IKeyIdentifier id = new KeyVaultKeyIdentifier(kvKey.Identifier); return(Task.FromResult(id)); }
public async Task <string> Encrypt(IEnclaveKey key, object value) { using (var client = KeyVault.CreateClient()) { var kvKey = key.RetrieveKey <JsonWebKey>(); var encrypted = await client.EncryptAsync(kvKey.Kid, JsonWebKeyEncryptionAlgorithm.RSAOAEP256, Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(value))); return(Convert.ToBase64String(encrypted.Result)); } }
public async Task <T> Decrypt <T>(IEnclaveKey key, string ciphertext) { using (var client = KeyVault.CreateClient()) { var kvKey = key.RetrieveKey <JsonWebKey>(); var result = await client.DecryptAsync(kvKey.Kid, JsonWebKeyEncryptionAlgorithm.RSAOAEP256, Convert.FromBase64String(ciphertext)); return(JsonConvert.DeserializeObject <T>(Encoding.UTF8.GetString(result.Result))); } }
public Task <IKeyIdentifier> AddKey(IEnclaveKey key) { var idBytes = new byte[16]; RNG.GetBytes(idBytes); IKeyIdentifier keyId = new InMemoryKeyIdentifier(ToBase64UrlString(idBytes)); InMemoryKeys[keyId.KeyId] = key; return(Task.FromResult(keyId)); }
public async Task <bool> Validate(IEnclaveKey key, string value) { using (var client = KeyVault.CreateClient()) { var signed = JsonConvert.DeserializeObject <SignaturePayload>( Encoding.UTF8.GetString(Convert.FromBase64String(value))); var kvKey = key.RetrieveKey <JsonWebKey>(); return(await client.VerifyAsync(kvKey.Kid, JsonWebKeySignatureAlgorithm.RS256, digest : signed.Dig, signature : signed.Sig)); } }
public async Task <string> Sign(IEnclaveKey key, object value) { using (var client = KeyVault.CreateClient()) using (var sha = SHA256.Create()) { var kvKey = key.RetrieveKey <JsonWebKey>(); var hashed = sha.ComputeHash(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(value))); var result = await client.SignAsync(kvKey.Kid, JsonWebKeySignatureAlgorithm.RS256, hashed); var signed = new SignaturePayload { Val = value, Dig = hashed, Kid = result.Kid, Sig = result.Result, }; return(Convert.ToBase64String(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(signed)))); } }
public Task<string> Sign(IEnclaveKey key, object value) { Jose.JwsAlgorithm algorithm; switch (key.KeyType.ToLowerInvariant()) { case "rsa": algorithm = Jose.JwsAlgorithm.RS256; break; case "aes": algorithm = Jose.JwsAlgorithm.HS256; break; case "ecc": algorithm = Jose.JwsAlgorithm.ES256; break; default: throw new NotSupportedException($"Unknown KeyType {key.KeyType}"); } var result = Jose.JWT.Encode(value, key.RetrieveKey(), algorithm); return Task.FromResult(result); }
public Task<IEnclaveKey> GenerateKey(string keyType) { IEnclaveKey key = null; switch (keyType.ToLowerInvariant()) { case "rsa": key = new InMemoryKey(keyType, new RSACryptoServiceProvider(2048)); break; case "aes": var bytes = new byte[16]; RNG.GetBytes(bytes); key = new InMemoryKey(keyType, bytes); break; case "ecc": key = new InMemoryKey(keyType, new ECDsaCng(256)); break; default: throw new NotSupportedException($"Unknown key type {keyType}"); } return Task.FromResult(key); }
public Task<bool> Validate(IEnclaveKey key, string value) { var result = Jose.JWT.Decode(value, key.RetrieveKey()); return Task.FromResult(!string.IsNullOrWhiteSpace(result)); }
public Task<T> Decrypt<T>(IEnclaveKey key, string ciphertext) { T result = Jose.JWT.Decode<T>(ciphertext, key.RetrieveKey()); return Task.FromResult(result); }