public async Task KeyVault_RsaKeyRSAOAEP() { // Arrange byte[] KEK = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 }; byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF }; byte[] EK = { 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D }; RsaKey key = new RsaKey("KEK"); var wrapped = await key.WrapKeyAsync(CEK, RsaOaep.AlgorithmName).ConfigureAwait(false); var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, RsaOaep.AlgorithmName).ConfigureAwait(false); // Assert Assert.True(wrapped.Item2.Equals("RSA-OAEP")); Assert.True(unwrapped.SequenceEqual(CEK)); var encrypted = await key.EncryptAsync(CEK, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false); var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false); // Assert Assert.True(encrypted.Item3.Equals("RSA-OAEP")); Assert.True(decrypted.SequenceEqual(CEK)); }
public async Task KeyVault_RsaKeyRSA15() { // Arrange byte[] KEK = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F }; byte[] CEK = { 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF }; byte[] EK = { 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 }; RsaKey key = new RsaKey("KEK"); var wrapped = await key.WrapKeyAsync(CEK, Rsa15.AlgorithmName).ConfigureAwait(false); var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, Rsa15.AlgorithmName).ConfigureAwait(false); // Assert Assert.True(wrapped.Item2.Equals("RSA_15")); Assert.True(unwrapped.SequenceEqual(CEK)); var encrypted = await key.EncryptAsync(CEK, null, null, Rsa15.AlgorithmName).ConfigureAwait(false); var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, Rsa15.AlgorithmName).ConfigureAwait(false); // Assert Assert.True(encrypted.Item3.Equals("RSA_15")); Assert.True(decrypted.SequenceEqual(CEK)); }
public async Task KeyVault_RsaKeyRSAOAEP() { RsaKey key = GetTestRsaKey(); var wrapped = await key.WrapKeyAsync(CEK, RsaOaep.AlgorithmName).ConfigureAwait(false); var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, RsaOaep.AlgorithmName).ConfigureAwait(false); // Assert Assert.Equal("RSA-OAEP", wrapped.Item2); Assert.True(unwrapped.SequenceEqual(CEK)); var encrypted = await key.EncryptAsync(CEK, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false); var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, RsaOaep.AlgorithmName).ConfigureAwait(false); // Assert Assert.Equal("RSA-OAEP", encrypted.Item3); Assert.True(decrypted.SequenceEqual(CEK)); }
public async Task KeyVault_RsaKeyRSA15() { RsaKey key = GetTestRsaKey(); // Wrap and Unwrap var wrapped = await key.WrapKeyAsync(CEK, Rsa15.AlgorithmName).ConfigureAwait(false); var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, Rsa15.AlgorithmName).ConfigureAwait(false); // Assert Assert.True(wrapped.Item2.Equals("RSA_15")); Assert.True(unwrapped.SequenceEqual(CEK)); // Encrypt and Decrypt var encrypted = await key.EncryptAsync(CEK, null, null, Rsa15.AlgorithmName).ConfigureAwait(false); var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, Rsa15.AlgorithmName).ConfigureAwait(false); // Assert Assert.True(encrypted.Item3.Equals("RSA_15")); Assert.True(decrypted.SequenceEqual(CEK)); }
public async Task KeyVault_RsaKeyDefaultAlgorithm() { RsaKey key = GetTestRsaKey(); Assert.Equal("RSA-OAEP", key.DefaultEncryptionAlgorithm); Assert.Equal("RSA-OAEP", key.DefaultKeyWrapAlgorithm); Assert.Equal("RS256", key.DefaultSignatureAlgorithm); var wrapped = await key.WrapKeyAsync(CEK, null).ConfigureAwait(false); var unwrapped = await key.UnwrapKeyAsync(wrapped.Item1, null).ConfigureAwait(false); // Assert Assert.Equal("RSA-OAEP", wrapped.Item2); Assert.True(unwrapped.SequenceEqual(CEK)); var encrypted = await key.EncryptAsync(CEK, null, null, null).ConfigureAwait(false); var decrypted = await key.DecryptAsync(encrypted.Item1, null, null, null, null).ConfigureAwait(false); // Assert Assert.Equal("RSA-OAEP", encrypted.Item3); Assert.True(decrypted.SequenceEqual(CEK)); }
private static async Task Process(string textToEncrypt) { var plainTextBytes = Encoding.UTF8.GetBytes(textToEncrypt); Console.WriteLine("\n===Encrypt Data==="); Console.WriteLine("- Generate data access key"); var dataAccessKey = new byte[32]; using (var random = new RNGCryptoServiceProvider()) { random.GetBytes(dataAccessKey); } Console.WriteLine("- Encrypt data using data access key"); byte[] encryptedBytes; using (var aes = new AesManaged()) { try { aes.GenerateIV(); aes.Key = dataAccessKey; aes.Mode = CipherMode.CBC; using (var cipherStream = new MemoryStream()) using (var encryptor = aes.CreateEncryptor(aes.Key, aes.IV)) using (var cryptostream = new CryptoStream(cipherStream, encryptor, CryptoStreamMode.Write)) { cipherStream.Write(aes.IV, 0, aes.IV.Length); cryptostream.Write(plainTextBytes, 0, plainTextBytes.Length); cryptostream.FlushFinalBlock(); encryptedBytes = cipherStream.ToArray(); } } finally { aes.Clear(); } } Console.WriteLine("- Wrap the data access key using public master key"); var wrappedKey = await _rsaKey.WrapKeyAsync(dataAccessKey, JsonWebKeyEncryptionAlgorithm.RSAOAEP); Console.WriteLine("- Serialize data to store in database"); var serializedData = JsonConvert.SerializeObject(encryptedBytes); var serializedWrappedKey = JsonConvert.SerializeObject(wrappedKey.Item1); Console.WriteLine("- Remove references to keys and data"); wrappedKey = null; encryptedBytes = null; Console.WriteLine("\n===Encryption Result==="); Console.WriteLine($"Encrypted data: {serializedData}"); Console.WriteLine($"KeyId: {_masterKeyId}"); Console.WriteLine($"Wrapped key: {serializedWrappedKey}"); Console.WriteLine("\n===Decrypt Data==="); Console.WriteLine("- Deserialize data and wrapped key from storage"); var dataBytes = JsonConvert.DeserializeObject <byte[]>(serializedData); var wrappedKeyBytes = JsonConvert.DeserializeObject <byte[]>(serializedWrappedKey); Console.WriteLine("- Get unwrapped data access key rom key vault"); var xyz = await _keyVaultClient.UnwrapKeyAsync(VaultBaseUrl, KeyName, _masterKeyId, JsonWebKeyEncryptionAlgorithm.RSAOAEP, wrappedKeyBytes); Console.WriteLine("- Decrypt data"); byte[] decryptedBytes; using (var aes = new AesManaged()) { try { byte[] iv = new byte[16]; Array.Copy(dataBytes, iv, 16); aes.Key = xyz.Result; aes.Mode = CipherMode.CBC; using (var plainTextStream = new MemoryStream()) using (var cryptoTransform = aes.CreateDecryptor(aes.Key, iv)) using (var cryptoStream = new CryptoStream(plainTextStream, cryptoTransform, CryptoStreamMode.Write)) { cryptoStream.Write(dataBytes, 16, dataBytes.Length - 16); cryptoStream.FlushFinalBlock(); decryptedBytes = plainTextStream.ToArray(); } } finally { aes.Clear(); } } var decryptedText = Encoding.UTF8.GetString(decryptedBytes); Console.WriteLine("\n===Decryption Result==="); Console.WriteLine($"{decryptedText}"); }