/// <summary>
/// Initializes a new instance of the <see cref="ASymmetricEncryption"/> class.
/// </summary>
/// <param name="key">
/// The private key that will be used to decrypt the password used to decrypt the payload.
/// </param>
/// <exception cref="ArgumentNullException">An RSA private key must be provided.</exception>
public ASymmetricEncryption(RsaPrivateKey key)
{
_privateKey = key ?? throw
new ArgumentNullException(
nameof(key),
"An RSA private key must be provided!");
EncryptedPassword = new EncryptionData(new byte[256]);
}
/// <summary>
/// Signs data using the provided private key.
/// </summary>
/// <param name="dataToSign">The data to be signed.</param>
/// <param name="privateKey">The private key.</param>
/// <returns>The signature of the data as signed by the private key.</returns>
public EncryptionData Sign(EncryptionData dataToSign, RsaPrivateKey privateKey)
{
var rsa = GetRsaProvider();
rsa.ImportParameters(Check.NotNull(privateKey, nameof(privateKey)).ToParameters());
var hash = new SHA256Managed();
var sig = rsa.SignData(Check.NotNull(dataToSign, nameof(dataToSign)).Bytes, hash);
rsa.Clear();
rsa.Dispose();
hash.Dispose();
return(new EncryptionData(sig));
}
/// <summary>
/// Decrypts data using the provided private key.
/// </summary>
/// <param name="encryptedData">The data to be decrypted.</param>
/// <param name="privateKey">The private key.</param>
/// <returns>The decrypted data.</returns>
public EncryptionData Decrypt(EncryptionData encryptedData, RsaPrivateKey privateKey)
{
var rsa = GetRsaProvider();
rsa.ImportParameters(Check.NotNull(privateKey, nameof(privateKey)).ToParameters());
// Be aware the RSACryptoServiceProvider reverses the order of encrypted bytes after
// encryption and before decryption. In order to provide compatibility with other
// providers, we reverse the order of the bytes to match what other providers output.
Array.Reverse(Check.NotNull(encryptedData, nameof(encryptedData)).Bytes);
var decrypted = new EncryptionData(rsa.Decrypt(encryptedData.Bytes, true));
rsa.Clear();
rsa.Dispose();
return(decrypted);
}
/// <summary>
/// Load private key from app.config or web.config file.
/// </summary>
/// <returns>an AsymmetricPrivateKey instance containing the private key, or null.</returns>
public static RsaPrivateKey LoadFromEnvironment()
{
var key = new RsaPrivateKey
{
// Public Key parts
Modulus = ReadKeyFromEnvironment(_keyModulus),
Exponent = ReadKeyFromEnvironment(_keyExponent),
// Private Key parts
PrimeP = ReadKeyFromEnvironment(_keyPrimeP),
PrimeQ = ReadKeyFromEnvironment(_keyPrimeQ),
PrimeExponentP = ReadKeyFromEnvironment(_keyPrimeExponentP),
PrimeExponentQ = ReadKeyFromEnvironment(_keyPrimeExponentQ),
Coefficient = ReadKeyFromEnvironment(_keyCoefficient),
PrivateExponent = ReadKeyFromEnvironment(_keyPrivateExponent)
};
return(key);
}
/// <summary>
/// Generates a new public/private key pair as objects.
/// </summary>
/// <param name="publicKey">The public key.</param>
/// <param name="privateKey">The private key.</param>
public void GenerateNewKeyset(ref RsaPublicKey publicKey, ref RsaPrivateKey privateKey)
{
if (publicKey == null)
{
throw new ArgumentNullException(nameof(publicKey));
}
if (privateKey == null)
{
throw new ArgumentNullException(nameof(privateKey));
}
var rsa = GetRsaProvider();
var publicKeyXml = rsa.ToXmlString(false);
var privateKeyXml = rsa.ToXmlString(true);
rsa.Clear();
rsa.Dispose();
publicKey = new RsaPublicKey(publicKeyXml);
privateKey = new RsaPrivateKey(privateKeyXml);
}
/// <summary>
/// Decrypts data using the default private key.
/// </summary>
/// <param name="encryptedData">The data to be decrypted.</param>
/// <returns>The decrypted data.</returns>
public EncryptionData Decrypt(EncryptionData encryptedData)
{
return(Decrypt(encryptedData, RsaPrivateKey.LoadFromEnvironment()));
}