public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, string> header)
{
#if NET40
if (key is RSACryptoServiceProvider)
{
//This is for backward compatibility only with 2.x
//To be removed in 3.x
var privateKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(true));
return(RsaOaep.Decrypt(encryptedCek, privateKey, CngAlgorithm.Sha256));
}
if (key is CngKey)
{
var privateKey = (CngKey)key;
return(RsaOaep.Decrypt(encryptedCek, privateKey, CngAlgorithm.Sha256));
}
throw new ArgumentException("RsaKeyManagement algorithm expects key to be of CngKey type.");
#elif NET461
if (key is CngKey)
{
var privateKey = (CngKey)key;
return(RsaOaep.Decrypt(encryptedCek, privateKey, CngAlgorithm.Sha256));
}
if (key is RSACryptoServiceProvider)
{
//This is for backward compatibility only with 2.x
//To be removed in 3.x
var privateKey = RsaKey.New(((RSACryptoServiceProvider)key).ExportParameters(true));
return(RsaOaep.Decrypt(encryptedCek, privateKey, CngAlgorithm.Sha256));
}
if (key is RSA)
{
var privateKey = (RSA)key;
return(privateKey.Decrypt(encryptedCek, RSAEncryptionPadding.OaepSHA256));
}
throw new ArgumentException("RsaKeyManagement algorithm expects key to be of either CngKey or RSA types.");
#elif NETSTANDARD1_4
var privateKey = Ensure.Type <RSA>(key, "RsaKeyManagement algorithm expects key to be of RSA type.");
return(privateKey.Decrypt(encryptedCek, RSAEncryptionPadding.OaepSHA256));
#endif
}
