public JToken DecryptResourceData(JToken item) { const string encryptedContentProperty = "encryptedContent"; const string certificateIdProperty = "encryptionCertificateId"; const string symmetricKeyProperty = "dataKey"; const string encryptedPayloadProperty = "data"; const string signatureProperty = "dataSignature"; var encryptedContent = item[encryptedContentProperty]; string certificateId = encryptedContent[certificateIdProperty]?.Value <string>() ?? throw new InvalidOperationException("Encryption key id does not exist in the notification payload"); string encryptedSymmetricKey = encryptedContent[symmetricKeyProperty]?.Value <string>() ?? throw new InvalidOperationException("Symmetric key does not exist in the notification payload"); string encryptedPayload = encryptedContent[encryptedPayloadProperty]?.Value <string>() ?? throw new InvalidOperationException("Encrypted payload ;sdoes not exist in the notification payload"); string hashMac = encryptedContent[signatureProperty]?.Value <string>() ?? throw new InvalidOperationException("Encrypted signature does not exist in the notification payload"); var payloadBytes = Convert.FromBase64String(encryptedPayload); var signatureBytes = Convert.FromBase64String(hashMac); // descrypt the symetric key var symmetricKey = AsymmetricDecryptor.Decrypt(Convert.FromBase64String(encryptedSymmetricKey), certificateId); // verify signature using the symmetric key SymmetricDecryptor.VerifyHMACSignature(payloadBytes, symmetricKey, signatureBytes); // decrypt payload using symmetric key string plainText = SymmetricDecryptor.Decrypt(payloadBytes, symmetricKey); return(JToken.Parse(plainText)); }
public static byte[] AsymmetricDecrypt( RSACryptoServiceProvider rsa, byte[] data) { if (rsa == null) { throw new ArgumentNullException("rsa"); } if (data == null) { throw new ArgumentNullException("data"); } AsymmetricDecryptor decryptor = new AsymmetricDecryptor(rsa, data); return(decryptor.GetDecryptedBytes()); }
public void TestAsymmetricDecryption() { var someBytes = new byte[32]; new Random().NextBytes(someBytes); const string certId = "E96149FC-3B4F-4E0B-ACED-E715D29961FD"; var key = Convert.FromBase64String(DummyKeyStore.GetPublicKeyLocal(certId)); var cert = new X509Certificate2(); cert.Import(key); byte[] encryptedBytes; using (var provider = (RSACryptoServiceProvider)cert.PublicKey.Key) { encryptedBytes = provider.Encrypt(someBytes, true); } var decryptedBytes = AsymmetricDecryptor.Decrypt(encryptedBytes, certId); Assert.IsTrue(someBytes.SequenceEqual(decryptedBytes)); }