public async Task <ActionResult> Encrypt([FromBody] EncryptRequest body)
{
if (!ModelState.IsValid)
{
mAuditLogger.Warning("Bad request to Encrypt API: {sourceIP} {validationState}",
Request.HttpContext.Connection.RemoteIpAddress,
ModelState.ValidationState);
return(BadRequest("One or more of the required fields doesn't present in the request body."));
}
mAuditLogger.Information("Encryption request started, SourceIP: {sourceIp}, ServiceAccount: {sa}, Namespace: {namespace}",
Request.HttpContext.Connection.RemoteIpAddress,
body.ServiceAccountName,
body.NamespaceName);
var encryptedData = await mKeyManagement.Encrypt(body.Data, body.ServiceAccountName);
if (body.ServiceAccountName == "default")
{
return(BadRequest("You cannot encrypt a secret for the default service account"));
}
mAuditLogger.Information("Encryption request succeeded, SourceIP: {sourceIp}, ServiceAccount: {serviceAccount}, Namesacpe: {namespace}",
Request.HttpContext.Connection.RemoteIpAddress,
body.ServiceAccountName,
body.NamespaceName);
return(Content(encryptedData));
}
public override EncryptResponse Encrypt(EncryptRequest request, CallSettings callSettings = null)
{
EncryptCalls++;
return(new EncryptResponse {
Ciphertext = request.Plaintext
});
}
/// <summary>
/// Encrypts data using the given [EncryptDataDetails](https://docs.cloud.oracle.com/api/#/en/key/latest/datatypes/EncryptDataDetails) resource.
/// Plaintext included in the example request is a base64-encoded value of a UTF-8 string.
///
/// </summary>
/// <param name="request">The request object containing the details to send. Required.</param>
/// <param name="retryConfiguration">The retry configuration that will be used by to send this request. Optional.</param>
/// <param name="cancellationToken">The cancellation token to cancel this operation. Optional.</param>
/// <returns>A response object containing details about the completed operation</returns>
/// <example>Click <a href="https://docs.cloud.oracle.com/en-us/iaas/tools/dot-net-examples/latest/keymanagement/Encrypt.cs.html">here</a> to see an example of how to use Encrypt API.</example>
public async Task <EncryptResponse> Encrypt(EncryptRequest request, RetryConfiguration retryConfiguration = null, CancellationToken cancellationToken = default)
{
logger.Trace("Called encrypt");
Uri uri = new Uri(this.restClient.GetEndpoint(), System.IO.Path.Combine(basePathWithoutHost, "/20180608/encrypt".Trim('/')));
HttpMethod method = new HttpMethod("POST");
HttpRequestMessage requestMessage = Converter.ToHttpRequestMessage(uri, method, request);
requestMessage.Headers.Add("Accept", "application/json");
GenericRetrier retryingClient = Retrier.GetPreferredRetrier(retryConfiguration, this.retryConfiguration);
HttpResponseMessage responseMessage;
try
{
if (retryingClient != null)
{
responseMessage = await retryingClient.MakeRetryingCall(this.restClient.HttpSend, requestMessage, cancellationToken).ConfigureAwait(false);
}
else
{
responseMessage = await this.restClient.HttpSend(requestMessage).ConfigureAwait(false);
}
this.restClient.CheckHttpResponseMessage(requestMessage, responseMessage);
return(Converter.FromHttpResponseMessage <EncryptResponse>(responseMessage));
}
catch (Exception e)
{
logger.Error($"Encrypt failed with error: {e.Message}");
throw;
}
}
public void EncryptKey_Context_Ok()
{
var kmsClientMock = new Mock <IAmazonKeyManagementService>();
var provider = new KmsDataKeyProvider(kmsClientMock.Object, "myKey");
EncryptRequest sentRequest = null;
kmsClientMock.Setup(x => x.Encrypt(It.IsAny <EncryptRequest>()))
.Returns((EncryptRequest req) =>
{
sentRequest = req;
return(new EncryptResponse
{
CiphertextBlob = DoubleValues(req.Plaintext),
});
});
var context = new Dictionary <string, string> {
{ "purpose", "doubling" }
};
provider.EncryptKey(Bytes(1, 2, 3), context).Should().Equal(Bytes(2, 4, 6));
sentRequest.Plaintext.ToArray().Should().Equal(Bytes(1, 2, 3));
sentRequest.EncryptionContext["purpose"].Should().Be("doubling");
sentRequest.KeyId.Should().Be("myKey");
provider.EncryptKey(Bytes(2, 3, 4), context).Should().Equal(Bytes(4, 6, 8));
}
internal EncryptResponse Encrypt(EncryptRequest request)
{
var marshaller = new EncryptRequestMarshaller();
var unmarshaller = EncryptResponseUnmarshaller.Instance;
return(Invoke <EncryptRequest, EncryptResponse>(request, marshaller, unmarshaller));
}
internal virtual Option <JObject> EncryptKeyAndBuildResult(
IAmazonKeyManagementService kmsClient,
string region,
string arn,
byte[] dataKeyPlainText)
{
try
{
TimerOptions encryptTimerOptions =
new TimerOptions {
Name = MetricsUtil.AelMetricsPrefix + ".kms.aws.encrypt." + region
};
using (MetricsUtil.MetricsInstance.Measure.Timer.Time(encryptTimerOptions))
{
// Note we can't wipe plaintext key till end of calling method since underlying buffer shared by all requests
EncryptRequest encryptRequest = new EncryptRequest
{
KeyId = arn,
Plaintext = new MemoryStream(dataKeyPlainText)
};
Task <EncryptResponse> encryptAsync = kmsClient.EncryptAsync(encryptRequest);
byte[] encryptedKeyEncryptionKey = encryptAsync.Result.CiphertextBlob.ToArray();
return(Option <JObject> .Some(BuildKmsRegionKeyJson(region, arn, encryptedKeyEncryptionKey)));
}
}
catch (AggregateException e)
{
Logger.LogWarning(e, "Failed to encrypt generated data key via region {region} KMS", region);
// TODO Consider adding notification/CW alert
return(Option <JObject> .None);
}
}
public IActionResult Encrypt([FromBody] EncryptRequest request)
{
if (ModelState.IsValid)
{
try
{
string result = _cryptoOperation.Encrypt(request.PlainText);
return(Ok(new EncryptResponse
{
CipherText = result
}));
}
catch (Exception ex)
{
return(StatusCode(500, new
{
errorMessage = ex.Message
}));
}
}
else
{
return(BadRequest(new
{
errorMessage = "Invalid payload"
}));
}
}
internal bool Encrypt(FileStream inputStream, out MemoryStream encStream)
{
bool isSuccess = false;
var memoryStream = new MemoryStream();
inputStream.CopyTo(memoryStream);
var kmsClient = new AmazonKeyManagementServiceClient(this.awsCredentials, this.region);
var encRequest = new EncryptRequest
{
KeyId = "Have to Insert KeyArn.."
,
Plaintext = memoryStream
};
var encResponse = kmsClient.Encrypt(encRequest);
if (encResponse.HttpStatusCode != System.Net.HttpStatusCode.OK)
{
isSuccess = true;
}
encStream = encResponse.CiphertextBlob;
return(isSuccess);
}
static void Main(string[] args)
{
// string accessKey = "AKIAJCRLXQX2J6OKN4GQ";
// string seacretKey = "29XQBOyGZwkgXcW/4yylTdzWu2Hv95EyKq/lwmN0";
// string keyID = "0022d1d9-f0c7-45e1-8f84-2b77c6fdcba9";
// var kms = new AmazonKeyManagementServiceClient(accessKey, seacretKey, Amazon.RegionEndpoint.APNortheast1);
// var encReq = new EncryptRequest();
// encReq.KeyId = keyID;
// encReq.Plaintext = new MemoryStream(Encoding.UTF8.GetBytes("19999-99999-46884-67157"));
// var encrypt = kms.EncryptAsync(encReq);
// System.Console.WriteLine(System.Convert.ToBase64String(encrypt.Result.CiphertextBlob.ToArray()));
// var base64Str = System.Convert.ToBase64String(encrypt.Result.CiphertextBlob.ToArray());
// var decReq = new DecryptRequest();
// decReq.CiphertextBlob = new MemoryStream(System.Convert.FromBase64String(base64Str));
// var decrypt = kms.DecryptAsync(decReq).Result;
// System.Console.WriteLine(Encoding.UTF8.GetString(decrypt.Plaintext.ToArray()));
string accessKey = "AKIAJCRLXQX2J6OKN4GQ";
string seacretKey = "29XQBOyGZwkgXcW/4yylTdzWu2Hv95EyKq/lwmN0";
string keyID = "0022d1d9-f0c7-45e1-8f84-2b77c6fdcba9";
var str = "19185-57675-51957-67395";
var kmsc = new AmazonKeyManagementServiceClient(accessKey, seacretKey, Amazon.RegionEndpoint.APNortheast1); //(アクセスキー、シークレットキー、リージョンよりクライアント作成)
var plaintext = new MemoryStream(Encoding.UTF8.GetBytes(str));
EncryptRequest encryptRequest = new EncryptRequest() //(暗号化リクエストを作成)
{
KeyId = keyID, //(頂いたKeyId を代入 "0022d1d9-f0c7-45e1-8f84-2b77c6fdcba9")
Plaintext = plaintext
};
var ciphertext = kmsc.EncryptAsync(encryptRequest).Result.CiphertextBlob; //(kmsc は上記クライアント)
System.Console.WriteLine(Convert.ToBase64String(ciphertext.ToArray()));
}
/// <summary>
/// Initiates the asynchronous execution of the Encrypt operation.
/// </summary>
///
/// <param name="request">Container for the necessary parameters to execute the Encrypt operation.</param>
/// <param name="cancellationToken">
/// A cancellation token that can be used by other objects or threads to receive notice of cancellation.
/// </param>
/// <returns>The task object representing the asynchronous operation.</returns>
public Task <EncryptResponse> EncryptAsync(EncryptRequest request, System.Threading.CancellationToken cancellationToken = default(CancellationToken))
{
var marshaller = new EncryptRequestMarshaller();
var unmarshaller = EncryptResponseUnmarshaller.Instance;
return(InvokeAsync <EncryptRequest, EncryptResponse>(request, marshaller,
unmarshaller, cancellationToken));
}
public override Task <EncryptResponse> Encrypt(EncryptRequest request, ServerCallContext context)
{
return(Task.FromResult(new EncryptResponse()
{
ReplicaId = _replicaId,
Result = _Encrypt(request.Str, request.Shift)
}));
}
public ActionResult <EncryptResponse> Encrypt(EncryptRequest request)
{
Atbash cipher = new();
return(new EncryptResponse()
{
Ciphertext = cipher.Encrypt(request.Plaintext),
});
}
public ActionResult <EncryptResponse> Encrypt([FromBody] EncryptRequest request)
{
Rot13 cipher = new();
return(new EncryptResponse()
{
Ciphertext = cipher.Encrypt(request.Plaintext),
});
}
public override EncryptResponse Encrypt(EncryptRequest request, CallSettings callSettings = null)
{
byte xorOperand = (byte) request.Name.GetHashCode();
return new EncryptResponse
{
Ciphertext = ByteString.CopyFrom(request.Plaintext.Select(x => (byte) (x ^ xorOperand)).Select(x => (byte) (x + 1)).ToArray()),
Name = request.Name.ToString()
};
}
public byte[] EncryptKey(byte[] plainText, IDictionary <string, string> context)
{
var req = new EncryptRequest
{
KeyId = _keyId,
Plaintext = new MemoryStream(plainText),
EncryptionContext = AsDictionary(context)
};
return(_client.Encrypt(req).CiphertextBlob.ToArray());
}
public override EncryptResponse Encrypt(EncryptRequest request, CallSettings callSettings = null)
{
var key = request.CryptoKeyPathName;
var keyVersionName = new CryptoKeyVersionName(key.ProjectId, key.LocationId, key.KeyRingId, key.CryptoKeyPathId, "1");
byte xorOperand = (byte)request.Name.GetHashCode();
return(new EncryptResponse
{
Ciphertext = ByteString.CopyFrom(request.Plaintext.Select(x => (byte)(x ^ xorOperand)).Select(x => (byte)(x + 1)).ToArray()),
Name = keyVersionName.ToString()
});
}
public override byte[] TransformFinalBlock(byte[] inputBuffer, int inputOffset, int inputCount)
{
var request = new EncryptRequest
{
KeyId = _keyId,
Plaintext = new MemoryStream(inputBuffer, inputOffset, inputCount)
};
var task = _client.EncryptAsync(request);
task.Wait();
return(task.Result.CiphertextBlob.ToArray());
}
/// <summary>
/// 本接口用于加密最多为4KB任意数据,可用于加密数据库密码,RSA Key,或其它较小的敏感信息。对于应用的数据加密,使用GenerateDataKey生成的DataKey进行本地数据的加解密操作
/// </summary>
/// <param name="req"><see cref="EncryptRequest"/></param>
/// <returns><see cref="EncryptResponse"/></returns>
public EncryptResponse EncryptSync(EncryptRequest req)
{
JsonResponseModel <EncryptResponse> rsp = null;
try
{
var strResp = this.InternalRequestSync(req, "Encrypt");
rsp = JsonConvert.DeserializeObject <JsonResponseModel <EncryptResponse> >(strResp);
}
catch (JsonSerializationException e)
{
throw new TencentCloudSDKException(e.Message);
}
return(rsp.Response);
}
public async Task <string> Encrypt(string data)
{
using (var stream = GenerateStreamFromString(data))
{
var req = new EncryptRequest
{
Plaintext = stream,
KeyId = this.keyId
};
var response = await client.EncryptAsync(req);
var result = Convert.ToBase64String(response.CiphertextBlob.ToArray());
return(result);
}
}
public IActionResult Encrypt(EncryptRequest request)
{
if (ModelState.IsValid)
{
string result = EncryptPayload(request.PlainText, request.Key);
if (string.IsNullOrEmpty(result))
{
return(StatusCode(500));
}
return(Ok(new EncryptResponse
{
CipherTextBase64 = result
}));
}
return(BadRequest());
}
private string Encrypt(string text)
{
string keyId = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxx";
MemoryStream plaintext = new MemoryStream(Encoding.UTF8.GetBytes(text));
EncryptRequest encryptRequest = new EncryptRequest()
{
KeyId = keyId,
Plaintext = plaintext
};
MemoryStream ciphertext = kmsClient.Encrypt(encryptRequest).CiphertextBlob;
var buffer = new byte[ciphertext.Length];
ciphertext.Read(buffer, 0, (int)ciphertext.Length);
return(Convert.ToBase64String(buffer));
}
// [END kms_add_member_to_keyring_policy]
// [START kms_encrypt]
public static object Encrypt(string projectId, string locationId, string keyRingId, string cryptoKeyId,
string plaintextFile, string ciphertextFile)
{
var cloudKms = CreateAuthorizedClient();
// Generate the full path of the crypto key to use for encryption.
var cryptoKey = $"projects/{projectId}/locations/{locationId}/keyRings/{keyRingId}/cryptoKeys/{cryptoKeyId}";
EncryptRequest encryptRequest = new EncryptRequest();
byte[] plaintext = File.ReadAllBytes(plaintextFile);
encryptRequest.Plaintext = Convert.ToBase64String(plaintext);
Console.WriteLine($"dataToEncrypt.Plaintext: {encryptRequest.Plaintext}");
var result = cloudKms.Projects.Locations.KeyRings.CryptoKeys.Encrypt(name: cryptoKey, body: encryptRequest).Execute();
// Output encrypted data to a file.
File.WriteAllBytes(ciphertextFile, Convert.FromBase64String(result.Ciphertext));
Console.Write($"Encrypted file created: {ciphertextFile}");
return(0);
}
/// <summary>
/// Encrypts the passed data with a Master Key. This method will encrypt
/// a payload up to a maximum size of 4096 bytes. The master key with the
/// specified ID will be used to encrypt the data.
/// </summary>
/// <param name="keyId">The identifier for the master key.</param>
/// <param name="data">The data to encrypt.</param>
/// <returns>Encrypted data.</returns>
/// <exception cref="System.ArgumentNullException"></exception>
/// <exception cref="System.ArgumentException">You must provide some data to encrypt</exception>
/// <exception cref="PayloadTooLargeException"></exception>
/// <exception cref="KeyManagementServiceUnavailableException"></exception>
public byte[] EncryptData(string keyId, byte[] data)
{
if (_disposed)
{
throw new ObjectDisposedException("AwsKmsKeyManager");
}
ValidateMasterKey(keyId);
if (data == null)
{
throw new ArgumentNullException(nameof(data));
}
if (!data.Any())
{
throw new ArgumentException("You must provide some data to encrypt", nameof(data));
}
if (data.Length > MaxEncryptPayloadSize)
{
throw new PayloadTooLargeException(MaxEncryptPayloadSize, data.Length);
}
var res = RetryPolicy.ExecuteAndCapture(() =>
{
using (var msPlainText = new MemoryStream(data))
{
var req = new EncryptRequest
{
KeyId = keyId,
Plaintext = msPlainText
};
var t = _client.EncryptAsync(req);
t.ConfigureAwait(false);
return(t.GetAwaiter().GetResult());
}
});
ValidateResponse(res);
return(((EncryptResponse)res.Result).CiphertextBlob.ToArray());
}
public void Serialize()
{
var request = new EncryptRequest(
keyId: "1",
plaintext: Encoding.UTF8.GetBytes("applesauce"),
context: new Dictionary <string, string> {
{ "user", "1" }
}
);
Assert.Equal(
@"{
""EncryptionContext"": {
""user"": ""1""
},
""KeyId"": ""1"",
""Plaintext"": ""YXBwbGVzYXVjZQ==""
}", JsonSerializer.Serialize(request, JSO.Default));
}
public override async Task <string> EncryptAsync(string initializationVector, string plainText)
{
var request = new EncryptRequest
{
Plaintext = Encoding.UTF8.GetBytes(plainText),
InitializationVector = Encoding.UTF8.GetBytes(initializationVector)
};
using (HttpClient httpClient = HttpClientHelper.GetHttpClient(this.WorkloadUri))
{
var edgeletHttpClient = new HttpWorkloadClient(httpClient)
{
BaseUrl = HttpClientHelper.GetBaseUrl(this.WorkloadUri)
};
EncryptResponse result = await this.Execute(() => edgeletHttpClient.EncryptAsync(this.Version.Name, this.ModuleId, this.ModuleGenerationId, request), "Encrypt");
return(Convert.ToBase64String(result.Ciphertext));
}
}
// [END kms_add_member_to_keyring_policy]
// [START kms_encrypt]
public static object Encrypt(string projectId, string location, string keyRing, string cryptoKeyName,
string fileToEncrypt, string fileToOutput)
{
var cloudKms = CreateAuthorizedClient();
// Generate the full path of the crypto key to use for encryption.
var cryptoKey = $"projects/{projectId}/locations/{location}/keyRings/{keyRing}/cryptoKeys/{cryptoKeyName}";
EncryptRequest dataToEncrypt = new EncryptRequest();
byte[] bytes = File.ReadAllBytes(fileToEncrypt);
string contents = Convert.ToBase64String(bytes);
dataToEncrypt.Plaintext = contents;
Console.WriteLine($"dataToEncrypt.Plaintext: {dataToEncrypt.Plaintext}");
var result = cloudKms.Projects.Locations.KeyRings.CryptoKeys.Encrypt(body: dataToEncrypt, name: cryptoKey).Execute();
// Output encypted data to a file.
File.WriteAllBytes(fileToOutput, Convert.FromBase64String(result.Ciphertext));
Console.Write($"Encypted file created: {fileToOutput}");
return(0);
}
public string Encrypt(string textToEncrypt, string keyId)
{
try
{
var kmsClient = new AmazonKeyManagementServiceClient(_credentials, _region);
var encryptRequest = new EncryptRequest
{
KeyId = keyId
};
var textBytes = Encoding.UTF8.GetBytes(textToEncrypt);
encryptRequest.Plaintext = new System.IO.MemoryStream(textBytes, 0, textBytes.Length);
var response = kmsClient.EncryptAsync(encryptRequest);
return(Convert.ToBase64String(response.Result.CiphertextBlob.ToArray()));
}
catch (Exception e)
{
Console.WriteLine(e);
throw;
}
}
public void EncryptRequest()
{
// 128, 256, 512, and 1024. 1024
var request = new EncryptRequest {
KeyId = "1",
Plaintext = Encoding.UTF8.GetBytes("applesauce"),
EncryptionContext = new JsonObject {
{ "user", "1" }
}
};
Assert.Equal(
@"{
""EncryptionContext"": {
""user"": ""1""
},
""KeyId"": ""1"",
""Plaintext"": ""YXBwbGVzYXVjZQ==""
}", JsonObject.FromObject(request).ToString());
}
public async Task <ActionResult> Encrypt([FromBody] EncryptRequest body)
{
mAuditLogger.Information("Encryption request started, SourceIP: {sourceIp}, ServiceAccount: {sa}, Namespace: {namespace}",
Request.HttpContext.Connection.RemoteIpAddress,
body.SerivceAccountName,
body.NamesapceName);
var encryptedData = await mKeyManagement.Encrypt(body.Data, $"{body.NamesapceName}:{body.SerivceAccountName}");
if (body.SerivceAccountName == "default")
{
return(BadRequest("You cannot encrypt a secret for the default service account"));
}
mAuditLogger.Information("Encryption request succeeded, SourceIP: {sourceIp}, ServiceAccount: {serviceAccount}, Namesacpe: {namespace}",
Request.HttpContext.Connection.RemoteIpAddress,
body.SerivceAccountName,
body.NamesapceName);
return(Content(encryptedData));
}
private static async Task <string> Encrypt(KmsCryptoClient kmsCryptoClient, string keyId)
{
logger.Info("Encrypt");
string plainText = "I love .NET SDK!";
var plainTextBytes = System.Text.Encoding.UTF8.GetBytes(plainText);
EncryptDataDetails encryptDataDetails = new EncryptDataDetails
{
KeyId = keyId,
Plaintext = System.Convert.ToBase64String(plainTextBytes),
LoggingContext = GetSampleLoggingContext()
};
EncryptRequest encryptRequest = new EncryptRequest
{
EncryptDataDetails = encryptDataDetails
};
EncryptResponse encryptResponse = await kmsCryptoClient.Encrypt(encryptRequest);
logger.Info($"PlainText: {plainText}");
logger.Info($"CipherText: {encryptResponse.EncryptedData.Ciphertext}");
return(encryptResponse.EncryptedData.Ciphertext);
}
public override void Encrypt(Google.ProtocolBuffers.IRpcController controller, EncryptRequest request, Action<NoData> done)
{
throw new NotImplementedException();
}
public override void Encrypt(IRpcController controller, EncryptRequest request, Action<NoData> done)
{
ProtoOutputBuffer.Write(request.GetType(), request.ToString());
}
public override void Encrypt(IRpcController controller, EncryptRequest request, Action<bnet.protocol.NoData> done) {
throw new NotImplementedException();
}
