public async ValueTask <byte[]> DecryptAsync(EncryptedDataMessage message)
{
Ensure.NotNull(message, nameof(message));
var protector = await protectorProvider.GetAsync(message.Header.KeyId) as DataProtector;
return(protector.Decrypt(message));
}
public byte[] Decrypt(EncryptedDataMessage message)
{
Ensure.NotNull(message, nameof(message));
if (message.Ciphertext == null || message.Ciphertext.Length == 0)
{
throw new ArgumentException("Required", "ciphertext");
}
if (message.Header.KeyId != key.Id)
{
throw new Exception($"message key '{message.Header.KeyId}' does not match protector");
}
using (var aes = new AesDataProtector(key.Value, message.IV))
{
return(aes.Decrypt(message.Ciphertext));
}
}
public byte[] Encrypt(byte[] plaintext)
{
Ensure.NotNullOrEmpty(plaintext, nameof(plaintext));
var iv = Secret.Generate(16); // 128 bit iv
using (var aes = new AesDataProtector(key: key.Value, iv: iv.Value))
{
var ciphertext = aes.Encrypt(plaintext);
var message = new EncryptedDataMessage(
keyId: key.Id,
iv: iv.Value,
ciphertext: ciphertext
);
return(Serializer.Serialize(message));
}
}
