/// <summary>
/// Creates an encrypted key.
/// </summary>
/// <param name="symmetricKey">Symmetric key that is to be encrypted.
/// Cannot be null.</param>
/// <param name="encryptCertificate">Certificate that will be
/// used to encrypt the symmetric key. Cannot be null.</param>
/// <param name="referenceIds">List of IDs which reference the
/// 'xenc:EncryptedData' elements the key was used to encrypt.
/// Cannot be null or empty.</param>
/// <returns>'EncryptedKey' object.</returns>
public static EncryptedKey CreateEncryptedKey(SymmetricAlgorithm symmetricKey,
X509Certificate2 encryptCertificate, IList <string> referenceIds)
{
// Encrypt the session key using the public key
byte[] encryptedKeyData =
EncryptedXml.EncryptKey(symmetricKey.Key,
(RSA)encryptCertificate.PublicKey.Key, false);
// Create the encrypted key
EncryptedKey encryptedKey = new EncryptedKey();
encryptedKey.CipherData = new CipherData(encryptedKeyData);
encryptedKey.EncryptionMethod =
new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
// Set the key information for the encrypted key
KeyInfoX509Data xd = new KeyInfoX509Data();
xd.AddSubjectKeyId(CertificateUtils.GetSubjectKeyIdentifier(
encryptCertificate).SubjectKeyIdentifier);
encryptedKey.KeyInfo.AddClause(xd);
// Add a data reference for each identifier
foreach (string referenceId in referenceIds)
{
DataReference dataReference = new DataReference("#" + referenceId);
encryptedKey.ReferenceList.Add(dataReference);
}
return(encryptedKey);
}
internal static void Encrypt(Stream toEncrypt, RsaKeyParameters key, out KeyInfo keyInfo, out EncryptionMethod encryptionMethod, out CipherData cipherData)
{
var random = new SecureRandom();
var keyData = new byte[128 / 8];
var ivData = new byte[128 / 8];
random.NextBytes(ivData);
random.NextBytes(keyData);
var sessionKey = new ParametersWithIV(new KeyParameter(keyData), ivData);
encryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128Url);
keyInfo = new KeyInfo();
EncryptedKey encKey;
keyInfo.AddClause(
new KeyInfoEncryptedKey(
encKey = new EncryptedKey()
{
CipherData = new CipherData(EncryptedXml.EncryptKey(keyData, key, useOAEP: true)),
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl)
}));
encKey.KeyInfo.AddClause(new RSAKeyValue(key));
byte[] dataToEncrypt = new byte[toEncrypt.Length];
toEncrypt.Read(dataToEncrypt, 0, (int)toEncrypt.Length);
var encryptedXml = new EncryptedXml();
encryptedXml.Padding = "PKCS7";
encryptedXml.Mode = "CBC";
byte[] encryptedData = encryptedXml.EncryptData(dataToEncrypt, sessionKey);
cipherData = new CipherData(encryptedData);
}
public void GetDecryptionKey_CarriedKeyName()
{
using (Aes aes = Aes.Create())
using (Aes innerAes = Aes.Create())
{
innerAes.KeySize = 128;
EncryptedData edata = new EncryptedData();
edata.KeyInfo = new KeyInfo();
edata.KeyInfo.AddClause(new KeyInfoName("aes"));
EncryptedKey ekey = new EncryptedKey();
byte[] encKeyBytes = EncryptedXml.EncryptKey(innerAes.Key, aes);
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ekey.CarriedKeyName = "aes";
ekey.KeyInfo = new KeyInfo();
ekey.KeyInfo.AddClause(new KeyInfoName("another_aes"));
XmlDocument doc = new XmlDocument();
doc.LoadXml(ekey.GetXml().OuterXml);
EncryptedXml exml = new EncryptedXml(doc);
exml.AddKeyNameMapping("another_aes", aes);
SymmetricAlgorithm decryptedAlg = exml.GetDecryptionKey(edata, EncryptedXml.XmlEncAES256Url);
Assert.Equal(innerAes.Key, decryptedAlg.Key);
}
}
public void DecryptEncryptedKey_KeyInfoEncryptedKey()
{
XmlDocument doc = new XmlDocument();
doc.PreserveWhitespace = true;
string xml = "<root> <child>sample</child> </root>";
doc.LoadXml(xml);
var random = new SecureRandom();
var keydata = new byte[256 / 8];
random.NextBytes(keydata);
var param = new KeyParameter(keydata);
keydata = new byte[128 / 8];
random.NextBytes(keydata);
var innerParam = new KeyParameter(keydata);
keydata = new byte[192 / 8];
random.NextBytes(keydata);
var outerParam = new KeyParameter(keydata);
EncryptedXml exml = new EncryptedXml(doc);
exml.AddKeyNameMapping("aes", param);
EncryptedKey ekey = new EncryptedKey();
byte[] encKeyBytes = EncryptedXml.EncryptKey(outerParam.GetKey(), param);
ekey.CipherData = new CipherData(encKeyBytes);
ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ekey.Id = "Key_ID";
ekey.KeyInfo = new KeyInfo();
ekey.KeyInfo.AddClause(new KeyInfoName("aes"));
KeyInfo topLevelKeyInfo = new KeyInfo();
topLevelKeyInfo.AddClause(new KeyInfoEncryptedKey(ekey));
EncryptedKey ekeyTopLevel = new EncryptedKey();
byte[] encTopKeyBytes = EncryptedXml.EncryptKey(innerParam.GetKey(), outerParam);
ekeyTopLevel.CipherData = new CipherData(encTopKeyBytes);
ekeyTopLevel.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
ekeyTopLevel.KeyInfo = topLevelKeyInfo;
doc.LoadXml(ekeyTopLevel.GetXml().OuterXml);
byte[] decryptedKey = exml.DecryptEncryptedKey(ekeyTopLevel);
Assert.Equal(innerParam.GetKey(), decryptedKey);
EncryptedData eData = new EncryptedData();
eData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
eData.KeyInfo = topLevelKeyInfo;
var decryptedAlg = exml.GetDecryptionKey(eData, null);
Assert.Equal(outerParam.GetKey(), ((KeyParameter)decryptedAlg).GetKey());
}
public void EncryptKey_KeyNull()
{
using (Aes aes = Aes.Create())
{
Assert.Throws <ArgumentNullException>(() => EncryptedXml.EncryptKey(null, aes));
}
}
public override byte [] EncryptKey(string algorithm, byte [] keyData)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
if (keyData == null)
{
throw new ArgumentNullException("keyData");
}
switch (algorithm)
{
case EncryptedXml.XmlEncRSA15Url:
case EncryptedXml.XmlEncRSAOAEPUrl:
break;
default:
throw new NotSupportedException(String.Format("This X509 security key does not support specified algorithm '{0}'", algorithm));
}
bool useOAEP =
algorithm == EncryptedXml.XmlEncRSAOAEPUrl;
return(EncryptedXml.EncryptKey(keyData, cert.PublicKey.Key as RSA, useOAEP));
}
public void EncryptKey_RSA_KeyDataNull()
{
using (RSA rsa = RSA.Create())
{
Assert.Throws <ArgumentNullException>(() => EncryptedXml.EncryptKey(null, rsa, false));
}
}
public override byte[] EncryptKey(string algorithm, byte[] keyData)
{
// Ensure that we have an RSA algorithm object
RSA rsa = this.PublicKey as RSA;
if (rsa == null)
{
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.PublicKeyNotRSA)));
}
switch (algorithm)
{
case EncryptedXml.XmlEncRSA15Url:
return(EncryptedXml.EncryptKey(keyData, rsa, false));
case EncryptedXml.XmlEncRSAOAEPUrl:
return(EncryptedXml.EncryptKey(keyData, rsa, true));
default:
if (IsSupportedAlgorithm(algorithm))
{
return(EncryptedXml.EncryptKey(keyData, rsa, true));
}
throw DiagnosticUtility.ExceptionUtility.ThrowHelperError(new NotSupportedException(SR.GetString(SR.UnsupportedCryptoAlgorithm, algorithm)));
}
}
public static void Encrypt(Stream toEncrypt, RSA key, out KeyInfo keyInfo, out EncryptionMethod encryptionMethod, out CipherData cipherData)
{
using (Aes sessionKey = Aes.Create())
{
sessionKey.KeySize = 128;
encryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128Url);
keyInfo = new KeyInfo();
EncryptedKey encKey;
keyInfo.AddClause(
new KeyInfoEncryptedKey(
encKey = new EncryptedKey()
{
CipherData = new CipherData(EncryptedXml.EncryptKey(sessionKey.Key, key, useOAEP: true)),
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl)
}));
encKey.KeyInfo.AddClause(new RSAKeyValue(key));
byte[] dataToEncrypt = new byte[toEncrypt.Length];
toEncrypt.Read(dataToEncrypt, 0, (int)toEncrypt.Length);
var encryptedXml = new EncryptedXml();
encryptedXml.Padding = PaddingMode.PKCS7;
encryptedXml.Mode = CipherMode.CBC;
byte[] encryptedData = encryptedXml.EncryptData(dataToEncrypt, sessionKey);
cipherData = new CipherData(encryptedData);
}
}
public override byte[] EncryptKey(string algorithm, byte[] keyData)
{
if (algorithm == null)
{
throw new ArgumentNullException(nameof(algorithm));
}
if (keyData == null)
{
throw new ArgumentNullException(nameof(keyData));
}
bool useOAEP;
switch (algorithm)
{
case EncryptedXml.XmlEncRSA15Url:
useOAEP = false;
break;
case EncryptedXml.XmlEncRSAOAEPUrl:
useOAEP = true;
break;
default:
throw new NotSupportedException($"The encryption algorithm {algorithm} is not supported");
}
return(EncryptedXml.EncryptKey(keyData, rsa as RSA, useOAEP));
}
/// <summary>
/// 加密xml文档对象
/// </summary>
/// <param name="Doc">xml文档</param>
/// <param name="ElementToEncrypt">要被加密的XML元素</param>
/// <param name="Alg">不对称加密算法</param>
/// <param name="KeyName">指定解密需要的RSA密钥名称</param>
private void Encrypt(XmlDocument Doc, string ElementToEncrypt, RSA Alg, string KeyName)
{
//xmlElement表示被加密的XML元素
XmlElement xmlElement = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;
AesManaged aes = new AesManaged();
//指定密钥大小为256位
aes.KeySize = 256;
//用AES算法加密指定的元素进行加密,得到加密后的字节数组
EncryptedXml encryptedXml = new EncryptedXml();
byte[] encryptedElement = encryptedXml.EncryptData(xmlElement, aes, false);
//构造一个 EncryptedData 对象,然后用加密后的XML元素的URL标识符填充它,
//以便解密方知道XML包含一个加密元素
EncryptedData encryptedData = new EncryptedData();
encryptedData.Type = EncryptedXml.XmlEncElementUrl;
encryptedData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
//ek表示加密后的<EncryptedKey>元素
EncryptedKey ek = new EncryptedKey();
//用RSA算法加密AES的密钥
ek.CipherData = new CipherData(EncryptedXml.EncryptKey(aes.Key, Alg, false));
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
//指定解密需要的RSA密钥名称
ek.KeyInfo.AddClause(new KeyInfoName(KeyName));
//将加密后的密钥添加到EncryptedData对象中
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
//将加密后的元素添加到 EncryptedData 对象中
encryptedData.CipherData.CipherValue = encryptedElement;
//用EncryptedData元素替换原始XmlDocument对象中的元素
EncryptedXml.ReplaceElement(xmlElement, encryptedData, false);
}
internal static void Encrypt(this XmlElement elementToEncrypt, bool useOaep, X509Certificate2 certificate)
{
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
var encryptedData = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url)
};
var algorithm = useOaep ? EncryptedXml.XmlEncRSAOAEPUrl : EncryptedXml.XmlEncRSA15Url;
var encryptedKey = new EncryptedKey
{
EncryptionMethod = new EncryptionMethod(algorithm),
};
var encryptedXml = new EncryptedXml();
byte[] encryptedElement;
using (var symmetricAlgorithm = new RijndaelManaged())
{
symmetricAlgorithm.KeySize = 256;
encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(symmetricAlgorithm.Key, (RSA)certificate.PublicKey.Key, useOaep));
encryptedElement = encryptedXml.EncryptData(elementToEncrypt, symmetricAlgorithm, false);
}
encryptedData.CipherData.CipherValue = encryptedElement;
encryptedData.KeyInfo = new KeyInfo();
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false);
}
public static XmlDocument EncryptXmlDoc(XmlDocument xmlDoc, X509Certificate2 cert, XmlEncryptionAlgorithmType encryptionAlgorithm, string elementPrefix, string elementName, string wrapperElementPrefix = null, string wrapperElementName = null)
{
var rsa = cert.GetRSAPublicKey();
if (rsa == null)
{
throw new IdentityProviderException("X509 must be RSA");
}
if (String.IsNullOrWhiteSpace(wrapperElementName))
{
wrapperElementName = elementName;
}
var element = xmlDoc.DocumentElement.GetSingleElementRequired(null, elementName, true);
string encryptionAlgorithmUrl = Algorithms.GetEncryptionAlgorithmUrl(encryptionAlgorithm);
string encryptionKeyAlgorithmUrl = useOeap ? Algorithms.RsaOaep : Algorithms.Rsa;
var encryptedXml = new EncryptedXml(xmlDoc);
var symmetricAlgorithm = Algorithms.Create(encryptionAlgorithm);
var encryptedElementBytes = encryptedXml.EncryptData(element, symmetricAlgorithm, false);
var encryptedKeyBytes = EncryptedXml.EncryptKey(symmetricAlgorithm.Key, rsa, useOeap);
var encryptedKey = new EncryptedKey
{
EncryptionMethod = new EncryptionMethod(encryptionKeyAlgorithmUrl),
CipherData = new CipherData(encryptedKeyBytes)
};
var encryptedDataElement = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
EncryptionMethod = new EncryptionMethod(encryptionAlgorithmUrl),
CipherData = new CipherData(encryptedElementBytes),
KeyInfo = new KeyInfo()
};
encryptedDataElement.KeyInfo.AddClause(new KeyInfoX509Data(cert));
encryptedDataElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
EncryptedXml.ReplaceElement(element, encryptedDataElement, true);
XmlHelper.SetPrefix("xenc", element.ChildNodes[0]);
//XmlHelper.SetPrefix(elementPrefix, element.ChildNodes[0]);
if (wrapperElementName != elementName)
{
xmlDoc.DocumentElement.RemoveChild(element);
var newElement = xmlDoc.CreateElement(wrapperElementPrefix, wrapperElementName, element.NamespaceURI);
xmlDoc.DocumentElement.AppendChild(newElement);
newElement.AppendChild(element.ChildNodes[0]);
}
return(xmlDoc);
}
public void EncryptKey_AESNotDivisibleBy8()
{
using (Aes aes = Aes.Create())
{
byte[] key = Encoding.ASCII.GetBytes("1234567");
Assert.Throws <CryptographicException>(() => EncryptedXml.EncryptKey(key, aes));
}
}
public void EncryptKey_AESNotDivisibleBy8()
{
using (Aes aes = Aes.Create())
{
byte[] key = "1234567" u8.ToArray();
Assert.Throws <CryptographicException>(() => EncryptedXml.EncryptKey(key, aes));
}
}
public void EncryptKey_RSA_KeyDataNull()
{
var keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
keyGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
var pair = keyGen.GenerateKeyPair();
Assert.Throws <ArgumentNullException>(() => EncryptedXml.EncryptKey(null, (RsaKeyParameters)pair.Public, false));
}
/// <summary>
/// Generates an encrypted assertion and writes it to disk.
/// </summary>
public static void GenerateEncryptedAssertion()
{
var cert = Certificates.InMemoryResourceUtility.GetInMemoryCertificate("sts_dev_certificate.pfx", "test1234");
var assertion = AssertionUtil.GetTestAssertion();
// Create an EncryptedData instance to hold the results of the encryption.o
var encryptedData = new EncryptedData
{
Type = EncryptedXml.XmlEncElementUrl,
EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url)
};
// Create a symmetric key.
var aes = new RijndaelManaged {
KeySize = 256
};
aes.GenerateKey();
// Encrypt the assertion and add it to the encryptedData instance.
var encryptedXml = new EncryptedXml();
var encryptedElement = encryptedXml.EncryptData(assertion.DocumentElement, aes, false);
encryptedData.CipherData.CipherValue = encryptedElement;
// Add an encrypted version of the key used.
encryptedData.KeyInfo = new KeyInfo();
var encryptedKey = new EncryptedKey();
// Use this certificate to encrypt the key.
var publicKeyRsa = cert.PublicKey.Key as RSA;
Assert.True(publicKeyRsa != null, "Public key of certificate was not an RSA key. Modify test.");
encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(aes.Key, publicKeyRsa, false));
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
// Create the resulting Xml-document to hook into.
var encryptedAssertion = new EncryptedAssertion
{
EncryptedData = new Schema.XEnc.EncryptedData(),
EncryptedKey = new Schema.XEnc.EncryptedKey[1]
};
encryptedAssertion.EncryptedKey[0] = new Schema.XEnc.EncryptedKey();
var result = Serialization.Serialize(encryptedAssertion);
var encryptedDataElement = GetElement(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc, result);
EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false);
// At this point, result can be output to text
}
public void EncryptKey_RSA_UseOAEP()
{
byte[] data = Encoding.ASCII.GetBytes("12345678");
using (RSA rsa = RSA.Create())
{
byte[] encryptedData = EncryptedXml.EncryptKey(data, rsa, true);
byte[] decryptedData = EncryptedXml.DecryptKey(encryptedData, rsa, true);
Assert.Equal(data, decryptedData);
}
}
public void EncryptKey_RSA_UseOAEP()
{
byte[] data = "12345678" u8.ToArray();
using (RSA rsa = RSA.Create())
{
byte[] encryptedData = EncryptedXml.EncryptKey(data, rsa, true);
byte[] decryptedData = EncryptedXml.DecryptKey(encryptedData, rsa, true);
Assert.Equal(data, decryptedData);
}
}
public override XmlNode Encrypt(XmlNode node)
{
RSACryptoServiceProvider cryptoServiceProvider = this.GetCryptoServiceProvider(false, false);
XmlDocument document = new XmlDocument {
PreserveWhitespace = true
};
document.LoadXml("<foo>" + node.OuterXml + "</foo>");
EncryptedXml xml = new EncryptedXml(document);
XmlElement documentElement = document.DocumentElement;
SymmetricAlgorithm symmetricAlgorithm = new TripleDESCryptoServiceProvider();
byte[] randomKey = this.GetRandomKey();
symmetricAlgorithm.Key = randomKey;
symmetricAlgorithm.Mode = CipherMode.ECB;
symmetricAlgorithm.Padding = PaddingMode.PKCS7;
byte[] buffer = xml.EncryptData(documentElement, symmetricAlgorithm, true);
EncryptedData encryptedData = new EncryptedData {
Type = "http://www.w3.org/2001/04/xmlenc#Element",
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"),
KeyInfo = new KeyInfo()
};
EncryptedKey encryptedKey = new EncryptedKey {
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5"),
KeyInfo = new KeyInfo(),
CipherData = new CipherData()
};
encryptedKey.CipherData.CipherValue = EncryptedXml.EncryptKey(symmetricAlgorithm.Key, cryptoServiceProvider, this.UseOAEP);
KeyInfoName clause = new KeyInfoName {
Value = this._KeyName
};
encryptedKey.KeyInfo.AddClause(clause);
KeyInfoEncryptedKey key2 = new KeyInfoEncryptedKey(encryptedKey);
encryptedData.KeyInfo.AddClause(key2);
encryptedData.CipherData = new CipherData();
encryptedData.CipherData.CipherValue = buffer;
EncryptedXml.ReplaceElement(documentElement, encryptedData, true);
foreach (XmlNode node2 in document.ChildNodes)
{
if (node2.NodeType == XmlNodeType.Element)
{
foreach (XmlNode node3 in node2.ChildNodes)
{
if (node3.NodeType == XmlNodeType.Element)
{
return(node3);
}
}
}
}
return(null);
}
/// <summary>
/// Creates the encrypted key.
/// </summary>
/// <returns>EncryptedKey.</returns>
protected override EncryptedKey CreateEncryptedKey()
{
var encryptedKey = new EncryptedKey
{
CipherData = new CipherData(EncryptedXml.EncryptKey(Symmetric.Key, PublicKey, false)),
EncryptionMethod = CreateAsymmetricXmlEncryptionMethod(),
};
encryptedKey.KeyInfo.AddClause(new KeyInfoName(XmlConstants.SymmetricKeyInfoName));
return(encryptedKey);
}
public override byte [] EncryptKey(string algorithm, byte [] keyData)
{
if (algorithm == null)
{
throw new ArgumentNullException("algorithm");
}
if (keyData == null)
{
throw new ArgumentNullException("keyData");
}
return(EncryptedXml.EncryptKey(keyData, GetSymmetricAlgorithm(algorithm)));
}
public void EncryptKey_TripleDES()
{
using (TripleDES tripleDES = TripleDES.Create())
{
byte[] key = Encoding.ASCII.GetBytes("123456781234567812345678");
byte[] encryptedKey = EncryptedXml.EncryptKey(key, tripleDES);
Assert.NotNull(encryptedKey);
Assert.Equal(key, EncryptedXml.DecryptKey(encryptedKey, tripleDES));
}
}
public void EncryptKey_KeyNull()
{
var random = new SecureRandom();
var ivdata = new byte[128 / 8];
var keydata = new byte[256 / 8];
random.NextBytes(ivdata);
random.NextBytes(keydata);
var param = new ParametersWithIV(new KeyParameter(keydata), ivdata);
Assert.Throws <ArgumentNullException>(() => EncryptedXml.EncryptKey(null, new KeyParameter(keydata)));
}
public void DecryptKey_AESCorruptedKey()
{
using (Aes aes = Aes.Create())
{
byte[] key = "123456781234567812345678" u8.ToArray();
byte[] encryptedKey = EncryptedXml.EncryptKey(key, aes);
encryptedKey[0] ^= 0xFF;
Assert.Throws <CryptographicException>(() => EncryptedXml.DecryptKey(encryptedKey, aes));
}
}
public void DecryptKey_AESCorruptedKey8Bytes()
{
using (Aes aes = Aes.Create())
{
byte[] key = Encoding.ASCII.GetBytes("12345678");
byte[] encryptedKey = EncryptedXml.EncryptKey(key, aes);
encryptedKey[0] ^= 0xFF;
Assert.Throws <CryptographicException>(() => EncryptedXml.DecryptKey(encryptedKey, aes));
}
}
public void DecryptKey_TripleDESCorruptedKey()
{
using (TripleDES tripleDES = TripleDES.Create())
{
byte[] key = Encoding.ASCII.GetBytes("123456781234567812345678");
byte[] encryptedKey = EncryptedXml.EncryptKey(key, tripleDES);
encryptedKey[0] ^= 0xFF;
Assert.Throws <CryptographicException>(() => EncryptedXml.DecryptKey(encryptedKey, tripleDES));
}
}
public void EncryptKey_RSA_UseOAEP()
{
byte[] data = Encoding.ASCII.GetBytes("12345678");
var keyGen = GeneratorUtilities.GetKeyPairGenerator("RSA");
keyGen.Init(new KeyGenerationParameters(new SecureRandom(), 1024));
var pair = keyGen.GenerateKeyPair();
byte[] encryptedData = EncryptedXml.EncryptKey(data, (RsaKeyParameters)pair.Public, true);
byte[] decryptedData = EncryptedXml.DecryptKey(encryptedData, (RsaKeyParameters)pair.Private, true);
Assert.Equal(data, decryptedData);
}
public void EncryptKey_AES8Bytes()
{
using (Aes aes = Aes.Create())
{
byte[] key = Encoding.ASCII.GetBytes("12345678");
byte[] encryptedKey = EncryptedXml.EncryptKey(key, aes);
Assert.NotNull(encryptedKey);
Assert.Equal(key, EncryptedXml.DecryptKey(encryptedKey, aes));
}
}
public void GenerateEncryptedAssertion_01()
{
XmlDocument assertion = AssertionUtil.GetTestAssertion_01();
// Create an EncryptedData instance to hold the results of the encryption.o
EncryptedData encryptedData = new EncryptedData();
encryptedData.Type = EncryptedXml.XmlEncElementUrl;
encryptedData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Create a symmetric key.
RijndaelManaged aes = new RijndaelManaged();
aes.KeySize = 256;
aes.GenerateKey();
// Encrypt the assertion and add it to the encryptedData instance.
EncryptedXml encryptedXml = new EncryptedXml();
byte[] encryptedElement = encryptedXml.EncryptData(assertion.DocumentElement, aes, false);
encryptedData.CipherData.CipherValue = encryptedElement;
// Add an encrypted version of the key used.
encryptedData.KeyInfo = new KeyInfo();
EncryptedKey encryptedKey = new EncryptedKey();
// Use this certificate to encrypt the key.
X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234");
RSA publicKeyRSA = cert.PublicKey.Key as RSA;
Assert.IsNotNull(publicKeyRSA, "Public key of certificate was not an RSA key. Modify test.");
encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(aes.Key, publicKeyRSA, false));
encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey));
// Create the resulting Xml-document to hook into.
EncryptedAssertion encryptedAssertion = new EncryptedAssertion();
encryptedAssertion.encryptedData = new saml20.Schema.XEnc.EncryptedData();
encryptedAssertion.encryptedKey = new saml20.Schema.XEnc.EncryptedKey[1];
encryptedAssertion.encryptedKey[0] = new saml20.Schema.XEnc.EncryptedKey();
XmlDocument result;
result = Serialization.Serialize(encryptedAssertion);
XmlElement encryptedDataElement = GetElement(dk.nita.saml20.Schema.XEnc.EncryptedData.ELEMENT_NAME, Saml20Constants.XENC, result);
EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false);
}