public override void Load(Stream stream) { byte[] encryptedData; using (MemoryStream memoryStream = new MemoryStream()) { stream.CopyTo(memoryStream); encryptedData = memoryStream.ToArray(); } var base64Array = Encoding.UTF8.GetString(encryptedData).Split('.'); var sessionKeyBlob = Convert.FromBase64String(base64Array[0]); var encryptedConfigData = Convert.FromBase64String(base64Array[1]); var sessionKey = SessionKeyContainer.FromBlob(sessionKeyBlob); var hybridDecryption = HybridDecryption.Create(_containerName, _signatureKey); var data = hybridDecryption.DecryptData(sessionKey, encryptedConfigData); using (MemoryStream memoryStream = new MemoryStream(data)) { var configurationFileParser = new JsonConfigurationFileParser(); this.Data = configurationFileParser.Parse(memoryStream); } }
public void GivenEncryptionKeyBlob_WhenImportingKey_ThenImportsSessionKeyCorrectly() { RandomNumberGenerator random = new RNGCryptoServiceProvider(); var data = File.ReadAllBytes("appsettings.json"); var sessionKey = new byte[32]; var iv = new byte[16]; random.GetBytes(sessionKey); random.GetBytes(iv); (SessionKeyContainer key, byte[] encryptedData)encryptedResult = _hybridEncryption.EncryptData(sessionKey, data, iv); var key = encryptedResult.key; var keyBlob = key.ExportToBlob(); var keyFromBlob = SessionKeyContainer.FromBlob(keyBlob); Assert.That(keyFromBlob.SessionKey, Is.EqualTo(key.SessionKey)); }
public void GivenEncryptingData_WhenDecryptingData_FromImportedKey_ThenDataIsDecrypted() { RandomNumberGenerator random = new RNGCryptoServiceProvider(); var data = new byte[512]; var sessionKey = new byte[32]; var iv = new byte[16]; random.GetBytes(sessionKey); random.GetBytes(iv); random.GetBytes(data); (SessionKeyContainer key, byte[] encryptedData)encryptedResult = _hybridEncryption.EncryptData(sessionKey, data, iv); var keyBlob = encryptedResult.key.ExportToBlob(); var keyFromBlob = SessionKeyContainer.FromBlob(keyBlob); var decryptedData = _hybridDecryption.DecryptData(keyFromBlob, encryptedResult.encryptedData); Assert.That(decryptedData, Is.EqualTo(data)); }
public byte[] DecryptData(SessionKeyContainer sessionKeyContainer, byte[] data) { var decryptedSessionKey = _asymmetricKeyEncryption.DecryptData(sessionKeyContainer.SessionKey); using (var hmac = new HMACSHA256(decryptedSessionKey)) { var hmacToCheck = hmac.ComputeHash(data); if (!Compare(sessionKeyContainer.HMACHash, hmacToCheck)) { throw new CryptographicException("HMAC signatures do not match"); } if (!_digitalSignature.VerifyData(sessionKeyContainer.HMACHash, sessionKeyContainer.Signature)) { throw new CryptographicException("Signatures cannot be verified"); } } var decryptedData = _symmetricKeyEncryption.Decrypt(data, decryptedSessionKey, sessionKeyContainer.IV); return(decryptedData); }