public async Task Run_ReEncrypt(string key)
{
Console.WriteLine("Running Re-Encrypt Data Process:");
string a = "abcDEF123$%^";
TransitKeyInfo TKIA = await TB.ReadEncryptionKey(key);
Console.WriteLine(" -- Encryption Key Current Version is {0}", TKIA.LatestVersionNum);
TransitEncryptedItem response = await TB.Encrypt(key, a);
bool success = await TB.RotateKey(key);
if (!success)
{
Console.WriteLine(" -- Failed to rotate the key. Stopping the Re-Encryption test.");
return;
}
TransitKeyInfo TKIB = await TB.ReadEncryptionKey(key);
Console.WriteLine(" -- Encryption Key New Version is {0}", TKIB.LatestVersionNum);
TransitEncryptedItem response2 = await TB.ReEncrypt(key, response.EncryptedValue);
if (response2 != null)
{
Console.WriteLine(" -- Reencryption completed.");
// Now validate by decrypting original value and new value. Should be same.
TransitDecryptedItem decryptA = await TB.Decrypt(key, response.EncryptedValue);
TransitDecryptedItem decryptB = await TB.Decrypt(key, response2.EncryptedValue);
if (a == decryptB.DecryptedValue)
{
Console.WriteLine(" -- ReEncryption successfull. Original Data = {0} and after re-encrypt value = {1}", a, decryptB.DecryptedValue);
}
else
{
Console.WriteLine(" -- ReEncryption FAILED. Original value = {0}, re-Encryption value = {1}.", a, decryptB.DecryptedValue);
}
}
Console.WriteLine(" encrypted: {0} to {1}", a, response.EncryptedValue);
}
public async Task DerivedEncryptDecrypt_ResultsInSameValue()
{
string key = await Transit_InitWithKey(TransitEnumKeyType.aes256, true);
// Get a random value to encrypt.
string toEncrypt = Guid.NewGuid().ToString();
// Set the "Context" value for derived encryption.
string toContext = "ZYXabc";
// Now encrypt with that key.
TransitEncryptedItem response = await _transitSecretEngine.Encrypt(key, toEncrypt, toContext);
Assert.IsNotEmpty(response.EncryptedValue);
// Now decrypt it.
TransitDecryptedItem responseB = await _transitSecretEngine.Decrypt(key, response.EncryptedValue, toContext);
Assert.AreEqual(responseB.DecryptedValue, toEncrypt);
}
public async Task EncryptDecrypt_ResultsInSameValue()
{
// Get a random value to encrypt.
string toEncrypt = Guid.NewGuid().ToString();
string encKey = Guid.NewGuid().ToString();
// Create an encryption key.
bool rc = await _transitSecretEngine.CreateEncryptionKey(encKey, true, true, TransitEnumKeyType.rsa4096);
Assert.AreEqual(true, rc);
// Now encrypt with that key.
TransitEncryptedItem response = await _transitSecretEngine.Encrypt(encKey, toEncrypt);
Assert.IsNotEmpty(response.EncryptedValue);
// Now decrypt it.
TransitDecryptedItem responseB = await _transitSecretEngine.Decrypt(encKey, response.EncryptedValue);
Assert.AreEqual(responseB.DecryptedValue, toEncrypt);
}
// Test that Reencrypt results in same original un-encrypted value.
public async Task RencryptionResultsInSameStartingValue()
{
string valA = Guid.NewGuid().ToString();
string key = _uniqueKeys.GetKey();
// Create key, validate the version and then encrypt some data with that key.
Assert.True(await _transitSecretEngine.CreateEncryptionKey(key, true, true, TransitEnumKeyType.aes256));
TransitEncryptedItem encA = await _transitSecretEngine.Encrypt(key, valA);
TransitKeyInfo tkiA = await _transitSecretEngine.ReadEncryptionKey(key);
// Rotate Key, Read value of key version, Re-Encrypt data. Decrypt Data.
Assert.True(await _transitSecretEngine.RotateKey(key));
TransitKeyInfo tkiB = await _transitSecretEngine.ReadEncryptionKey(key);
TransitEncryptedItem encB = await _transitSecretEngine.ReEncrypt(key, encA.EncryptedValue);
TransitDecryptedItem decB = await _transitSecretEngine.Decrypt(key, encB.EncryptedValue);
// Validate Results. Key version incremented by 1.
Assert.AreEqual(tkiA.LatestVersionNum + 1, tkiB.LatestVersionNum, "Key Version should have been incremented.");
Assert.AreEqual(valA, decB.DecryptedValue,
"After Key Rotation and Rencryption, expected value of encrypted item to be same, but they are different");
}
public async Task Run_BulkOps()
{
string eKey = Guid.NewGuid().ToString();
// Encrypt Bulk Items
Console.WriteLine("Encrypting bulk Items");
List <TransitBulkItemToEncrypt> bulkEnc = new List <TransitBulkItemToEncrypt>();
bulkEnc.Add(new TransitBulkItemToEncrypt("ABC"));
bulkEnc.Add(new TransitBulkItemToEncrypt("DEF"));
bulkEnc.Add(new TransitBulkItemToEncrypt("GHI"));
bulkEnc.Add(new TransitBulkItemToEncrypt("JKL"));
bulkEnc.Add(new TransitBulkItemToEncrypt("MNO"));
TransitEncryptionResultsBulk results = await TB.EncryptBulk(eKey, bulkEnc);
int sentCnt = bulkEnc.Count;
int recvCnt = results.EncryptedValues.Count;
if (sentCnt == recvCnt)
{
Console.WriteLine(" - Bulk Encryption completed. Sent and recived items count same! SUCCESS!");
}
foreach (TransitEncryptedItem encrypted in results.EncryptedValues)
{
TransitDecryptedItem decrypted = await TB.Decrypt(eKey, encrypted.EncryptedValue);
Console.WriteLine(" - Decrypted Value = {0}", decrypted.DecryptedValue);
}
// Test Bulk Decryption
List <TransitBulkItemToDecrypt> bulkDecrypt = new List <TransitBulkItemToDecrypt>();
foreach (TransitEncryptedItem encrypted in results.EncryptedValues)
{
bulkDecrypt.Add(new TransitBulkItemToDecrypt(encrypted.EncryptedValue));
}
// Now decrypt.
TransitDecryptionResultsBulk resDecrypt = await TB.DecryptBulk(eKey, bulkDecrypt);
int sentCntD = bulkDecrypt.Count;
int recvCntD = resDecrypt.DecryptedValues.Count;
if (sentCntD == recvCntD)
{
Console.WriteLine(" - Bulk Decryption completed. Sent and recived items count same! SUCCESS!");
}
// Print results:
foreach (TransitDecryptedItem decrypted in resDecrypt.DecryptedValues)
{
Console.WriteLine(" Bulk Decryption result: {0}", decrypted.DecryptedValue);
}
// Rotate the Key.
// if (runRotateTest) {
Console.WriteLine("Rotating the Key.");
bool rotateAnswer = await TB.RotateKey(eKey);
if (rotateAnswer)
{
Console.WriteLine(" - Key rotation successful.");
}
// }
// if (runRekeyTest) {
Console.WriteLine("Rencrypting a key.");
await Run_ReEncrypt(eKey);
// }
// Test Bulk Rewrap.
TransitEncryptionResultsBulk bulkRewrap = await TB.ReEncryptBulk(eKey, bulkDecrypt);
foreach (TransitEncryptedItem encrypted in bulkRewrap.EncryptedValues)
{
// Decrypt the value:
TransitDecryptedItem tdiA = await TB.Decrypt(eKey, encrypted.EncryptedValue);
Console.WriteLine(" - Decrypted value from bulk Rewrap = {0}", tdiA.DecryptedValue);
}
}
// Performs a complex set of operations to ensure a backup and restore of a key is successful. Including rotating the key
// encrypting with the key, etc.
public async Task RestoreKey_Success()
{
string key = await Transit_InitWithKey(TransitEnumKeyType.aes256);
// A. Enable deletion of the key.
Dictionary <string, string> keyconfig = new Dictionary <string, string> {
{ TransitConstants.KeyConfig_DeleteAllowed, "true" }
};
TransitKeyInfo tki = await _transitSecretEngine.UpdateKey(key, keyconfig);
Assert.True(tki.CanDelete);
// B. Rotate the key a few times.
await _transitSecretEngine.RotateKey(key);
await _transitSecretEngine.RotateKey(key);
await _transitSecretEngine.RotateKey(key);
// C. Encrypt a piece of data.
string encryptedValue = "ABCzyx123";
TransitEncryptedItem encItem = await _transitSecretEngine.Encrypt(key, encryptedValue);
// D. Rotate Keys a few more times.
await _transitSecretEngine.RotateKey(key);
await _transitSecretEngine.RotateKey(key);
await _transitSecretEngine.RotateKey(key);
tki = await _transitSecretEngine.ReadEncryptionKey(key);
Assert.AreEqual(tki.Name, key);
// E. Back it up.
TransitBackupRestoreItem tbri = await _transitSecretEngine.BackupKey(key);
Assert.True(tbri.Success);
Assert.AreNotEqual(null, tbri.KeyBackup);
// F. Delete key.
Assert.True(await _transitSecretEngine.DeleteKey(key));
// G. Restore the key
Assert.True(await _transitSecretEngine.RestoreKey(key, tbri));
// H. Decrypt an item with restored key.
TransitDecryptedItem decItem = await _transitSecretEngine.Decrypt(key, encItem.EncryptedValue);
Assert.AreEqual(encryptedValue, decItem.DecryptedValue);
// I. Validate the restore.
TransitKeyInfo tkiRestore = await _transitSecretEngine.ReadEncryptionKey(key);
Assert.AreEqual(tki.Type, tkiRestore.Type);
Assert.AreEqual(tki.LatestVersionNum, tkiRestore.LatestVersionNum);
Assert.AreEqual(tki.Name, tkiRestore.Name);
Assert.AreEqual(tki.Keys.Count, tkiRestore.Keys.Count);
}
