/// <summary>
/// Decrypts a file key.
/// </summary>
/// <param name="encFileKey">The file key to decrypt.</param>
/// <param name="userPrivateKey">The private key which should be used for the decryption.</param>
/// <param name="password">The password which secures the private key.</param>
/// <returns>The decrypted file key.</returns>
/// <exception cref="Dracoon.Crypto.Sdk.InvalidFileKeyException">If the provided encrypted file key is invalid.</exception>
/// <exception cref="Dracoon.Crypto.Sdk.InvalidKeyPairException">If the provided private key is invalid.</exception>
/// <exception cref="Dracoon.Crypto.Sdk.InvalidPasswordException">If the provided private key password is invalid</exception>
/// <exception cref="Dracoon.Crypto.Sdk.CryptoException">If an unexpected error in the decryption occured.</exception>
public static PlainFileKey DecryptFileKey(EncryptedFileKey encFileKey, UserPrivateKey userPrivateKey, string password)
{
ValidateEncryptedFileKey(encFileKey);
ValidateUserPrivateKey(userPrivateKey);
ValidatePassword(password);
AsymmetricKeyParameter privateKey = DecryptPrivateKey(userPrivateKey.PrivateKey, password);
byte[] dFileKey;
try {
OaepEncoding engine = new OaepEncoding(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), null);
engine.Init(false, privateKey);
byte[] eFileKey = Convert.FromBase64String(encFileKey.Key);
dFileKey = engine.ProcessBlock(eFileKey, 0, eFileKey.Length);
} catch (InvalidCipherTextException e) {
throw new CryptoException("Could not decrypt file key. Decryption failed.", e);
}
PlainFileKey plainFileKey = new PlainFileKey()
{
Key = Convert.ToBase64String(dFileKey),
Iv = encFileKey.Iv,
Tag = encFileKey.Tag,
Version = encFileKey.Version
};
return(plainFileKey);
}
public EncFileDownload(IInternalDracoonClient client, string actionId, Node nodeToDownload, Stream output, UserPrivateKey privateKey) : base(
client, actionId, nodeToDownload, output)
{
_userPrivateKey = privateKey;
Logtag = nameof(EncFileDownload);
}
private PlainFileKey TestDecryptFileKey(byte[] encryptedFileKeyResource, byte[] userPrivateKeyResource, string password)
{
EncryptedFileKey efk = TestUtilities.ReadTestResource <EncryptedFileKey>(encryptedFileKeyResource);
UserPrivateKey upk = TestUtilities.ReadTestResource <UserPrivateKey>(userPrivateKeyResource);
return(Crypto.DecryptFileKey(efk, upk, password));
}
/// <summary>
/// Generates a random user key pair.
/// </summary>
/// <param name="version">The encryption version for which the key pair should be created.</param>
/// <param name="password">The password which should be used to secure the private key.</param>
/// <returns>The generated user key pair.</returns>
/// <exception cref="Dracoon.Crypto.Sdk.InvalidKeyPairException">If the version for the user key pair is not supported.</exception>
/// <exception cref="Dracoon.Crypto.Sdk.InvalidPasswordException">If the password to secure the private key is invalid.</exception>
/// <exception cref="Dracoon.Crypto.Sdk.CryptoSystemException">If an unexpected error occured.</exception>
/// <exception cref="Dracoon.Crypto.Sdk.CryptoException">If an unexpected error in the encryption of the private key occured.</exception>
public static UserKeyPair GenerateUserKeyPair(string version, string password)
{
ValidateUserKeyPairVersion(version);
ValidatePassword(password);
AsymmetricCipherKeyPair rsaKeyInfo;
try {
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048)) {
rsaKeyInfo = DotNetUtilities.GetRsaKeyPair(rsa.ExportParameters(true));
}
} catch (CryptographicException e) {
throw new CryptoSystemException("Could not generate RSA key pair.", e);
}
string encrytedPrivateKeyString = EncryptPrivateKey(rsaKeyInfo.Private, password);
string publicKeyString = ConvertPublicKey(rsaKeyInfo.Public);
UserPrivateKey userPrivateKey = new UserPrivateKey()
{
Version = version, PrivateKey = encrytedPrivateKeyString
};
UserPublicKey userPublicKey = new UserPublicKey()
{
Version = version, PublicKey = publicKeyString
};
return(new UserKeyPair()
{
UserPrivateKey = userPrivateKey, UserPublicKey = userPublicKey
});
}
private static ApiUserPrivateKey ToApiUserPrivateKey(UserPrivateKey userPrivateKey)
{
ApiUserPrivateKey apiUserPrivateKey = new ApiUserPrivateKey {
Version = userPrivateKey.Version,
PrivateKey = userPrivateKey.PrivateKey
};
return(apiUserPrivateKey);
}
private static UserPrivateKey FromApiUserPrivateKey(ApiUserPrivateKey apiUserPrivateKey)
{
UserPrivateKey userPrivateKey = new UserPrivateKey {
Version = apiUserPrivateKey.Version,
PrivateKey = apiUserPrivateKey.PrivateKey
};
return(userPrivateKey);
}
internal PlainFileKey DecryptFileKey(EncryptedFileKey encryptedFileKey, UserPrivateKey userPrivateKey, long?nodeId = null)
{
try {
return(Crypto.Sdk.Crypto.DecryptFileKey(encryptedFileKey, userPrivateKey, _client.EncryptionPassword));
} catch (CryptoException ce) {
string message = "Decryption file key for node " + (nodeId.HasValue ? nodeId.Value.ToString() : "NULL") + " failed with " +
ce.Message;
DracoonClient.Log.Debug(Logtag, message);
throw new DracoonCryptoException(CryptoErrorMapper.ParseCause(ce), ce);
}
}
/// <summary>
/// Checks the private key of a user.
/// </summary>
/// <param name="privateKey">The private key to check.</param>
/// <exception cref="Dracoon.Crypto.Sdk.InvalidKeyPairException"/>
private static void ValidateUserPrivateKey(UserPrivateKey privateKey)
{
if (privateKey == null)
{
throw new InvalidKeyPairException("Private key container cannot be null.");
}
if (privateKey.Version == null || !privateKey.Version.Equals(CryptoConstants.defaultVersion))
{
throw new InvalidKeyPairException("Unknown private key version.");
}
if (privateKey.PrivateKey == null || privateKey.PrivateKey.Length == 0)
{
throw new InvalidKeyPairException("Private key cannot be null or empty.");
}
}
public void TestGenerateUserKeyPair_Success()
{
UserKeyPair testUkp = Crypto.GenerateUserKeyPair("A", "Qwer1234");
Assert.IsNotNull(testUkp, "Key pair is null!");
UserPrivateKey testPrivateKey = testUkp.UserPrivateKey;
Assert.IsNotNull(testPrivateKey, "Private key container is null!");
Assert.IsNotNull(testPrivateKey.Version, "Private key version is null");
Assert.IsTrue(testPrivateKey.Version.Length > 0, "Private key version is empty!");
Assert.IsTrue(testPrivateKey.Version.Equals("A"), "Private key version is invalid!");
Assert.IsNotNull(testPrivateKey.PrivateKey, "Private key is null!");
Assert.IsTrue(testPrivateKey.PrivateKey.StartsWith("-----BEGIN ENCRYPTED PRIVATE KEY-----"), "Privat ekey is invalid!");
UserPublicKey testPublicKey = testUkp.UserPublicKey;
Assert.IsNotNull(testPublicKey, "Public key container is null!");
Assert.IsNotNull(testPublicKey.Version, "Public key version is null");
Assert.IsTrue(testPublicKey.Version.Length > 0, "Public key version is empty!");
Assert.IsTrue(testPublicKey.Version.Equals("A"), "Public key version is invalid!");
Assert.IsNotNull(testPublicKey.PublicKey, "Public key is null!");
Assert.IsTrue(testPublicKey.PublicKey.StartsWith("-----BEGIN PUBLIC KEY-----"), "Public ekey is invalid!");
}
private Dictionary <long, PlainFileKey> GeneratePlainFileKeyMap(List <ApiFileIdFileKey> fileIdFileKeys, UserPrivateKey thisUserPrivateKey)
{
Dictionary <long, PlainFileKey> plainFileKeys = new Dictionary <long, PlainFileKey>(fileIdFileKeys.Count);
foreach (ApiFileIdFileKey currentEncryptedFileKey in fileIdFileKeys)
{
EncryptedFileKey encryptedFileKey = FileMapper.FromApiFileKey(currentEncryptedFileKey.FileKeyContainer);
PlainFileKey decryptedFileKey = DecryptFileKey(encryptedFileKey, thisUserPrivateKey, currentEncryptedFileKey.FileId);
plainFileKeys.Add(currentEncryptedFileKey.FileId, decryptedFileKey);
}
return(plainFileKeys);
}
private void HandlePendingMissingFileKeys(ApiMissingFileKeys missingFileKeys, UserPrivateKey thisUserPrivateKey)
{
if (missingFileKeys == null || missingFileKeys.Items.Count == 0)
{
return;
}
Dictionary <long, UserPublicKey> userPublicKeys = UserMapper.ConvertApiUserIdPublicKeys(missingFileKeys.UserPublicKey);
Dictionary <long, PlainFileKey> plainFileKeys = GeneratePlainFileKeyMap(missingFileKeys.FileKeys, thisUserPrivateKey);
ApiSetUserFileKeysRequest setUserFileKeysRequest = new ApiSetUserFileKeysRequest {
Items = new List <ApiSetUserFileKey>(missingFileKeys.UserPublicKey.Count)
};
foreach (ApiUserIdFileId currentMissingFileKey in missingFileKeys.Items)
{
UserPublicKey currentUsersPublicKey = userPublicKeys[currentMissingFileKey.UserId];
PlainFileKey currentPlainFileKey = plainFileKeys[currentMissingFileKey.FileId];
EncryptedFileKey currentEncryptedFileKey = EncryptFileKey(currentPlainFileKey, currentUsersPublicKey, currentMissingFileKey.FileId);
ApiSetUserFileKey newRequestEntry = new ApiSetUserFileKey {
FileId = currentMissingFileKey.FileId,
UserId = currentMissingFileKey.UserId,
FileKey = FileMapper.ToApiFileKey(currentEncryptedFileKey)
};
setUserFileKeysRequest.Items.Add(newRequestEntry);
}
IRestRequest restRequest = _client.Builder.PostMissingFileKeys(setUserFileKeysRequest);
_client.Executor.DoSyncApiCall <VoidResponse>(restRequest, RequestType.PostMissingFileKeys);
}
