/// <summary> /// Decrypts a file key. /// </summary> /// <param name="encFileKey">The file key to decrypt.</param> /// <param name="userPrivateKey">The private key which should be used for the decryption.</param> /// <param name="password">The password which secures the private key.</param> /// <returns>The decrypted file key.</returns> /// <exception cref="Dracoon.Crypto.Sdk.InvalidFileKeyException">If the provided encrypted file key is invalid.</exception> /// <exception cref="Dracoon.Crypto.Sdk.InvalidKeyPairException">If the provided private key is invalid.</exception> /// <exception cref="Dracoon.Crypto.Sdk.InvalidPasswordException">If the provided private key password is invalid</exception> /// <exception cref="Dracoon.Crypto.Sdk.CryptoException">If an unexpected error in the decryption occured.</exception> public static PlainFileKey DecryptFileKey(EncryptedFileKey encFileKey, UserPrivateKey userPrivateKey, string password) { ValidateEncryptedFileKey(encFileKey); ValidateUserPrivateKey(userPrivateKey); ValidatePassword(password); AsymmetricKeyParameter privateKey = DecryptPrivateKey(userPrivateKey.PrivateKey, password); byte[] dFileKey; try { OaepEncoding engine = new OaepEncoding(new RsaEngine(), new Sha256Digest(), new Sha1Digest(), null); engine.Init(false, privateKey); byte[] eFileKey = Convert.FromBase64String(encFileKey.Key); dFileKey = engine.ProcessBlock(eFileKey, 0, eFileKey.Length); } catch (InvalidCipherTextException e) { throw new CryptoException("Could not decrypt file key. Decryption failed.", e); } PlainFileKey plainFileKey = new PlainFileKey() { Key = Convert.ToBase64String(dFileKey), Iv = encFileKey.Iv, Tag = encFileKey.Tag, Version = encFileKey.Version }; return(plainFileKey); }
public EncFileDownload(IInternalDracoonClient client, string actionId, Node nodeToDownload, Stream output, UserPrivateKey privateKey) : base( client, actionId, nodeToDownload, output) { _userPrivateKey = privateKey; Logtag = nameof(EncFileDownload); }
private PlainFileKey TestDecryptFileKey(byte[] encryptedFileKeyResource, byte[] userPrivateKeyResource, string password) { EncryptedFileKey efk = TestUtilities.ReadTestResource <EncryptedFileKey>(encryptedFileKeyResource); UserPrivateKey upk = TestUtilities.ReadTestResource <UserPrivateKey>(userPrivateKeyResource); return(Crypto.DecryptFileKey(efk, upk, password)); }
/// <summary> /// Generates a random user key pair. /// </summary> /// <param name="version">The encryption version for which the key pair should be created.</param> /// <param name="password">The password which should be used to secure the private key.</param> /// <returns>The generated user key pair.</returns> /// <exception cref="Dracoon.Crypto.Sdk.InvalidKeyPairException">If the version for the user key pair is not supported.</exception> /// <exception cref="Dracoon.Crypto.Sdk.InvalidPasswordException">If the password to secure the private key is invalid.</exception> /// <exception cref="Dracoon.Crypto.Sdk.CryptoSystemException">If an unexpected error occured.</exception> /// <exception cref="Dracoon.Crypto.Sdk.CryptoException">If an unexpected error in the encryption of the private key occured.</exception> public static UserKeyPair GenerateUserKeyPair(string version, string password) { ValidateUserKeyPairVersion(version); ValidatePassword(password); AsymmetricCipherKeyPair rsaKeyInfo; try { using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048)) { rsaKeyInfo = DotNetUtilities.GetRsaKeyPair(rsa.ExportParameters(true)); } } catch (CryptographicException e) { throw new CryptoSystemException("Could not generate RSA key pair.", e); } string encrytedPrivateKeyString = EncryptPrivateKey(rsaKeyInfo.Private, password); string publicKeyString = ConvertPublicKey(rsaKeyInfo.Public); UserPrivateKey userPrivateKey = new UserPrivateKey() { Version = version, PrivateKey = encrytedPrivateKeyString }; UserPublicKey userPublicKey = new UserPublicKey() { Version = version, PublicKey = publicKeyString }; return(new UserKeyPair() { UserPrivateKey = userPrivateKey, UserPublicKey = userPublicKey }); }
private static ApiUserPrivateKey ToApiUserPrivateKey(UserPrivateKey userPrivateKey) { ApiUserPrivateKey apiUserPrivateKey = new ApiUserPrivateKey { Version = userPrivateKey.Version, PrivateKey = userPrivateKey.PrivateKey }; return(apiUserPrivateKey); }
private static UserPrivateKey FromApiUserPrivateKey(ApiUserPrivateKey apiUserPrivateKey) { UserPrivateKey userPrivateKey = new UserPrivateKey { Version = apiUserPrivateKey.Version, PrivateKey = apiUserPrivateKey.PrivateKey }; return(userPrivateKey); }
internal PlainFileKey DecryptFileKey(EncryptedFileKey encryptedFileKey, UserPrivateKey userPrivateKey, long?nodeId = null) { try { return(Crypto.Sdk.Crypto.DecryptFileKey(encryptedFileKey, userPrivateKey, _client.EncryptionPassword)); } catch (CryptoException ce) { string message = "Decryption file key for node " + (nodeId.HasValue ? nodeId.Value.ToString() : "NULL") + " failed with " + ce.Message; DracoonClient.Log.Debug(Logtag, message); throw new DracoonCryptoException(CryptoErrorMapper.ParseCause(ce), ce); } }
/// <summary> /// Checks the private key of a user. /// </summary> /// <param name="privateKey">The private key to check.</param> /// <exception cref="Dracoon.Crypto.Sdk.InvalidKeyPairException"/> private static void ValidateUserPrivateKey(UserPrivateKey privateKey) { if (privateKey == null) { throw new InvalidKeyPairException("Private key container cannot be null."); } if (privateKey.Version == null || !privateKey.Version.Equals(CryptoConstants.defaultVersion)) { throw new InvalidKeyPairException("Unknown private key version."); } if (privateKey.PrivateKey == null || privateKey.PrivateKey.Length == 0) { throw new InvalidKeyPairException("Private key cannot be null or empty."); } }
public void TestGenerateUserKeyPair_Success() { UserKeyPair testUkp = Crypto.GenerateUserKeyPair("A", "Qwer1234"); Assert.IsNotNull(testUkp, "Key pair is null!"); UserPrivateKey testPrivateKey = testUkp.UserPrivateKey; Assert.IsNotNull(testPrivateKey, "Private key container is null!"); Assert.IsNotNull(testPrivateKey.Version, "Private key version is null"); Assert.IsTrue(testPrivateKey.Version.Length > 0, "Private key version is empty!"); Assert.IsTrue(testPrivateKey.Version.Equals("A"), "Private key version is invalid!"); Assert.IsNotNull(testPrivateKey.PrivateKey, "Private key is null!"); Assert.IsTrue(testPrivateKey.PrivateKey.StartsWith("-----BEGIN ENCRYPTED PRIVATE KEY-----"), "Privat ekey is invalid!"); UserPublicKey testPublicKey = testUkp.UserPublicKey; Assert.IsNotNull(testPublicKey, "Public key container is null!"); Assert.IsNotNull(testPublicKey.Version, "Public key version is null"); Assert.IsTrue(testPublicKey.Version.Length > 0, "Public key version is empty!"); Assert.IsTrue(testPublicKey.Version.Equals("A"), "Public key version is invalid!"); Assert.IsNotNull(testPublicKey.PublicKey, "Public key is null!"); Assert.IsTrue(testPublicKey.PublicKey.StartsWith("-----BEGIN PUBLIC KEY-----"), "Public ekey is invalid!"); }
private Dictionary <long, PlainFileKey> GeneratePlainFileKeyMap(List <ApiFileIdFileKey> fileIdFileKeys, UserPrivateKey thisUserPrivateKey) { Dictionary <long, PlainFileKey> plainFileKeys = new Dictionary <long, PlainFileKey>(fileIdFileKeys.Count); foreach (ApiFileIdFileKey currentEncryptedFileKey in fileIdFileKeys) { EncryptedFileKey encryptedFileKey = FileMapper.FromApiFileKey(currentEncryptedFileKey.FileKeyContainer); PlainFileKey decryptedFileKey = DecryptFileKey(encryptedFileKey, thisUserPrivateKey, currentEncryptedFileKey.FileId); plainFileKeys.Add(currentEncryptedFileKey.FileId, decryptedFileKey); } return(plainFileKeys); }
private void HandlePendingMissingFileKeys(ApiMissingFileKeys missingFileKeys, UserPrivateKey thisUserPrivateKey) { if (missingFileKeys == null || missingFileKeys.Items.Count == 0) { return; } Dictionary <long, UserPublicKey> userPublicKeys = UserMapper.ConvertApiUserIdPublicKeys(missingFileKeys.UserPublicKey); Dictionary <long, PlainFileKey> plainFileKeys = GeneratePlainFileKeyMap(missingFileKeys.FileKeys, thisUserPrivateKey); ApiSetUserFileKeysRequest setUserFileKeysRequest = new ApiSetUserFileKeysRequest { Items = new List <ApiSetUserFileKey>(missingFileKeys.UserPublicKey.Count) }; foreach (ApiUserIdFileId currentMissingFileKey in missingFileKeys.Items) { UserPublicKey currentUsersPublicKey = userPublicKeys[currentMissingFileKey.UserId]; PlainFileKey currentPlainFileKey = plainFileKeys[currentMissingFileKey.FileId]; EncryptedFileKey currentEncryptedFileKey = EncryptFileKey(currentPlainFileKey, currentUsersPublicKey, currentMissingFileKey.FileId); ApiSetUserFileKey newRequestEntry = new ApiSetUserFileKey { FileId = currentMissingFileKey.FileId, UserId = currentMissingFileKey.UserId, FileKey = FileMapper.ToApiFileKey(currentEncryptedFileKey) }; setUserFileKeysRequest.Items.Add(newRequestEntry); } IRestRequest restRequest = _client.Builder.PostMissingFileKeys(setUserFileKeysRequest); _client.Executor.DoSyncApiCall <VoidResponse>(restRequest, RequestType.PostMissingFileKeys); }