public void EncryptAndDecryptStreamTest()
{
// Make a provider
IBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider();
// In all cases we are READING from streams
// (read from original, read from encrypted, read from decrypted).
var encryptedStream = asymmetricProvider.EncryptedStream(streamSample);
var decryptedStream = asymmetricProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}
public void DecryptFailsWithX509IfPrivateKeyNotLoadedTest()
{
// Load Certificate
X509Certificate2 cert = new X509Certificate2("4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);
// Make a provider
IBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider(cert, false);
// In all cases we are READING from streams
// (read from original, read from encrypted, read from decrypted).
var encryptedStream = asymmetricProvider.EncryptedStream(streamSample);
var decryptedStream = asymmetricProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}
public static void UploadEncryptedFileAsymmetric(string path, X509Certificate2 certificate, CloudBlobContainer container)
{
// Create a blob named after the file we are uploading
CloudBlockBlob blob = container.GetBlockBlobReference("AsymmetricUploadTest.jpg");
// Create an Azure Encryption Extensions asymmetric encryption provider
// from the certificate.
// We only need the public key in this case.
// -----
// If we wanted to we could also let the library generate key material for us
// by using the empty constructor.
var provider = new AsymmetricBlobCryptoProvider(certificate);
// We also have to option to persist key material to a json file
// with or without the private key if we don't want to keep using the certificate.
// provider.WriteKeyFile(path, [bool publicOnly]);
// Encrypt and upload the file to Azure, passing in our provider
blob.UploadFromFileEncrypted(provider, path, FileMode.Open);
}
public static void DownloadEncryptedFileAsymmetric(string destinationPath, X509Certificate2 certificate, CloudBlobContainer container)
{
// We will need the private key loaded to decrypt
// If our certificate only has the public key we'll get an exception.
var provider = new AsymmetricBlobCryptoProvider(certificate);
// Get a reference to our Blob again
CloudBlockBlob blob = container.GetBlockBlobReference("AsymmetricUploadTest.jpg");
// Using our 'Encrypted' extension method to download an encrypted file
// It will be decrypted during download and written to disk ready to use.
blob.DownloadToFileEncrypted(provider, destinationPath, FileMode.Create);
// You could instead download without our library, to see how it was stored encrypted in the cloud
// blob.DownloadToFile(destinationPath, FileMode.Create);
// Tidy up, delete our blob
blob.DeleteIfExists();
}
public void BlockBlob_UploadDownload_Stream_Asymmetric()
{
// Prepare random memory stream
Random random = new Random();
byte[] buffer = new byte[512];
random.NextBytes(buffer);
MemoryStream testStream = new MemoryStream(buffer);
// Get a blob reference
CloudStorageAccount storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
CloudBlobContainer container = blobClient.GetContainerReference("testcontainer");
container.CreateIfNotExists();
CloudBlockBlob blob = container.GetBlockBlobReference(Guid.NewGuid().ToString());
// Create provider
X509Certificate2 cert = new X509Certificate2("4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);
var provider = new AsymmetricBlobCryptoProvider(cert, true);
// Upload stream
blob.UploadFromStreamEncrypted(provider, testStream);
// Download stream
MemoryStream downloadedStream = new MemoryStream();
blob.DownloadToStreamEncrypted(provider, downloadedStream);
// Compare raw and decrypted streams
Assert.IsTrue(testStream.ToArray().SequenceEqual(downloadedStream.ToArray()));
// Download file again, without our library, to ensure it was actually encrypted
MemoryStream encryptedStream = new MemoryStream();
blob.DownloadToStream(encryptedStream);
// Delete blob
blob.DeleteIfExists();
// Compare raw and encrypted streams
Assert.IsFalse(testStream.ToArray().SequenceEqual(encryptedStream.ToArray()));
}
public void ToKeyFileAndBackTest()
{
IBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider();
asymmetricProvider.WriteKeyFile("keyfile.txt");
IBlobCryptoProvider clonedProvider = ProviderFactory.CreateProviderFromKeyFile("keyfile.txt");
var encryptedStream = asymmetricProvider.EncryptedStream(streamSample);
var decryptedStream = clonedProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}
public void ToKeyFileStringDecryptFailsWithNoPrivateKeyTest()
{
// Load Certificate
X509Certificate2 cert = new X509Certificate2("4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);
// Make a provider
AsymmetricBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider(cert, true);
string keyString = asymmetricProvider.ToKeyFileString(true);
// Clone a new provider from exported keyfile
IBlobCryptoProvider clonedProvider = ProviderFactory.CreateProviderFromKeyFileString(keyString);
// Run an encryption loop using the cloned provider
// which should not have a private key (And thus fail).
var encryptedStream = clonedProvider.EncryptedStream(streamSample);
var decryptedStream = clonedProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}
public void ToKeyFileStringPublicOnlyCertificateTest()
{
// Load Certificate
X509Certificate2 cert = new X509Certificate2("4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);
// Make a provider
AsymmetricBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider(cert, true);
string keyString = asymmetricProvider.ToKeyFileString(true);
// Clone a new provider from exported keyfile
IBlobCryptoProvider clonedProvider = ProviderFactory.CreateProviderFromKeyFileString(keyString);
// Run an encryption loop using the two providers
// Should be able to encrypt with the public only clone, and decrypt with the original
var encryptedStream = clonedProvider.EncryptedStream(streamSample);
var decryptedStream = asymmetricProvider.DecryptedStream(encryptedStream);
byte[] result = new byte[sampleStreamSize];
decryptedStream.Read(result, 0, result.Length);
Assert.IsTrue(
result.SequenceEqual(streamSample.ToArray()),
"Decrypted data does not match original data");
}
public void IsActuallyEncryptedTest()
{
// Make a provider
IBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider();
var encryptedStream = asymmetricProvider.EncryptedStream(streamSample);
byte[] result = new byte[sampleStreamSize + (4096+256)/8];
encryptedStream.Read(result, 0, result.Length);
Assert.IsFalse(
result.SequenceEqual(streamSample.ToArray()),
"Encrypted stream is not encrypted");
Assert.IsFalse(
result.Take(5).SequenceEqual(streamSample.ToArray().Take(5)),
"Encrypted stream is not encrypted");
}