/// <summary>
/// Initializes a new instance of the <see cref="AeadAes256CbcHmac256EncryptionAlgorithm"/> class.
/// </summary>
/// <param name="dataEncryptionKey">an encryption key is used to encrypt data</param>
/// <param name="encryptionType">Determines whether this algorithm should work in Deterministic mode or Randomized mode.</param>
public AeadAes256CbcHmac256EncryptionAlgorithm(DataEncryptionKey dataEncryptionKey, EncryptionType encryptionType)
{
ValidateEncryptionKeySize(dataEncryptionKey.RootKeyBytes.Length);
this.dataEncryptionKey = dataEncryptionKey;
isDeterministicEncryptionType = encryptionType == Deterministic;
}
/// <summary>
/// Returns a cached instance of the <see cref="AeadAes256CbcHmac256EncryptionAlgorithm"/> or, if not present, creates a new one.
/// </summary>
/// <param name="dataEncryptionKey">The encryption key that is used to encrypt data.</param>
/// <param name="encryptionType">The type of encryption.</param>
/// <returns>An <see cref="AeadAes256CbcHmac256EncryptionAlgorithm"/> object.</returns>
public static AeadAes256CbcHmac256EncryptionAlgorithm GetOrCreate(DataEncryptionKey dataEncryptionKey, EncryptionType encryptionType)
{
dataEncryptionKey.ValidateNotNull(nameof(dataEncryptionKey));
return(algorithmCache.GetOrCreate(
key: Tuple.Create(dataEncryptionKey, encryptionType),
createItem: () => new AeadAes256CbcHmac256EncryptionAlgorithm(dataEncryptionKey, encryptionType)
));
}
/// <summary>
/// Decrypts the provided <paramref name="ciphertext"/> value using the provided <see cref="DataEncryptionKey"/>.
/// </summary>
/// <typeparam name="T">The plaintext value <see cref="Type"/>.</typeparam>
/// <param name="ciphertext">The encrypted value.</param>
/// <param name="encryptionKey">The key used to decrypt the <paramref name="ciphertext"/> value.</param>
/// <returns>The decrypted <paramref name="ciphertext"/> value.</returns>
/// <remarks>
/// This method decrypts data that was encrypted using <see cref="EncryptionType.Randomized"/> encryption and the
/// default serializer registered under type <typeparamref name="T"/> with the <see cref="StandardSerializerFactory"/>
/// </remarks>
/// <exception cref="MicrosoftDataEncryptionException"><paramref name="encryptionKey"/> is null.</exception>
public static T Decrypt <T>(this byte[] ciphertext, DataEncryptionKey encryptionKey)
{
encryptionKey.ValidateNotNull(nameof(encryptionKey));
DataProtector encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, EncryptionType.Randomized);
Serializer <T> serializer = StandardSerializerFactory.Default.GetDefaultSerializer <T>();
byte[] plaintextData = encryptionAlgorithm.Decrypt(ciphertext);
return(serializer.Deserialize(plaintextData));
}
/// <summary>
/// Encrypts each plaintext value of a sequence using the provided <see cref="DataEncryptionKey"/>.
/// </summary>
/// <typeparam name="T">The type of the plaintext elements of <paramref name="source"/>.</typeparam>
/// <param name="source">A sequence of values to encrypt.</param>
/// <param name="encryptionKey">The key used to encrypt the plaintext values of <paramref name="source"/>.</param>
/// <returns>An <see cref="IEnumerable{T}"/> of <see cref="T:Byte[]"/> whose elements are the result of encrypting each element of <paramref name="source"/>.</returns>
/// <remarks>
/// This method encrypts using <see cref="EncryptionType.Randomized"/> encryption and the
/// default serializer registered under type <typeparamref name="T"/> with the <see cref="StandardSerializerFactory"/>
/// </remarks>
/// <exception cref="MicrosoftDataEncryptionException"><paramref name="encryptionKey"/> is null.</exception>
public static IEnumerable <byte[]> Encrypt <T>(this IEnumerable <T> source, DataEncryptionKey encryptionKey)
{
encryptionKey.ValidateNotNull(nameof(encryptionKey));
DataProtector encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, EncryptionType.Randomized);
Serializer <T> serializer = StandardSerializerFactory.Default.GetDefaultSerializer <T>();
foreach (T item in source)
{
byte[] serializedData = serializer.Serialize(item);
yield return(encryptionAlgorithm.Encrypt(serializedData));
}
}
/// <summary>
/// Decrypts each ciphertext value of a sequence using the provided <see cref="DataEncryptionKey"/>.
/// </summary>
/// <typeparam name="T">The type of the plaintext elements of <paramref name="source"/></typeparam>
/// <param name="source">A sequence of encrypted values to decrypt.</param>
/// <param name="encryptionKey">The key used to decrypt the ciphertext values of <paramref name="source"/>.</param>
/// <returns>An <see cref="IEnumerable{T}"/> whose elements are the result of decrypting each element of <paramref name="source"/>.</returns>
/// <remarks>
/// This method decrypts data that was encrypted using <see cref="EncryptionType.Randomized"/> encryption and the
/// default serializer registered under type <typeparamref name="T"/> with the <see cref="StandardSerializerFactory"/>
/// </remarks>
/// <exception cref="MicrosoftDataEncryptionException"><paramref name="encryptionKey"/> is null.</exception>
public static IEnumerable <T> Decrypt <T>(this IEnumerable <byte[]> source, DataEncryptionKey encryptionKey)
{
encryptionKey.ValidateNotNull(nameof(encryptionKey));
DataProtector encryptionAlgorithm = AeadAes256CbcHmac256EncryptionAlgorithm.GetOrCreate(encryptionKey, EncryptionType.Randomized);
Serializer <T> serializer = StandardSerializerFactory.Default.GetDefaultSerializer <T>();
StandardSerializerFactory myFactory = new StandardSerializerFactory();
myFactory.RegisterSerializer(typeof(string), new SqlNCharSerializer());
foreach (byte[] item in source)
{
byte[] plaintextData = encryptionAlgorithm.Decrypt(item);
yield return(serializer.Deserialize(plaintextData));
}
}
/// <summary>
/// Initializes a new instance of the <see cref="EncryptionSettings{T}"/> class.
/// </summary>
/// <param name="dataEncryptionKey">An encryption key is used to encrypt and decrypt data.</param>
/// <param name="encryptionType">The type of encryption.</param>
/// <param name="serializer">A serializer is used for serializing and deserializing data objects to and from an array of bytes.</param>
public EncryptionSettings(DataEncryptionKey dataEncryptionKey, EncryptionType encryptionType, Serializer <T> serializer)
{
DataEncryptionKey = dataEncryptionKey;
EncryptionType = encryptionType;
Serializer = serializer;
}
/// <summary>
/// Initializes a new instance of the <see cref="EncryptionSettings{T}"/> class.
/// </summary>
/// <param name="dataEncryptionKey">An encryption key is used to encrypt and decrypt data.</param>
/// <param name="serializer">A serializer is used for serializing and deserializing data objects to and from an array of bytes.</param>
public EncryptionSettings(DataEncryptionKey dataEncryptionKey, Serializer <T> serializer)
: this(dataEncryptionKey, GetDefaultEncryptionType(dataEncryptionKey), serializer)
{
}
/// <summary>
/// Initializes a new instance of the <see cref="AeadAes256CbcHmac256EncryptionAlgorithm"/> class.
/// </summary>
/// <param name="dataEncryptionKey">an encryption key is used to encrypt data</param>
/// <param name="encryptionType">Determines whether this algorithm should work in Deterministic mode or Randomized mode.</param>
public AeadAes256CbcHmac256EncryptionAlgorithm(DataEncryptionKey dataEncryptionKey, EncryptionType encryptionType)
{
this.dataEncryptionKey = dataEncryptionKey;
isDeterministicEncryptionType = encryptionType == Deterministic;
}