private void DecryptDocument(X509Certificate2 decryptionSertificate) { var encryptedNode = ResponseDocument.SelectSingleNode("/env:Envelope/env:Body/xenc:EncryptedData", Nsmgr) as XmlElement; if (encryptedNode == null) return; var encryptedXml = new EncryptedXml(ResponseDocument); var encryptedData = new EncryptedData(); encryptedData.LoadXml(encryptedNode); var privateKey = decryptionSertificate.PrivateKey as RSACryptoServiceProvider; var cipher = ResponseDocument.SelectSingleNode("/env:Envelope/env:Header/wsse:Security/xenc:EncryptedKey/xenc:CipherData/xenc:CipherValue", Nsmgr).InnerText; AesManaged aes = new AesManaged { Mode = CipherMode.CBC, KeySize = 256, Padding = PaddingMode.None, Key = privateKey.Decrypt(Convert.FromBase64String(cipher), true) }; encryptedXml.ReplaceData(encryptedNode, encryptedXml.DecryptData(encryptedData, aes)); }
/// <summary> /// 解密数据. /// </summary> /// <param name="Doc"></param> /// <param name="Alg"></param> public static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg) { // Check the arguments. if (Doc == null) throw new ArgumentNullException("Doc"); if (Alg == null) throw new ArgumentNullException("Alg"); // Find the EncryptedData element in the XmlDocument. XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement; // If the EncryptedData element was not found, throw an exception. if (encryptedElement == null) { throw new XmlException("The EncryptedData element was not found."); } // Create an EncryptedData object and populate it. EncryptedData edElement = new EncryptedData(); edElement.LoadXml(encryptedElement); // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(); // Decrypt the element using the symmetric key. byte[] rgbOutput = exml.DecryptData(edElement, Alg); // Replace the encryptedData element with the plaintext XML element. exml.ReplaceData(encryptedElement, rgbOutput); }
private static XmlDocument DecryptXmlDocument(XmlDocument encryptedXmlDocument) { // Создание объекта для дешифрации XML var encryptedXml = new GostEncryptedXml(encryptedXmlDocument); var nsManager = new XmlNamespaceManager(encryptedXmlDocument.NameTable); nsManager.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl); // Поиск всех зашифрованных XML-элементов var encryptedDataList = encryptedXmlDocument.SelectNodes("//enc:EncryptedData", nsManager); if (encryptedDataList != null) { foreach (XmlElement encryptedData in encryptedDataList) { // Загрузка элемента EncryptedData var elementEncryptedData = new EncryptedData(); elementEncryptedData.LoadXml(encryptedData); // Извлечение симметричный ключ для расшифровки элемента EncryptedData var sessionKey = GetDecryptionKey(elementEncryptedData); if (sessionKey != null) { // Расшифровка элемента EncryptedData var decryptedData = encryptedXml.DecryptData(elementEncryptedData, sessionKey); // Замена элемента EncryptedData его расшифрованным представлением encryptedXml.ReplaceData(encryptedData, decryptedData); } } } return encryptedXmlDocument; }
public void Decrypt(XmlDocument document, X509Certificate2 encryptionCert) { var assertion = document.FindChild(EncryptedAssertion); if (assertion == null) return; // Not encrypted, shame on them. var data = document.EncryptedChild("EncryptedData"); var keyElement = assertion.EncryptedChild("EncryptedKey"); var encryptedData = new EncryptedData(); encryptedData.LoadXml(data); var encryptedKey = new EncryptedKey(); encryptedKey.LoadXml(keyElement); var encryptedXml = new EncryptedXml(document); // Get encryption secret key used by decrypting with the encryption certificate's private key var secretKey = GetSecretKey(encryptedKey, encryptionCert.PrivateKey); // Seed the decryption algorithm with secret key and then decrypt var algorithm = GetSymmetricBlockEncryptionAlgorithm(encryptedData.EncryptionMethod.KeyAlgorithm); algorithm.Key = secretKey; var decryptedBytes = encryptedXml.DecryptData(encryptedData, algorithm); // Put decrypted xml elements back into the document in place of the encrypted data encryptedXml.ReplaceData(assertion, decryptedBytes); }
internal static void Encrypt(this XmlElement elementToEncrypt, bool useOaep, X509Certificate2 certificate) { if (certificate == null) throw new ArgumentNullException(nameof(certificate)); var encryptedData = new EncryptedData { Type = EncryptedXml.XmlEncElementUrl, EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url) }; var algorithm = useOaep ? EncryptedXml.XmlEncRSAOAEPUrl : EncryptedXml.XmlEncRSA15Url; var encryptedKey = new EncryptedKey { EncryptionMethod = new EncryptionMethod(algorithm), }; var encryptedXml = new EncryptedXml(); byte[] encryptedElement; using (var symmetricAlgorithm = new RijndaelManaged()) { symmetricAlgorithm.KeySize = 256; encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(symmetricAlgorithm.Key, (RSA)certificate.PublicKey.Key, useOaep)); encryptedElement = encryptedXml.EncryptData(elementToEncrypt, symmetricAlgorithm, false); } encryptedData.CipherData.CipherValue = encryptedElement; encryptedData.KeyInfo = new KeyInfo(); encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false); }
void AssertDecryption1 (string filename) { XmlDocument doc = new XmlDocument (); doc.PreserveWhitespace = true; doc.Load (filename); EncryptedXml encxml = new EncryptedXml (doc); RSACryptoServiceProvider rsa = new X509Certificate2 ("Test/System.Security.Cryptography.Xml/sample.pfx", "mono").PrivateKey as RSACryptoServiceProvider; XmlNamespaceManager nm = new XmlNamespaceManager (doc.NameTable); nm.AddNamespace ("s", "http://www.w3.org/2003/05/soap-envelope"); nm.AddNamespace ("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); nm.AddNamespace ("e", EncryptedXml.XmlEncNamespaceUrl); XmlElement el = doc.SelectSingleNode ("/s:Envelope/s:Header/o:Security/e:EncryptedKey", nm) as XmlElement; EncryptedKey ekey = new EncryptedKey (); ekey.LoadXml (el); byte [] key = rsa.Decrypt (ekey.CipherData.CipherValue, true); Rijndael aes = new RijndaelManaged (); aes.Key = key; aes.Mode = CipherMode.CBC; ArrayList al = new ArrayList (); foreach (XmlElement ed in doc.SelectNodes ("//e:EncryptedData", nm)) al.Add (ed); foreach (XmlElement ed in al) { EncryptedData edata = new EncryptedData (); edata.LoadXml (ed); encxml.ReplaceData (ed, encxml.DecryptData (edata, aes)); } }
// Override EncryptedXml.GetDecryptionKey to avoid calling into CryptoConfig.CreateFromName // When detect AES, we need to return AesCryptoServiceProvider (FIPS certified) instead of AesManaged (FIPS obsolated) public override SymmetricAlgorithm GetDecryptionKey(EncryptedData encryptedData, string symmetricAlgorithmUri) { // If AES is used then assume FIPS is required bool fipsRequired = IsAesDetected(encryptedData, symmetricAlgorithmUri); if (fipsRequired) { // Obtain the EncryptedKey EncryptedKey ek = null; foreach (var ki in encryptedData.KeyInfo) { KeyInfoEncryptedKey kiEncKey = ki as KeyInfoEncryptedKey; if (kiEncKey != null) { ek = kiEncKey.EncryptedKey; break; } } // Got an EncryptedKey, decrypt it to get the AES key if (ek != null) { byte[] key = DecryptEncryptedKey(ek); // Construct FIPS-certified AES provider if (key != null) { AesCryptoServiceProvider aes = new AesCryptoServiceProvider(); aes.Key = key; return aes; } } } // Fallback to the base implementation return base.GetDecryptionKey(encryptedData, symmetricAlgorithmUri); }
public override SymmetricAlgorithm GetDecryptionKey(EncryptedData encryptedData, string symmetricAlgorithmUri) { SymmetricAlgorithm ret = null; try { //first we try to decrypt with the default implementation //which looks for ds:KeyName XML tags ret = base.GetDecryptionKey(encryptedData, symmetricAlgorithmUri); } catch (CryptographicException) { // now let's try it our way: ret = Saml2Utils.GetAlgorithm(encryptedData.EncryptionMethod.KeyAlgorithm); ret.IV = GetDecryptionIV(encryptedData, encryptedData.EncryptionMethod.KeyAlgorithm); X509Certificate2 decryptionKey = FedletCertificateFactory.GetCertificateByFriendlyName(serviceProvider.EncryptionCertificateAlias); if (decryptionKey == null || !decryptionKey.HasPrivateKey) { throw new CryptographicException(Resources.DecryptionKeyNotFound); } EncryptedKey encKey = null; foreach (KeyInfoClause clause in encryptedData.KeyInfo) { if (clause is KeyInfoEncryptedKey) { encKey = ((KeyInfoEncryptedKey) clause).EncryptedKey; break; } } ret.Key = DecryptKey(encKey.CipherData.CipherValue, (RSA)decryptionKey.PrivateKey, false); } return ret; }
internal static void Encrypt(this XmlElement elementToEncrypt, bool useOaep, X509Certificate2 certificate) { if (certificate == null) { throw new ArgumentNullException(nameof(certificate)); } var encryptedData = new EncryptedData { Type = EncryptedXml.XmlEncElementUrl, EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url) }; var algorithm = useOaep ? EncryptedXml.XmlEncRSAOAEPUrl : EncryptedXml.XmlEncRSA15Url; var encryptedKey = new EncryptedKey { EncryptionMethod = new EncryptionMethod(algorithm), }; var encryptedXml = new EncryptedXml(); byte[] encryptedElement; using (var symmetricAlgorithm = new RijndaelManaged()) { symmetricAlgorithm.KeySize = 256; encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(symmetricAlgorithm.Key, (RSA)certificate.PublicKey.Key, useOaep)); encryptedElement = encryptedXml.EncryptData(elementToEncrypt, symmetricAlgorithm, false); } encryptedData.CipherData.CipherValue = encryptedElement; encryptedData.KeyInfo = new KeyInfo(); encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false); }
public static void DecryptElement(XmlElement encryptedElement, string password) { RijndaelWrapper wrapper = new RijndaelWrapper(password); EncryptedData data = new EncryptedData(); data.LoadXml(encryptedElement); EncryptedXml result = new EncryptedXml(); byte[] decrypted = result.DecryptData(data, wrapper.SymmetricAlgorithm); result.ReplaceData(encryptedElement, decrypted); }
/// <summary> /// An example on how to decrypt an encrypted assertion. /// </summary> /// <param name="file">The file.</param> public static void DecryptAssertion(string file) { var doc = new XmlDocument(); doc.Load(file); var encryptedDataElement = GetElement(Schema.XEnc.EncryptedData.ElementName, Saml20Constants.Xenc, doc); var encryptedData = new EncryptedData(); encryptedData.LoadXml(encryptedDataElement); var nodelist = doc.GetElementsByTagName(Schema.XmlDSig.KeyInfo.ElementName, Saml20Constants.Xmldsig); Assert.That(nodelist.Count > 0); var key = new KeyInfo(); key.LoadXml((XmlElement)nodelist[0]); // Review: Is it possible to figure out which certificate to load based on the Token? /* * Comment: * It would be possible to provide a key/certificate identifier in the EncryptedKey element, which contains the "recipient" attribute. * The implementation (Safewhere.Tokens.Saml20.Saml20EncryptedAssertion) currently just expects an appropriate asymmetric key to be provided, * and is not not concerned about its origin. * If the need arises, we can easily extend the Saml20EncryptedAssertion class with a property that allows extraction key info, eg. the "recipient" * attribute. */ var cert = new X509Certificate2(@"Certificates\sts_dev_certificate.pfx", "test1234"); // ms-help://MS.MSDNQTR.v80.en/MS.MSDN.v80/MS.NETDEVFX.v20.en/CPref18/html/T_System_Security_Cryptography_Xml_KeyInfoClause_DerivedTypes.htm // Look through the list of KeyInfo elements to find the encrypted key. SymmetricAlgorithm symmetricKey = null; foreach (KeyInfoClause keyInfoClause in key) { if (keyInfoClause is KeyInfoEncryptedKey) { var keyInfoEncryptedKey = (KeyInfoEncryptedKey)keyInfoClause; var encryptedKey = keyInfoEncryptedKey.EncryptedKey; symmetricKey = new RijndaelManaged { Key = EncryptedXml.DecryptKey(encryptedKey.CipherData.CipherValue, (RSA)cert.PrivateKey, false) }; } } // Explode if we didn't manage to find a viable key. Assert.IsNotNull(symmetricKey); var encryptedXml = new EncryptedXml(); var plaintext = encryptedXml.DecryptData(encryptedData, symmetricKey); var assertion = new XmlDocument(); assertion.Load(new StringReader(System.Text.Encoding.UTF8.GetString(plaintext))); // A very simple test to ensure that there is indeed an assertion in the plaintext. Assert.AreEqual(Assertion.ElementName, assertion.DocumentElement.LocalName); Assert.AreEqual(Saml20Constants.Assertion, assertion.DocumentElement.NamespaceURI); // At this point, assertion will contain a decrypted assertion. }
public override XmlNode Encrypt(XmlNode node) { XmlDocument xmlDocument; EncryptedXml exml; byte[] rgbOutput; EncryptedData ed; KeyInfoName kin; SymmetricAlgorithm symAlg; EncryptedKey ek; KeyInfoEncryptedKey kek; XmlElement inputElement; RSACryptoServiceProvider rsa = GetCryptoServiceProvider(false, false); // Encrypt the node with the new key xmlDocument = new XmlDocument(); xmlDocument.PreserveWhitespace = true; xmlDocument.LoadXml("<foo>"+ node.OuterXml+ "</foo>"); exml = new EncryptedXml(xmlDocument); inputElement = xmlDocument.DocumentElement; // Create a new 3DES key symAlg = new TripleDESCryptoServiceProvider(); byte[] rgbKey1 = GetRandomKey(); symAlg.Key = rgbKey1; symAlg.Mode = CipherMode.ECB; symAlg.Padding = PaddingMode.PKCS7; rgbOutput = exml.EncryptData(inputElement, symAlg, true); ed = new EncryptedData(); ed.Type = EncryptedXml.XmlEncElementUrl; ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncTripleDESUrl); ed.KeyInfo = new KeyInfo(); ek = new EncryptedKey(); ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); ek.KeyInfo = new KeyInfo(); ek.CipherData = new CipherData(); ek.CipherData.CipherValue = EncryptedXml.EncryptKey(symAlg.Key, rsa, UseOAEP); kin = new KeyInfoName(); kin.Value = _KeyName; ek.KeyInfo.AddClause(kin); kek = new KeyInfoEncryptedKey(ek); ed.KeyInfo.AddClause(kek); ed.CipherData = new CipherData(); ed.CipherData.CipherValue = rgbOutput; EncryptedXml.ReplaceElement(inputElement, ed, true); // Get node from the document foreach (XmlNode node2 in xmlDocument.ChildNodes) if (node2.NodeType == XmlNodeType.Element) foreach (XmlNode node3 in node2.ChildNodes) // node2 is the "foo" node if (node3.NodeType == XmlNodeType.Element) return node3; // node3 is the "EncryptedData" node return null; }
private static EncryptedData ToEncryptedData(EncryptedXml encryptedXml, XmlElement element, RijndaelManaged key) { var encryptedElement = encryptedXml.EncryptData(element, key, false); var encryptedData = new EncryptedData { Type = EncryptedXml.XmlEncElementUrl, EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES128Url), Id = null, CipherData = new CipherData(encryptedElement) }; return encryptedData; }
/// <summary> /// /// </summary> /// <param name="element"></param> /// <param name="password"></param> /// <param name="content">true to replace content, false to replace entire element</param> public static void EncryptElement(XmlElement element, string password, bool content) { XmlDocument doc = element.OwnerDocument; EncryptedXml eXml = new EncryptedXml(doc); RijndaelWrapper wrapper = new RijndaelWrapper(password); byte[] cipherText = eXml.EncryptData((XmlElement)doc.FirstChild.FirstChild, wrapper.SymmetricAlgorithm, content); EncryptedData data = new EncryptedData(); data.EncryptionMethod = new EncryptionMethod(wrapper.Url); data.CipherData = new CipherData(cipherText); data.KeyInfo = new KeyInfo(); EncryptedXml.ReplaceElement(element, data, content); }
public override XmlNode Encrypt(XmlNode node) { RSACryptoServiceProvider cryptoServiceProvider = this.GetCryptoServiceProvider(false, false); XmlDocument document = new XmlDocument { PreserveWhitespace = true }; document.LoadXml("<foo>" + node.OuterXml + "</foo>"); EncryptedXml xml = new EncryptedXml(document); XmlElement documentElement = document.DocumentElement; SymmetricAlgorithm symmetricAlgorithm = new TripleDESCryptoServiceProvider(); byte[] randomKey = this.GetRandomKey(); symmetricAlgorithm.Key = randomKey; symmetricAlgorithm.Mode = CipherMode.ECB; symmetricAlgorithm.Padding = PaddingMode.PKCS7; byte[] buffer = xml.EncryptData(documentElement, symmetricAlgorithm, true); EncryptedData encryptedData = new EncryptedData { Type = "http://www.w3.org/2001/04/xmlenc#Element", EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"), KeyInfo = new KeyInfo() }; EncryptedKey encryptedKey = new EncryptedKey { EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5"), KeyInfo = new KeyInfo(), CipherData = new CipherData() }; encryptedKey.CipherData.CipherValue = EncryptedXml.EncryptKey(symmetricAlgorithm.Key, cryptoServiceProvider, this.UseOAEP); KeyInfoName clause = new KeyInfoName { Value = this._KeyName }; encryptedKey.KeyInfo.AddClause(clause); KeyInfoEncryptedKey key2 = new KeyInfoEncryptedKey(encryptedKey); encryptedData.KeyInfo.AddClause(key2); encryptedData.CipherData = new CipherData(); encryptedData.CipherData.CipherValue = buffer; EncryptedXml.ReplaceElement(documentElement, encryptedData, true); foreach (XmlNode node2 in document.ChildNodes) { if (node2.NodeType == XmlNodeType.Element) { foreach (XmlNode node3 in node2.ChildNodes) { if (node3.NodeType == XmlNodeType.Element) { return node3; } } } } return null; }
public static void Encryptwsmd(XmlDocument Doc, SymmetricAlgorithm Key) { if (Doc == null) { throw new ArgumentNullException("Doc"); } string name = "WSMD"; if (Key == null) { throw new ArgumentNullException("Alg"); } XmlElement inputElement = Doc.GetElementsByTagName(name)[0] as XmlElement; if (inputElement == null) { throw new XmlException("The specified element was not found"); } byte[] buffer = new EncryptedXml().EncryptData(inputElement, Key, false); EncryptedData encryptedData = new EncryptedData(); encryptedData.Type = "http://www.w3.org/2001/04/xmlenc#Element"; string algorithm = null; if (Key is TripleDES) { algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; } else if (Key is DES) { algorithm = "http://www.w3.org/2001/04/xmlenc#des-cbc"; } if (!(Key is Rijndael)) { throw new CryptographicException("The specified algorithm is notsupported for XML Encryption."); } switch (Key.KeySize) { case 0x80: algorithm = "http://www.w3.org/2001/04/xmlenc#aes128-cbc"; break; case 0xc0: algorithm = "http://www.w3.org/2001/04/xmlenc#aes192-cbc"; break; case 0x100: algorithm = "http://www.w3.org/2001/04/xmlenc#aes256-cbc"; break; } encryptedData.EncryptionMethod = new EncryptionMethod(algorithm); encryptedData.CipherData.CipherValue = buffer; EncryptedXml.ReplaceElement(inputElement, encryptedData, false); }
internal static XmlDocument GetPlainAsertion(SecurityTokenResolver securityTokenResolver, XmlElement el) { var encryptedDataElement = GetElement(HttpRedirectBindingConstants.EncryptedData, Saml20Constants.Xenc, el); var encryptedData = new System.Security.Cryptography.Xml.EncryptedData(); encryptedData.LoadXml(encryptedDataElement); var encryptedKey = new System.Security.Cryptography.Xml.EncryptedKey(); var encryptedKeyElement = GetElement(HttpRedirectBindingConstants.EncryptedKey, Saml20Constants.Xenc, el); encryptedKey.LoadXml(encryptedKeyElement); var securityKeyIdentifier = new SecurityKeyIdentifier(); foreach (KeyInfoX509Data v in encryptedKey.KeyInfo) { foreach (X509Certificate2 cert in v.Certificates) { var cl = new X509RawDataKeyIdentifierClause(cert); securityKeyIdentifier.Add(cl); } } var clause = new EncryptedKeyIdentifierClause(encryptedKey.CipherData.CipherValue, encryptedKey.EncryptionMethod.KeyAlgorithm, securityKeyIdentifier); SecurityKey key; var success = securityTokenResolver.TryResolveSecurityKey(clause, out key); if (!success) { throw new InvalidOperationException("Cannot locate security key"); } SymmetricSecurityKey symmetricSecurityKey = key as SymmetricSecurityKey; if (symmetricSecurityKey == null) { throw new InvalidOperationException("Key must be symmentric key"); } SymmetricAlgorithm symmetricAlgorithm = symmetricSecurityKey.GetSymmetricAlgorithm(encryptedData.EncryptionMethod.KeyAlgorithm); var encryptedXml = new System.Security.Cryptography.Xml.EncryptedXml(); var plaintext = encryptedXml.DecryptData(encryptedData, symmetricAlgorithm); var assertion = new XmlDocument { PreserveWhitespace = true }; assertion.Load(new StringReader(Encoding.UTF8.GetString(plaintext))); return(assertion); }
private static bool IsAesDetected(EncryptedData encryptedData, string symmetricAlgorithmUri) { if (encryptedData != null && encryptedData.KeyInfo != null && (symmetricAlgorithmUri != null || encryptedData.EncryptionMethod != null)) { if (symmetricAlgorithmUri == null) { symmetricAlgorithmUri = encryptedData.EncryptionMethod.KeyAlgorithm; } // Check if the Uri matches AES256 return string.Equals(symmetricAlgorithmUri, EncryptedXml.XmlEncAES256Url, StringComparison.InvariantCultureIgnoreCase); } return false; }
public void Sample2 () { RijndaelManaged aes = new RijndaelManaged (); aes.Mode = CipherMode.CBC; aes.KeySize = 256; aes.Key = Convert.FromBase64String ("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; XmlDocument doc = new XmlDocument (); doc.PreserveWhitespace = true; doc.Load ("Test/System.Security.Cryptography.Xml/EncryptedXmlSample2.xml"); EncryptedXml encxml = new EncryptedXml (doc); EncryptedData edata = new EncryptedData (); edata.LoadXml (doc.DocumentElement); encxml.ReplaceData (doc.DocumentElement, encxml.DecryptData (edata, aes)); }
public static void Encrypt(XmlDocument Doc, string ElementName, System.Security.Cryptography.SymmetricAlgorithm Key) { XmlElement inputElement = Doc.GetElementsByTagName(ElementName)[0] as XmlElement; EncryptedXml encryptedXml = new EncryptedXml(); byte[] cipherValue = encryptedXml.EncryptData(inputElement, Key, false); EncryptedData encryptedData = new EncryptedData(); encryptedData.Type = "http://www.w3.org/2001/04/xmlenc#Element"; string algorithm = null; if (Key is System.Security.Cryptography.TripleDES) { algorithm = "http://www.w3.org/2001/04/xmlenc#tripledes-cbc"; } else { if (Key is System.Security.Cryptography.DES) { algorithm = "http://www.w3.org/2001/04/xmlenc#des-cbc"; } } if (Key is System.Security.Cryptography.Rijndael) { int keySize = Key.KeySize; if (keySize != 128) { if (keySize != 192) { if (keySize == 256) { algorithm = "http://www.w3.org/2001/04/xmlenc#aes256-cbc"; } } else { algorithm = "http://www.w3.org/2001/04/xmlenc#aes192-cbc"; } } else { algorithm = "http://www.w3.org/2001/04/xmlenc#aes128-cbc"; } } encryptedData.EncryptionMethod = new EncryptionMethod(algorithm); encryptedData.CipherData.CipherValue = cipherValue; EncryptedXml.ReplaceElement(inputElement, encryptedData, false); }
public void GenerateEncryptedAssertion_01() { XmlDocument assertion = AssertionUtil.GetTestAssertion_01(); // Create an EncryptedData instance to hold the results of the encryption.o EncryptedData encryptedData = new EncryptedData(); encryptedData.Type = EncryptedXml.XmlEncElementUrl; encryptedData.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); // Create a symmetric key. RijndaelManaged aes = new RijndaelManaged(); aes.KeySize = 256; aes.GenerateKey(); // Encrypt the assertion and add it to the encryptedData instance. EncryptedXml encryptedXml = new EncryptedXml(); byte[] encryptedElement = encryptedXml.EncryptData(assertion.DocumentElement, aes, false); encryptedData.CipherData.CipherValue = encryptedElement; // Add an encrypted version of the key used. encryptedData.KeyInfo = new KeyInfo(); EncryptedKey encryptedKey = new EncryptedKey(); // Use this certificate to encrypt the key. X509Certificate2 cert = new X509Certificate2(@"Saml20\Certificates\sts_dev_certificate.pfx", "test1234"); RSA publicKeyRSA = cert.PublicKey.Key as RSA; Assert.IsNotNull(publicKeyRSA, "Public key of certificate was not an RSA key. Modify test."); encryptedKey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(aes.Key, publicKeyRSA, false)); encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); // Create the resulting Xml-document to hook into. EncryptedAssertion encryptedAssertion = new EncryptedAssertion(); encryptedAssertion.encryptedData = new saml20.Schema.XEnc.EncryptedData(); encryptedAssertion.encryptedKey = new saml20.Schema.XEnc.EncryptedKey[1]; encryptedAssertion.encryptedKey[0] = new saml20.Schema.XEnc.EncryptedKey(); XmlDocument result; result = Serialization.Serialize(encryptedAssertion); XmlElement encryptedDataElement = GetElement(dk.nita.saml20.Schema.XEnc.EncryptedData.ELEMENT_NAME, Saml20Constants.XENC, result); EncryptedXml.ReplaceElement(encryptedDataElement, encryptedData, false); }
public override XmlNode Encrypt(XmlNode node) { // Load config section to encrypt into xmlDocument instance XmlDocument doc = new XmlDocument { PreserveWhitespace = true }; doc.LoadXml(node.OuterXml); // Create Rijndael key. RijndaelManaged sessionKey = new RijndaelManaged(); sessionKey.KeySize = 256; EncryptedXml eXml = new EncryptedXml(); XmlElement elementToEncrypt = (XmlElement)node; byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, sessionKey, false); EncryptedData edElement = new EncryptedData(); edElement.Type = EncryptedXml.XmlEncElementUrl; edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); // Encrypt the session key and add it to an EncryptedKey element. EncryptedKey ek = new EncryptedKey(); byte[] encryptedKey = EncryptedXml.EncryptKey(sessionKey.Key, this.rsaKey, false); ek.CipherData = new CipherData(encryptedKey); ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); // Set the KeyInfo element to specify the name of the RSA key. edElement.KeyInfo = new KeyInfo(); KeyInfoName kin = new KeyInfoName(); kin.Value = this.keyName; // Add the KeyInfoName element to the // EncryptedKey object. ek.KeyInfo.AddClause(kin); edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek)); // Add the encrypted element data to the // EncryptedData object. edElement.CipherData.CipherValue = encryptedElement; // EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false); return edElement.GetXml(); }
public static string EncryptAssertion(string assertionXml, bool useOaep = false, X509Certificate2 certificate = null) { if (certificate == null) { certificate = TestCert2; } var xmlDoc = new XmlDocument { PreserveWhitespace = true }; var wrappedAssertion = string.Format(@"<saml2:EncryptedAssertion xmlns:saml2=""urn:oasis:names:tc:SAML:2.0:assertion"">{0}</saml2:EncryptedAssertion>", assertionXml); xmlDoc.LoadXml(wrappedAssertion); var symmetricAlgorithm = new RijndaelManaged { KeySize = 256 }; var encryptedData = new EncryptedData { Type = EncryptedXml.XmlEncElementUrl, EncryptionMethod = new System.Security.Cryptography.Xml.EncryptionMethod(EncryptedXml.XmlEncAES256Url) }; var elementToEncrypt = (XmlElement) xmlDoc.GetElementsByTagName("Assertion", Saml2Namespaces.Saml2Name)[0]; // Encrypt the assertion and add it to the encryptedData instance. var encryptedXml = new EncryptedXml(); var encryptedElement = encryptedXml.EncryptData(elementToEncrypt, symmetricAlgorithm, false); encryptedData.CipherData.CipherValue = encryptedElement; // Add an encrypted version of the key used. encryptedData.KeyInfo = new KeyInfo(); var algorithm = useOaep ? EncryptedXml.XmlEncRSAOAEPUrl : EncryptedXml.XmlEncRSA15Url; var encryptedKey = new EncryptedKey { EncryptionMethod = new System.Security.Cryptography.Xml.EncryptionMethod(algorithm), CipherData = new CipherData(EncryptedXml.EncryptKey(symmetricAlgorithm.Key, (RSA)certificate.PublicKey.Key, useOaep)) }; encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false); return xmlDoc.OuterXml; }
static void Main(string[] args) { byte[] bytes = System.Text.Encoding.Unicode.GetBytes(args[0]); System.Security.Cryptography.RijndaelManaged rijndaelManaged = new System.Security.Cryptography.RijndaelManaged(); rijndaelManaged.Key = bytes; XmlDocument xmlDocument = new XmlDocument(); xmlDocument.PreserveWhitespace = true; xmlDocument.Load("needfiles"); XmlElement xmlElement = xmlDocument.GetElementsByTagName("EncryptedData")[0] as XmlElement; EncryptedData encryptedData = new EncryptedData(); encryptedData.LoadXml(xmlElement); EncryptedXml encryptedXml = new EncryptedXml(); byte[] decryptedData = encryptedXml.DecryptData(encryptedData, rijndaelManaged); encryptedXml.ReplaceData(xmlElement, decryptedData); if (rijndaelManaged != null) { rijndaelManaged.Clear(); } Console.WriteLine(xmlDocument.OuterXml); }
public void RoundtripSample1 () { StringWriter sw = new StringWriter (); // Encryption { XmlDocument doc = new XmlDocument (); doc.PreserveWhitespace = true; doc.LoadXml ("<root> <child>sample</child> </root>"); XmlElement body = doc.DocumentElement; RijndaelManaged aes = new RijndaelManaged (); aes.Mode = CipherMode.CBC; aes.KeySize = 256; aes.IV = Convert.FromBase64String ("pBUM5P03rZ6AE4ZK5EyBrw=="); aes.Key = Convert.FromBase64String ("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; EncryptedXml exml = new EncryptedXml (); byte [] encrypted = exml.EncryptData (body, aes, false); EncryptedData edata = new EncryptedData (); edata.Type = EncryptedXml.XmlEncElementUrl; edata.EncryptionMethod = new EncryptionMethod (EncryptedXml.XmlEncAES256Url); EncryptedKey ekey = new EncryptedKey (); // omit key encryption, here for testing byte [] encKeyBytes = aes.Key; ekey.CipherData = new CipherData (encKeyBytes); ekey.EncryptionMethod = new EncryptionMethod (EncryptedXml.XmlEncRSA15Url); DataReference dr = new DataReference (); dr.Uri = "_0"; ekey.AddReference (dr); edata.KeyInfo.AddClause (new KeyInfoEncryptedKey (ekey)); edata.KeyInfo = new KeyInfo (); ekey.KeyInfo.AddClause (new RSAKeyValue (RSA.Create ())); edata.CipherData.CipherValue = encrypted; EncryptedXml.ReplaceElement (doc.DocumentElement, edata, false); doc.Save (new XmlTextWriter (sw)); } // Decryption { RijndaelManaged aes = new RijndaelManaged (); aes.Mode = CipherMode.CBC; aes.KeySize = 256; aes.Key = Convert.FromBase64String ( "o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; XmlDocument doc = new XmlDocument (); doc.PreserveWhitespace = true; doc.LoadXml (sw.ToString ()); EncryptedXml encxml = new EncryptedXml (doc); EncryptedData edata = new EncryptedData (); edata.LoadXml (doc.DocumentElement); encxml.ReplaceData (doc.DocumentElement, encxml.DecryptData (edata, aes)); } }
// // public static methods // // replaces the inputElement with the provided EncryptedData public static void ReplaceElement (XmlElement inputElement, EncryptedData encryptedData, bool content) { if (inputElement == null) throw new ArgumentNullException("inputElement"); if (encryptedData == null) throw new ArgumentNullException("encryptedData"); // First, get the XML representation of the EncryptedData object XmlElement elemED = encryptedData.GetXml(inputElement.OwnerDocument); switch (content) { case true: // remove all children of the input element Utils.RemoveAllChildren(inputElement); // then append the encrypted data as a child of the input element inputElement.AppendChild(elemED); break; case false: XmlNode parentNode = inputElement.ParentNode; // remove the input element from the containing document parentNode.ReplaceChild(elemED, inputElement); break; } }
// decrypts the supplied EncryptedData public byte[] DecryptData (EncryptedData encryptedData, SymmetricAlgorithm symmetricAlgorithm) { if (encryptedData == null) throw new ArgumentNullException("encryptedData"); if (symmetricAlgorithm == null) throw new ArgumentNullException("symmetricAlgorithm"); // get the cipher value and decrypt byte[] cipherValue = GetCipherValue(encryptedData.CipherData); // save the original symmetric algorithm CipherMode origMode = symmetricAlgorithm.Mode; PaddingMode origPadding = symmetricAlgorithm.Padding; byte[] origIV = symmetricAlgorithm.IV; // read the IV from cipherValue byte[] decryptionIV = null; if (m_mode != CipherMode.ECB) decryptionIV = GetDecryptionIV(encryptedData, null); byte[] output = null; try { int lengthIV = 0; if (decryptionIV != null) { symmetricAlgorithm.IV = decryptionIV; lengthIV = decryptionIV.Length; } symmetricAlgorithm.Mode = m_mode; symmetricAlgorithm.Padding = m_padding; ICryptoTransform dec = symmetricAlgorithm.CreateDecryptor(); output = dec.TransformFinalBlock(cipherValue, lengthIV, cipherValue.Length - lengthIV); } finally { // now restore the original symmetric algorithm symmetricAlgorithm.Mode = origMode; symmetricAlgorithm.Padding = origPadding; symmetricAlgorithm.IV = origIV; } return output; }
// decrypts the document using the defined key mapping in GetDecryptionKey // The behaviour of this method can be extended because GetDecryptionKey is virtual // the document is decrypted in place public void DecryptDocument () { // Look for all EncryptedData elements and decrypt them XmlNamespaceManager nsm = new XmlNamespaceManager(m_document.NameTable); nsm.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl); XmlNodeList encryptedDataList = m_document.SelectNodes("//enc:EncryptedData", nsm); if (encryptedDataList != null) { foreach (XmlNode encryptedDataNode in encryptedDataList) { XmlElement encryptedDataElement = encryptedDataNode as XmlElement; EncryptedData ed = new EncryptedData(); ed.LoadXml(encryptedDataElement); SymmetricAlgorithm symAlg = GetDecryptionKey(ed, null); if (symAlg == null) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingDecryptionKey")); byte[] decrypted = DecryptData(ed, symAlg); ReplaceData(encryptedDataElement, decrypted); } } }
// Encrypts the given element with the key name specified. A corresponding key name mapping // has to be defined before calling this method. The key name is added as // a KeyNameInfo KeyInfo to an EncryptedKey (AES session key) generated randomly. public EncryptedData Encrypt (XmlElement inputElement, string keyName) { if (inputElement == null) throw new ArgumentNullException("inputElement"); if (keyName == null) throw new ArgumentNullException("keyName"); Object encryptionKey = null; if (m_keyNameMapping != null) encryptionKey = m_keyNameMapping[keyName]; if (encryptionKey == null) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingEncryptionKey")); // kek is either a SymmetricAlgorithm or an RSA key, otherwise, we wouldn't be able to insert it in the hash table SymmetricAlgorithm symKey = encryptionKey as SymmetricAlgorithm; RSA rsa = encryptionKey as RSA; // Create the EncryptedData object, using an AES-256 session key by default. EncryptedData ed = new EncryptedData(); ed.Type = EncryptedXml.XmlEncElementUrl; ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); // Include the key name in the EncryptedKey KeyInfo. string encryptionMethod = null; if (symKey == null) { encryptionMethod = EncryptedXml.XmlEncRSA15Url; } else if (symKey is TripleDES) { // CMS Triple DES Key Wrap encryptionMethod = EncryptedXml.XmlEncTripleDESKeyWrapUrl; } else if (symKey is Rijndael || symKey is Aes) { // FIPS AES Key Wrap switch (symKey.KeySize) { case 128: encryptionMethod = EncryptedXml.XmlEncAES128KeyWrapUrl; break; case 192: encryptionMethod = EncryptedXml.XmlEncAES192KeyWrapUrl; break; case 256: encryptionMethod = EncryptedXml.XmlEncAES256KeyWrapUrl; break; } } else { // throw an exception if the transform is not in the previous categories throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_NotSupportedCryptographicTransform")); } EncryptedKey ek = new EncryptedKey(); ek.EncryptionMethod = new EncryptionMethod(encryptionMethod); ek.KeyInfo.AddClause(new KeyInfoName(keyName)); // Create a random AES session key and encrypt it with the public key associated with the certificate. RijndaelManaged rijn = new RijndaelManaged(); ek.CipherData.CipherValue = (symKey == null ? EncryptedXml.EncryptKey(rijn.Key, rsa, false) : EncryptedXml.EncryptKey(rijn.Key, symKey)); // Encrypt the input element with the random session key that we've created above. KeyInfoEncryptedKey kek = new KeyInfoEncryptedKey(ek); ed.KeyInfo.AddClause(kek); ed.CipherData.CipherValue = EncryptData(inputElement, rijn, false); return ed; }
// Encrypts the given element with the certificate specified. The certificate is added as // an X509Data KeyInfo to an EncryptedKey (AES session key) generated randomly. public EncryptedData Encrypt (XmlElement inputElement, X509Certificate2 certificate) { if (inputElement == null) throw new ArgumentNullException("inputElement"); if (certificate == null) throw new ArgumentNullException("certificate"); if (X509Utils.OidToAlgId(certificate.PublicKey.Oid.Value) != CAPI.CALG_RSA_KEYX) throw new NotSupportedException(SecurityResources.GetResourceString("NotSupported_KeyAlgorithm")); // Create the EncryptedData object, using an AES-256 session key by default. EncryptedData ed = new EncryptedData(); ed.Type = EncryptedXml.XmlEncElementUrl; ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); // Include the certificate in the EncryptedKey KeyInfo. EncryptedKey ek = new EncryptedKey(); ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); ek.KeyInfo.AddClause(new KeyInfoX509Data(certificate)); // Create a random AES session key and encrypt it with the public key associated with the certificate. RijndaelManaged rijn = new RijndaelManaged(); ek.CipherData.CipherValue = EncryptedXml.EncryptKey(rijn.Key, certificate.PublicKey.Key as RSA, false); // Encrypt the input element with the random session key that we've created above. KeyInfoEncryptedKey kek = new KeyInfoEncryptedKey(ek); ed.KeyInfo.AddClause(kek); ed.CipherData.CipherValue = EncryptData(inputElement, rijn, false); return ed; }
// default behaviour is to look for keys defined by an EncryptedKey clause // either directly or through a KeyInfoRetrievalMethod, and key names in the key mapping public virtual SymmetricAlgorithm GetDecryptionKey (EncryptedData encryptedData, string symmetricAlgorithmUri) { if (encryptedData == null) throw new ArgumentNullException("encryptedData"); if (encryptedData.KeyInfo == null) return null; IEnumerator keyInfoEnum = encryptedData.KeyInfo.GetEnumerator(); KeyInfoRetrievalMethod kiRetrievalMethod; KeyInfoName kiName; KeyInfoEncryptedKey kiEncKey; EncryptedKey ek = null; while (keyInfoEnum.MoveNext()) { kiName = keyInfoEnum.Current as KeyInfoName; if (kiName != null) { // Get the decryption key from the key mapping string keyName = kiName.Value; if ((SymmetricAlgorithm) m_keyNameMapping[keyName] != null) return (SymmetricAlgorithm) m_keyNameMapping[keyName]; // try to get it from a CarriedKeyName XmlNamespaceManager nsm = new XmlNamespaceManager(m_document.NameTable); nsm.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl); XmlNodeList encryptedKeyList = m_document.SelectNodes("//enc:EncryptedKey", nsm); if (encryptedKeyList != null) { foreach (XmlNode encryptedKeyNode in encryptedKeyList) { XmlElement encryptedKeyElement = encryptedKeyNode as XmlElement; EncryptedKey ek1 = new EncryptedKey(); ek1.LoadXml(encryptedKeyElement); if (ek1.CarriedKeyName == keyName && ek1.Recipient == this.Recipient) { ek = ek1; break; } } } break; } kiRetrievalMethod = keyInfoEnum.Current as KeyInfoRetrievalMethod; if (kiRetrievalMethod != null) { string idref = Utils.ExtractIdFromLocalUri(kiRetrievalMethod.Uri); ek = new EncryptedKey(); ek.LoadXml(GetIdElement(m_document, idref)); break; } kiEncKey = keyInfoEnum.Current as KeyInfoEncryptedKey; if (kiEncKey != null) { ek = kiEncKey.EncryptedKey; break; } } // if we have an EncryptedKey, decrypt to get the symmetric key if (ek != null) { // now process the EncryptedKey, loop recursively // If the Uri is not provided by the application, try to get it from the EncryptionMethod if (symmetricAlgorithmUri == null) { if (encryptedData.EncryptionMethod == null) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingAlgorithm")); symmetricAlgorithmUri = encryptedData.EncryptionMethod.KeyAlgorithm; } byte[] key = DecryptEncryptedKey(ek); if (key == null) throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingDecryptionKey")); SymmetricAlgorithm symAlg = (SymmetricAlgorithm) CryptoConfig.CreateFromName(symmetricAlgorithmUri); symAlg.Key = key; return symAlg; } return null; }
/// <summary> /// Retrieves a certificate from the Personal Certificate Store in Windows. /// </summary> /// <param name="sujetoCertificado"></param> /// <returns></returns> static void Encriptar(ref XmlDocument document, string elementoParaEncriptar, X509Certificate2 certificadopublico, ref XmlElement securityNode) { RSACryptoServiceProvider rsaAlgorithm = (RSACryptoServiceProvider)certificadopublico.PublicKey.Key; //llave publica usada para encriptar. //Ahora creamos un BinarySecurityToken que será el certificado x509 de la clave pública //se usa para que el receptor sepa qué certificado se usó para encriptar. XmlElement binarySecurityTokenNode = document.CreateElement("wsse", "BinarySecurityToken", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); //El atributo EncodingType dice cómo el Token está codificado, en este caso, Base64Binary. binarySecurityTokenNode.SetAttribute("EncodingType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary"); //El atributo ValueType indica qué es el BinarySecurityToken, en este caso un Certificado X509v3. binarySecurityTokenNode.SetAttribute("ValueType", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"); binarySecurityTokenNode.SetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd", XmlElementsIds.PublicKeyBinarySecurityTokenUri); XmlAttribute attribute = binarySecurityTokenNode.GetAttributeNode("Id"); attribute.Prefix = "wsu"; binarySecurityTokenNode.InnerText = Convert.ToBase64String(certificadopublico.GetRawCertData()); //Creamos una llave simétrica la cuál servirá para codificar la información. //AES-128-CBC AesManaged algoritmosimetrico = new AesManaged() { Padding = PaddingMode.ISO10126, KeySize = 128, Mode = CipherMode.CBC, }; System.Security.Cryptography.Xml.EncryptedKey encryptedKey = new System.Security.Cryptography.Xml.EncryptedKey(); encryptedKey.EncryptionMethod = new System.Security.Cryptography.Xml.EncryptionMethod(EncryptedXml.XmlEncRSAOAEPUrl); encryptedKey.AddReference(new DataReference("#ED-31")); SecurityTokenReference securityTokenReference = new SecurityTokenReference(); securityTokenReference.Reference = XmlElementsIds.PublicKeyBinarySecurityTokenUri; securityTokenReference.ValueType = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"; KeyInfo ekkeyInfo = new KeyInfo(); ekkeyInfo.AddClause(new KeyInfoNode(securityTokenReference.GetXml())); encryptedKey.KeyInfo = ekkeyInfo; encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(algoritmosimetrico.Key, rsaAlgorithm, true)); securityNode.PrependChild(document.ImportNode(encryptedKey.GetXml(), true)); securityNode.PrependChild(binarySecurityTokenNode); //Crear un XmlElement a través del nombre del Tag que se encuentra en el documento Xml especificado. XmlElement elementoParaEncriptarXML = document.GetElementsByTagName(elementoParaEncriptar)[0] as XmlElement; //Creamos una instancia de la clase EncryptedXml y usarla para encriptar //el XmlElement: elementoParaEncriptarXML; usando la llave simétrica que acabamos de //crear. EncryptedXml xmlEncriptado = new EncryptedXml(); //Encriptamos el Body (elementoParaEncriptarXML) usando el algoritmo simétrico AES-128-CBC y lo dejamos ahí. byte[] elementoEncriptado = xmlEncriptado.EncryptData(elementoParaEncriptarXML, algoritmosimetrico, false); //Ahora creamos una instancia de la clase EncryptedData que representa //un elemento <EncryptedData> en el documento XML. System.Security.Cryptography.Xml.EncryptedData encryptedData = new System.Security.Cryptography.Xml.EncryptedData() { Type = EncryptedXml.XmlEncElementContentUrl, Id = "ED-31", //Le asignamos otra propiedad a este elemento <EncryptedData> que es un EncryptionMethod //para que el receptor sepa que algoritmo usar para descifrar EncryptionMethod = new System.Security.Cryptography.Xml.EncryptionMethod(EncryptedXml.XmlEncAES128Url) //Aes-128-cbc o Rjindael. }; encryptedData.CipherData = new CipherData(elementoEncriptado); /* Para descencriptar: Funciona, es para testear si puedo desencriptar los datos. * var lmao= xmlEncriptado.DecryptData(encryptedData, algoritmosimetrico); * var decrypted = Encoding.UTF8.GetString(lmao); */ //Reemplazamos el elemento quotationCarGenericRq sin encriptar del documento XML con el elemento <EncryptedData> (que contiene el Body y sus contenidos encriptados) básicamente. //totalmente lleno. EncryptedXml.ReplaceElement(elementoParaEncriptarXML, encryptedData, false); }
private bool ProcessEncryptedDataItem(XmlElement encryptedDataElement) { if (this.ExceptUris.Count > 0) { for (int i = 0; i < this.ExceptUris.Count; i++) { if (this.IsTargetElement(encryptedDataElement, (string) this.ExceptUris[i])) { return false; } } } EncryptedData encryptedData = new EncryptedData(); encryptedData.LoadXml(encryptedDataElement); SymmetricAlgorithm decryptionKey = this.EncryptedXml.GetDecryptionKey(encryptedData, null); if (decryptionKey == null) { throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingDecryptionKey")); } byte[] decrypted = this.EncryptedXml.DecryptData(encryptedData, decryptionKey); this.ReplaceEncryptedData(encryptedDataElement, decrypted); return true; }
internal static void Encrypt(this XmlElement elementToEncrypt, EncryptingCredentials encryptingCredentials) { if (elementToEncrypt == null) { throw new ArgumentNullException(nameof(elementToEncrypt)); } if (encryptingCredentials == null) { throw new ArgumentNullException(nameof(encryptingCredentials)); } string enc; int keySize; switch (encryptingCredentials.Enc) { case SecurityAlgorithms.Aes128CbcHmacSha256: enc = EncryptedXml.XmlEncAES128Url; keySize = 128; break; case SecurityAlgorithms.Aes192CbcHmacSha384: enc = EncryptedXml.XmlEncAES192Url; keySize = 192; break; case SecurityAlgorithms.Aes256CbcHmacSha512: enc = EncryptedXml.XmlEncAES256Url; keySize = 256; break; default: throw new CryptographicException( $"Unsupported cryptographic algorithm {encryptingCredentials.Enc}"); } var encryptedData = new EncryptedData { Type = EncryptedXml.XmlEncElementUrl, EncryptionMethod = new EncryptionMethod(enc) }; string alg; switch (encryptingCredentials.Alg) { case SecurityAlgorithms.RsaOAEP: alg = EncryptedXml.XmlEncRSAOAEPUrl; break; case SecurityAlgorithms.RsaPKCS1: alg = EncryptedXml.XmlEncRSA15Url; break; default: throw new CryptographicException( $"Unsupported cryptographic algorithm {encryptingCredentials.Alg}"); } var encryptedKey = new EncryptedKey { EncryptionMethod = new EncryptionMethod(alg), }; var encryptedXml = new EncryptedXml(); byte[] encryptedElement; using (var symmetricAlgorithm = new RijndaelManaged()) { X509SecurityKey x509SecurityKey = encryptingCredentials.Key as X509SecurityKey; if (x509SecurityKey == null) { throw new CryptographicException( "The encrypting credentials have an unknown key of type {encryptingCredentials.Key.GetType()}"); } symmetricAlgorithm.KeySize = keySize; encryptedKey.CipherData = new CipherData(EncryptedXml.EncryptKey(symmetricAlgorithm.Key, (RSA)x509SecurityKey.PublicKey, alg == EncryptedXml.XmlEncRSAOAEPUrl)); encryptedElement = encryptedXml.EncryptData(elementToEncrypt, symmetricAlgorithm, false); } encryptedData.CipherData.CipherValue = encryptedElement; encryptedData.KeyInfo = new KeyInfo(); encryptedData.KeyInfo.AddClause(new KeyInfoEncryptedKey(encryptedKey)); EncryptedXml.ReplaceElement(elementToEncrypt, encryptedData, false); }