public void CanCreateWithPublicKeyOnly()
{
var cert = RSACertificateBuilder.CreateNewCertificate(new RSACertificateBuilderOptions {
FullSubjectName = "CN=Test", KeySize = 1024
});
var publicCert = new X509Certificate2(cert.Export(X509ContentType.Cert));
var blob = AESBlob.CreateBlob(AESKeySize.AES256, publicCert);
}
public void AES192CreatesWorkableKey()
{
var cert = RSACertificateBuilder.CreateNewCertificate(new RSACertificateBuilderOptions {
FullSubjectName = "CN=Test", KeySize = 1024
});
var blob = AESBlob.CreateBlob(AESKeySize.AES192, cert);
var encryptor = AESBlob.CreateEncryptor(blob, cert);
var data = Encoding.UTF8.GetBytes("Super secret secret");
encryptor.Encrypt(data);
}
public void CannotDecrpytWithoutPrivateKey()
{
Assert.Throws(typeof(InvalidOperationException), () =>
{
var cert = RSACertificateBuilder.CreateNewCertificate(new RSACertificateBuilderOptions {
FullSubjectName = "CN=Test", KeySize = 1024
});
var publicCert = new X509Certificate2(cert.Export(X509ContentType.Cert));
var blob = AESBlob.CreateBlob(AESKeySize.AES256, publicCert);
AESBlob.CreateEncryptor(blob, publicCert);
});
}
public static async Task <IEncryptor> CreateEncryptor(IOptimisticStore store, StoreLocation keyLocation, RSA rsaCert)
{
bool isFound;
byte[] blob;
do
{
var data = await store.LoadData(keyLocation);
if (data == null)
{
// Have to create a new key
blob = AESBlob.CreateBlob(DefaultKeySize, rsaCert);
var ct = CancellationToken.None;
// We use an optimistic write so that it will only create the file IF THE FILE DOES NOT EXIST
// This will catch rare cases where two server calls may try to create two keys
var result = await store.TryOptimisticWrite(keyLocation, null, null, async (s) =>
{
await s.WriteAsync(blob, 0, blob.Length, ct);
return(blob.Length);
}, ct);
isFound = result.Result;
}
else
{
blob = await data.Stream.ReadBytes();
isFound = true;
}
} while (!isFound);
var encryptor = AESBlob.CreateEncryptor(blob, rsaCert);
return(new CertProtectedEncryptor(keyLocation.Container, encryptor));
}