/// <summary>JWE生成メソッド</summary> /// <param name="payloadJson">ペイロード部のJson文字列</param> /// <returns>JWEの文字列表現</returns> public string Create(string payloadJson) { // ヘッダー string headerJson = JsonConvert.SerializeObject( this.JWEHeader, new JsonSerializerSettings() { Formatting = Formatting.None, NullValueHandling = NullValueHandling.Ignore }); byte[] headerBytes = CustomEncode.StringToByte(headerJson, CustomEncode.UTF_8); string headerEncoded = CustomEncode.ToBase64UrlString(headerBytes); // コンテンツ暗号化キー(CEK) byte[] cekBytes = GetPassword.RandomByte(this.CekByteLength); byte[] encryptedCekBytes = this.CreateKey(cekBytes); // 派生を呼ぶ string encryptedCekEncoded = CustomEncode.ToBase64UrlString(encryptedCekBytes); // 初期化ベクトル byte[] ivBytes = GetPassword.RandomByte(this.IvByteLength); string ivEncoded = CustomEncode.ToBase64UrlString(ivBytes); // 追加認証データ(AAD) byte[] aadBytes = CustomEncode.StringToByte(headerEncoded, CustomEncode.us_ascii); // ペイロード(認証付き暗号(AEAD)による暗号化) byte[] payloadBytes = CustomEncode.StringToByte(payloadJson, CustomEncode.UTF_8); AeadResult result = this.CreateBody(cekBytes, ivBytes, aadBytes, payloadBytes); // 派生を呼ぶ byte[] encryptedPayloadBytes = result.Ciphert; string encryptedPayloadEncoded = CustomEncode.ToBase64UrlString(encryptedPayloadBytes); // 認証タグ(MAC) byte[] macBytes = result.Tag; string macEncoded = CustomEncode.ToBase64UrlString(macBytes); // return JWE return(headerEncoded + "." + encryptedCekEncoded + "." + ivEncoded + "." + encryptedPayloadEncoded + "." + macEncoded); }
/// <summary>復号化</summary> /// <param name="result">AeadResult</param> /// <returns>平文(plaintext)</returns> public abstract byte[] Decrypt(AeadResult result);
/// <summary>認証付き暗号(AEAD)による本文 復号化</summary> /// <param name="cekBytes">コンテンツ暗号化キー(CEK)</param> /// <param name="ivBytes">初期化ベクトル</param> /// <param name="aadBytes">追加認証データ(AAD)</param> /// <param name="aeadResult">AeadResult</param> /// <returns>byte[] </returns> protected override byte[] DecryptBody(byte[] cekBytes, byte[] ivBytes, byte[] aadBytes, AeadResult aeadResult) { AeadA256Gcm aesGcm = new AeadA256Gcm(cekBytes, ivBytes, aadBytes); return(aesGcm.Decrypt(aeadResult)); }
/// <summary>認証付き暗号(AEAD)による本文 復号化</summary> /// <param name="cekBytes"></param> /// <param name="ivBytes"></param> /// <param name="aadBytes"></param> /// <param name="aeadResult"></param> /// <returns>byte[] </returns> protected abstract byte[] DecryptBody(byte[] cekBytes, byte[] ivBytes, byte[] aadBytes, AeadResult aeadResult);
/// <summary>認証付き暗号(AEAD)による本文 復号化</summary> /// <param name="cekBytes">コンテンツ暗号化キー(CEK)</param> /// <param name="ivBytes">初期化ベクトル</param> /// <param name="aadBytes">追加認証データ(AAD)</param> /// <param name="aeadResult">AeadResult</param> /// <returns>byte[] </returns> protected override byte[] DecryptBody(byte[] cekBytes, byte[] ivBytes, byte[] aadBytes, AeadResult aeadResult) { AeadA128CbcHS256 aesA128CbcHs256 = new AeadA128CbcHS256(cekBytes, ivBytes, aadBytes); return(aesA128CbcHs256.Decrypt(aeadResult)); }