public void TestAsymmetricEncryptionNonPersistedKey() { byte[] plainBytes = ByteUtil.Utf8NoBOM.GetBytes("Secret String For Testing"); AsymmetricEncryption.GenerateNewKeys(out string publicKey, out string privateKey); byte[] encryptedBytes = AsymmetricEncryption.EncryptWithKey(publicKey, plainBytes); Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes)); byte[] decryptedBytes = AsymmetricEncryption.DecryptWithKey(privateKey, encryptedBytes); Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes)); // Try encrypting with the private key (usually done with only the public key). byte[] encryptedBytes2 = AsymmetricEncryption.EncryptWithKey(privateKey, plainBytes); Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes2)); // Try decrypting with the public key (should fail) try { byte[] decryptedBytes2 = AsymmetricEncryption.DecryptWithKey(publicKey, encryptedBytes); Assert.Fail("Expected exception when trying to decrypt with public key."); } catch { } // Verify that private-key-encryption worked as intended byte[] decryptedBytes3 = AsymmetricEncryption.DecryptWithKey(privateKey, encryptedBytes); Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes3)); }
private void TestRSAPayloadSizeLimitAtKeySize(int keySize, int expectedPayloadSizeLimit, int startTestAt = -1) { AsymmetricKeypair keys = GetStaticKeys(keySize); if (startTestAt < 1) { startTestAt = expectedPayloadSizeLimit; } int expectedFailureAt = expectedPayloadSizeLimit + 1; for (int i = startTestAt; i <= expectedFailureAt; i++) { byte[] plainBytes = new byte[i]; SecureRandom.NextBytes(plainBytes); byte[] encryptedBytes = null; try { encryptedBytes = AsymmetricEncryption.EncryptWithKey(keys.publicKey, plainBytes); } catch (Exception ex) { if (i == expectedFailureAt) { return; } Assert.Fail(keySize + "-bit key failed at payload size " + i + " bytes. Expected failure at " + expectedFailureAt + "-byte payload size. Exception: " + ex.ToString()); } if (i == expectedFailureAt) { Assert.Fail("Expected exception when encrypting " + expectedFailureAt + "-byte payload size. Did not get exception. " + keySize + "-bit key test failed."); } Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes)); byte[] decryptedBytes = AsymmetricEncryption.DecryptWithKey(keys.privateKey, encryptedBytes); Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes)); } }
private void TestAsymmetricEncryptionWithKeystore(Keystore correctKeystore, string correctKeyContainerName, Keystore wrongKeystore, string wrongKeyContainerName) { CleanupKeystores(); byte[] plainBytes = ByteUtil.Utf8NoBOM.GetBytes("Secret String For Testing"); try { // Key should be automatically generated byte[] encryptedBytes = AsymmetricEncryption.EncryptWithKeyFromKeystore(correctKeystore, correctKeyContainerName, plainBytes); Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes)); byte[] decryptedBytes = AsymmetricEncryption.DecryptWithKeyFromKeystore(correctKeystore, correctKeyContainerName, encryptedBytes); Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes)); // Key should be retrievable from correct keystore string publicKeyLoaded = AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, false); Assert.IsNotNull(publicKeyLoaded); // Key should NOT be retrievable from incorrect keystore string publicKeyFromWrongKeystore = AsymmetricEncryption.GetKeyFromKeystore(wrongKeystore, correctKeyContainerName, false); Assert.IsNull(publicKeyFromWrongKeystore); Assert.IsTrue(KeystoreContainsKeyContainer(correctKeystore, correctKeyContainerName)); Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, correctKeyContainerName)); Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, wrongKeyContainerName)); Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, wrongKeyContainerName)); // Test encryption using exported public key. byte[] encryptedBytes2 = AsymmetricEncryption.EncryptWithKey(publicKeyLoaded, plainBytes); Assert.IsFalse(ByteUtil.ByteArraysMatch(plainBytes, encryptedBytes2)); byte[] decryptedBytes2 = AsymmetricEncryption.DecryptWithKeyFromKeystore(correctKeystore, correctKeyContainerName, encryptedBytes2); Assert.IsTrue(ByteUtil.ByteArraysMatch(plainBytes, decryptedBytes2)); // Should be possible to replace existing keys by calling GenerateNewKeysInKeystore AsymmetricEncryption.GenerateNewKeysInKeystore(correctKeystore, correctKeyContainerName, out string publicKey2); Assert.AreNotEqual(publicKeyLoaded, publicKey2); // Getting the key should now return the new key string publicKeyLoaded2 = AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, false); Assert.AreEqual(publicKey2, publicKeyLoaded2); // Delete the key AsymmetricEncryption.DeletePublicKeyFromKeystore(correctKeystore, correctKeyContainerName); Assert.IsNull(AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, false)); // Try to generate a new one using the "Get" method. string publicKeyLoaded3 = AsymmetricEncryption.GetKeyFromKeystore(correctKeystore, correctKeyContainerName, true); Assert.AreNotEqual(publicKeyLoaded, publicKeyLoaded3); Assert.AreNotEqual(publicKey2, publicKeyLoaded3); } finally { AsymmetricEncryption.DeletePublicKeyFromKeystore(correctKeystore, correctKeyContainerName); Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, correctKeyContainerName)); // Confirm the delete can be done redundantly without negative effect AsymmetricEncryption.DeletePublicKeyFromKeystore(correctKeystore, correctKeyContainerName); Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, correctKeyContainerName)); Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, correctKeyContainerName)); Assert.IsFalse(KeystoreContainsKeyContainer(correctKeystore, wrongKeyContainerName)); Assert.IsFalse(KeystoreContainsKeyContainer(wrongKeystore, wrongKeyContainerName)); } }