/// <summary>
/// Imports the <see cref="AuthenticatedEncryptorDescriptor"/> from serialized XML.
/// </summary>
public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
{
if (element == null)
{
throw new ArgumentNullException(nameof(element));
}
// <descriptor>
// <encryption algorithm="..." />
// <validation algorithm="..." /> <!-- only if not GCM -->
// <masterKey requiresEncryption="true">...</masterKey>
// </descriptor>
var settings = new AuthenticatedEncryptionSettings();
var encryptionElement = element.Element("encryption");
settings.EncryptionAlgorithm = (EncryptionAlgorithm)Enum.Parse(typeof(EncryptionAlgorithm), (string)encryptionElement.Attribute("algorithm"));
// only read <validation> if not GCM
if (!AuthenticatedEncryptionSettings.IsGcmAlgorithm(settings.EncryptionAlgorithm))
{
var validationElement = element.Element("validation");
settings.ValidationAlgorithm = (ValidationAlgorithm)Enum.Parse(typeof(ValidationAlgorithm), (string)validationElement.Attribute("algorithm"));
}
Secret masterKey = ((string)element.Elements("masterKey").Single()).ToSecret();
return(new AuthenticatedEncryptorDescriptor(settings, masterKey, _services));
}
/// <summary>
/// Imports the <see cref="AuthenticatedEncryptorDescriptor"/> from serialized XML.
/// </summary>
public IAuthenticatedEncryptorDescriptor ImportFromXml(XElement element)
{
if (element == null)
{
throw new ArgumentNullException(nameof(element));
}
// <descriptor>
// <encryption algorithm="..." />
// <validation algorithm="..." /> <!-- only if not GCM -->
// <masterKey requiresEncryption="true">...</masterKey>
// </descriptor>
var settings = new AuthenticatedEncryptionSettings();
var encryptionElement = element.Element("encryption");
settings.EncryptionAlgorithm = (EncryptionAlgorithm)Enum.Parse(typeof(EncryptionAlgorithm), (string)encryptionElement.Attribute("algorithm"));
// only read <validation> if not GCM
if (!AuthenticatedEncryptionSettings.IsGcmAlgorithm(settings.EncryptionAlgorithm))
{
var validationElement = element.Element("validation");
settings.ValidationAlgorithm = (ValidationAlgorithm)Enum.Parse(typeof(ValidationAlgorithm), (string)validationElement.Attribute("algorithm"));
}
Secret masterKey = ((string)element.Elements("masterKey").Single()).ToSecret();
return new AuthenticatedEncryptorDescriptor(settings, masterKey, _services);
}
public AuthenticatedEncryptorConfiguration(AuthenticatedEncryptionSettings settings, IServiceProvider services)
{
if (settings == null)
{
throw new ArgumentNullException(nameof(settings));
}
Settings = settings;
_services = services;
}
public AuthenticatedEncryptorConfiguration(AuthenticatedEncryptionSettings settings, IServiceProvider services)
{
if (settings == null)
{
throw new ArgumentNullException(nameof(settings));
}
Settings = settings;
_services = services;
}
public AuthenticatedEncryptorDescriptor(AuthenticatedEncryptionSettings settings, ISecret masterKey, IServiceProvider services)
{
if (settings == null)
{
throw new ArgumentNullException(nameof(settings));
}
if (masterKey == null)
{
throw new ArgumentNullException(nameof(masterKey));
}
Settings = settings;
MasterKey = masterKey;
_services = services;
}
public AuthenticatedEncryptorDescriptor(AuthenticatedEncryptionSettings settings, ISecret masterKey, IServiceProvider services)
{
if (settings == null)
{
throw new ArgumentNullException(nameof(settings));
}
if (masterKey == null)
{
throw new ArgumentNullException(nameof(masterKey));
}
Settings = settings;
MasterKey = masterKey;
_services = services;
}
public XmlSerializedDescriptorInfo ExportToXml()
{
// <descriptor>
// <encryption algorithm="..." />
// <validation algorithm="..." /> <!-- only if not GCM -->
// <masterKey requiresEncryption="true">...</masterKey>
// </descriptor>
var encryptionElement = new XElement("encryption",
new XAttribute("algorithm", Settings.EncryptionAlgorithm));
var validationElement = (AuthenticatedEncryptionSettings.IsGcmAlgorithm(Settings.EncryptionAlgorithm))
? (object)new XComment(" AES-GCM includes a 128-bit authentication tag, no extra validation algorithm required. ")
: (object)new XElement("validation",
new XAttribute("algorithm", Settings.ValidationAlgorithm));
var outerElement = new XElement("descriptor",
encryptionElement,
validationElement,
MasterKey.ToMasterKeyElement());
return(new XmlSerializedDescriptorInfo(outerElement, typeof(AuthenticatedEncryptorDescriptorDeserializer)));
}
public AuthenticatedEncryptorDescriptor(AuthenticatedEncryptionSettings settings, ISecret masterKey)
: this(settings, masterKey, services: null)
{
}
/// <summary>
/// Configures the data protection system to use the specified cryptographic algorithms
/// by default when generating protected payloads.
/// </summary>
/// <param name="builder">The <see cref="IDataProtectionBuilder"/>.</param>
/// <param name="settings">Information about what cryptographic algorithms should be used.</param>
/// <returns>A reference to the <see cref="IDataProtectionBuilder" /> after this operation has completed.</returns>
public static IDataProtectionBuilder UseCryptographicAlgorithms(this IDataProtectionBuilder builder, AuthenticatedEncryptionSettings settings)
{
if (builder == null)
{
throw new ArgumentNullException(nameof(builder));
}
if (settings == null)
{
throw new ArgumentNullException(nameof(settings));
}
return(UseCryptographicAlgorithmsCore(builder, settings));
}
public AuthenticatedEncryptorConfiguration(AuthenticatedEncryptionSettings settings)
: this(settings, services : null)
{
}
public AuthenticatedEncryptorDescriptor(AuthenticatedEncryptionSettings settings, ISecret masterKey)
: this(settings, masterKey, services : null)
{
}
public AuthenticatedEncryptorConfiguration(AuthenticatedEncryptionSettings settings)
: this(settings, services: null)
{
}
