public static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg) { // Check the arguments. if (Doc == null) { throw new ArgumentNullException("Doc"); } if (Alg == null) { throw new ArgumentNullException("Alg"); } // Find the EncryptedData element in the XmlDocument. // <snippet10> XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement; // </snippet10> // If the EncryptedData element was not found, throw an exception. if (encryptedElement == null) { throw new XmlException("The EncryptedData element was not found."); } // Create an EncryptedData object and populate it. // <snippet11> EncryptedData edElement = new EncryptedData(); edElement.LoadXml(encryptedElement); // </snippet11> // Create a new EncryptedXml object. // <snippet12> EncryptedXml exml = new EncryptedXml(); // Decrypt the element using the symmetric key. byte[] rgbOutput = exml.DecryptData(edElement, Alg); // </snippet12> // Replace the encryptedData element with the plaintext XML element. // <snippet13> exml.ReplaceData(encryptedElement, rgbOutput); // </snippet13> }
public void RsaDecryption(string resourceName) { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; string originalXml; using (Stream stream = LoadResourceStream(resourceName)) using (StreamReader streamReader = new StreamReader(stream)) { originalXml = streamReader.ReadToEnd(); doc.LoadXml(originalXml); } EncryptedXml encxml = new EncryptedXml(doc); using (RSA rsa = new X509Certificate2(Convert.FromBase64String(SamplePfx), "mono").GetRSAPrivateKey()) { Assert.NotNull(rsa); XmlNamespaceManager nm = new XmlNamespaceManager(doc.NameTable); nm.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope"); nm.AddNamespace("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); nm.AddNamespace("e", EncryptedXml.XmlEncNamespaceUrl); XmlElement el = doc.SelectSingleNode("/s:Envelope/s:Header/o:Security/e:EncryptedKey", nm) as XmlElement; EncryptedKey ekey = new EncryptedKey(); ekey.LoadXml(el); byte[] key = rsa.Decrypt(ekey.CipherData.CipherValue, RSAEncryptionPadding.OaepSHA1); using (Aes aes = Aes.Create()) { aes.Key = key; aes.Mode = CipherMode.CBC; List <XmlElement> elements = new List <XmlElement>(); foreach (XmlElement encryptedDataElement in doc.SelectNodes("//e:EncryptedData", nm)) { elements.Add(encryptedDataElement); } foreach (XmlElement encryptedDataElement in elements) { EncryptedData edata = new EncryptedData(); edata.LoadXml(encryptedDataElement); encxml.ReplaceData(encryptedDataElement, encxml.DecryptData(edata, aes)); } } } }
private void DecryptData(byte[] symmetricKey) { using (Aes cipher = new AesCryptoServiceProvider()) { var dataElement = (XmlElement)(document.GetElementsByTagName("EncryptedData", manager.LookupNamespace("xenc"))[0]); var encryptedData = new EncryptedData(); encryptedData.LoadXml(dataElement); if (encryptedData.EncryptionMethod == null || !encryptedData.EncryptionMethod.KeyAlgorithm.Equals(EncryptedXml.XmlEncAES256Url)) { throw new SecurityException("Illegal symmetric encryption algorithm used"); } cipher.Key = symmetricKey; var encryptedXml = new EncryptedXml(); var decryptedData = encryptedXml.DecryptData(encryptedData, cipher); encryptedXml.ReplaceData(dataElement, decryptedData); } }
public void Sample2() { using (Aes aes = Aes.Create()) { aes.Mode = CipherMode.CBC; aes.KeySize = 256; aes.Key = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(LoadResourceStream("System.Security.Cryptography.Xml.Tests.EncryptedXmlSample2.xml")); EncryptedXml encxml = new EncryptedXml(doc); EncryptedData edata = new EncryptedData(); edata.LoadXml(doc.DocumentElement); encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes)); } }
public static bool DecryptXmlNode(XmlElement encryptedElement, SymmetricAlgorithm salgKey) { try { EncryptedData edElement = new EncryptedData(); edElement.LoadXml(encryptedElement); EncryptedXml eXml = new EncryptedXml(); byte[] rgbOutput = eXml.DecryptData(edElement, salgKey); eXml.ReplaceData(encryptedElement, rgbOutput); return(true); } catch (System.Exception ex) { } return(false); }
protected virtual void DecryptElement( XmlElement element) { if (element == null) { throw new ArgumentNullException(nameof(element)); } var encryptedElement = new EncryptedData(); encryptedElement.LoadXml(element); var encryptedXml = new EncryptedXml(); encryptedXml.ReplaceData( element, encryptedXml.DecryptData(encryptedElement, Symmetric)); }
private bool TryReadEncryptedData(out EncryptedData encryptedData) { if (!InnerReader.IsStartElement("EncryptedData", EncryptedXml.XmlEncNamespaceUrl)) { return(Out.False(out encryptedData)); } var xml = InnerReader.ReadOuterXml(); var document = new XmlDocument(); document.LoadXml(xml); var data = new EncryptedData(); data.LoadXml(document.DocumentElement); encryptedData = data; return(true); }
public static void Decrypt(XmlDocument doc, SymmetricAlgorithm key) { // Create an EncryptedData object and populate it. EncryptedData edElement = new EncryptedData(); // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(); // Find the EncryptedData element in the XmlDocument. XmlElement encryptedElement = doc.GetElementsByTagName("EncryptedData")[0] as XmlElement; edElement.LoadXml(encryptedElement as XmlElement); // Decrypt the element using the symmetric key. byte[] rgbOutput = exml.DecryptData(edElement, key); // Replace the encryptedData element with the plaintext XML element. exml.ReplaceData(encryptedElement, rgbOutput); }
/// <summary> /// Decrypts a saml element. /// </summary> /// <param name="samlElement">Saml element.</param> /// <param name="namespaceManager">Namespace manager.</param> /// <param name="signingCertificate">Certificate used to decrypt the element.</param> /// <returns>Decrypted consumer.</returns> public static Consumer DecryptSaml( this XmlElement samlElement, XmlNamespaceManager namespaceManager, X509Certificate2 signingCertificate) { var encryptedNodesList = samlElement.GetElementsByTagName( "EncryptedData", XmlNamespaces.XMLEncryptionSyntax); var attributes = new Dictionary <string, string>(); var encryptedXml = new EncryptedXml(); foreach (XmlElement node in encryptedNodesList) { var encryptedData = new EncryptedData(); encryptedData.LoadXml(node); var plaintext = encryptedXml.DecryptData( encryptedData, node.ExtractSessionKey( namespaceManager, signingCertificate)); var newNode = XDocument .Parse(Encoding.UTF8.GetString(plaintext)) .Root; var name = newNode.Attribute("Name")?.Value ?? newNode.LastAttribute.Value; var localName = newNode.Name.LocalName; if (localName == "NameID") { name = $"urn:nl:bvn:bankid:1.0:consumer.{localName}"; } attributes.Add(name, newNode.Value); } return(new Consumer { Attributes = attributes }); }
public void Sample2() { using (Aes aes = Aes.Create()) { aes.Mode = CipherMode.CBC; aes.KeySize = 256; // [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Unit test key.")] aes.Key = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(TestHelpers.LoadResourceStream("System.Security.Cryptography.Xml.Tests.EncryptedXmlSample2.xml")); EncryptedXml encxml = new EncryptedXml(doc); EncryptedData edata = new EncryptedData(); edata.LoadXml(doc.DocumentElement); encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes)); } }
public void Sample2() { RijndaelManaged aes = new RijndaelManaged(); aes.Mode = CipherMode.CBC; aes.KeySize = 256; aes.Key = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(TestResourceHelper.GetFullPathOfResource("Test/System.Security.Cryptography.Xml/EncryptedXmlSample2.xml")); EncryptedXml encxml = new EncryptedXml(doc); EncryptedData edata = new EncryptedData(); edata.LoadXml(doc.DocumentElement); encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes)); }
private void DecryptDocument(X509Certificate2 decryptionSertificate) { var encryptedNode = ResponseContainer.EncryptedBody; if (encryptedNode == null) { return; } var encryptedXml = new EncryptedXml(ResponseContainer.Envelope); var encryptedData = new EncryptedData(); encryptedData.LoadXml(encryptedNode); var aes = AesManaged(decryptionSertificate); encryptedXml.ReplaceData(encryptedNode, encryptedXml.DecryptData(encryptedData, aes)); }
public bool DecryptBody(XmlDocument xmlDoc) { Algorithm keyEncryptionAlgorithm = _soapEnvelopeConfiguration.ApplyElement(Direction.Incoming, Usage.KeyEncryption).Algorithm; X509Certificate2 cert = _certstore.ClientEncryptionCertificate(); RSACryptoServiceProvider privateKeyProvider = (RSACryptoServiceProvider)cert.PrivateKey; // Get encrypted key var encryptedKeyNodes = xmlDoc.GetElementsByTagName("xenc:EncryptedKey"); if (encryptedKeyNodes.Count == 0) { return(false); } var encryptedKeyElement = encryptedKeyNodes[0] as XmlElement; EncryptedKey encKey = new EncryptedKey(); encKey.LoadXml(encryptedKeyElement); // Decrypt key bool useOaep; encKey.EncryptionMethod = CalculateEncryptedKey(keyEncryptionAlgorithm, out useOaep); var decryptedKey = EncryptedXml.DecryptKey(encKey.CipherData.CipherValue, privateKeyProvider, useOaep); // Create tripledes key var sessionKey = TripleDES.Create(); sessionKey.Key = decryptedKey; // Get encrypted data XmlElement encryptedElement = xmlDoc.GetElementsByTagName("xenc:EncryptedData")[0] as XmlElement; EncryptedData edElement = new EncryptedData(); edElement.LoadXml(encryptedElement); EncryptedXml exml = new EncryptedXml(xmlDoc); var decryptedData = exml.DecryptData(edElement, sessionKey); exml.ReplaceData(encryptedElement, decryptedData); return(true); }
public string Decrypt(string cxFileName) { var Doc = cipherXmlDoc_; Doc.Load(cxFileName); SymmetricAlgorithm Alg = rijndaelManaged_; // Check the arguments. if (Doc == null) { throw new ArgumentNullException("Doc"); } if (Alg == null) { throw new ArgumentNullException("Alg"); } // Find the EncryptedData element in the XmlDocument. XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement; // If the EncryptedData element was not found, throw an exception. if (encryptedElement == null) { throw new XmlException("The EncryptedData element was not found."); } // Create an EncryptedData object and populate it. EncryptedData edElement = new EncryptedData(); edElement.LoadXml(encryptedElement); // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(); // Decrypt the element using the symmetric key. byte[] rgbOutput = exml.DecryptData(edElement, Alg); // Replace the encryptedData element with the plaintext XML element. exml.ReplaceData(encryptedElement, rgbOutput); return(Doc.InnerXml); }
/// <summary> /// Decrypt document /// </summary> /// <param name="Doc">XmlDocument to decrypt</param> /// <param name="Alg">Encryption key to use</param> private static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg) { // Check the arguments. if (Doc == null) { throw new ArgumentNullException("Doc"); } if (Alg == null) { throw new ArgumentNullException("Alg"); } // Find the EncryptedData element in the XmlDocument. //XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement; XmlNodeList lst = Doc.GetElementsByTagName("EncryptedData"); for (int i = lst.Count - 1; i >= 0; i--) { XmlElement encryptedElement = (XmlElement)lst[i]; // If the EncryptedData element was not found, throw an exception. if (encryptedElement == null) { throw new XmlException("The EncryptedData element was not found."); } // Create an EncryptedData object and populate it. EncryptedData edElement = new EncryptedData(); edElement.LoadXml(encryptedElement); // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(); // Decrypt the element using the symmetric key. byte[] rgbOutput = exml.DecryptData(edElement, Alg); // Replace the encryptedData element with the plaintext XML element. exml.ReplaceData(encryptedElement, rgbOutput); } }
private static void DecryptXmlElement(XmlDocument Doc, SymmetricAlgorithm Alg) { if (Doc == null || Alg == null) { throw new ArgumentNullException("NullArg"); } XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement; if (encryptedElement == null) { throw new XmlException("The EncryptedData element was not found."); } EncryptedData edElement = new EncryptedData(); edElement.LoadXml(encryptedElement); EncryptedXml exml = new EncryptedXml(); byte[] rgbOutput = exml.DecryptData(edElement, Alg); exml.ReplaceData(encryptedElement, rgbOutput); }
public void Sample2() { var aes = CipherUtilities.GetCipher("AES/CBC/ZEROBYTEPADDING"); var random = new SecureRandom(); var ivdata = new byte[aes.GetBlockSize()]; var keydata = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); random.NextBytes(ivdata); var param = new ParametersWithIV(new KeyParameter(keydata), ivdata); XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.Load(TestHelpers.LoadResourceStream("Org.BouncyCastle.Crypto.Xml.Tests.EncryptedXmlSample2.xml")); EncryptedXml encxml = new EncryptedXml(doc); EncryptedData edata = new EncryptedData(); edata.LoadXml(doc.DocumentElement); encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, param)); }
public void ReplaceData2NonDocumentElementTest() { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(InputXml); using (Rijndael aes = new RijndaelManaged()) { aes.GenerateKey(); aes.GenerateIV(); // Encrypt the XML document EncryptedXml encryptedXml = new EncryptedXml(doc); encryptedXml.AddKeyNameMapping("key", aes); XmlElement secretElement = doc.GetElementsByTagName("child")[0] as XmlElement; EncryptedData encrypted = encryptedXml.Encrypt(secretElement, "key"); EncryptedXml.ReplaceElement(secretElement, encrypted, false); // Decrypt it back XmlElement encryptedElement = doc.GetElementsByTagName("EncryptedData", EncryptedXml.XmlEncNamespaceUrl)[0] as XmlElement; EncryptedData encryptedData = new EncryptedData(); encryptedData.LoadXml(encryptedElement); EncryptedXml decryptXml = new EncryptedXml(doc); decryptXml.AddKeyNameMapping("key", aes); byte[] decryptedData = decryptXml.DecryptData(encryptedData, decryptXml.GetDecryptionKey(encryptedData, null)); decryptXml.ReplaceData2(encryptedElement, decryptedData); } // Now that we've encrypted and decrypted the data, ensure that we have both the XML // declaration, and the root node in place. Assert.IsTrue(doc.FirstChild.NodeType == XmlNodeType.XmlDeclaration); Assert.AreEqual("root", doc.FirstChild.NextSibling.Name); Assert.AreEqual(InputXml, doc.OuterXml); }
// Расшифрование узла XML документа на симметричном ключе private static void Decrypt(string srcName, string destName, SymmetricAlgorithm Alg) { // Создаем новый объект xml документа. XmlDocument xmlDoc = new XmlDocument(); // Пробельные символы участвуют в вычислении подписи и должны быть сохранены для совместимости с другими реализациями. xmlDoc.PreserveWhitespace = true; // Загружаем в объект созданный XML документ. xmlDoc.Load(srcName); // Ищем узел для расшифрования. XmlElement encryptedElement = xmlDoc.GetElementsByTagName( "EncryptedData")[0] as XmlElement; if (encryptedElement == null) { throw new XmlException("Узел EncryptedData не найден"); } // Создаем объект EncryptedData. EncryptedData edElement = new EncryptedData(); // и загружаем в него зашифрованный узел edElement.LoadXml(encryptedElement); // Создаем объект EncryptedXml EncryptedXml exml = new EncryptedXml(); // Расшифровываем элемент используя // симметричный ключ. byte[] rgbOutput = exml.DecryptData(edElement, Alg); // Заменяем зашифрованный узел расшифрованным exml.ReplaceData(encryptedElement, rgbOutput); // Сохраняем расшифрованный документ. xmlDoc.Save(destName); }
public void DecryptIfNeeded(X509Certificate2 spCert) { if (spCert == null) { throw new ArgumentNullException(nameof(spCert)); } var responseNode = SelectSingleNode("/samlp:Response"); var encryptedAssertionNode = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion"); if (encryptedAssertionNode != null) { var encryptedDataNode = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion/xenc:EncryptedData"); var encryptionMethodAlgorithm = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion/xenc:EncryptedData/xenc:EncryptionMethod")?.Attributes["Algorithm"]?.Value; var encryptionMethodKeyAlgorithm = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion/xenc:EncryptedData/ds:KeyInfo/e:EncryptedKey/e:EncryptionMethod")?.Attributes["Algorithm"]?.Value; var cypherText = SelectSingleNode("/samlp:Response/saml:EncryptedAssertion/xenc:EncryptedData/ds:KeyInfo/e:EncryptedKey/e:CipherData/e:CipherValue")?.InnerText; var key = Rijndael.Create(encryptionMethodAlgorithm); key.Key = EncryptedXml.DecryptKey( Convert.FromBase64String(cypherText), (RSA)spCert.PrivateKey, useOAEP: encryptionMethodKeyAlgorithm == EncryptedXml.XmlEncRSAOAEPUrl ); var encryptedXml = new EncryptedXml(); var encryptedData = new EncryptedData(); encryptedData.LoadXml((XmlElement)encryptedDataNode); var plaintext = encryptedXml.DecryptData(encryptedData, key); var xmlString = Encoding.UTF8.GetString(plaintext); var tempDoc = new XmlDocument(); tempDoc.LoadXml(xmlString); var importNode = responseNode.OwnerDocument.ImportNode(tempDoc.DocumentElement, true); responseNode.ReplaceChild(importNode, encryptedAssertionNode); } }
public static String DecryptXML(String xml, SymmetricAlgorithm key = null) { if (String.IsNullOrEmpty(xml)) { throw new ArgumentNullException("xml"); } if (key == null) { key = DefaultCryptographyKey; } var xmlDoc = default(XmlDocument); var element = default(XmlElement); var edElement = default(EncryptedData); var exml = default(EncryptedXml); var rgbOutput = default(Byte[]); xmlDoc = new XmlDocument(); xmlDoc.LoadXml(xml); element = xmlDoc.DocumentElement; // Create an EncryptedData object and populate it. edElement = new EncryptedData(); Contract.Assert(element != null, "element != null"); edElement.LoadXml(element); // Create a new EncryptedXml object. exml = new EncryptedXml(); // Decrypt the element using the symmetric key. rgbOutput = exml.DecryptData(edElement, key); // Replace the encryptedData element with the plaintext XML element. exml.ReplaceData(element, rgbOutput); return(xmlDoc.OuterXml); }
public static XmlDocument DecryptAssertion(XmlDocument responseWithEncryptedAssertion) { XmlElement encryptedDataElement = (XmlElement)responseWithEncryptedAssertion.GetElementsByTagName("EncryptedData", "http://www.w3.org/2001/04/xmlenc#")[0]; EncryptedData encryptedData = new EncryptedData(); encryptedData.LoadXml(encryptedDataElement); var sessionKey = ExtractSessionKey(encryptedDataElement, encryptedData?.EncryptionMethod?.KeyAlgorithm ?? String.Empty); EncryptedXml encryptedXml = new EncryptedXml(); byte[] assertionBytes = encryptedXml.DecryptData(encryptedData, sessionKey); XmlDocument assertionXml = new XmlDocument { XmlResolver = null, PreserveWhitespace = true }; assertionXml.Load(new StringReader(Encoding.UTF8.GetString(assertionBytes))); return(assertionXml); }
static void InspectElement(XmlDocument Doc) { // Get the EncryptedData element from the XMLDocument object. XmlElement encryptedData = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement; // Create a new EncryptedData object. EncryptedData encData = new EncryptedData(); // Load the XML from the document to // initialize the EncryptedData object. encData.LoadXml(encryptedData); // Display the properties. // Most values are Null by default. Console.WriteLine("EncryptedData.CipherData: " + encData.CipherData.GetXml().InnerXml); Console.WriteLine("EncryptedData.Encoding: " + encData.Encoding); Console.WriteLine("EncryptedData.EncryptionMethod: " + encData.EncryptionMethod.GetXml().InnerXml); EncryptionPropertyCollection encPropCollection = encData.EncryptionProperties; Console.WriteLine("Number of elements in the EncryptionPropertyCollection: " + encPropCollection.Count); //encPropCollection. foreach (EncryptionProperty encProp in encPropCollection) { Console.WriteLine("EncryptionProperty.ID: " + encProp.Id); Console.WriteLine("EncryptionProperty.PropertyElement: " + encProp.PropertyElement.InnerXml); Console.WriteLine("EncryptionProperty.Target: " + encProp.Target); } Console.WriteLine("EncryptedData.Id: " + encData.Id); Console.WriteLine("EncryptedData.KeyInfo: " + encData.KeyInfo.GetXml().InnerXml); Console.WriteLine("EncryptedData.MimeType: " + encData.MimeType); }
private static XmlDocument DecryptXmlDocument(XmlDocument encryptedXmlDocument) { // Создание объекта для дешифрации XML var encryptedXml = new GostEncryptedXml(encryptedXmlDocument); var nsManager = new XmlNamespaceManager(encryptedXmlDocument.NameTable); nsManager.AddNamespace("enc", EncryptedXml.XmlEncNamespaceUrl); // Поиск всех зашифрованных XML-элементов var encryptedDataList = encryptedXmlDocument.SelectNodes("//enc:EncryptedData", nsManager); if (encryptedDataList != null) { foreach (XmlElement encryptedData in encryptedDataList) { // Загрузка элемента EncryptedData var elementEncryptedData = new EncryptedData(); elementEncryptedData.LoadXml(encryptedData); // Извлечение симметричный ключ для расшифровки элемента EncryptedData var sessionKey = GetDecryptionKey(elementEncryptedData); if (sessionKey != null) { // Расшифровка элемента EncryptedData var decryptedData = encryptedXml.DecryptData(elementEncryptedData, sessionKey); // Замена элемента EncryptedData его расшифрованным представлением encryptedXml.ReplaceData(encryptedData, decryptedData); } } } return(encryptedXmlDocument); }
public static void Decrypt(XmlDocument Doc, SymmetricAlgorithm Alg) { XmlElement encryptedElement = Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement; // If the EncryptedData element was not found, throw an exception. if (encryptedElement == null) { throw new XmlException("The EncryptedData element was not found."); } // Create an EncryptedData object and populate it. EncryptedData edElement = new EncryptedData(); edElement.LoadXml(encryptedElement); // Create a new EncryptedXml object. EncryptedXml exml = new EncryptedXml(); // Decrypt the element using the symmetric key. byte[] rgbOutput = exml.DecryptData(edElement, Alg); // Replace the encryptedData element with the plaintext XML element. exml.ReplaceData(encryptedElement, rgbOutput); }
public static (OuterContainer ContainerOuter, InnerContainer ContainerInner, byte[] Key) DecryptOuterContainer(byte[] fileBytes, string password) { byte[] outerContainerBytes; try { outerContainerBytes = Shared.Utility.Decompress(fileBytes); } catch (Exception ex) { throw new Exception(string.Format("failed to decompress (corrupted or not a valid container file): {0}", ex.Message)); } XmlDocument outerContainerXml = new XmlDocument(); outerContainerXml.LoadXml(Encoding.UTF8.GetString(outerContainerBytes)); string version; try { version = outerContainerXml.SelectSingleNode("/OuterContainer/@version").Value; } catch (Exception ex) { throw new Exception(string.Format("unable to read /OuterContainer/@version: {0}", ex.Message)); } Version parsedVersion = new Version(version); if (parsedVersion.Major != 1) { throw new Exception(string.Format("outer container version too new (this container was written on a newer software version) - expected 1, got {0}", parsedVersion.Major)); } OuterContainer outerContainer = new OuterContainer(); string outerVersion = "1.0"; outerContainer.Version = outerVersion; outerContainer.KeyDerivation = new KeyDerivation(); byte[] key; string derivationAlgorithm; try { derivationAlgorithm = outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/DerivationAlgorithm").InnerText; } catch (Exception ex) { throw new Exception(string.Format("invalid KeyDerivation DerivationAlgorithm: {0}", ex.Message)); } outerContainer.KeyDerivation.DerivationAlgorithm = derivationAlgorithm; if (derivationAlgorithm == "PBKDF2") { string hashAlgorithm; try { hashAlgorithm = outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/HashAlgorithm").InnerText; } catch (Exception ex) { throw new Exception(string.Format("invalid KeyDerivation HashAlgorithm: {0}", ex.Message)); } outerContainer.KeyDerivation.HashAlgorithm = hashAlgorithm; byte[] salt; try { salt = Convert.FromBase64String(outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/Salt").InnerText); } catch (Exception ex) { throw new Exception(string.Format("invalid KeyDerivation Salt: {0}", ex.Message)); } outerContainer.KeyDerivation.Salt = salt; int iterationCount; try { iterationCount = Convert.ToInt32(outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/IterationCount").InnerText); } catch (Exception ex) { throw new Exception(string.Format("invalid KeyDerivation IterationCount: {0}", ex.Message)); } outerContainer.KeyDerivation.IterationCount = iterationCount; int keyLength; try { keyLength = Convert.ToInt32(outerContainerXml.SelectSingleNode("/OuterContainer/KeyDerivation/KeyLength").InnerText); } catch (Exception ex) { throw new Exception(string.Format("invalid KeyDerivation KeyLength: {0}", ex.Message)); } outerContainer.KeyDerivation.KeyLength = keyLength; key = Pbkdf2DeriveKeyFromPassword(password, salt, iterationCount, hashAlgorithm, keyLength); } else { throw new Exception(string.Format("unsupported KeyDerivation DerivationAlgorithm: {0}", derivationAlgorithm)); } outerContainer.EncryptedDataPlaceholder = "placeholder"; XmlElement encryptedDataElement = outerContainerXml.GetElementsByTagName("EncryptedData")[0] as XmlElement; if (encryptedDataElement == null) { throw new Exception("unable to find EncryptedData"); } EncryptedData encryptedData = new EncryptedData(); encryptedData.LoadXml(encryptedDataElement); EncryptedXml encryptedXml = new EncryptedXml(); byte[] innerContainerBytes; using (AesCryptoServiceProvider aesCsp = new AesCryptoServiceProvider()) { aesCsp.KeySize = 256; // critical security parameter aesCsp.Key = key; // critical security parameter aesCsp.Mode = CipherMode.CBC; // critical security parameter aesCsp.GenerateIV(); // critical security parameter try { innerContainerBytes = encryptedXml.DecryptData(encryptedData, aesCsp); } catch (Exception ex) { throw new Exception(string.Format("unable to decrypt InnerContainer (check password): {0}", ex.Message)); } } XmlDocument innerContainerXml = new XmlDocument(); try { innerContainerXml.LoadXml(Encoding.UTF8.GetString(innerContainerBytes)); } catch (Exception ex) { throw new Exception(string.Format("unable to parse InnerContainer (check password): {0}", ex.Message)); } string innerReadVersion; try { innerReadVersion = innerContainerXml.SelectSingleNode("/InnerContainer/@version").Value; } catch (Exception ex) { throw new Exception(string.Format("unable to read /InnerContainer/@version: {0}", ex.Message)); } Version innerReadVersionParsed = new Version(innerReadVersion); if (innerReadVersionParsed.Major != 1) { throw new Exception(string.Format("inner container version too new (this container was written on a newer software version) - expected 1, got {0}", innerReadVersionParsed.Major)); } InnerContainer innerContainer; using (XmlReader xmlReader = new XmlNodeReader(innerContainerXml)) { try { innerContainer = (InnerContainer) new XmlSerializer(typeof(InnerContainer)).Deserialize(xmlReader); } catch (Exception ex) { throw new Exception(string.Format("unable to deserialize InnerContainer: {0}", ex.Message)); } } return(outerContainer, innerContainer, key); }
/// <summary> /// Gets the assertion. /// </summary> /// <param name="idpSamlResponseToken">The idp saml response token.</param> /// <param name="options">The options.</param> /// <returns></returns> /// <exception cref="Exception">Missing assertion /// or /// Unable to parse the decrypted assertion.</exception> /// <exception cref="System.Exception">Missing assertion /// or /// Unable to parse the decrypted assertion.</exception> public string GetAssertion(ResponseType idpSamlResponseToken, Saml2Options options) { string token; string xmlTemplate; var assertion = idpSamlResponseToken.Items[0]; if (assertion == null) { throw new Exception("Missing assertion"); } //check if its a decrypted assertion if (assertion.GetType() == typeof(EncryptedElementType)) { EncryptedElementType encryptedElement = (EncryptedElementType)assertion; SymmetricAlgorithm sessionKey; if (encryptedElement.EncryptedData.EncryptionMethod != null) { sessionKey = ExtractSessionKey(encryptedElement, options.ServiceProvider.X509Certificate2.PrivateKey); var encryptedXml = new EncryptedXml(); XmlSerializer xmlSerializer = new XmlSerializer(typeof(EncryptedDataType)); using (MemoryStream memStm = new MemoryStream()) { xmlSerializer.Serialize(memStm, encryptedElement.EncryptedData); memStm.Position = 0; xmlTemplate = new StreamReader(memStm).ReadToEnd(); } var doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(xmlTemplate); var t = doc.GetElementsByTagName("EncryptedData"); var encryptedData = new EncryptedData(); encryptedData.LoadXml((XmlElement)t[0]); byte[] plaintext = encryptedXml.DecryptData(encryptedData, sessionKey); token = Encoding.UTF8.GetString(plaintext); return(token); } } else { XmlSerializer xmlSerializer = new XmlSerializer(typeof(AssertionType)); using (MemoryStream memStm = new MemoryStream()) { xmlSerializer.Serialize(memStm, assertion); memStm.Position = 0; xmlTemplate = new StreamReader(memStm).ReadToEnd(); } var doc = new XmlDocument(); doc.PreserveWhitespace = false; doc.LoadXml(xmlTemplate); string request = doc.OuterXml; return(request); } throw new Exception("Unable to parse the decrypted assertion."); }
protected override void DecryptElement(XmlElement element, string password) { var saltXmlAttribute = XmlHelpers.GetAttributeNode(element, "Salt"); if (string.IsNullOrEmpty(saltXmlAttribute?.Value)) { throw new InvalidXmlException($"Encrypted node {element.Name} does not contain required Attribute \"Salt\"", element); } byte[] rgbSalt; try { rgbSalt = Convert.FromBase64String(saltXmlAttribute.Value); } catch (FormatException) { throw new InvalidXmlException($"Invalid value of Attribute \"Salt\" ({saltXmlAttribute.Value}) in encrypted node {element.Name} ", element); } var ivXmlAttribute = XmlHelpers.GetAttributeNode(element, "IV"); if (string.IsNullOrEmpty(ivXmlAttribute?.Value)) { throw new InvalidXmlException($"Encrypted node {element.Name} does not contain required Attribute \"IV\"", element); } byte[] numArray; try { numArray = Convert.FromBase64String(ivXmlAttribute.Value); } catch (FormatException) { throw new InvalidXmlException($"Invalid value of Attribute \"IV\" ({ivXmlAttribute.Value}) in encrypted node {element.Name} ", element); } var cryptoServiceProvider = new TripleDESCryptoServiceProvider { IV = numArray }; var passwordDeriveBytes = new PasswordDeriveBytes(password, rgbSalt); var encryptedData = new EncryptedData(); encryptedData.LoadXml(element); cryptoServiceProvider.Key = passwordDeriveBytes.CryptDeriveKey("TripleDES", "SHA1", 192, cryptoServiceProvider.IV); // weird edge case - if this is a parameter value, then it must replace one more parent level up var elementToReplace = element.ParentNode?.Name == "DTS:Property" && (element.ParentNode as XmlElement) != null && element.ParentNode?.ParentNode?.Name == "DTS:PackageParameter" ? (XmlElement)element.ParentNode : element; var exml = new EncryptedXml(); try { var output = exml.DecryptData(encryptedData, cryptoServiceProvider); exml.ReplaceData(elementToReplace, output); } catch (CryptographicException) { throw new InvalidPaswordException(); } }
public void Decrypt(string xmlFileName) { TripleDESCryptoServiceProvider encryptionKey = new TripleDESCryptoServiceProvider(); encryptionKey.Key = UTF8Encoding.UTF8.GetBytes(""); // your salt value XmlDocument document = new XmlDocument(); document.Load(xmlFileName); XmlElement encOrderElem = document.GetElementsByTagName("EncryptedData")[0] as XmlElement; EncryptedData encData = new EncryptedData(); encData.LoadXml(encOrderElem); EncryptedXml encryptedXml = new EncryptedXml(); byte[] decryptedOrder = encryptedXml.DecryptData(encData, encryptionKey); encryptedXml.ReplaceData(encOrderElem, decryptedOrder); document.Save(xmlFileName); }
XmlElement VerifyInput2(MessageBuffer buf) { Message msg2 = buf.CreateMessage(); StringWriter sw = new StringWriter(); using (XmlDictionaryWriter w = XmlDictionaryWriter.CreateDictionaryWriter(XmlWriter.Create(sw))) { msg2.WriteMessage(w); } XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(sw.ToString()); // decrypt the key with service certificate privkey PaddingMode mode = PaddingMode.PKCS7; // not sure which is correct ... ANSIX923, ISO10126, PKCS7, Zeros, None. EncryptedXml encXml = new EncryptedXml(doc); encXml.Padding = mode; X509Certificate2 cert2 = new X509Certificate2("Test/Resources/test.pfx", "mono"); XmlNamespaceManager nsmgr = new XmlNamespaceManager(doc.NameTable); nsmgr.AddNamespace("s", "http://www.w3.org/2003/05/soap-envelope"); nsmgr.AddNamespace("c", "http://schemas.xmlsoap.org/ws/2005/02/sc"); nsmgr.AddNamespace("o", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"); nsmgr.AddNamespace("e", "http://www.w3.org/2001/04/xmlenc#"); nsmgr.AddNamespace("dsig", "http://www.w3.org/2000/09/xmldsig#"); XmlNode n = doc.SelectSingleNode("//o:Security/e:EncryptedKey/e:CipherData/e:CipherValue", nsmgr); Assert.IsNotNull(n, "premise: enckey does not exist"); string raw = n.InnerText; byte [] rawbytes = Convert.FromBase64String(raw); RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)cert2.PrivateKey; byte [] decryptedKey = EncryptedXml.DecryptKey(rawbytes, rsa, true); //rsa.Decrypt (rawbytes, true); #if false // create derived keys Dictionary <string, byte[]> keys = new Dictionary <string, byte[]> (); InMemorySymmetricSecurityKey skey = new InMemorySymmetricSecurityKey(decryptedKey); foreach (XmlElement el in doc.SelectNodes("//o:Security/c:DerivedKeyToken", nsmgr)) { n = el.SelectSingleNode("c:Offset", nsmgr); int offset = (n == null) ? 0 : int.Parse(n.InnerText, CultureInfo.InvariantCulture); n = el.SelectSingleNode("c:Length", nsmgr); int length = (n == null) ? 32 : int.Parse(n.InnerText, CultureInfo.InvariantCulture); n = el.SelectSingleNode("c:Label", nsmgr); byte [] label = (n == null) ? decryptedKey : Convert.FromBase64String(n.InnerText); n = el.SelectSingleNode("c:Nonce", nsmgr); byte [] nonce = (n == null) ? new byte [0] : Convert.FromBase64String(n.InnerText); byte [] derkey = skey.GenerateDerivedKey( //SecurityAlgorithms.Psha1KeyDerivation, "http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1", // FIXME: maybe due to the label, this key resolution somehow does not seem to work. label, nonce, length * 8, offset); keys [el.GetAttribute("Id", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")] = derkey; } #endif // decrypt the signature with the decrypted key #if true n = doc.SelectSingleNode("//o:Security/e:EncryptedData/e:CipherData/e:CipherValue", nsmgr); Assert.IsNotNull(n, "premise: encdata does not exist"); raw = n.InnerText; rawbytes = Convert.FromBase64String(raw); Rijndael aes = RijndaelManaged.Create(); // aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)]; aes.Key = decryptedKey; aes.Mode = CipherMode.CBC; aes.Padding = mode; MemoryStream ms = new MemoryStream(); CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write); cs.Write(rawbytes, 0, rawbytes.Length); cs.Close(); byte [] decryptedSignature = ms.ToArray(); #else Rijndael aes = RijndaelManaged.Create(); // aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)]; aes.Key = decryptedKey; aes.Mode = CipherMode.CBC; aes.Padding = mode; EncryptedData ed = new EncryptedData(); n = doc.SelectSingleNode("//o:Security/e:EncryptedData", nsmgr); Assert.IsNotNull(n, "premise: encdata does not exist"); ed.LoadXml(n as XmlElement); byte [] decryptedSignature = encXml.DecryptData(ed, aes); #endif //Console.Error.WriteLine (Encoding.UTF8.GetString (decryptedSignature)); //Console.Error.WriteLine ("============= Decrypted Signature End ==========="); // decrypt the body with the decrypted key #if true n = doc.SelectSingleNode("//s:Body/e:EncryptedData/e:CipherData/e:CipherValue", nsmgr); Assert.IsNotNull(n, "premise: encdata does not exist"); raw = n.InnerText; rawbytes = Convert.FromBase64String(raw); // aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)]; aes.Key = decryptedKey; ms = new MemoryStream(); cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write); cs.Write(rawbytes, 0, rawbytes.Length); cs.Close(); byte [] decryptedBody = ms.ToArray(); #else // decrypt the body with the decrypted key EncryptedData ed2 = new EncryptedData(); XmlElement el = doc.SelectSingleNode("/s:Envelope/s:Body/e:EncryptedData", nsmgr) as XmlElement; ed2.LoadXml(el); // aes.Key = keys [n.SelectSingleNode ("../../dsig:KeyInfo/o:SecurityTokenReference/o:Reference/@URI", nsmgr).InnerText.Substring (1)]; aes.Key = decryptedKey; byte [] decryptedBody = encXml.DecryptData(ed2, aes); #endif //foreach (byte b in decryptedBody) Console.Error.Write ("{0:X02} ", b); Console.Error.WriteLine(Encoding.UTF8.GetString(decryptedBody)); Console.Error.WriteLine("============= Decrypted Body End ==========="); // FIXME: find out what first 16 bytes mean. for (int mmm = 0; mmm < 16; mmm++) { decryptedBody [mmm] = 0x20; } doc.LoadXml(Encoding.UTF8.GetString(decryptedBody)); Assert.AreEqual("RequestSecurityToken", doc.DocumentElement.LocalName, "#b-1"); Assert.AreEqual("http://schemas.xmlsoap.org/ws/2005/02/trust", doc.DocumentElement.NamespaceURI, "#b-2"); return(doc.DocumentElement); }
public void RoundtripSample1() { using (StringWriter sw = new StringWriter()) { // Encryption { XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml("<root> <child>sample</child> </root>"); XmlElement body = doc.DocumentElement; using (Aes aes = Aes.Create()) { aes.Mode = CipherMode.CBC; aes.KeySize = 256; aes.IV = Convert.FromBase64String("pBUM5P03rZ6AE4ZK5EyBrw=="); aes.Key = Convert.FromBase64String("o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; EncryptedXml exml = new EncryptedXml(); byte[] encrypted = exml.EncryptData(body, aes, false); EncryptedData edata = new EncryptedData(); edata.Type = EncryptedXml.XmlEncElementUrl; edata.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url); EncryptedKey ekey = new EncryptedKey(); // omit key encryption, here for testing byte[] encKeyBytes = aes.Key; ekey.CipherData = new CipherData(encKeyBytes); ekey.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url); DataReference dr = new DataReference(); dr.Uri = "_0"; ekey.AddReference(dr); edata.KeyInfo.AddClause(new KeyInfoEncryptedKey(ekey)); edata.KeyInfo = new KeyInfo(); ekey.KeyInfo.AddClause(new RSAKeyValue(RSA.Create())); edata.CipherData.CipherValue = encrypted; EncryptedXml.ReplaceElement(doc.DocumentElement, edata, false); doc.Save(new XmlTextWriter(sw)); } } // Decryption { using (Aes aes = Aes.Create()) { aes.Mode = CipherMode.CBC; aes.KeySize = 256; aes.Key = Convert.FromBase64String( "o/ilseZu+keLBBWGGPlUHweqxIPc4gzZEFWr2nBt640="); aes.Padding = PaddingMode.Zeros; XmlDocument doc = new XmlDocument(); doc.PreserveWhitespace = true; doc.LoadXml(sw.ToString()); EncryptedXml encxml = new EncryptedXml(doc); EncryptedData edata = new EncryptedData(); edata.LoadXml(doc.DocumentElement); encxml.ReplaceData(doc.DocumentElement, encxml.DecryptData(edata, aes)); } } } }