// Wczytuje dane klucza szyfrowania zapisane w archiwum i wyprowadza klucz z podanym hasłem
private void SelectArchiveInfo()
{
Connection = new SQLiteConnection(ConnectionString);
Connection.Open();
SQLiteCommand command = new SQLiteCommand(Connection);
command.CommandText = "SELECT * FROM ArchiveInfo;";
SQLiteDataReader reader = command.ExecuteReader();
byte[] salt = new byte[EncryptionKey.SaltLength];
byte[] checkvalue = new byte[EncryptionKey.BlockLength];
int compression = 0;
while (reader.Read())
{
reader.GetBytes(0, 0, salt, 0, EncryptionKey.SaltLength);
reader.GetBytes(1, 0, checkvalue, 0, EncryptionKey.BlockLength);
compression = reader.GetInt32(2);
}
if (compression == 1)
{
IsCompressed = true;
}
else
{
IsCompressed = false;
}
ArchiveKey = EncryptionKey.Create(salt, checkvalue);
}
public void Create()
{
EncryptionKey key = EncryptionKey.Create(new byte[32]);
Assert.Equal("AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=", key.Base64Key);
Assert.Equal("Zmh6rfhivXdsj8GLjp+OIAiXFIVu4jOzkCpZHQ1fKSU=", key.Base64Hash);
}
public void ObjectCsekToCmek(
string projectId = "your-project-id",
string bucketName = "your-unique-bucket-name",
string objectName = "your-object-name",
string currrentEncryptionKey = "TIbv/fjexq+VmtXzAlc63J4z5kFmWJ6NdAPQulQBT7g=",
string keyLocation = "us-west1",
string kmsKeyRing = "kms-key-ring",
string kmsKeyName = "key-name")
{
string keyPrefix = $"projects/{projectId}/locations/{keyLocation}";
string fullKeyringName = $"{keyPrefix}/keyRings/{kmsKeyRing}";
string fullKeyName = $"{fullKeyringName}/cryptoKeys/{kmsKeyName}";
var storage = StorageClient.Create();
using var outputStream = new MemoryStream();
storage.DownloadObject(bucketName, objectName, outputStream, new DownloadObjectOptions()
{
EncryptionKey = EncryptionKey.Create(Convert.FromBase64String(currrentEncryptionKey))
});
outputStream.Position = 0;
storage.UploadObject(bucketName, objectName, null, outputStream, new UploadObjectOptions()
{
KmsKeyName = fullKeyName
});
Console.WriteLine($"Object {objectName} in bucket {bucketName} is now managed" +
$" by the KMS key ${kmsKeyName} instead of a customer-supplied encryption key");
}
public void DownloadEncryptedFile(
string key = "3eFsTXPvqi3BpT2ipFCGirslh1Jgc6ikjoAu2oQ5JcI=",
string bucketName = "your-unique-bucket-name",
string objectName = "my-file-name",
string localPath = "my-local-path/my-file-name")
{
var storage = StorageClient.Create();
using var outputFile = File.OpenWrite(localPath);
storage.DownloadObject(bucketName, objectName, outputFile, new DownloadObjectOptions
{
EncryptionKey = EncryptionKey.Create(Convert.FromBase64String(key))
});
Console.WriteLine($"Downloaded {objectName} to {localPath}.");
}
// [END storage_download_file]
// [START storage_download_encrypted_file]
private void DownloadEncryptedObject(string key, string bucketName,
string objectName, string localPath = null)
{
var storage = StorageClient.Create();
localPath = localPath ?? Path.GetFileName(objectName);
using (var outputFile = File.OpenWrite(localPath))
{
storage.DownloadObject(bucketName, objectName, outputFile,
new DownloadObjectOptions()
{
EncryptionKey = EncryptionKey.Create(
Convert.FromBase64String(key))
});
}
Console.WriteLine($"downloaded {objectName} to {localPath}.");
}
// [END storage_upload_file]
// [START storage_upload_encrypted_file]
private void UploadEncryptedFile(string key, string bucketName,
string localPath, string objectName = null)
{
var storage = StorageClient.Create();
using (var f = File.OpenRead(localPath))
{
objectName = objectName ?? Path.GetFileName(localPath);
storage.UploadObject(bucketName, objectName, null, f,
new UploadObjectOptions()
{
EncryptionKey = EncryptionKey.Create(
Convert.FromBase64String(key))
});
Console.WriteLine($"Uploaded {objectName}.");
}
}
public void NotNoneEquality()
{
var key1a = EncryptionKey.Generate();
var key1b = EncryptionKey.Create(Convert.FromBase64String(key1a.Base64Key));
var key2 = EncryptionKey.Generate();
Assert.True(key1a.Equals(key1b));
Assert.True(key1a.Equals((object)key1b));
Assert.Equal(key1a.GetHashCode(), key1b.GetHashCode());
Assert.False(key1a.Equals(key2));
Assert.False(key1a.Equals((object)key2));
Assert.NotEqual(key1a.GetHashCode(), key2.GetHashCode());
Assert.False(key1a.Equals(null));
Assert.False(key1a.Equals((object)null));
}
public void ModifyRequest_NotNone()
{
EncryptionKey key = EncryptionKey.Create(new byte[32]);
var request = new HttpRequestMessage();
key.ModifyRequest(request);
IEnumerable <string> values;
Assert.True(request.Headers.TryGetValues(EncryptionKey.AlgorithmHeader, out values));
Assert.Equal(new[] { EncryptionKey.AlgorithmValue }, values);
Assert.True(request.Headers.TryGetValues(EncryptionKey.KeyHeader, out values));
Assert.Equal(new[] { "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=" }, values);
Assert.True(request.Headers.TryGetValues(EncryptionKey.KeyHashHeader, out values));
Assert.Equal(new[] { "Zmh6rfhivXdsj8GLjp+OIAiXFIVu4jOzkCpZHQ1fKSU=" }, values);
Assert.False(request.Headers.TryGetValues(EncryptionKey.CopySourceAlgorithmHeader, out values));
Assert.False(request.Headers.TryGetValues(EncryptionKey.CopySourceKeyHeader, out values));
Assert.False(request.Headers.TryGetValues(EncryptionKey.CopySourceKeyHashHeader, out values));
}
public void ObjectRotateEncryptionKey(
string bucketName = "your-unique-bucket-name",
string objectName = "your-object-name",
string currrentEncryptionKey = "TIbv/fjexq+VmtXzAlc63J4z5kFmWJ6NdAPQulQBT7g=",
string newEncryptionKey = "ARbt/judaq+VmtXzAsc83J4z5kFmWJ6NdAPQuleuB7g=")
{
var storage = StorageClient.Create();
using var outputStream = new MemoryStream();
storage.DownloadObject(bucketName, objectName, outputStream, new DownloadObjectOptions()
{
EncryptionKey = EncryptionKey.Create(Convert.FromBase64String(currrentEncryptionKey))
});
outputStream.Position = 0;
storage.UploadObject(bucketName, objectName, null, outputStream, new UploadObjectOptions()
{
EncryptionKey = EncryptionKey.Create(Convert.FromBase64String(newEncryptionKey))
});
Console.WriteLine($"Rotated encryption key for object {objectName} in bucket {bucketName}");
}
static void Main(string[] args)
{
// step 1 create customer encryption key
var key = EncryptionKey.Generate().Base64Key;
var encryptionKey = EncryptionKey.Create(Convert.FromBase64String(key));
// step 2 get you service Acount cert for auth
string serviceAcountCert = "stackoverflow54387198-xxxxxxxx.json";
// step 3 get you service Acount cert for auth
string bucketName = "stackoverflow_54387198_bucket";
string localPath = "FileToUpload.txt";
string objectName = null;
// step 4 create a local text file to upload
File.WriteAllText(localPath, "test");
// step 5 Create Google Storage Client
var storage = StorageClient.Create(
GoogleCredential.FromJson(File.ReadAllText(serviceAcountCert)));
// step 6 upload the file with the customer encryption key from step 1
using (var f = File.OpenRead(localPath))
{
objectName = objectName ?? Path.GetFileName(localPath);
storage.UploadObject(bucketName, objectName, null, f,
new UploadObjectOptions()
{
EncryptionKey = encryptionKey
});
Console.WriteLine($"Uploaded {objectName}.");
}
// step 7 create a url
// step 7.1 create add x-goog-encryption-algorithm hear
//to tell google you are using customer encryption key
var requestHeaders = new Dictionary <string, IEnumerable <string> >
{
{
"x-goog-encryption-algorithm", new [] { "AES256" }
}
};
// step 7.2 set other parameters
var expireAfter = TimeSpan.FromHours(30.0);
var verb = HttpMethod.Get;
// step 7.3 create a Url Signer
var urlSigner = UrlSigner.FromServiceAccountPath(serviceAcountCert);
// step 7.4 create a secure url
var url = urlSigner.Sign(
bucketName,
objectName,
expireAfter,
verb,
requestHeaders);
// step 8 use the Your Url
// step 8.1 create HttpClient
var client = new HttpClient();
// step 8.1 add x-goog-encryption-algorithm header the same from step 7
client.DefaultRequestHeaders.Add("x-goog-encryption-algorithm", "AES256");
// step 8.2 add x-goog-encryption-key header with customer encryption key (Base64Hash)
client.DefaultRequestHeaders.Add("x-goog-encryption-key", encryptionKey.Base64Key);
// step 8.3 add x-goog-encryption-key header with customer encryption key (Base64Hash)
client.DefaultRequestHeaders.Add("x-goog-encryption-key-sha256", encryptionKey.Base64Hash);
// step 8.4 Download the file
Task.Run(async() =>
{
var response = await client.GetAsync(url);
var contents = await response.Content.ReadAsStringAsync();
// contents == "test"
Console.WriteLine($"contents=>{contents}");
}).GetAwaiter().GetResult();
Console.ReadLine();
}
public void Create_Invalid()
{
Assert.Throws <ArgumentNullException>(() => EncryptionKey.Create(null));
Assert.Throws <ArgumentException>(() => EncryptionKey.Create(new byte[33]));
Assert.Throws <ArgumentException>(() => EncryptionKey.Create(new byte[31]));
}