public static string Convert(Stream pemData) { var pemObject = new PemReader(new StreamReader(pemData)).ReadObject(); RSA key; bool isPrivate; if (pemObject is AsymmetricCipherKeyPair) { isPrivate = true; var privateKeyParams = ((AsymmetricCipherKeyPair)pemObject).Private; key = DotNetUtilities.ToRSA((RsaPrivateCrtKeyParameters)privateKeyParams); } else if (pemObject is RsaKeyParameters) { isPrivate = false; key = DotNetUtilities.ToRSA((RsaKeyParameters)pemObject); } else { throw new ArgumentException("object is not PEM encoded RSA key " + $"(decoded: {pemObject.GetType().Name})", nameof(pemData)); } return(RsaKeyLoader.ToXmlString(key, isPrivate)); }
public AsymmetricKeyParameter GetPrivateKeyAsKeyParameter(TextReader reader) { var param = new PemReader(reader).ReadObject(); if (param.GetType() == typeof(RsaPrivateCrtKeyParameters)) { return((AsymmetricKeyParameter)param); } var rsaKeyParameters = (AsymmetricCipherKeyPair)param; return(rsaKeyParameters.Private); }
private static void decrypt(String privateKeyPath, String encryptedCEK, String iv, String encryptedRecordingPath, String decryptedRecordingPath) { // 2) Retrieve customer private key corresponding to public_key_sid and use it to decrypt base 64 decoded // encrypted_cek via RSAES-OAEP-SHA256-MGF1 Object pemObject; using (var txtreader = File.OpenText(@privateKeyPath)) pemObject = new PemReader(txtreader).ReadObject(); var privateKey = (RsaPrivateCrtKeyParameters)((pemObject.GetType() == typeof(AsymmetricCipherKeyPair)) ? ((AsymmetricCipherKeyPair)pemObject).Private : pemObject); var rsaDecryptEngine = CipherUtilities.GetCipher("RSA/ECB/OAEPWITHSHA256ANDMGF1PADDING"); rsaDecryptEngine.Init(false, privateKey); var encryptedCekArr = Convert.FromBase64String(encryptedCEK); var decryptedCekArr = rsaDecryptEngine.DoFinal(encryptedCekArr); // 3) Initialize a AES256-GCM SecretKey object with decrypted CEK and base 64 decoded iv var aesDecryptEngine = CipherUtilities.GetCipher("AES/GCM/NOPADDING"); KeyParameter keyParameter = ParameterUtilities.CreateKeyParameter("AES", decryptedCekArr); ICipherParameters cipherParameters = new ParametersWithIV(keyParameter, Convert.FromBase64String(iv)); aesDecryptEngine.Init(false, cipherParameters); // 4) Decrypt encrypted recording using the SecretKey var decryptedFile = File.Create(@decryptedRecordingPath); CipherStream cipherStream = new CipherStream(File.OpenRead(@encryptedRecordingPath), aesDecryptEngine, null); cipherStream.CopyTo(decryptedFile); decryptedFile.Close(); }