public void CacheEncryptionKeyCorrectlyWhenCallingGetOrCreate() { byte[] plaintextKey1 = { 26, 60, 114, 103, 139, 37, 229, 66, 170, 179, 244, 229, 233, 102, 44, 186, 234, 9, 5, 211, 216, 143, 103, 144, 252, 254, 96, 111, 233, 1, 149, 240 }; byte[] plaintextKey2 = { 26, 60, 114, 103, 139, 37, 229, 66, 170, 179, 244, 229, 233, 102, 44, 186, 234, 9, 5, 211, 216, 143, 103, 144, 252, 254, 96, 111, 233, 1, 149, 240 }; byte[] plaintextKey3 = { 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1 }; DataEncryptionKey encryptionkey1 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1); DataEncryptionKey encryptionkey2 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1); Assert.Same(encryptionkey1, encryptionkey2); DataEncryptionKey encryptionkey3 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1); DataEncryptionKey encryptionkey4 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey2); Assert.Same(encryptionkey3, encryptionkey4); DataEncryptionKey encryptionkey5 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1); DataEncryptionKey encryptionkey6 = PlaintextDataEncryptionKey.GetOrCreate("Not_EK", plaintextKey1); Assert.NotSame(encryptionkey5, encryptionkey6); DataEncryptionKey encryptionkey7 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey1); DataEncryptionKey encryptionkey8 = PlaintextDataEncryptionKey.GetOrCreate("EK", plaintextKey3); Assert.NotSame(encryptionkey7, encryptionkey8); }
public void PerformEqualityCorrectly() { DataEncryptionKey encryptionKey1 = new PlaintextDataEncryptionKey("CEK", plaintextEncryptionKeyBytes); DataEncryptionKey encryptionKey2 = new PlaintextDataEncryptionKey("CEK", plaintextEncryptionKeyBytes); Assert.Equal(encryptionKey1, encryptionKey2); }
public void PerformHashCodeCorrectly() { DataEncryptionKey encryptionKey1 = new PlaintextDataEncryptionKey("CEK", plaintextEncryptionKeyBytes); DataEncryptionKey encryptionKey2 = new PlaintextDataEncryptionKey("CEK", plaintextEncryptionKeyBytes); Assert.Equal(encryptionKey1.GetHashCode(), encryptionKey2.GetHashCode()); }
internal static void Demo() { // Create some simple data elements string plaintextString = "MyString"; long plaintextNumber = 4815162342; Console.WriteLine("**** Original Values ****"); Console.WriteLine($"String: {plaintextString}"); Console.WriteLine($"Number: {plaintextNumber}"); // Generate a new plaintext encryption key PlaintextDataEncryptionKey encryptionKey = new PlaintextDataEncryptionKey("MyKey"); var ciphertextString = plaintextString.Encrypt(encryptionKey).ToBase64String(); var ciphertextNumber = plaintextNumber.Encrypt(encryptionKey).ToBase64String(); Console.WriteLine("\n**** Encrypted Values ****"); Console.WriteLine($"String: {ciphertextString}"); Console.WriteLine($"Number: {ciphertextNumber}"); string decryptedString = ciphertextString.FromBase64String().Decrypt <string>(encryptionKey); long decryptedNumber = ciphertextNumber.FromBase64String().Decrypt <long>(encryptionKey); Console.WriteLine("\n**** Decrypted Values ****"); Console.WriteLine($"String: {decryptedString}"); Console.WriteLine($"Number: {decryptedNumber}"); Console.Clear(); }
/// <summary> /// For providing support to Encrypt/Decrypt items using Legacy DEK with MDE based algorithm. /// UnWrap using Legacy Key Provider and Init MDE Encryption Algorithm with Unwrapped Key. /// </summary> /// <param name="dekProperties"> DEK Properties </param> /// <param name="cancellationToken"> Cancellation Token </param> /// <returns> Data Encryption Key </returns> internal async Task <DataEncryptionKey> FetchUnWrappedMdeSupportedLegacyDekAsync( DataEncryptionKeyProperties dekProperties, CancellationToken cancellationToken) { if (this.DekProvider.EncryptionKeyWrapProvider == null) { throw new InvalidOperationException($"For use of '{CosmosEncryptionAlgorithm.AEAes256CbcHmacSha256Randomized}' algorithm based DEK, " + "Encryptor or CosmosDataEncryptionKeyProvider needs to be initialized with EncryptionKeyWrapProvider."); } EncryptionKeyUnwrapResult unwrapResult; try { // unwrap with original wrap provider unwrapResult = await this.DekProvider.EncryptionKeyWrapProvider.UnwrapKeyAsync( dekProperties.WrappedDataEncryptionKey, dekProperties.EncryptionKeyWrapMetadata, cancellationToken); } catch (Exception exception) { throw EncryptionExceptionFactory.EncryptionKeyNotFoundException( $"Failed to unwrap Data Encryption Key with id: '{dekProperties.Id}'.", exception); } // Init PlainDataEncryptionKey and then Init MDE Algorithm using PlaintextDataEncryptionKey. // PlaintextDataEncryptionKey derives DataEncryptionkey to Init a Raw Root Key received via Legacy WrapProvider Unwrap result. PlaintextDataEncryptionKey plaintextDataEncryptionKey = new PlaintextDataEncryptionKey( dekProperties.EncryptionKeyWrapMetadata.GetName(dekProperties.EncryptionKeyWrapMetadata), unwrapResult.DataEncryptionKey); return(new MdeEncryptionAlgorithm( plaintextDataEncryptionKey, Data.Encryption.Cryptography.EncryptionType.Randomized)); }