/// <summary> /// Parses the padding flags into an RSAEncryptionPadding object we can use with the API /// Look in PaddingFlags.cs for values, but supports only PKCS1 amd OAEP /// </summary> /// <param name="hashAlgorithm">Name of the hash algorithm to use, look in the PaddingHashAlgorithmNames enum for values</param> /// <param name="paddingFlags">Padding Type, Look in PaddingFlags.cs for values, but supports only PKCS1 amd OAEP</param> /// <returns>padding</returns> private RSAEncryptionPadding GetRSAPadding(string hashAlgorithm, int paddingFlags) { RSAEncryptionPadding padding = null; switch (paddingFlags) { case PaddingFlags.PKCS1Padding: padding = RSAEncryptionPadding.Pkcs1; break; case PaddingFlags.OAEPPadding: // Need to parse the hash algorithm out of the string HashAlgorithmName hashAlgorithmName = this.GetHashAlgorithmNameFromPlaintext(hashAlgorithm); padding = RSAEncryptionPadding.CreateOaep(hashAlgorithmName); break; default: throw new CryptographicException( string.Format( "Attempting to get the RSA padding of type {0} is not supported, only supported types are PKCS1 ({1}) or OAEP ({2})", paddingFlags, (int)PaddingFlags.PKCS1Padding, (int)PaddingFlags.OAEPPadding)); } return(padding); }
public static void TestKeyTransEncryptedKey_RsaOaepMd5_Throws() { RSAEncryptionPadding oaepMd5Padding = RSAEncryptionPadding.CreateOaep(HashAlgorithmName.MD5); Assert.ThrowsAny <CryptographicException>(() => { EncodeKeyTransl_Rsa2048(oaepMd5Padding, Certificates.RSA2048Sha256KeyTransfer1); }); }
public static byte[] Encrypt_RSA_2048_OAEP_MGF1_SHA256(byte[] Input, RSAParameters Params) { var RSA = new RSACng(); RSA.ImportParameters(Params); var SHA256Padding = RSAEncryptionPadding.CreateOaep(HashAlgorithmName.SHA256); return(RSA.Encrypt(Input, SHA256Padding)); }
public RsaKeyUnwrapper(RsaJwk key, EncryptionAlgorithm encryptionAlgorithm, KeyManagementAlgorithm contentEncryptionAlgorithm) : base(key, encryptionAlgorithm, contentEncryptionAlgorithm) { #if SUPPORT_SPAN_CRYPTO _rsa = RSA.Create(key.ExportParameters()); #else _rsa = RSA.Create(); _rsa.ImportParameters(key.ExportParameters()); #endif if (contentEncryptionAlgorithm == KeyManagementAlgorithm.RsaOaep) { _padding = RSAEncryptionPadding.OaepSHA1; } else if (contentEncryptionAlgorithm == KeyManagementAlgorithm.RsaPkcs1) { _padding = RSAEncryptionPadding.Pkcs1; } else if (contentEncryptionAlgorithm == KeyManagementAlgorithm.RsaOaep256) { _padding = RSAEncryptionPadding.OaepSHA256; } else if (contentEncryptionAlgorithm == KeyManagementAlgorithm.RsaOaep384) { _padding = RSAEncryptionPadding.OaepSHA384; } else if (contentEncryptionAlgorithm == KeyManagementAlgorithm.RsaOaep512) { _padding = RSAEncryptionPadding.OaepSHA512; } else { ThrowHelper.ThrowNotSupportedException_AlgorithmForKeyWrap(contentEncryptionAlgorithm); _padding = RSAEncryptionPadding.CreateOaep(new HashAlgorithmName()); // will never occur } }
public void Main() { Byte[] data = { 1, 1, 1 }; RSA myRSA = RSA.Create(); RSAEncryptionPadding padding = RSAEncryptionPadding.CreateOaep(HashAlgorithmName.SHA1); // Review all base RSA class' Encrypt/Decrypt calls myRSA.Encrypt(data, padding); // ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ {{Make sure that encrypting data is safe here.}} myRSA.EncryptValue(data); // Noncompliant myRSA.Decrypt(data, padding); // Noncompliant myRSA.DecryptValue(data); // Noncompliant RSACryptoServiceProvider myRSAC = new RSACryptoServiceProvider(); // Review the use of any TryEncrypt/TryDecrypt and specific Encrypt/Decrypt of RSA subclasses. myRSAC.Encrypt(data, false); // Noncompliant myRSAC.Decrypt(data, false); // Noncompliant int written; // Note: TryEncrypt/TryDecrypt are only in .NET Core 2.1+ // myRSAC.TryEncrypt(data, Span<byte>.Empty, padding, out written); // Non compliant // myRSAC.TryDecrypt(data, Span<byte>.Empty, padding, out written); // Non compliant byte[] rgbKey = { 1, 2, 3 }; byte[] rgbIV = { 4, 5, 6 }; SymmetricAlgorithm rijn = SymmetricAlgorithm.Create(); // Review the creation of Encryptors from any SymmetricAlgorithm instance. rijn.CreateEncryptor(); // ^^^^^^^^^^^^^^^^^^^^^^ {{Make sure that encrypting data is safe here.}} rijn.CreateEncryptor(rgbKey, rgbIV); // Noncompliant rijn.CreateDecryptor(); // Noncompliant rijn.CreateDecryptor(rgbKey, rgbIV); // Noncompliant }
private static byte[] DecryptRsa(byte[] Input, RSACng RSA) => RSA.Decrypt(Input, RSAEncryptionPadding.CreateOaep(HashAlgorithmName.SHA256));