public void SetStoreNameApproperiatelyFromMasterKeyPathRegardlessOfCase(string masterKeyPath) { var provider = new SqlColumnEncryptionCertificateStoreProvider(); byte[] ciphertext = provider.EncryptColumnEncryptionKey(masterKeyPath, ENCRYPTION_ALGORITHM, new byte[] { 1, 2, 3, 4, 5 }); Assert.NotNull(ciphertext); }
public void TestRoundTripWithCSPAndCertStoreProvider() { const string providerName = "Microsoft Enhanced RSA and AES Cryptographic Provider"; string providerType = "24"; string certificateName = string.Format(@"AETest - {0}", providerName); CertificateUtilityWin.CreateCertificate(certificateName, StoreLocation.CurrentUser.ToString(), providerName, providerType); try { X509Certificate2 cert = CertificateUtilityWin.GetCertificate(certificateName, StoreLocation.CurrentUser); string cspPath = CertificateUtilityWin.GetCspPathFromCertificate(cert); string certificatePath = String.Concat(@"CurrentUser/my/", cert.Thumbprint); SqlColumnEncryptionCertificateStoreProvider certProvider = new SqlColumnEncryptionCertificateStoreProvider(); SqlColumnEncryptionCspProvider cspProvider = new SqlColumnEncryptionCspProvider(); byte[] columnEncryptionKey = DatabaseHelper.GenerateRandomBytes(32); byte[] encryptedColumnEncryptionKeyUsingCert = certProvider.EncryptColumnEncryptionKey(certificatePath, @"RSA_OAEP", columnEncryptionKey); byte[] columnEncryptionKeyReturnedCert2CSP = cspProvider.DecryptColumnEncryptionKey(cspPath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCert); Assert.True(columnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCert2CSP)); byte[] encryptedColumnEncryptionKeyUsingCSP = cspProvider.EncryptColumnEncryptionKey(cspPath, @"RSA_OAEP", columnEncryptionKey); byte[] columnEncryptionKeyReturnedCSP2Cert = certProvider.DecryptColumnEncryptionKey(certificatePath, @"RSA_OAEP", encryptedColumnEncryptionKeyUsingCSP); Assert.True(columnEncryptionKey.SequenceEqual(columnEncryptionKeyReturnedCSP2Cert)); } finally { CertificateUtilityWin.RemoveCertificate(certificateName, StoreLocation.CurrentUser); } }
public void AcceptEncryptionAlgorithmRegardlessOfCase(string algorithm) { var provider = new SqlColumnEncryptionCertificateStoreProvider(); byte[] ciphertext = provider.EncryptColumnEncryptionKey(MASTER_KEY_PATH, algorithm, new byte[] { 1, 2, 3, 4, 5 }); Assert.NotNull(ciphertext); }
public void ThrowExceptionWithInvalidParameterWhileEncryptingColumnEncryptionKey(string errorMsg, Type exceptionType, string masterKeyPath, string encryptionAlgorithm, byte[] bytes) { var provider = new SqlColumnEncryptionCertificateStoreProvider(); Exception ex = Assert.Throws(exceptionType, () => provider.EncryptColumnEncryptionKey(masterKeyPath, encryptionAlgorithm, bytes)); Assert.Equal(errorMsg, ex.Message); }
public void ThrowExceptionWithInvalidParameterWhileSigningColumnMasterKeyMetadata(string errorMsg, Type exceptionType, string masterKeyPath) { var provider = new SqlColumnEncryptionCertificateStoreProvider(); Exception ex = Assert.Throws(exceptionType, () => provider.SignColumnMasterKeyMetadata(masterKeyPath, true)); Assert.Equal(errorMsg, ex.Message); }
public void ThrowPlatformNotSupportedExceptionInUnix() { var provider = new SqlColumnEncryptionCertificateStoreProvider(); Assert.Throws <PlatformNotSupportedException>(() => provider.EncryptColumnEncryptionKey("", "", new byte[] { })); Assert.Throws <PlatformNotSupportedException>(() => provider.DecryptColumnEncryptionKey("", "", new byte[] { })); Assert.Throws <PlatformNotSupportedException>(() => provider.SignColumnMasterKeyMetadata("", false)); Assert.Throws <PlatformNotSupportedException>(() => provider.VerifyColumnMasterKeyMetadata("", false, new byte[] { })); }
public void FailToVerifyColumnMasterKeyMetadataWithWrongCertificate(bool allowEnclaveComputations) { var provider = new SqlColumnEncryptionCertificateStoreProvider(); byte[] signature = provider.SignColumnMasterKeyMetadata(MASTER_KEY_PATH, allowEnclaveComputations); Assert.NotNull(signature); Assert.False( provider.VerifyColumnMasterKeyMetadata("CurrentUser/My/4281446463C6F7F5B8EDFFA4BD6E345E46857CAD", allowEnclaveComputations, signature)); }
public void SignAndVerifyColumnMasterKeyMetadataSuccessfully(bool allowEnclaveComputations) { var provider = new SqlColumnEncryptionCertificateStoreProvider(); byte[] signature = provider.SignColumnMasterKeyMetadata(MASTER_KEY_PATH, allowEnclaveComputations); Assert.NotNull(signature); Assert.True(provider.VerifyColumnMasterKeyMetadata(MASTER_KEY_PATH, allowEnclaveComputations, signature)); Assert.False(provider.VerifyColumnMasterKeyMetadata(MASTER_KEY_PATH, !allowEnclaveComputations, signature)); }
public void EncryptAndDecryptDataSuccessfully() { var input = new byte[] { 1, 2, 3, 4, 5 }; var provider = new SqlColumnEncryptionCertificateStoreProvider(); byte[] ciphertext = provider.EncryptColumnEncryptionKey(MASTER_KEY_PATH, ENCRYPTION_ALGORITHM, new byte[] { 1, 2, 3, 4, 5 }); byte[] output = provider.DecryptColumnEncryptionKey(MASTER_KEY_PATH, ENCRYPTION_ALGORITHM, ciphertext); Assert.Equal(input, output); }
public void EncryptKeyAndThenDecryptItSuccessfully(int dataSize) { var provider = new SqlColumnEncryptionCertificateStoreProvider(); var columnEncryptionKey = new byte[dataSize]; var randomNumberGenerator = new Random(); randomNumberGenerator.NextBytes(columnEncryptionKey); byte[] encryptedData = provider.EncryptColumnEncryptionKey(MASTER_KEY_PATH, ENCRYPTION_ALGORITHM, columnEncryptionKey); byte[] decryptedData = provider.DecryptColumnEncryptionKey(MASTER_KEY_PATH, ENCRYPTION_ALGORITHM, encryptedData); Assert.Equal(columnEncryptionKey, decryptedData); }
internal static bool VerifyRsaSignatureDirectly(byte[] hashedCek, byte[] signedCek, byte[] rsaPfx) { Debug.Assert(rsaPfx != null && rsaPfx.Length > 0); X509Certificate2 x509 = new X509Certificate2(rsaPfx, @"P@zzw0rD!SqlvN3x+"); Debug.Assert(x509.HasPrivateKey); SqlColumnEncryptionCertificateStoreProvider rsaProvider = new SqlColumnEncryptionCertificateStoreProvider(); Object RsaVerifySignatureResult = SqlColumnEncryptionCertificateStoreProviderRSAVerifySignature.Invoke(rsaProvider, new object[] { hashedCek, signedCek, x509 }); return((bool)RsaVerifySignatureResult); }
internal static byte[] DecryptRsaDirectly(byte[] rsaPfx, byte[] ciphertextCek, string masterKeyPath) { Debug.Assert(rsaPfx != null && rsaPfx.Length > 0); // The rest of the parameters may be invalid for exception handling test cases X509Certificate2 x509 = new X509Certificate2(rsaPfx, @"P@zzw0rD!SqlvN3x+"); Debug.Assert(x509.HasPrivateKey); SqlColumnEncryptionCertificateStoreProvider rsaProvider = new SqlColumnEncryptionCertificateStoreProvider(); Object RsaDecryptionResult = SqlColumnEncryptionCertificateStoreProviderRSADecrypt.Invoke(rsaProvider, new object[] { ciphertextCek, x509 }); return((byte[])RsaDecryptionResult); }
private static string GetEncryptionKey(string thumbprint) { var randomBytes = new byte[32]; using (var rng = new RNGCryptoServiceProvider()) { rng.GetBytes(randomBytes); } //get the built in sql certificate store provider var provider = new SqlColumnEncryptionCertificateStoreProvider(); //get the column master key var encryptedKey = provider.EncryptColumnEncryptionKey($"LocalMachine/My/{thumbprint}", "RSA_OAEP", randomBytes); //create encrypted data thats used to create the column encryption key var encryptedKeySerialized = "0x" + BitConverter.ToString(encryptedKey).Replace("-", ""); return(encryptedKeySerialized); }
static byte[] GetEncryptedColumnEncryptonKey() { int cekLength = 32; String certificateStoreLocation = "CurrentUser"; String certificateThumbprint = "FCA2F7B54CC3A3A80C478A418C600205325C6757"; // Generate the plaintext column encryption key. byte[] columnEncryptionKey = new byte[cekLength]; RNGCryptoServiceProvider rngCsp = new RNGCryptoServiceProvider(); rngCsp.GetBytes(columnEncryptionKey); // Encrypt the column encryption key with a certificate. string keyPath = String.Format(@"{0}/My/{1}", certificateStoreLocation, certificateThumbprint); SqlColumnEncryptionCertificateStoreProvider provider = new SqlColumnEncryptionCertificateStoreProvider(); return(provider.EncryptColumnEncryptionKey(keyPath, @"RSA_OAEP", columnEncryptionKey)); }
public SQLSetupStrategyCertStoreProvider() : base() { CertStoreProvider = new SqlColumnEncryptionCertificateStoreProvider(); SetupDatabase(); }