public async Task <string> Encrypt(string data, string serviceAccountId, bool createKeyIfMissing = true) { var masterKeyAlias = $"alias/{mCmkPrefix}kamus/{KeyIdCreator.Create(serviceAccountId)}"; var(dataKey, encryptedDataKey) = await GenerateEncryptionKey(masterKeyAlias); var(encryptedData, iv) = RijndaelUtils.Encrypt(dataKey.ToArray(), Encoding.UTF8.GetBytes(data)); return(EnvelopeEncryptionUtils.Wrap(encryptedDataKey, iv, encryptedData)); }
public async Task <string> Decrypt(string encryptedData, string serviceAccountId) { var tuple = EnvelopeEncryptionUtils.Unwrap(encryptedData).ValueOrFailure("Invalid encrypted data format"); var(encryptedDataKey, iv, actualEncryptedData) = tuple; var decryptionResult = await mAmazonKeyManagementService.DecryptAsync(new DecryptRequest { CiphertextBlob = new MemoryStream(Convert.FromBase64String(encryptedDataKey)), }); var decrypted = RijndaelUtils.Decrypt(decryptionResult.Plaintext.ToArray(), iv, actualEncryptedData); return(Encoding.UTF8.GetString(decrypted)); }
public Task <string> Decrypt(string encryptedData, string serviceAccountId) { return(EnvelopeEncryptionUtils.Unwrap(encryptedData).Match( some: async t => { (string encryptedDataKey, byte[] iv, byte[] actualEncryptedData) = t; var key = await mMasterKeyManagement.Decrypt(encryptedDataKey, serviceAccountId); var decrypted = RijndaelUtils.Decrypt(Convert.FromBase64String(key), iv, actualEncryptedData); return Encoding.UTF8.GetString(decrypted); }, none: () => mMasterKeyManagement.Decrypt(encryptedData, serviceAccountId) )); }
public async Task <string> Encrypt(string data, string serviceAccountId, bool createKeyIfMissing = true) { if (data.Length <= mMaximumDataLength) { return(await mMasterKeyManagement.Encrypt(data, serviceAccountId, createKeyIfMissing)); } mLogger.Information("Encryption data too length, using envelope encryption"); var dataKey = RijndaelUtils.GenerateKey(256); var(encryptedData, iv) = RijndaelUtils.Encrypt(dataKey, Encoding.UTF8.GetBytes(data)); var encryptedDataKey = await mMasterKeyManagement.Encrypt(Convert.ToBase64String(dataKey), serviceAccountId, createKeyIfMissing); return(EnvelopeEncryptionUtils.Wrap(encryptedDataKey, iv, encryptedData)); }