public IAuthenticatedEncryptorConfiguration FromXml([NotNull] XElement element) { // <cbcEncryptor reader="{TYPE}"> // <encryption algorithm="{STRING}" provider="{STRING}" keyLength="{INT}" /> // <validation algorithm="{STRING}" provider="{STRING}" /> // <secret>...</secret> // </cbcEncryptor> CryptoUtil.Assert(element.Name == CngCbcAuthenticatedEncryptorConfiguration.CbcEncryptorElementName, @"TODO: Bad element."); var options = new CngCbcAuthenticatedEncryptorConfigurationOptions(); // read <encryption> element var encryptionElement = element.Element(CngCbcAuthenticatedEncryptorConfiguration.EncryptionElementName); options.EncryptionAlgorithm = (string)encryptionElement.Attribute("algorithm"); options.EncryptionAlgorithmProvider = (string)encryptionElement.Attribute("provider"); options.EncryptionAlgorithmKeySize = (int)encryptionElement.Attribute("keyLength"); // read <validation> element var validationElement = element.Element(CngCbcAuthenticatedEncryptorConfiguration.ValidationElementName); options.HashAlgorithm = (string)validationElement.Attribute("algorithm"); options.HashAlgorithmProvider = (string)validationElement.Attribute("provider"); // read the child of the <secret> element, then decrypt it var encryptedSecretElement = element.Element(CngCbcAuthenticatedEncryptorConfiguration.SecretElementName).Elements().Single(); var secretElementDecryptorTypeName = (string)encryptedSecretElement.Attribute("decryptor"); var secretElementDecryptorType = Type.GetType(secretElementDecryptorTypeName, throwOnError: true); var secretElementDecryptor = (IXmlDecryptor)_typeActivator.CreateInstance(_serviceProvider, secretElementDecryptorType); var decryptedSecretElement = secretElementDecryptor.Decrypt(encryptedSecretElement); CryptoUtil.Assert(decryptedSecretElement.Name == CngCbcAuthenticatedEncryptorConfiguration.SecretElementName, @"TODO: Bad element."); byte[] decryptedSecretBytes = Convert.FromBase64String((string)decryptedSecretElement); try { var protectedMemoryBlob = new ProtectedMemoryBlob(decryptedSecretBytes); return(new CngCbcAuthenticatedEncryptorConfiguration(options, protectedMemoryBlob)); } finally { Array.Clear(decryptedSecretBytes, 0, decryptedSecretBytes.Length); } }
public CngCbcAuthenticatedEncryptorConfigurationFactory([NotNull] IOptions <CngCbcAuthenticatedEncryptorConfigurationOptions> optionsAccessor) { _options = optionsAccessor.Options.Clone(); }
public CngCbcAuthenticatedEncryptorConfiguration(CngCbcAuthenticatedEncryptorConfigurationOptions options, ISecret secret) { _options = options; _secret = secret; }