public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, EncryptedData encryptedData) { user.ThrowIfNull(nameof(user)); keyName.ThrowIfNull(nameof(keyName)); keyId.ThrowIfNull(nameof(keyId)); encryptedData.ThrowIfNull(nameof(encryptedData)); var keyData = keyStore.GetKey(keyName, keyId); keyData.KeyAuth.CanUserAccessKey(user, keyData); if (encryptedData.Algorithm != "RSA-OAEP-256") { throw new ArgumentException(encryptedData.Algorithm + " is not supported"); } var decryptedData = keyData.Key.Decrypt(Convert.FromBase64String(encryptedData.Value)); return(new DecryptedData(Convert.ToBase64String(decryptedData))); }
public DecryptedData Decrypt(ClaimsPrincipal user, string keyName, string keyId, EncryptedData encryptedData) { _logger.LogInformation("decrypt called from key manager class for keyName : " + keyName + " and keyID : " + keyId); Console.WriteLine("decrypt called"); user.ThrowIfNull(nameof(user)); keyName.ThrowIfNull(nameof(keyName)); keyId.ThrowIfNull(nameof(keyId)); encryptedData.ThrowIfNull(nameof(encryptedData)); //use ukc to decrypt byte[] keyNameBytes = Encoding.UTF8.GetBytes(keyName); ulong keyUID = (ulong)Convert.ToUInt64(keyId, 16); CK_OBJECT_HANDLE pubKey; CK_OBJECT_HANDLE prvKey; CK_OBJECT_HANDLE publicTest; Library.C_Initialize(); CK_SLOT_ID[] slots = Library.C_GetSlotList(true); CK_SLOT_ID slot = slots[0]; CK_SESSION_HANDLE session = Library.C_OpenSession(slot); Library.C_FindObjectsInit(session, new CK_ATTRIBUTE[] { new CK_ATTRIBUTE(CK.CKA_TOKEN, true), new CK_ATTRIBUTE(CK.CKA_CLASS, CK.CKO_PRIVATE_KEY), new CK_ATTRIBUTE(CK.CKA_KEY_TYPE, CK.CKK_RSA), //new CK_ATTRIBUTE(CK.CKA_ID, keyNameBytes), new CK_ATTRIBUTE(CK.DYCKA_UID, keyUID) }); CK_OBJECT_HANDLE[] foundKeyHandles = Library.C_FindObjects(session, 1); Library.C_FindObjectsFinal(session); CK_ATTRIBUTE n = new CK_ATTRIBUTE(CK.CKA_MODULUS); CK_ATTRIBUTE e = new CK_ATTRIBUTE(CK.CKA_PUBLIC_EXPONENT); CK_ATTRIBUTE privateKeyUid = new CK_ATTRIBUTE(CK.DYCKA_UID); if (foundKeyHandles.Length == 0) { throw new Exception("key" + keyName + " not found"); } //CK_OBJECT_HANDLE hKey = new CK_OBJECT_HANDLE(vOut); _logger.LogInformation("encryptedData.Value = " + encryptedData.Value); //byte[] plainData = Encoding.UTF8.GetBytes(encryptedData.Value); byte[] plainData = Convert.FromBase64String(encryptedData.Value); Console.WriteLine("Set RSA padding params"); CK_RSA_PKCS_OAEP_PARAMS oaepParams = new CK_RSA_PKCS_OAEP_PARAMS(); oaepParams.hashAlg = CK.CKM_SHA256; oaepParams.mgf = CK.CKG_MGF1_SHA256; CK_MECHANISM mech_rsa = new CK_MECHANISM(CK.CKM_RSA_PKCS_OAEP, oaepParams); Library.C_DecryptInit(session, mech_rsa, foundKeyHandles[0]); byte[] decrypted = Library.C_Decrypt(session, plainData); return(new DecryptedData(Convert.ToBase64String(decrypted))); _logger.LogInformation("Faild to decrypt"); throw new Exception("Faild to decrypt"); }