/// <summary> /// Decrypts the specified ciphertext expression /// </summary> /// <param name="thumbprint">The thumbprint of the certificate corresponding to the public key used to encrypt the file</param> /// <param name="ciphertext">The ciphertext expression to decrypt</param> /// <param name="Context">The certificate store location where the specified private key resides</param> /// <param name="verbose">True enables verbose logging</param> /// <returns>Plaintext string expression resulting from decryption of the specified ciphertext expression</returns> /// <example> /// <code> /// string thumbprint = @"ccdc673c40ebb2a433300c0c8a2ba6f443da5688"; /// <see cref="X509Context"/> Context = <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>; /// string ciphertext = File.ReadAllText(@"C:\data\connectionString.txt"); /// string plaintext = <see cref="X509Utils"/>.DecryptText(thumbprint, ciphertext, Context); /// </code> /// </example> public static string DecryptText(string thumbprint, string ciphertext, X509Context Context, bool verbose = false) { using (X509CryptoAgent cryptoAgent = new X509CryptoAgent(FormatThumbprint(thumbprint), Context)) { return(cryptoAgent.DecryptText(ciphertext)); } }
/// <summary> /// Decrypts the specified Base64-encoded ciphertext expression /// </summary> /// <param name="ciphertext">The Base64-encoded ciphertext expression to be decrypted</param> /// <returns>A recovered plaintext string</returns> public string DecryptText(string ciphertext) { string plaintext = string.Empty; using (X509CryptoAgent Agent = new X509CryptoAgent(Thumbprint, Context)) { plaintext = Agent.DecryptText(ciphertext); } return(plaintext); }
internal string Reveal(X509Alias Alias) { try { using (X509CryptoAgent Agent = new X509CryptoAgent(Alias)) { return(Agent.DecryptText(Value)); } } catch (Exception ex) { throw new X509CryptoException($"Could not decrypt secret named \"{Key}\" in Alias \"{Alias.Name}\"", ex); } }
/// <summary> /// Re-encrypts a ciphertext expression using a different certificate /// </summary> /// <param name="oldThumbprint">The thumbprint of the old certificate used for prior encryption</param> /// <param name="newThumbprint">The thumbprint of the new certificate to be used for re-encryption</param> /// <param name="ciphertext">The ciphertext expression to be re-encrypted</param> /// <param name="OldContext">(Optional) The X509Context where the old encryption certificate resides (Default: <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>)</param> /// <param name="NewContext">(Optional) The X509Context where the new encryption certificate resides (Default: <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>)</param> /// <param name="verbose">(Optional) True enables verbose logging (Default: false)</param> /// <returns>The text expression re-encrypted using the new certificate</returns> /// <example> /// <code> /// string oldThumbprint = @"ccdc673c40ebb2a433300c0c8a2ba6f443da5688"; /// string newThumbprint = @"0e7e327aab74e47a702c02d90c659da1115b29f7"; /// string ciphertext = File.ReadAllText(@"C:\data\connectionString.txt"); /// string updatedCiphertext = <see cref="X509Utils"/>.ReEncryptText(oldThumbprint, newThumbprint, ciphertext); /// File.WriteAllText(@"C:\data\connectionString.txt", updatedCiphertext); /// </code> /// </example> public static string ReEncryptText(string oldThumbprint, string newThumbprint, string ciphertext, X509Context OldContext = null, X509Context NewContext = null, bool verbose = false) { if (OldContext == null) { OldContext = X509Context.UserReadOnly; } if (NewContext == null) { NewContext = X509Context.UserReadOnly; } using (X509CryptoAgent oldAgent = new X509CryptoAgent(FormatThumbprint(oldThumbprint), OldContext)) { using (X509CryptoAgent newAgent = new X509CryptoAgent(FormatThumbprint(newThumbprint), NewContext)) { return(newAgent.EncryptText(oldAgent.DecryptText(ciphertext))); } } }