public EncryptedData Encrypt(XmlElement inputElement, X509Certificate2 certificate)
{
if (inputElement == null)
{
throw new ArgumentNullException("inputElement");
}
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(certificate.PublicKey.Oid.Value) != 0xa400)
{
throw new NotSupportedException(SecurityResources.GetResourceString("NotSupported_KeyAlgorithm"));
}
EncryptedData data = new EncryptedData {
Type = "http://www.w3.org/2001/04/xmlenc#Element",
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes256-cbc")
};
EncryptedKey encryptedKey = new EncryptedKey {
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5")
};
encryptedKey.KeyInfo.AddClause(new KeyInfoX509Data(certificate));
RijndaelManaged symmetricAlgorithm = new RijndaelManaged();
encryptedKey.CipherData.CipherValue = EncryptKey(symmetricAlgorithm.Key, certificate.PublicKey.Key as RSA, false);
KeyInfoEncryptedKey clause = new KeyInfoEncryptedKey(encryptedKey);
data.KeyInfo.AddClause(clause);
data.CipherData.CipherValue = this.EncryptData(inputElement, symmetricAlgorithm, false);
return(data);
}
public override XmlNode Encrypt(XmlNode node)
{
XmlDocument xmlDocument;
EncryptedXml exml;
byte[] rgbOutput;
EncryptedData ed;
KeyInfoName kin;
SymmetricAlgorithm symAlg;
EncryptedKey ek;
KeyInfoEncryptedKey kek;
XmlElement inputElement;
RSACryptoServiceProvider rsa = GetCryptoServiceProvider(false, false);
// Encrypt the node with the new key
xmlDocument = new XmlDocument();
xmlDocument.PreserveWhitespace = true;
xmlDocument.LoadXml("<foo>"+ node.OuterXml+ "</foo>");
exml = new EncryptedXml(xmlDocument);
inputElement = xmlDocument.DocumentElement;
// Create a new 3DES key
symAlg = new TripleDESCryptoServiceProvider();
byte[] rgbKey1 = GetRandomKey();
symAlg.Key = rgbKey1;
symAlg.Mode = CipherMode.ECB;
symAlg.Padding = PaddingMode.PKCS7;
rgbOutput = exml.EncryptData(inputElement, symAlg, true);
ed = new EncryptedData();
ed.Type = EncryptedXml.XmlEncElementUrl;
ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncTripleDESUrl);
ed.KeyInfo = new KeyInfo();
ek = new EncryptedKey();
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
ek.KeyInfo = new KeyInfo();
ek.CipherData = new CipherData();
ek.CipherData.CipherValue = EncryptedXml.EncryptKey(symAlg.Key, rsa, UseOAEP);
kin = new KeyInfoName();
kin.Value = _KeyName;
ek.KeyInfo.AddClause(kin);
kek = new KeyInfoEncryptedKey(ek);
ed.KeyInfo.AddClause(kek);
ed.CipherData = new CipherData();
ed.CipherData.CipherValue = rgbOutput;
EncryptedXml.ReplaceElement(inputElement, ed, true);
// Get node from the document
foreach (XmlNode node2 in xmlDocument.ChildNodes)
if (node2.NodeType == XmlNodeType.Element)
foreach (XmlNode node3 in node2.ChildNodes) // node2 is the "foo" node
if (node3.NodeType == XmlNodeType.Element)
return node3; // node3 is the "EncryptedData" node
return null;
}
public override XmlNode Encrypt(XmlNode node)
{
RSACryptoServiceProvider cryptoServiceProvider = this.GetCryptoServiceProvider(false, false);
XmlDocument document = new XmlDocument {
PreserveWhitespace = true
};
document.LoadXml("<foo>" + node.OuterXml + "</foo>");
EncryptedXml xml = new EncryptedXml(document);
XmlElement documentElement = document.DocumentElement;
SymmetricAlgorithm symmetricAlgorithm = new TripleDESCryptoServiceProvider();
byte[] randomKey = this.GetRandomKey();
symmetricAlgorithm.Key = randomKey;
symmetricAlgorithm.Mode = CipherMode.ECB;
symmetricAlgorithm.Padding = PaddingMode.PKCS7;
byte[] buffer = xml.EncryptData(documentElement, symmetricAlgorithm, true);
EncryptedData encryptedData = new EncryptedData {
Type = "http://www.w3.org/2001/04/xmlenc#Element",
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#tripledes-cbc"),
KeyInfo = new KeyInfo()
};
EncryptedKey encryptedKey = new EncryptedKey {
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5"),
KeyInfo = new KeyInfo(),
CipherData = new CipherData()
};
encryptedKey.CipherData.CipherValue = EncryptedXml.EncryptKey(symmetricAlgorithm.Key, cryptoServiceProvider, this.UseOAEP);
KeyInfoName clause = new KeyInfoName {
Value = this._KeyName
};
encryptedKey.KeyInfo.AddClause(clause);
KeyInfoEncryptedKey key2 = new KeyInfoEncryptedKey(encryptedKey);
encryptedData.KeyInfo.AddClause(key2);
encryptedData.CipherData = new CipherData();
encryptedData.CipherData.CipherValue = buffer;
EncryptedXml.ReplaceElement(documentElement, encryptedData, true);
foreach (XmlNode node2 in document.ChildNodes)
{
if (node2.NodeType == XmlNodeType.Element)
{
foreach (XmlNode node3 in node2.ChildNodes)
{
if (node3.NodeType == XmlNodeType.Element)
{
return node3;
}
}
}
}
return null;
}
// Encrypts the given element with the certificate specified. The certificate is added as
// an X509Data KeyInfo to an EncryptedKey (AES session key) generated randomly.
public EncryptedData Encrypt(XmlElement inputElement, X509Certificate2 certificate)
{
if (inputElement == null)
{
throw new ArgumentNullException(nameof(inputElement));
}
if (certificate == null)
{
throw new ArgumentNullException(nameof(certificate));
}
using (RSA rsaPublicKey = certificate.GetRSAPublicKey())
{
if (rsaPublicKey == null)
{
throw new NotSupportedException(SR.NotSupported_KeyAlgorithm);
}
// Create the EncryptedData object, using an AES-256 session key by default.
EncryptedData ed = new EncryptedData();
ed.Type = EncryptedXml.XmlEncElementUrl;
ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Include the certificate in the EncryptedKey KeyInfo.
EncryptedKey ek = new EncryptedKey();
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
ek.KeyInfo.AddClause(new KeyInfoX509Data(certificate));
// Create a random AES session key and encrypt it with the public key associated with the certificate.
using (Aes aes = Aes.Create())
{
ek.CipherData.CipherValue = EncryptedXml.EncryptKey(aes.Key, rsaPublicKey, false);
// Encrypt the input element with the random session key that we've created above.
KeyInfoEncryptedKey kek = new KeyInfoEncryptedKey(ek);
ed.KeyInfo.AddClause(kek);
ed.CipherData.CipherValue = EncryptData(inputElement, aes, false);
}
return(ed);
}
}
// Encrypts the given element with the certificate specified. The certificate is added as
// an X509Data KeyInfo to an EncryptedKey (AES session key) generated randomly.
public EncryptedData Encrypt(XmlElement inputElement, X509Certificate2 certificate)
{
if (inputElement == null)
{
throw new ArgumentNullException("inputElement");
}
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (X509Utils.OidToAlgId(certificate.PublicKey.Oid.Value) != CAPI.CALG_RSA_KEYX)
{
throw new NotSupportedException(SecurityResources.GetResourceString("NotSupported_KeyAlgorithm"));
}
// Create the EncryptedData object, using an AES-256 session key by default.
EncryptedData ed = new EncryptedData();
ed.Type = EncryptedXml.XmlEncElementUrl;
ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Include the certificate in the EncryptedKey KeyInfo.
EncryptedKey ek = new EncryptedKey();
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
ek.KeyInfo.AddClause(new KeyInfoX509Data(certificate));
// Create a random AES session key and encrypt it with the public key associated with the certificate.
RijndaelManaged rijn = new RijndaelManaged();
ek.CipherData.CipherValue = EncryptedXml.EncryptKey(rijn.Key, certificate.PublicKey.Key as RSA, false);
// Encrypt the input element with the random session key that we've created above.
KeyInfoEncryptedKey kek = new KeyInfoEncryptedKey(ek);
ed.KeyInfo.AddClause(kek);
ed.CipherData.CipherValue = EncryptData(inputElement, rijn, false);
return(ed);
}
// Encrypts the given element with the key name specified. A corresponding key name mapping
// has to be defined before calling this method. The key name is added as
// a KeyNameInfo KeyInfo to an EncryptedKey (AES session key) generated randomly.
public EncryptedData Encrypt(XmlElement inputElement, string keyName)
{
if (inputElement == null)
{
throw new ArgumentNullException("inputElement");
}
if (keyName == null)
{
throw new ArgumentNullException("keyName");
}
Object encryptionKey = null;
if (m_keyNameMapping != null)
{
encryptionKey = m_keyNameMapping[keyName];
}
if (encryptionKey == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingEncryptionKey"));
}
// kek is either a SymmetricAlgorithm or an RSA key, otherwise, we wouldn't be able to insert it in the hash table
SymmetricAlgorithm symKey = encryptionKey as SymmetricAlgorithm;
RSA rsa = encryptionKey as RSA;
// Create the EncryptedData object, using an AES-256 session key by default.
EncryptedData ed = new EncryptedData();
ed.Type = EncryptedXml.XmlEncElementUrl;
ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Include the key name in the EncryptedKey KeyInfo.
string encryptionMethod = null;
if (symKey == null)
{
encryptionMethod = EncryptedXml.XmlEncRSA15Url;
}
else if (symKey is TripleDES)
{
// CMS Triple DES Key Wrap
encryptionMethod = EncryptedXml.XmlEncTripleDESKeyWrapUrl;
}
else if (symKey is Rijndael || symKey is Aes)
{
// FIPS AES Key Wrap
switch (symKey.KeySize)
{
case 128:
encryptionMethod = EncryptedXml.XmlEncAES128KeyWrapUrl;
break;
case 192:
encryptionMethod = EncryptedXml.XmlEncAES192KeyWrapUrl;
break;
case 256:
encryptionMethod = EncryptedXml.XmlEncAES256KeyWrapUrl;
break;
}
}
else
{
// throw an exception if the transform is not in the previous categories
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_NotSupportedCryptographicTransform"));
}
EncryptedKey ek = new EncryptedKey();
ek.EncryptionMethod = new EncryptionMethod(encryptionMethod);
ek.KeyInfo.AddClause(new KeyInfoName(keyName));
// Create a random AES session key and encrypt it with the public key associated with the certificate.
using (Aes aes = Aes.Create()) {
ek.CipherData.CipherValue = symKey == null?
EncryptedXml.EncryptKey(aes.Key, rsa, false) :
EncryptedXml.EncryptKey(aes.Key, symKey);
// Encrypt the input element with the random session key that we've created above.
KeyInfoEncryptedKey kek = new KeyInfoEncryptedKey(ek);
ed.KeyInfo.AddClause(kek);
ed.CipherData.CipherValue = EncryptData(inputElement, aes, false);
}
return(ed);
}
// Encrypts the given element with the key name specified. A corresponding key name mapping
// has to be defined before calling this method. The key name is added as
// a KeyNameInfo KeyInfo to an EncryptedKey (AES session key) generated randomly.
public EncryptedData Encrypt (XmlElement inputElement, string keyName) {
if (inputElement == null)
throw new ArgumentNullException("inputElement");
if (keyName == null)
throw new ArgumentNullException("keyName");
Object encryptionKey = null;
if (m_keyNameMapping != null)
encryptionKey = m_keyNameMapping[keyName];
if (encryptionKey == null)
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingEncryptionKey"));
// kek is either a SymmetricAlgorithm or an RSA key, otherwise, we wouldn't be able to insert it in the hash table
SymmetricAlgorithm symKey = encryptionKey as SymmetricAlgorithm;
RSA rsa = encryptionKey as RSA;
// Create the EncryptedData object, using an AES-256 session key by default.
EncryptedData ed = new EncryptedData();
ed.Type = EncryptedXml.XmlEncElementUrl;
ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Include the key name in the EncryptedKey KeyInfo.
string encryptionMethod = null;
if (symKey == null) {
encryptionMethod = EncryptedXml.XmlEncRSA15Url;
} else if (symKey is TripleDES) {
// CMS Triple DES Key Wrap
encryptionMethod = EncryptedXml.XmlEncTripleDESKeyWrapUrl;
} else if (symKey is Rijndael || symKey is Aes) {
// FIPS AES Key Wrap
switch (symKey.KeySize) {
case 128:
encryptionMethod = EncryptedXml.XmlEncAES128KeyWrapUrl;
break;
case 192:
encryptionMethod = EncryptedXml.XmlEncAES192KeyWrapUrl;
break;
case 256:
encryptionMethod = EncryptedXml.XmlEncAES256KeyWrapUrl;
break;
}
} else {
// throw an exception if the transform is not in the previous categories
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_NotSupportedCryptographicTransform"));
}
EncryptedKey ek = new EncryptedKey();
ek.EncryptionMethod = new EncryptionMethod(encryptionMethod);
ek.KeyInfo.AddClause(new KeyInfoName(keyName));
// Create a random AES session key and encrypt it with the public key associated with the certificate.
RijndaelManaged rijn = new RijndaelManaged();
ek.CipherData.CipherValue = (symKey == null ? EncryptedXml.EncryptKey(rijn.Key, rsa, false) : EncryptedXml.EncryptKey(rijn.Key, symKey));
// Encrypt the input element with the random session key that we've created above.
KeyInfoEncryptedKey kek = new KeyInfoEncryptedKey(ek);
ed.KeyInfo.AddClause(kek);
ed.CipherData.CipherValue = EncryptData(inputElement, rijn, false);
return ed;
}
// Encrypts the given element with the certificate specified. The certificate is added as
// an X509Data KeyInfo to an EncryptedKey (AES session key) generated randomly.
public EncryptedData Encrypt (XmlElement inputElement, X509Certificate2 certificate) {
if (inputElement == null)
throw new ArgumentNullException("inputElement");
if (certificate == null)
throw new ArgumentNullException("certificate");
if (X509Utils.OidToAlgId(certificate.PublicKey.Oid.Value) != CAPI.CALG_RSA_KEYX)
throw new NotSupportedException(SecurityResources.GetResourceString("NotSupported_KeyAlgorithm"));
// Create the EncryptedData object, using an AES-256 session key by default.
EncryptedData ed = new EncryptedData();
ed.Type = EncryptedXml.XmlEncElementUrl;
ed.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
// Include the certificate in the EncryptedKey KeyInfo.
EncryptedKey ek = new EncryptedKey();
ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
ek.KeyInfo.AddClause(new KeyInfoX509Data(certificate));
// Create a random AES session key and encrypt it with the public key associated with the certificate.
RijndaelManaged rijn = new RijndaelManaged();
ek.CipherData.CipherValue = EncryptedXml.EncryptKey(rijn.Key, certificate.PublicKey.Key as RSA, false);
// Encrypt the input element with the random session key that we've created above.
KeyInfoEncryptedKey kek = new KeyInfoEncryptedKey(ek);
ed.KeyInfo.AddClause(kek);
ed.CipherData.CipherValue = EncryptData(inputElement, rijn, false);
return ed;
}
public virtual SymmetricAlgorithm GetDecryptionKey(EncryptedData encryptedData, string symmetricAlgorithmUri)
{
if (encryptedData == null)
{
throw new ArgumentNullException("encryptedData");
}
if (encryptedData.KeyInfo == null)
{
return(null);
}
IEnumerator enumerator = encryptedData.KeyInfo.GetEnumerator();
EncryptedKey encryptedKey = null;
while (enumerator.MoveNext())
{
KeyInfoName current = enumerator.Current as KeyInfoName;
if (current != null)
{
string str = current.Value;
if (((SymmetricAlgorithm)this.m_keyNameMapping[str]) != null)
{
return((SymmetricAlgorithm)this.m_keyNameMapping[str]);
}
XmlNamespaceManager nsmgr = new XmlNamespaceManager(this.m_document.NameTable);
nsmgr.AddNamespace("enc", "http://www.w3.org/2001/04/xmlenc#");
XmlNodeList list = this.m_document.SelectNodes("//enc:EncryptedKey", nsmgr);
if (list != null)
{
foreach (XmlNode node in list)
{
XmlElement element = node as XmlElement;
EncryptedKey key3 = new EncryptedKey();
key3.LoadXml(element);
if ((key3.CarriedKeyName == str) && (key3.Recipient == this.Recipient))
{
encryptedKey = key3;
break;
}
}
}
break;
}
KeyInfoRetrievalMethod method = enumerator.Current as KeyInfoRetrievalMethod;
if (method != null)
{
string idValue = System.Security.Cryptography.Xml.Utils.ExtractIdFromLocalUri(method.Uri);
encryptedKey = new EncryptedKey();
encryptedKey.LoadXml(this.GetIdElement(this.m_document, idValue));
break;
}
KeyInfoEncryptedKey key = enumerator.Current as KeyInfoEncryptedKey;
if (key != null)
{
encryptedKey = key.EncryptedKey;
break;
}
}
if (encryptedKey == null)
{
return(null);
}
if (symmetricAlgorithmUri == null)
{
if (encryptedData.EncryptionMethod == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingAlgorithm"));
}
symmetricAlgorithmUri = encryptedData.EncryptionMethod.KeyAlgorithm;
}
byte[] buffer = this.DecryptEncryptedKey(encryptedKey);
if (buffer == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingDecryptionKey"));
}
SymmetricAlgorithm algorithm = (SymmetricAlgorithm)CryptoConfig.CreateFromName(symmetricAlgorithmUri);
algorithm.Key = buffer;
return(algorithm);
}
public EncryptedData Encrypt(XmlElement inputElement, string keyName)
{
if (inputElement == null)
{
throw new ArgumentNullException("inputElement");
}
if (keyName == null)
{
throw new ArgumentNullException("keyName");
}
object obj2 = null;
if (this.m_keyNameMapping != null)
{
obj2 = this.m_keyNameMapping[keyName];
}
if (obj2 == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingEncryptionKey"));
}
SymmetricAlgorithm symmetricAlgorithm = obj2 as SymmetricAlgorithm;
RSA rsa = obj2 as RSA;
EncryptedData data = new EncryptedData {
Type = "http://www.w3.org/2001/04/xmlenc#Element",
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes256-cbc")
};
string algorithm = null;
if (symmetricAlgorithm == null)
{
algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
}
else if (symmetricAlgorithm is TripleDES)
{
algorithm = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
}
else
{
if (!(symmetricAlgorithm is Rijndael) && !(symmetricAlgorithm is Aes))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_NotSupportedCryptographicTransform"));
}
switch (symmetricAlgorithm.KeySize)
{
case 0x80:
algorithm = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
break;
case 0xc0:
algorithm = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
break;
case 0x100:
algorithm = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
break;
}
}
EncryptedKey encryptedKey = new EncryptedKey {
EncryptionMethod = new EncryptionMethod(algorithm)
};
encryptedKey.KeyInfo.AddClause(new KeyInfoName(keyName));
RijndaelManaged managed = new RijndaelManaged();
encryptedKey.CipherData.CipherValue = (symmetricAlgorithm == null) ? EncryptKey(managed.Key, rsa, false) : EncryptKey(managed.Key, symmetricAlgorithm);
KeyInfoEncryptedKey clause = new KeyInfoEncryptedKey(encryptedKey);
data.KeyInfo.AddClause(clause);
data.CipherData.CipherValue = this.EncryptData(inputElement, managed, false);
return(data);
}
public virtual byte[] DecryptEncryptedKey(EncryptedKey encryptedKey)
{
if (encryptedKey == null)
{
throw new ArgumentNullException("encryptedKey");
}
if (encryptedKey.KeyInfo != null)
{
IEnumerator enumerator = encryptedKey.KeyInfo.GetEnumerator();
EncryptedKey key2 = null;
bool useOAEP = false;
while (enumerator.MoveNext())
{
KeyInfoName current = enumerator.Current as KeyInfoName;
if (current != null)
{
string str = current.Value;
object obj2 = this.m_keyNameMapping[str];
if (obj2 != null)
{
if (obj2 is SymmetricAlgorithm)
{
return(DecryptKey(encryptedKey.CipherData.CipherValue, (SymmetricAlgorithm)obj2));
}
useOAEP = (encryptedKey.EncryptionMethod != null) && (encryptedKey.EncryptionMethod.KeyAlgorithm == "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
return(DecryptKey(encryptedKey.CipherData.CipherValue, (RSA)obj2, useOAEP));
}
break;
}
KeyInfoX509Data data = enumerator.Current as KeyInfoX509Data;
if (data != null)
{
X509Certificate2Enumerator enumerator2 = System.Security.Cryptography.Xml.Utils.BuildBagOfCerts(data, CertUsageType.Decryption).GetEnumerator();
while (enumerator2.MoveNext())
{
RSA privateKey = enumerator2.Current.PrivateKey as RSA;
if (privateKey != null)
{
useOAEP = (encryptedKey.EncryptionMethod != null) && (encryptedKey.EncryptionMethod.KeyAlgorithm == "http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p");
return(DecryptKey(encryptedKey.CipherData.CipherValue, privateKey, useOAEP));
}
}
break;
}
KeyInfoRetrievalMethod method = enumerator.Current as KeyInfoRetrievalMethod;
if (method != null)
{
string idValue = System.Security.Cryptography.Xml.Utils.ExtractIdFromLocalUri(method.Uri);
key2 = new EncryptedKey();
key2.LoadXml(this.GetIdElement(this.m_document, idValue));
return(this.DecryptEncryptedKey(key2));
}
KeyInfoEncryptedKey key = enumerator.Current as KeyInfoEncryptedKey;
if (key != null)
{
key2 = key.EncryptedKey;
byte[] buffer = this.DecryptEncryptedKey(key2);
if (buffer != null)
{
SymmetricAlgorithm symmetricAlgorithm = (SymmetricAlgorithm)CryptoConfig.CreateFromName(encryptedKey.EncryptionMethod.KeyAlgorithm);
symmetricAlgorithm.Key = buffer;
return(DecryptKey(encryptedKey.CipherData.CipherValue, symmetricAlgorithm));
}
}
}
}
return(null);
}
public EncryptedData Encrypt(XmlElement inputElement, string keyName)
{
if (inputElement == null)
{
throw new ArgumentNullException("inputElement");
}
if (keyName == null)
{
throw new ArgumentNullException("keyName");
}
object obj2 = null;
if (this.m_keyNameMapping != null)
{
obj2 = this.m_keyNameMapping[keyName];
}
if (obj2 == null)
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_MissingEncryptionKey"));
}
SymmetricAlgorithm symmetricAlgorithm = obj2 as SymmetricAlgorithm;
RSA rsa = obj2 as RSA;
EncryptedData data = new EncryptedData {
Type = "http://www.w3.org/2001/04/xmlenc#Element",
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes256-cbc")
};
string algorithm = null;
if (symmetricAlgorithm == null)
{
algorithm = "http://www.w3.org/2001/04/xmlenc#rsa-1_5";
}
else if (symmetricAlgorithm is TripleDES)
{
algorithm = "http://www.w3.org/2001/04/xmlenc#kw-tripledes";
}
else
{
if (!(symmetricAlgorithm is Rijndael) && !(symmetricAlgorithm is Aes))
{
throw new CryptographicException(SecurityResources.GetResourceString("Cryptography_Xml_NotSupportedCryptographicTransform"));
}
switch (symmetricAlgorithm.KeySize)
{
case 0x80:
algorithm = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
break;
case 0xc0:
algorithm = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
break;
case 0x100:
algorithm = "http://www.w3.org/2001/04/xmlenc#kw-aes256";
break;
}
}
EncryptedKey encryptedKey = new EncryptedKey {
EncryptionMethod = new EncryptionMethod(algorithm)
};
encryptedKey.KeyInfo.AddClause(new KeyInfoName(keyName));
RijndaelManaged managed = new RijndaelManaged();
encryptedKey.CipherData.CipherValue = (symmetricAlgorithm == null) ? EncryptKey(managed.Key, rsa, false) : EncryptKey(managed.Key, symmetricAlgorithm);
KeyInfoEncryptedKey clause = new KeyInfoEncryptedKey(encryptedKey);
data.KeyInfo.AddClause(clause);
data.CipherData.CipherValue = this.EncryptData(inputElement, managed, false);
return data;
}
public EncryptedData Encrypt(XmlElement inputElement, X509Certificate2 certificate)
{
if (inputElement == null)
{
throw new ArgumentNullException("inputElement");
}
if (certificate == null)
{
throw new ArgumentNullException("certificate");
}
if (System.Security.Cryptography.X509Certificates.X509Utils.OidToAlgId(certificate.PublicKey.Oid.Value) != 0xa400)
{
throw new NotSupportedException(SecurityResources.GetResourceString("NotSupported_KeyAlgorithm"));
}
EncryptedData data = new EncryptedData {
Type = "http://www.w3.org/2001/04/xmlenc#Element",
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#aes256-cbc")
};
EncryptedKey encryptedKey = new EncryptedKey {
EncryptionMethod = new EncryptionMethod("http://www.w3.org/2001/04/xmlenc#rsa-1_5")
};
encryptedKey.KeyInfo.AddClause(new KeyInfoX509Data(certificate));
RijndaelManaged symmetricAlgorithm = new RijndaelManaged();
encryptedKey.CipherData.CipherValue = EncryptKey(symmetricAlgorithm.Key, certificate.PublicKey.Key as RSA, false);
KeyInfoEncryptedKey clause = new KeyInfoEncryptedKey(encryptedKey);
data.KeyInfo.AddClause(clause);
data.CipherData.CipherValue = this.EncryptData(inputElement, symmetricAlgorithm, false);
return data;
}