public async ValueTask <byte[]> DecryptAsync(EncryptedDataMessage message) { Ensure.NotNull(message, nameof(message)); var protector = await protectorProvider.GetAsync(message.Header.KeyId) as DataProtector; return(protector.Decrypt(message)); }
public byte[] Decrypt(EncryptedDataMessage message) { Ensure.NotNull(message, nameof(message)); if (message.Ciphertext == null || message.Ciphertext.Length == 0) { throw new ArgumentException("Required", "ciphertext"); } if (message.Header.KeyId != key.Id) { throw new Exception($"message key '{message.Header.KeyId}' does not match protector"); } using (var aes = new AesDataProtector(key.Value, message.IV)) { return(aes.Decrypt(message.Ciphertext)); } }
public byte[] Encrypt(byte[] plaintext) { Ensure.NotNullOrEmpty(plaintext, nameof(plaintext)); var iv = Secret.Generate(16); // 128 bit iv using (var aes = new AesDataProtector(key: key.Value, iv: iv.Value)) { var ciphertext = aes.Encrypt(plaintext); var message = new EncryptedDataMessage( keyId: key.Id, iv: iv.Value, ciphertext: ciphertext ); return(Serializer.Serialize(message)); } }