public void TestWrapUnwrapSecretKey_ShouldReturnTheOriginalKey()
{
// GIVEN
var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder().Build();
var originalKeyBytes = Convert.FromBase64String("mZzmzoURXI3Vk0vdsPkcFw==");
// WHEN
var wrappedKeyBytes = RsaEncryption.WrapSecretKey(config.EncryptionCertificate.GetRSAPublicKey(), originalKeyBytes, config.OaepPaddingDigestAlgorithm);
var unwrappedKeyBytes = RsaEncryption.UnwrapSecretKey(config, wrappedKeyBytes, config.OaepPaddingDigestAlgorithm);
// THEN
Assert.IsTrue(originalKeyBytes.SequenceEqual(unwrappedKeyBytes));
}
public static string Encrypt(JweConfig config, String payload, JweHeader header)
{
byte[] cek = AesEncryption.GenerateCek(256);
byte[] encryptedSecretKeyBytes = RsaEncryption.WrapSecretKey(config.EncryptionCertificate.GetRSAPublicKey(), cek, "SHA-256");
string encryptedKey = Base64Utils.URLEncode(encryptedSecretKeyBytes);
byte[] iv = AesEncryption.GenerateIV();
byte[] payloadBytes = Encoding.UTF8.GetBytes(payload);
string headerString = header.Json.ToString();
string encodedHeader = Base64Utils.URLEncode(Encoding.UTF8.GetBytes(headerString));
byte[] aad = Encoding.ASCII.GetBytes(encodedHeader);
var encrypted = AesGcm.Encrypt(cek, iv, payloadBytes, aad);
return(Serialize(encodedHeader, encryptedKey, Base64Utils.URLEncode(iv), Base64Utils.URLEncode(encrypted.Ciphertext), Base64Utils.URLEncode(encrypted.AuthTag)));
}