private static EncryptionInstructions EncryptEnvelopeKeyUsingAsymmetricKeyPairV2(EncryptionMaterialsV2 materials)
{
var rsa = materials.AsymmetricProvider as RSA;
if (rsa == null)
{
throw new NotSupportedException("RSA is the only supported algorithm with this method.");
}
switch (materials.AsymmetricProviderType)
{
case AsymmetricAlgorithmType.RsaOaepSha1:
{
var aesObject = Aes.Create();
var nonce = aesObject.IV.Take(DefaultNonceSize).ToArray();
var envelopeKeyToEncrypt = EnvelopeKeyForDataKey(aesObject.Key);
var cipher = RsaUtils.CreateRsaOaepSha1Cipher(true, rsa);
var encryptedEnvelopeKey = cipher.DoFinal(envelopeKeyToEncrypt);
var instructions = new EncryptionInstructions(materials.MaterialsDescription, aesObject.Key, encryptedEnvelopeKey, nonce,
XAmzWrapAlgRsaOaepSha1, XAmzAesGcmCekAlgValue);
return(instructions);
}
default:
{
throw new NotSupportedException($"{materials.AsymmetricProviderType} isn't supported with AsymmetricProvider");
}
}
}
private static byte[] DecryptEnvelopeKeyUsingAsymmetricKeyPairV2(AsymmetricAlgorithm asymmetricAlgorithm, byte[] encryptedEnvelopeKey)
{
var rsa = asymmetricAlgorithm as RSA;
if (rsa == null)
{
throw new NotSupportedException("RSA-OAEP-SHA1 is the only supported algorithm with AsymmetricProvider.");
}
var cipher = RsaUtils.CreateRsaOaepSha1Cipher(false, rsa);
var decryptedEnvelopeKey = cipher.DoFinal(encryptedEnvelopeKey);
return(DecryptedDataKeyFromDecryptedEnvelopeKey(decryptedEnvelopeKey));
}
