public async Task Run_ReEncrypt(string key) { Console.WriteLine("Running Re-Encrypt Data Process:"); string a = "abcDEF123$%^"; TransitKeyInfo TKIA = await TB.ReadEncryptionKey(key); Console.WriteLine(" -- Encryption Key Current Version is {0}", TKIA.LatestVersionNum); TransitEncryptedItem response = await TB.Encrypt(key, a); bool success = await TB.RotateKey(key); if (!success) { Console.WriteLine(" -- Failed to rotate the key. Stopping the Re-Encryption test."); return; } TransitKeyInfo TKIB = await TB.ReadEncryptionKey(key); Console.WriteLine(" -- Encryption Key New Version is {0}", TKIB.LatestVersionNum); TransitEncryptedItem response2 = await TB.ReEncrypt(key, response.EncryptedValue); if (response2 != null) { Console.WriteLine(" -- Reencryption completed."); // Now validate by decrypting original value and new value. Should be same. TransitDecryptedItem decryptA = await TB.Decrypt(key, response.EncryptedValue); TransitDecryptedItem decryptB = await TB.Decrypt(key, response2.EncryptedValue); if (a == decryptB.DecryptedValue) { Console.WriteLine(" -- ReEncryption successfull. Original Data = {0} and after re-encrypt value = {1}", a, decryptB.DecryptedValue); } else { Console.WriteLine(" -- ReEncryption FAILED. Original value = {0}, re-Encryption value = {1}.", a, decryptB.DecryptedValue); } } Console.WriteLine(" encrypted: {0} to {1}", a, response.EncryptedValue); }
public async Task DerivedEncryptDecrypt_ResultsInSameValue() { string key = await Transit_InitWithKey(TransitEnumKeyType.aes256, true); // Get a random value to encrypt. string toEncrypt = Guid.NewGuid().ToString(); // Set the "Context" value for derived encryption. string toContext = "ZYXabc"; // Now encrypt with that key. TransitEncryptedItem response = await _transitSecretEngine.Encrypt(key, toEncrypt, toContext); Assert.IsNotEmpty(response.EncryptedValue); // Now decrypt it. TransitDecryptedItem responseB = await _transitSecretEngine.Decrypt(key, response.EncryptedValue, toContext); Assert.AreEqual(responseB.DecryptedValue, toEncrypt); }
public async Task EncryptDecrypt_ResultsInSameValue() { // Get a random value to encrypt. string toEncrypt = Guid.NewGuid().ToString(); string encKey = Guid.NewGuid().ToString(); // Create an encryption key. bool rc = await _transitSecretEngine.CreateEncryptionKey(encKey, true, true, TransitEnumKeyType.rsa4096); Assert.AreEqual(true, rc); // Now encrypt with that key. TransitEncryptedItem response = await _transitSecretEngine.Encrypt(encKey, toEncrypt); Assert.IsNotEmpty(response.EncryptedValue); // Now decrypt it. TransitDecryptedItem responseB = await _transitSecretEngine.Decrypt(encKey, response.EncryptedValue); Assert.AreEqual(responseB.DecryptedValue, toEncrypt); }
// Test that Reencrypt results in same original un-encrypted value. public async Task RencryptionResultsInSameStartingValue() { string valA = Guid.NewGuid().ToString(); string key = _uniqueKeys.GetKey(); // Create key, validate the version and then encrypt some data with that key. Assert.True(await _transitSecretEngine.CreateEncryptionKey(key, true, true, TransitEnumKeyType.aes256)); TransitEncryptedItem encA = await _transitSecretEngine.Encrypt(key, valA); TransitKeyInfo tkiA = await _transitSecretEngine.ReadEncryptionKey(key); // Rotate Key, Read value of key version, Re-Encrypt data. Decrypt Data. Assert.True(await _transitSecretEngine.RotateKey(key)); TransitKeyInfo tkiB = await _transitSecretEngine.ReadEncryptionKey(key); TransitEncryptedItem encB = await _transitSecretEngine.ReEncrypt(key, encA.EncryptedValue); TransitDecryptedItem decB = await _transitSecretEngine.Decrypt(key, encB.EncryptedValue); // Validate Results. Key version incremented by 1. Assert.AreEqual(tkiA.LatestVersionNum + 1, tkiB.LatestVersionNum, "Key Version should have been incremented."); Assert.AreEqual(valA, decB.DecryptedValue, "After Key Rotation and Rencryption, expected value of encrypted item to be same, but they are different"); }
public async Task Run_BulkOps() { string eKey = Guid.NewGuid().ToString(); // Encrypt Bulk Items Console.WriteLine("Encrypting bulk Items"); List <TransitBulkItemToEncrypt> bulkEnc = new List <TransitBulkItemToEncrypt>(); bulkEnc.Add(new TransitBulkItemToEncrypt("ABC")); bulkEnc.Add(new TransitBulkItemToEncrypt("DEF")); bulkEnc.Add(new TransitBulkItemToEncrypt("GHI")); bulkEnc.Add(new TransitBulkItemToEncrypt("JKL")); bulkEnc.Add(new TransitBulkItemToEncrypt("MNO")); TransitEncryptionResultsBulk results = await TB.EncryptBulk(eKey, bulkEnc); int sentCnt = bulkEnc.Count; int recvCnt = results.EncryptedValues.Count; if (sentCnt == recvCnt) { Console.WriteLine(" - Bulk Encryption completed. Sent and recived items count same! SUCCESS!"); } foreach (TransitEncryptedItem encrypted in results.EncryptedValues) { TransitDecryptedItem decrypted = await TB.Decrypt(eKey, encrypted.EncryptedValue); Console.WriteLine(" - Decrypted Value = {0}", decrypted.DecryptedValue); } // Test Bulk Decryption List <TransitBulkItemToDecrypt> bulkDecrypt = new List <TransitBulkItemToDecrypt>(); foreach (TransitEncryptedItem encrypted in results.EncryptedValues) { bulkDecrypt.Add(new TransitBulkItemToDecrypt(encrypted.EncryptedValue)); } // Now decrypt. TransitDecryptionResultsBulk resDecrypt = await TB.DecryptBulk(eKey, bulkDecrypt); int sentCntD = bulkDecrypt.Count; int recvCntD = resDecrypt.DecryptedValues.Count; if (sentCntD == recvCntD) { Console.WriteLine(" - Bulk Decryption completed. Sent and recived items count same! SUCCESS!"); } // Print results: foreach (TransitDecryptedItem decrypted in resDecrypt.DecryptedValues) { Console.WriteLine(" Bulk Decryption result: {0}", decrypted.DecryptedValue); } // Rotate the Key. // if (runRotateTest) { Console.WriteLine("Rotating the Key."); bool rotateAnswer = await TB.RotateKey(eKey); if (rotateAnswer) { Console.WriteLine(" - Key rotation successful."); } // } // if (runRekeyTest) { Console.WriteLine("Rencrypting a key."); await Run_ReEncrypt(eKey); // } // Test Bulk Rewrap. TransitEncryptionResultsBulk bulkRewrap = await TB.ReEncryptBulk(eKey, bulkDecrypt); foreach (TransitEncryptedItem encrypted in bulkRewrap.EncryptedValues) { // Decrypt the value: TransitDecryptedItem tdiA = await TB.Decrypt(eKey, encrypted.EncryptedValue); Console.WriteLine(" - Decrypted value from bulk Rewrap = {0}", tdiA.DecryptedValue); } }
// Performs a complex set of operations to ensure a backup and restore of a key is successful. Including rotating the key // encrypting with the key, etc. public async Task RestoreKey_Success() { string key = await Transit_InitWithKey(TransitEnumKeyType.aes256); // A. Enable deletion of the key. Dictionary <string, string> keyconfig = new Dictionary <string, string> { { TransitConstants.KeyConfig_DeleteAllowed, "true" } }; TransitKeyInfo tki = await _transitSecretEngine.UpdateKey(key, keyconfig); Assert.True(tki.CanDelete); // B. Rotate the key a few times. await _transitSecretEngine.RotateKey(key); await _transitSecretEngine.RotateKey(key); await _transitSecretEngine.RotateKey(key); // C. Encrypt a piece of data. string encryptedValue = "ABCzyx123"; TransitEncryptedItem encItem = await _transitSecretEngine.Encrypt(key, encryptedValue); // D. Rotate Keys a few more times. await _transitSecretEngine.RotateKey(key); await _transitSecretEngine.RotateKey(key); await _transitSecretEngine.RotateKey(key); tki = await _transitSecretEngine.ReadEncryptionKey(key); Assert.AreEqual(tki.Name, key); // E. Back it up. TransitBackupRestoreItem tbri = await _transitSecretEngine.BackupKey(key); Assert.True(tbri.Success); Assert.AreNotEqual(null, tbri.KeyBackup); // F. Delete key. Assert.True(await _transitSecretEngine.DeleteKey(key)); // G. Restore the key Assert.True(await _transitSecretEngine.RestoreKey(key, tbri)); // H. Decrypt an item with restored key. TransitDecryptedItem decItem = await _transitSecretEngine.Decrypt(key, encItem.EncryptedValue); Assert.AreEqual(encryptedValue, decItem.DecryptedValue); // I. Validate the restore. TransitKeyInfo tkiRestore = await _transitSecretEngine.ReadEncryptionKey(key); Assert.AreEqual(tki.Type, tkiRestore.Type); Assert.AreEqual(tki.LatestVersionNum, tkiRestore.LatestVersionNum); Assert.AreEqual(tki.Name, tkiRestore.Name); Assert.AreEqual(tki.Keys.Count, tkiRestore.Keys.Count); }