public byte[] DecryptData(EncryptedPacket encryptedPacket, string keyId) { var decryptedSessionKey = _keyVault.DecryptAsync(keyId, encryptedPacket.EncryptedSessionKey).Result; using (var hmac = new HMACSHA256(decryptedSessionKey)) { var hmacToCheck = hmac.ComputeHash(Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv)); if (!Compare(encryptedPacket.Hmac, hmacToCheck)) { throw new CryptographicException( "HMAC for decryption does not match encrypted packet."); } if (!_keyVault.Verify(keyId, encryptedPacket.Hmac, encryptedPacket.Signature).Result) { throw new CryptographicException( "Digital Signature can not be verified."); } } var decryptedData = _aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey, encryptedPacket.Iv); return(decryptedData); }
public EncryptedPacket EncryptData(byte[] original, string keyId) { var sessionKey = _aes.GenerateRandomNumber(32); var encryptedPacket = new EncryptedPacket { Iv = _aes.GenerateRandomNumber(16) }; encryptedPacket.EncryptedData = _aes.Encrypt(original, sessionKey, encryptedPacket.Iv); encryptedPacket.EncryptedSessionKey = _keyVault.EncryptAsync(keyId, sessionKey).Result; using (var hmac = new HMACSHA256(sessionKey)) { encryptedPacket.Hmac = hmac.ComputeHash(Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv)); } encryptedPacket.Signature = _keyVault.Sign(keyId, encryptedPacket.Hmac).Result; return(encryptedPacket); }
public byte[] DecryptData(EncryptedPacket encryptedPacket, string keyId) { throw new NotImplementedException(); }