public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header) { var sharedPassphrase = Ensure.Type <string>(key, "Pbse2HmacShaKeyManagementWithAesKeyWrap management algorithm expectes key to be string."); byte[] sharedKey = Encoding.UTF8.GetBytes(sharedPassphrase); byte[] algId = Encoding.UTF8.GetBytes((string)header["alg"]); int iterationCount = 8192; byte[] saltInput = Arrays.Random(96); //12 bytes header["p2c"] = iterationCount; header["p2s"] = Compact.Base64UrlEncode(saltInput); byte[] salt = Arrays.Concat(algId, Arrays.Zero, saltInput); byte[] kek; using (var prf = PRF) { kek = PBKDF2.DeriveKey(sharedKey, salt, iterationCount, keyLengthBits, prf); } return(aesKW.WrapNewKey(cekSizeBits, kek, header)); }
public byte[][] WrapNewKey(int cekSizeBits, object key, IDictionary <string, object> header) { byte[] sharedKey = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array."); Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8)); byte[] iv = Arrays.Random(96); byte[] cek = Arrays.Random(cekSizeBits); byte[][] cipherAndTag = AesGcm.Encrypt(sharedKey, iv, null, cek); header["iv"] = Compact.Base64UrlEncode(iv); header["tag"] = Compact.Base64UrlEncode(cipherAndTag[1]); return(new[] { cek, cipherAndTag[0] }); }
public virtual byte[] NewKey(int keyLength, object key, IDictionary <string, object> header) { var recieverPubKey = Ensure.Type <CngKey>(key, "EcdhKeyManagement alg expects key to be of CngKey type."); EccKey ephemeral = EccKey.Generate(recieverPubKey); IDictionary <string, object> epk = new Dictionary <string, object>(); epk["kty"] = "EC"; epk["x"] = Compact.Base64UrlEncode(ephemeral.X); epk["y"] = Compact.Base64UrlEncode(ephemeral.Y); epk["crv"] = Curve(recieverPubKey); header["epk"] = epk; return(DeriveKey(header, keyLength, recieverPubKey, ephemeral.Key)); }