public async Task <string> Decrypt(string encryptedData, string serviceAccountId)
{
var tuple = EnvelopeEncryptionUtils.Unwrap(encryptedData).ValueOrFailure("Invalid encrypted data format");
var(encryptedDataKey, iv, actualEncryptedData) = tuple;
var decryptionResult = await mAmazonKeyManagementService.DecryptAsync(new DecryptRequest
{
CiphertextBlob = new MemoryStream(Convert.FromBase64String(encryptedDataKey)),
});
var decrypted = RijndaelUtils.Decrypt(decryptionResult.Plaintext.ToArray(), iv, actualEncryptedData);
return(Encoding.UTF8.GetString(decrypted));
}
public Task <string> Decrypt(string encryptedData, string serviceAccountId)
{
return(EnvelopeEncryptionUtils.Unwrap(encryptedData).Match(
some: async t =>
{
(string encryptedDataKey, byte[] iv, byte[] actualEncryptedData) = t;
var key = await mMasterKeyManagement.Decrypt(encryptedDataKey, serviceAccountId);
var decrypted = RijndaelUtils.Decrypt(Convert.FromBase64String(key), iv, actualEncryptedData);
return Encoding.UTF8.GetString(decrypted);
},
none: () => mMasterKeyManagement.Decrypt(encryptedData, serviceAccountId)
));
}