/// <summary> /// Generate encryption parameters. /// </summary> /// <exception cref="EncryptionException"/> public static FieldLevelEncryptionParams Generate(FieldLevelEncryptionConfig config) { // Generate a random IV var ivBytes = GenerateIv(); var ivValue = EncodingUtils.EncodeBytes(ivBytes, config.ValueEncoding); // Generate an AES secret key var secretKeyBytes = GenerateSecretKey(); // Encrypt the secret key var encryptedSecretKeyBytes = RsaEncryption.WrapSecretKey(config.EncryptionCertificate.GetRSAPublicKey(), secretKeyBytes, config.OaepPaddingDigestAlgorithm); var encryptedKeyValue = EncodingUtils.EncodeBytes(encryptedSecretKeyBytes, config.ValueEncoding); // Compute the OAEP padding digest algorithm var oaepPaddingDigestAlgorithmValue = config.OaepPaddingDigestAlgorithm.Replace("-", string.Empty); return(new FieldLevelEncryptionParams { IvValue = ivValue, EncryptedKeyValue = encryptedKeyValue, OaepPaddingDigestAlgorithmValue = oaepPaddingDigestAlgorithmValue, Config = config, SecretKeyBytes = secretKeyBytes, IvBytes = ivBytes }); }
internal byte[] GetSecretKeyBytes() { try { if (SecretKeyBytes != null) { return(SecretKeyBytes); } // Decrypt the AES secret key var encryptedSecretKeyBytes = EncodingUtils.DecodeValue(EncryptedKeyValue, Config.ValueEncoding); SecretKeyBytes = RsaEncryption.UnwrapSecretKey(Config, encryptedSecretKeyBytes, OaepPaddingDigestAlgorithmValue); return(SecretKeyBytes); } catch (Exception e) { throw new EncryptionException("Failed to decode and unwrap the provided secret key value!", e); } }