public byte[] EncryptWithFileKey(string filePath, byte[] toEncrypt, string hashAlgorithm = PaddingHashAlgorithmNames.SHA512, int paddingFlags = PaddingFlags.OAEPPadding)
{
byte[] encryptedData = null;
if (!File.Exists(filePath))
{
throw new IOException(string.Format("They file {0} does not exist and cannot be used for encryption", filePath));
}
byte[] keyBlob = null;
CngKey key;
try
{
key = PemHelper.ImportFromPem(filePath);
}
catch //Not a PEM, just import the RSA blob
{
keyBlob = File.ReadAllBytes(filePath);
key = CngKey.Import(keyBlob, new CngKeyBlobFormat("RSAPUBLICBLOB"));
}
using (key)
{
using (RSACng rsa = new RSACng(key))
{
RSAEncryptionPadding padding = this.GetRSAPadding(hashAlgorithm, paddingFlags);
encryptedData = rsa.Encrypt(toEncrypt, padding);
}
}
return(encryptedData);
}
/// <summary>
/// Export the public key so that encryption can happen off of the machine.
/// </summary>
/// <param name="providerName">Name of the provider</param>
/// <param name="keyName">Name of the key to destroy</param>
/// <param name="filePath">Output Path for where to write the key</param>
public void ExportPublicKeytoFile(string providerName, string keyName, string filePath, FileFormat fileFormat = FileFormat.CngBlob)
{
CngProvider provider = new CngProvider(providerName);
bool keyExists = doesKeyExists(provider, keyName);
if (!keyExists)
{
throw new CryptographicException(string.Format("They key {0} does not exist so there is no public key to export", keyName));
}
if (File.Exists(filePath))
{
throw new IOException(string.Format("File {0} already exists.", filePath));
}
using (CngKey key = CngKey.Open(keyName, provider, CngKeyOpenOptions.MachineKey))
{
if (fileFormat == FileFormat.CngBlob)
{
File.WriteAllBytes(filePath, key.Export(new CngKeyBlobFormat("RSAPUBLICBLOB")));
}
else
{
// FileFormat.PEM
File.WriteAllText(filePath, PemHelper.ExportToPem(key));
}
}
}
