Exemplo n.º 1
0
        public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, string> header)
        {
            var sharedPassphrase = Ensure.Type <string>(key, "Pbse2HmacShaKeyManagementWithAesKeyWrap management algorithm expectes key to be string.");

            byte[] sharedKey = Encoding.UTF8.GetBytes(sharedPassphrase);

            Ensure.Contains(header, new[] { "p2c" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2c' param in JWT header, but was not found");
            Ensure.Contains(header, new[] { "p2s" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2s' param in JWT header, but was not found");

            byte[] algId          = Encoding.UTF8.GetBytes((string)header["alg"]);
            int    iterationCount = Convert.ToInt32(header["p2c"]);

            byte[] saltInput = Base64Url.Decode((string)header["p2s"]);

            byte[] salt = Arrays.Concat(algId, Arrays.Zero, saltInput);

            byte[] kek;

            using (var prf = PRF)
            {
                kek = PBKDF2.DeriveKey(sharedKey, salt, iterationCount, keyLengthBits, prf);
            }

            return(aesKW.Unwrap(encryptedCek, kek, cekSizeBits, header));
        }
Exemplo n.º 2
0
        public override byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, string> header)
        {
            byte[] kek = base.Unwrap(Arrays.Empty, key, keyLengthBits, header);

            return(aesKW.Unwrap(encryptedCek, kek, cekSizeBits, header));
        }