/// <summary>JWE生成メソッド</summary>
/// <param name="payloadJson">ペイロード部のJson文字列</param>
/// <returns>JWEの文字列表現</returns>
public string Create(string payloadJson)
{
// ヘッダー
string headerJson = JsonConvert.SerializeObject(
this.JWEHeader,
new JsonSerializerSettings()
{
Formatting = Formatting.None,
NullValueHandling = NullValueHandling.Ignore
});
byte[] headerBytes = CustomEncode.StringToByte(headerJson, CustomEncode.UTF_8);
string headerEncoded = CustomEncode.ToBase64UrlString(headerBytes);
// コンテンツ暗号化キー(CEK)
byte[] cekBytes = GetPassword.RandomByte(this.CekByteLength);
byte[] encryptedCekBytes = this.CreateKey(cekBytes); // 派生を呼ぶ
string encryptedCekEncoded = CustomEncode.ToBase64UrlString(encryptedCekBytes);
// 初期化ベクトル
byte[] ivBytes = GetPassword.RandomByte(this.IvByteLength);
string ivEncoded = CustomEncode.ToBase64UrlString(ivBytes);
// 追加認証データ(AAD)
byte[] aadBytes = CustomEncode.StringToByte(headerEncoded, CustomEncode.us_ascii);
// ペイロード(認証付き暗号(AEAD)による暗号化)
byte[] payloadBytes = CustomEncode.StringToByte(payloadJson, CustomEncode.UTF_8);
AeadResult result = this.CreateBody(cekBytes, ivBytes, aadBytes, payloadBytes); // 派生を呼ぶ
byte[] encryptedPayloadBytes = result.Ciphert;
string encryptedPayloadEncoded = CustomEncode.ToBase64UrlString(encryptedPayloadBytes);
// 認証タグ(MAC)
byte[] macBytes = result.Tag;
string macEncoded = CustomEncode.ToBase64UrlString(macBytes);
// return JWE
return(headerEncoded + "." +
encryptedCekEncoded + "." + ivEncoded + "." +
encryptedPayloadEncoded + "." + macEncoded);
}
/// <summary>復号化</summary> /// <param name="result">AeadResult</param> /// <returns>平文(plaintext)</returns> public abstract byte[] Decrypt(AeadResult result);
/// <summary>認証付き暗号(AEAD)による本文 復号化</summary>
/// <param name="cekBytes">コンテンツ暗号化キー(CEK)</param>
/// <param name="ivBytes">初期化ベクトル</param>
/// <param name="aadBytes">追加認証データ(AAD)</param>
/// <param name="aeadResult">AeadResult</param>
/// <returns>byte[] </returns>
protected override byte[] DecryptBody(byte[] cekBytes, byte[] ivBytes, byte[] aadBytes, AeadResult aeadResult)
{
AeadA256Gcm aesGcm = new AeadA256Gcm(cekBytes, ivBytes, aadBytes);
return(aesGcm.Decrypt(aeadResult));
}
/// <summary>認証付き暗号(AEAD)による本文 復号化</summary> /// <param name="cekBytes"></param> /// <param name="ivBytes"></param> /// <param name="aadBytes"></param> /// <param name="aeadResult"></param> /// <returns>byte[] </returns> protected abstract byte[] DecryptBody(byte[] cekBytes, byte[] ivBytes, byte[] aadBytes, AeadResult aeadResult);
/// <summary>認証付き暗号(AEAD)による本文 復号化</summary>
/// <param name="cekBytes">コンテンツ暗号化キー(CEK)</param>
/// <param name="ivBytes">初期化ベクトル</param>
/// <param name="aadBytes">追加認証データ(AAD)</param>
/// <param name="aeadResult">AeadResult</param>
/// <returns>byte[] </returns>
protected override byte[] DecryptBody(byte[] cekBytes, byte[] ivBytes, byte[] aadBytes, AeadResult aeadResult)
{
AeadA128CbcHS256 aesA128CbcHs256 = new AeadA128CbcHS256(cekBytes, ivBytes, aadBytes);
return(aesA128CbcHs256.Decrypt(aeadResult));
}
