private async Task <AsymmetricallyEncryptedObject> EncryptObject_PrivateAsync(object input, IPublicKey publicKey1, IPublicKey publicKey2)
        {
            if (input == null)
            {
                throw new ArgumentNullException(nameof(input));
            }
            if (publicKey1 == null)
            {
                throw new ArgumentNullException(nameof(publicKey1));
            }

            //if (string.IsNullOrEmpty(key1Id))
            //{
            //    throw new ArgumentException("key1Id");
            //}
            //if (publicKey2 != null && string.IsNullOrEmpty(key2Id))
            //{
            //    throw new ArgumentException("key2Id");
            //}
            //if (!string.IsNullOrEmpty(key2Id) && publicKey2 == null)
            //{
            //    throw new ArgumentNullException("publicKey2");
            //}

            // password lengths



            int pwLen = 32;

            //var pwMinLen = pwLen;
            //var pwMaxLen = pwLen; // 40;

            if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
            {
                pwLen = 40;
                //// up the pw size
                //pwMinLen = 40;
                //pwMaxLen = 40;
            }

            //if (pwMinLen < 32)
            //{
            //    throw new NotImplementedException("pwMinLen is at least 32 bytes");
            //}

            //if (pwMinLen == pwMaxLen)
            //{
            //    pwLen = pwMaxLen;
            //}
            //else
            //{
            //    pwLen = rand.RandomNumber(pwMinLen, pwMaxLen);
            //}


            byte[] passPhraseAsBytes  = null;
            byte[] passPhrase2AsBytes = null;

            string passPhrase  = null;
            string passPhrase2 = null;

            var cryptoSvc = RNGCryptoServiceProvider.Create();

            if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
            {
                // legacy uses a string
                var rand = new RandomGenerator();
                passPhrase        = rand.GenerateSecretCodeUrlSafe(pwLen, pwLen); // pwMinLen, pwMaxLen);
                passPhraseAsBytes = Serializer.SerializeToByteArray(passPhrase);
                if (publicKey2 != null)
                {
                    passPhrase2        = rand.GenerateSecretCodeUrlSafe(pwLen, pwLen); // pwMinLen, pwMaxLen);
                    passPhrase2AsBytes = Serializer.SerializeToByteArray(passPhrase2);
                }
            }
            else
            {
                passPhraseAsBytes = new byte[pwLen];
                cryptoSvc.GetBytes(passPhraseAsBytes);
                if (publicKey2 != null)
                {
                    passPhrase2AsBytes = new byte[pwLen];
                    cryptoSvc.GetBytes(passPhrase2AsBytes);
                }
            }

            byte[] encryptedPassPhraseAsBytes        = null;
            AsymmetricallyEncryptedObject asymEncObj = null;

            byte[] encryptionPassPhrase = null;

            // if there are two keys, then we double encrypt the passphrase
            if (publicKey2 == null)
            {
                var encRes = await publicKey1.WrapKeyAsync(passPhraseAsBytes);

                encryptedPassPhraseAsBytes = encRes;
                asymEncObj = new AsymmetricallyEncryptedObject()
                {
                    KeyId     = publicKey1.KeyId,
                    Reference = encryptedPassPhraseAsBytes
                };
                encryptionPassPhrase = passPhraseAsBytes;
            }
            else
            {
                // double passwords
                var dualPw = new DualKeyProtectedPassword();

                // get encryption from key1
                var encRes1 = await publicKey1.WrapKeyAsync(passPhraseAsBytes);

                dualPw.EncryptedPassphrase1 = encRes1;

                // get encryption from key2
                var encRes2 = await publicKey2.WrapKeyAsync(passPhrase2AsBytes);

                dualPw.EncryptedPassphrase2 = encRes2;

                encryptedPassPhraseAsBytes = Encoding.UTF8.GetBytes(Serializer.SerializeToJson(dualPw));

                asymEncObj = new AsymmetricallyEncryptedObject()
                {
                    KeyId     = publicKey1.KeyId,
                    Key2Id    = publicKey2.KeyId,
                    Reference = encryptedPassPhraseAsBytes
                };

                encryptionPassPhrase = passPhraseAsBytes.Concat(passPhrase2AsBytes).ToArray();
            }

            // handle the different strategies
            // handle the different strategies
            if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
            {
                // this is the revised legacy handling that has been enhanced

                // Note that the passPhrase is a string, but the reference taht is stored is
                // -----> Serializer.SerializeToByteArray(passPhrase);
                //        This is not a straight forward string to byte array conversion using encoding.
                //        And the decrypte expects to use this serializer method.

                string cipher;
#pragma warning disable 0618
                asymEncObj.Data = BasicEncryptor.EncryptObject(input, passPhrase + passPhrase2, out cipher);
#pragma warning restore 0618
                asymEncObj.CipherText         = cipher;
                asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Legacy_Aes2; // critical!!!
            }
            else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_20000)
            {
                byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
                asymEncObj.Data = AesEncryptor.Encrypt20000(inputAsBytes, encryptionPassPhrase);
                asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_20000; // critical!!!
            }
            else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Undefined || this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
            {
                byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
                asymEncObj.Data = AesEncryptor.Encrypt1000(inputAsBytes, encryptionPassPhrase);
                asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_1000; // critical!!!
            }
            else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_5)
            {
                byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
                asymEncObj.Data = AesEncryptor.Encrypt5(inputAsBytes, encryptionPassPhrase);
                asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_5; // critical!!!
            }
            else
            {
                throw new NotImplementedException(string.Format("AsymmetricStrategyOption '{0}' not implemented.", this.AsymmetricStrategy.ToString()));
            }

            passPhraseAsBytes.ClearByteArray();
            passPhrase2AsBytes.ClearByteArray();

            return(asymEncObj);
        }
        private async Task<AsymmetricallyEncryptedObject> EncryptObject_PrivateAsync(object input, IPublicKey publicKey1, IPublicKey publicKey2)
        {
            if (input == null)
            {
                throw new ArgumentNullException(nameof(input));
            }
            if (publicKey1 == null)
            {
                throw new ArgumentNullException(nameof(publicKey1));
            }

            //if (string.IsNullOrEmpty(key1Id))
            //{
            //    throw new ArgumentException("key1Id");
            //}
            //if (publicKey2 != null && string.IsNullOrEmpty(key2Id))
            //{
            //    throw new ArgumentException("key2Id");
            //}
            //if (!string.IsNullOrEmpty(key2Id) && publicKey2 == null)
            //{
            //    throw new ArgumentNullException("publicKey2");
            //}

            // password lengths



            int pwLen = 32;
            //var pwMinLen = pwLen;
            //var pwMaxLen = pwLen; // 40;

            if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
            {
                pwLen = 40;
                //// up the pw size
                //pwMinLen = 40;
                //pwMaxLen = 40;
            }

            //if (pwMinLen < 32)
            //{
            //    throw new NotImplementedException("pwMinLen is at least 32 bytes");
            //}

            //if (pwMinLen == pwMaxLen)
            //{
            //    pwLen = pwMaxLen;
            //}
            //else
            //{
            //    pwLen = rand.RandomNumber(pwMinLen, pwMaxLen);
            //}


            byte[] passPhraseAsBytes = null;
            byte[] passPhrase2AsBytes = null;

            string passPhrase = null;
            string passPhrase2 = null;

            if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
            {
                // legacy uses a string
                var rand = new RandomGenerator();
                passPhrase = rand.RandomPassword(pwLen); // pwMinLen, pwMaxLen);
                passPhraseAsBytes = Serializer.SerializeToByteArray(passPhrase);
                if (publicKey2 != null)
                {
                    passPhrase2 = rand.RandomPassword(pwLen); // pwMinLen, pwMaxLen);
                    passPhrase2AsBytes = Serializer.SerializeToByteArray(passPhrase2);
                }
            }
            else
            {
                var cryptoSvc = RNGCryptoServiceProvider.Create();
                passPhraseAsBytes = new byte[pwLen];
                cryptoSvc.GetBytes(passPhraseAsBytes);
                if (publicKey2 != null)
                {
                    passPhrase2AsBytes = new byte[pwLen];
                    cryptoSvc.GetBytes(passPhrase2AsBytes);
                }
            }

            byte[] encryptedPassPhraseAsBytes = null;
            AsymmetricallyEncryptedObject asymEncObj = null;

            byte[] encryptionPassPhrase = null;

            // if there are two keys, then we double encrypt the passphrase
            if (publicKey2 == null)
            {
                var encRes = await publicKey1.WrapKeyAsync(passPhraseAsBytes);
                encryptedPassPhraseAsBytes = encRes;
                asymEncObj = new AsymmetricallyEncryptedObject()
                {
                    KeyId = publicKey1.KeyId,
                    Reference = encryptedPassPhraseAsBytes
                };
                encryptionPassPhrase = passPhraseAsBytes;
            }
            else
            {
                // double passwords
                var dualPw = new DualKeyProtectedPassword();

                // get encryption from key1
                var encRes1 = await publicKey1.WrapKeyAsync(passPhraseAsBytes);
                dualPw.EncryptedPassphrase1 = encRes1;

                // get encryption from key2
                var encRes2 = await publicKey2.WrapKeyAsync(passPhrase2AsBytes);
                dualPw.EncryptedPassphrase2 = encRes2;

                encryptedPassPhraseAsBytes = Encoding.UTF8.GetBytes(Serializer.SerializeToJson(dualPw));

                asymEncObj = new AsymmetricallyEncryptedObject()
                {
                    KeyId = publicKey1.KeyId,
                    Key2Id = publicKey2.KeyId,
                    Reference = encryptedPassPhraseAsBytes
                };

                encryptionPassPhrase = passPhraseAsBytes.Concat(passPhrase2AsBytes).ToArray();
            }

            // handle the different strategies
            // handle the different strategies
            if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
            {

                // this is the revised legacy handling that has been enhanced

                // Note that the passPhrase is a string, but the reference taht is stored is
                // -----> Serializer.SerializeToByteArray(passPhrase);
                //        This is not a straight forward string to byte array conversion using encoding.
                //        And the decrypte expects to use this serializer method.

                string cipher;
#pragma warning disable 0618
                asymEncObj.Data = BasicEncryptor.EncryptObject(input, passPhrase + passPhrase2, out cipher);
#pragma warning restore 0618
                asymEncObj.CipherText = cipher;
                asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Legacy_Aes2; // critical!!!
            }
            else if(this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_200000)
            {
                byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
                asymEncObj.Data = AesEncryptor.Encrypt20000(inputAsBytes, encryptionPassPhrase);
                asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_200000; // critical!!!
            }
            else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Undefined || this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
            {
                byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
                asymEncObj.Data = AesEncryptor.Encrypt1000(inputAsBytes, encryptionPassPhrase);
                asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_1000; // critical!!!
            }
            else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_5)
            {
                byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
                asymEncObj.Data = AesEncryptor.Encrypt5(inputAsBytes, encryptionPassPhrase);
                asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_5; // critical!!!
            }
            else
            {
                throw new NotImplementedException(string.Format("AsymmetricStrategyOption '{0}' not implemented.", this.AsymmetricStrategy.ToString()));
            }

            passPhraseAsBytes.ClearByteArray();
            passPhrase2AsBytes.ClearByteArray();

            return asymEncObj;
        }