public async Task <IActionResult> Unwrap(EncryptDto toDecrypt)
{
KeyVaultKey key = await _keyClient.GetKeyAsync("test");
CryptographyClient crypto = new CryptographyClient(key.Id, new DefaultAzureCredential());
KeyVaultSecret wrappedKey = await _secretClient.GetSecretAsync(toDecrypt.Name);
UnwrapResult result = await crypto.UnwrapKeyAsync(KeyWrapAlgorithm.RsaOaep256, Convert.FromBase64String(wrappedKey.Value));
return(Ok(Encoding.UTF8.GetString(result.Key)));
}
public async Task <IActionResult> Decrypt(EncryptDto toDecrypt)
{
byte[] toDecryptInBytes = Convert.FromBase64String(toDecrypt.Payload);
KeyVaultKey key = await _keyClient.GetKeyAsync("test");
CryptographyClient crypto = new CryptographyClient(key.Id, new DefaultAzureCredential());
DecryptResult result = await crypto.DecryptAsync(EncryptionAlgorithm.RsaOaep256, toDecryptInBytes);
return(new OkObjectResult(Encoding.UTF8.GetString(result.Plaintext)));
}
public async Task <IActionResult> Wrap(EncryptDto toEncrypt)
{
byte[] keyToWrap = Encoding.UTF8.GetBytes(toEncrypt.Payload);
KeyVaultKey key = await _keyClient.GetKeyAsync("test");
CryptographyClient crypto = new CryptographyClient(key.Id, new DefaultAzureCredential());
WrapResult result = await crypto.WrapKeyAsync(KeyWrapAlgorithm.RsaOaep256, keyToWrap);
KeyVaultSecret secret = await _secretClient.SetSecretAsync(new KeyVaultSecret(toEncrypt.Name, Convert.ToBase64String(result.EncryptedKey)));
return(Ok(secret));
}
public async Task <IActionResult> Encrypt(EncryptDto toEncrypt)
{
byte[] toEncryptInBytes = Encoding.UTF8.GetBytes(toEncrypt.Payload);
if (toEncryptInBytes.Length > 245)
{
return(BadRequest());
}
KeyVaultKey key = await _keyClient.GetKeyAsync("test");
CryptographyClient crypto = new CryptographyClient(key.Id, new DefaultAzureCredential());
EncryptResult result = await crypto.EncryptAsync(EncryptionAlgorithm.RsaOaep256, toEncryptInBytes);
return(new OkObjectResult(Convert.ToBase64String(result.Ciphertext)));
}
