public X509Certificate2 GetEncryptionCertificate(EncryptionCertificateSettings settings) { if (string.IsNullOrEmpty(settings?.EncryptionCertificateThumbprint)) { throw new IdentityConfigurationException("No certificate defined in configuration for EncryptionCertificateSettings.EncryptionCertificateThumbprint, encrypted value cannot be decrypted"); } if (RuntimeInformation.IsOSPlatform(OSPlatform.Linux)) { throw new IdentityConfigurationException("Do not encrypt settings when running on a Linux container, instead use Docker Secrets to protect sensitive configuration settings."); } var cert = GetCertificateByThumbprint(settings.EncryptionCertificateThumbprint); return(cert); }
public string DecryptString(string encryptedString, EncryptionCertificateSettings certificateSettings) { if (!IsEncrypted(encryptedString)) { return(encryptedString); } var privateKey = _certificateService.GetEncryptionCertificatePrivateKey(certificateSettings); var encryptedPasswordAsBytes = Convert.FromBase64String( encryptedString.Replace(EncryptionPrefix, string.Empty)); var decryptedPasswordAsBytes = privateKey.Decrypt(encryptedPasswordAsBytes, RSAEncryptionPadding.OaepSHA1); return(System.Text.Encoding.UTF8.GetString(decryptedPasswordAsBytes)); }
public RSA GetEncryptionCertificatePrivateKey(EncryptionCertificateSettings certificateSettings) { var cert = GetEncryptionCertificate(certificateSettings); return(cert.GetRSAPrivateKey()); }