private static string DecryptByCertificates(EnvelopedCms envelopedCms, X509Certificate2[] certificates)
        {
            if (certificates == null || certificates.Length == 0)
            {
                throw new CryptographicException("No matching private key found in local machine and current user stores");
            }

            try
            {
                envelopedCms.Decrypt(new X509Certificate2Collection(certificates));
            }
            catch (CryptographicException ex)
            {
                throw new CryptographicException("Failed decrypting envelopedCms", ex);
            }

            try
            {
                return(SecretEncoding.GetString(envelopedCms.ContentInfo.Content));
            }
            catch (DecoderFallbackException ex)
            {
                throw new DecoderFallbackException("Cannot decode decrypted bytes into a unicode string", ex);
            }
        }
Пример #2
0
        /// <summary>
        /// Decrypt the encrypted S/MIME envelope.
        /// </summary>
        /// <param name="contentType">Content Type of the outermost MIME part.</param>
        /// <param name="contentTransferEncoding">Encoding of the outermost MIME part.</param>
        /// <param name="envelopeText">The MIME envelope.</param>
        /// <param name="processingFlags">Flags determining whether specialized properties are returned with a MailMessage.</param>
        /// <param name="depth">The nesting layer of this MIME part.</param>
        public static List <MimePart> ReturnSmimeDecryptedMimeParts(string contentType, string contentTransferEncoding, string envelopeText, MailMessageProcessingFlags processingFlags, int depth)
        {
            try
            {
                // Hydrate the envelope CMS object.
                EnvelopedCms envelope = new EnvelopedCms();

                // Attempt to decrypt the envelope.
                envelope.Decode(Convert.FromBase64String(envelopeText));
                envelope.Decrypt();

                string body        = Encoding.UTF8.GetString(envelope.ContentInfo.Content);
                int    divider     = body.IndexOf("\r\n\r\n");
                string mimeHeaders = body.Substring(0, divider);
                body = body.Substring(divider + 4);

                // Divide the MIME part's headers into its components.
                string mimeContentType = "", mimeCharSet = "", mimeContentTransferEncoding = "", mimeFileName = "", mimeContentDisposition = "", mimeContentID = "";
                ExtractMimeHeaders(mimeHeaders, out mimeContentType, out mimeCharSet, out mimeContentTransferEncoding, out mimeContentDisposition, out mimeFileName, out mimeContentID);

                // Recurse through embedded MIME parts.
                List <MimePart> mimeParts = ExtractMIMEParts(mimeContentType, mimeCharSet, mimeContentTransferEncoding, body, processingFlags, depth + 1);
                foreach (MimePart mimePart in mimeParts)
                {
                    mimePart.SmimeEncryptedEnvelope = true;
                }

                return(mimeParts);
            }
            catch (Exception)
            {
                // If unable to decrypt the body, return null.
                return(null);
            }
        }
Пример #3
0
        public static void PostDecrypt_Encode()
        {
            byte[] expectedContent = { 6, 3, 128, 33, 44 };

            EnvelopedCms ecms = new EnvelopedCms(new ContentInfo(expectedContent));

            ecms.Encrypt(new CmsRecipient(Certificates.RSAKeyTransfer1.GetCertificate()));
            byte[] encodedMessage =
                ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253"
                 + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004818067"
                 + "6bada56dcaf2e65226941242db73b5a5420a6212cd6af662db52fdc0ca63875cb69066f7074da0fc009ce724e2d73fb19380"
                 + "2deea8d92b069486a41c7c4fc3cd0174a918a559f79319039b40ae797bcacc909c361275ee2a5b1f0ff09fb5c19508e3f5ac"
                 + "051ac0f03603c27fb8993d49ac428f8bcfc23a90ef9b0fac0f423a302b06092a864886f70d010701301406082a864886f70d"
                 + "0307040828dc4d72ca3132e48008546cc90f2c5d4b79").HexToByteArray();
            ecms.Decode(encodedMessage);

            using (X509Certificate2 cer = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
            {
                if (cer == null)
                {
                    return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
                }
                X509Certificate2Collection extraStore = new X509Certificate2Collection(cer);
                RecipientInfoCollection    r          = ecms.RecipientInfos;
                ecms.Decrypt(r[0], extraStore);

                // Desktop compat: Calling Encode() at this point should have thrown an InvalidOperationException. Instead, it returns
                // the decrypted inner content (same as ecms.ContentInfo.Content). This is easy for someone to take a reliance on
                // so for compat sake, we'd better keep it.
                byte[] encoded = ecms.Encode();
                Assert.Equal <byte>(expectedContent, encoded);
            }
        }
Пример #4
0
        public static void RoundTrip_ExplicitSki()
        {
            ContentInfo  contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms        = new EnvelopedCms(contentInfo);

            using (X509Certificate2 explicitSkiCert = Certificates.RSAKeyTransfer_ExplicitSki.GetCertificate())
            {
                CmsRecipient recipient = new CmsRecipient(SubjectIdentifierType.SubjectKeyIdentifier, explicitSkiCert);
                ecms.Encrypt(recipient);
            }

            byte[] encodedMessage = ecms.Encode();

            ecms = new EnvelopedCms();
            ecms.Decode(encodedMessage);

            using (X509Certificate2 privateCert = Certificates.RSAKeyTransfer_ExplicitSki.TryGetCertificateWithPrivateKey())
            {
                if (privateCert == null)
                {
                    return; // CertLoader can't load the private certificate.
                }
                ecms.Decrypt(new X509Certificate2Collection(privateCert));
            }
            Assert.Equal(contentInfo.ContentType.Value, ecms.ContentInfo.ContentType.Value);
            Assert.Equal <byte>(contentInfo.Content, ecms.ContentInfo.Content);
        }
Пример #5
0
        public static void MultipleRecipientIdentifiers_RoundTrip()
        {
            ContentInfo            contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms           ecms        = new EnvelopedCms(contentInfo);
            CmsRecipientCollection recipients  = new CmsRecipientCollection();

            using (X509Certificate2 issuerSerialCert = Certificates.RSAKeyTransfer1.GetCertificate())
                using (X509Certificate2 explicitSkiCert = Certificates.RSAKeyTransfer_ExplicitSki.GetCertificate())
                {
                    // CmsRecipients have different identifiers to test multiple identifier encryption.
                    recipients.Add(new CmsRecipient(SubjectIdentifierType.IssuerAndSerialNumber, issuerSerialCert));
                    recipients.Add(new CmsRecipient(SubjectIdentifierType.SubjectKeyIdentifier, explicitSkiCert));
                    ecms.Encrypt(recipients);
                }

            byte[] encodedMessage = ecms.Encode();

            ecms = new EnvelopedCms();
            ecms.Decode(encodedMessage);

            // Try decoding it, doesn't really matter with which cert you want to do it as it's not what this
            // test aims for.

            using (X509Certificate2 privateCert = Certificates.RSAKeyTransfer_ExplicitSki.TryGetCertificateWithPrivateKey())
            {
                if (privateCert == null)
                {
                    return; // CertLoader can't load the private certificate.
                }
                ecms.Decrypt(new X509Certificate2Collection(privateCert));
            }
            Assert.Equal(contentInfo.ContentType.Value, ecms.ContentInfo.ContentType.Value);
            Assert.Equal <byte>(contentInfo.Content, ecms.ContentInfo.Content);
        }
        public void DecryptRecipientInfoX509CertificateExCollectionNull()
        {
            EnvelopedCms ep = new EnvelopedCms();
            X509Certificate2Collection xec = new X509Certificate2Collection();

            ep.Decrypt(null, xec);
        }
Пример #7
0
        public static void Decrypt_DoesNotAlterAsnOctetStringContent()
        {
            // The content in the message happens to be an ASN.1 OCTET STRING.
            // We used to decode this for compatibility purposes, but that has
            // been removed. Instead, test that the content remains untouched.
            byte[] expectedContent = new byte[] { 4, 3, 1, 2, 3 };
            byte[] encodedMessage  =
                ("3082010C06092A864886F70D010703A081FE3081FB0201003181C83081C5020100302" +
                 "E301A311830160603550403130F5253414B65795472616E7366657231021031D935FB" +
                 "63E8CFAB48A0BF7B397B67C0300D06092A864886F70D0101010500048180586BCA530" +
                 "9A74A211859714715D90B8E13A7712838746877DF7D68B0BCF36DE3F77854276C8EAD" +
                 "389ADD8402697E4FFF215143E0E63676349592CB3A86FF556230D5F4AC4A9A6758219" +
                 "9E65281A8B63DFBCFB7180E6B54C6E38BECAF09624C6B6D2B3058F280FE8F0BF8EBA3" +
                 "57AECC1B9B177E98671A9659B034501AE3D58789302B06092A864886F70D010701301" +
                 "406082A864886F70D0307040810B222648FDC0DE38008036BB59C8B6A784B").HexToByteArray();
            EnvelopedCms ecms = new EnvelopedCms();

            ecms.Decode(encodedMessage);

            using (X509Certificate2 privateCert = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
            {
                if (privateCert == null)
                {
                    return; //Private key not available.
                }

                ecms.Decrypt(new X509Certificate2Collection(privateCert));
            }

            Assert.Equal(expectedContent, ecms.ContentInfo.Content);
        }
Пример #8
0
        public static void ImportEdgeCase()
        {
            //
            // Pfx's imported into a certificate collection propagate their "delete on Dispose" behavior to its cloned instances:
            // a subtle difference from Pfx's created using the X509Certificate2 constructor that can lead to premature or
            // double key deletion. Since EnvelopeCms.Decrypt() has no legitimate reason to clone the extraStore certs, this shouldn't
            // be a problem, but this test will verify that it isn't.
            //

            byte[] encodedMessage =
                ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253"
                 + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e"
                 + "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c"
                 + "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4"
                 + "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d"
                 + "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray();

            EnvelopedCms ecms = new EnvelopedCms();

            ecms.Decode(encodedMessage);

            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.LoadPfxUsingCollectionImport())
            {
                X509Certificate2Collection extraStore = new X509Certificate2Collection(cert);
                ecms.Decrypt(extraStore);

                byte[]      expectedContent = { 1, 2, 3 };
                ContentInfo contentInfo     = ecms.ContentInfo;
                Assert.Equal <byte>(expectedContent, contentInfo.Content);
            }
        }
        public void DecryptRecipientInfoNull()
        {
            EnvelopedCms  ep = new EnvelopedCms();
            RecipientInfo ri = null; // do not confuse compiler

            ep.Decrypt(ri);
        }
        public async Task TestMethod1()
        {
            var str  = "ew0KICAgICJkYXRhIjogICJNSUlLbHdJQkF6Q0NDbE1HQ1NxR1NJYjNEUUVIQWFDQ0NrUUVnZ3BBTUlJS1BEQ0NCZzRHQ1NxR1NJYjNEUUVIQWFDQ0JmOEVnZ1g3TUlJRjl6Q0NCZk1HQ3lxR1NJYjNEUUVNQ2dFQ29JSUUvakNDQlBvd0hBWUtLb1pJaHZjTkFRd0JBekFPQkFqaFlpYVhzZkF6a3dJQ0I5QUVnZ1RZalpCM0g2a21ZVmlsQVEyN2M3MkZncXF2cXZGalAxcDRwVlNzZGg1M3VqN3FFODRTZWdDN25USHZTKzZFRzJieWRKSHMvRDdVREhrYlR2SXowYjRhdzQvQ3A0NHhUMjNqN3RPYWFvTHJhOUliMWF0QVB2TFdWRnZxd1ZVUzM3NTV2WTluWk9SalA5cit3eUQ4LzBPWGswSnZ1S0VCNk0vUE82cjgySHZsbk9GZlY1SGMrWGt1emxFR3N0MW81MFZYa0RPRG5BRFkvU3lUZTl6Uy82TWc0bk9TZUVlYUpzWUNkYTZQUWhQNzlNcy8zK1hVdThMK2dlSkJxK2FXU1dKRWdPa2J4L0dOSUk3NTE5V0lJSU9GYnZIN3VXejlINHdObmZlQ0UydEF3bXhSNnBhTVFZZjA5bStjSlNYeEMxcTVOL1RnZmF5R0ltYytKMFBHUTI3YWkwRDR5VUJibWJnMlBtZ2tuTDlWVHJ3QkVVUVZDZTNJVEpEOWI1WEd4aDF3bnprd0FFSHJaVFNxUWdkQmprMXZUNHdZMm1FZFJuVkUyUUZTTFVpNEhWYWRUNENTNFpJS3plbW9FOUoyczZFSkREeFB2a2QxS05HVlVSZndvWWE4OWl5Vi9pMmxMLzgwSFgxMHNkYUtVbzV3clBNc3ZycnFEcUdldng4OHlDUDZTTFJTVllydHlObTEwd2pLZGdtSWVVWENKQ01rQllhanVkd1czL0s5WjFMOE1jeldDaDBWc0FWbWdYSzlJN0NhSkF3WStIdmgvNTVNcjNmWlJhT1kyYVpId1V3eENETUNlRXVOUVZsNlhEOUpPWEtkL1pRV05aZnB6Yk1hTDlWOTYzdElsY0E0di81dlhMZ3N4SUJGTTIwV3R2bm4wV1c1T1ZJdkRSdy9hVnQ1clRWSXoxOUdlZ1RublJCNjlDTHJYNHZXT0hKREZ3ZWJVZVJOd000UFFsdjdpd25YTXIrNWxYcWNmRDhiY3BCcG11eldGVWlvenhzL00wbThXWmM4K0drU0dyTEpydDRYM2dMbDNTLzk3NGE0WWY4aUNKdzBPUjFjRXJhbzN1dUVVcGQ3TFlVd0JqWjcxUVlmdytoV25oTVFLc3dHb2N4dGFGS1N1YjlCdTFEcjNDTTBoUEdEdVZURDVlVG5sS1NXNWxNSzNiUXBKTFNWTGxoR05ERy9QdTgwaVprWG9odlZQWlpkRlByVnBCL0J1dnpvaDlmMk5ONFp1ZXlWYkc3dXFvWUQzSG56MEgxakNRdjdTdElRdGI3ckRhcGlRb3Y1UkpkTWpCM0gwbXBITFIvbWtXeTJXTllwNFZaMXk5d25DWjQvZVZ0T1RLSVRjdHdVUllaVXRNYjNQK2Q4ZUNZSjVKSHdndzNGSFMxNElISkdQUm51NS9PVTJLeEtPMERLam9NRktReHFlWkFYQzJ5VEZ1L0RyVXVQdDhkeGk1T25ObFJqV1BiKy9tQk1XWUhTMXpZa2hucmNXT2J3Q1c1cVAwd2xPVmRsWGRKK292d1Vhc3Z0MC9Gc282eVFmRGIyeElLcEFXdTh5THRJVmZ1NjlOR0dKMk5pUCtWdThGZnQ1a3J1M3NLV2JKS3J2ZU83MGxWeFZFbGQ0eTlPN1hBdmJrdXlDOHhsS0M3bEVGNXVJUDNudkxYdGdzOTc5ckpTNmdjUTlKNGpvbDR2TGlEblNMRjVrOHY3eUNtWkRHV2J6MjZBYzVtVjVUa0FjRUFrdXI2R0diS0FHOGk4ZkhQZFBqOUZCbjdOL0hoMkV4b044dEViK05JK1BtM00xaVNqYlhRQjRhQWZvcTRBdFErZnNMZm05c24zSmx4VWxEazhMNytrQXpwQm04Zm1BZVNGcHhVUTdXczZ1RzJRcTNWeExVYW0zb2R2R0NJL0hZRnluTVlQUnVXbThRMWZwWHMvS2RKSGtjMmg5UzlTenBVYlA5UDZuN3hYRDlkdGxoUDNzZ2pnbG81U1BURmo0azZWKzQ1SFVvaWdIQ3lCdmljM2pmYXN1R0ZsemhCT2NIYWdZYkFLT2V4M1dwMGhCaHVJUk5yY3VVajd3Slk4QWs4aGlZTFZWbjllZW16TVNZU1FsdFIvTVpkMDk3QkU4Ly8vNG5Hcmd0SGd4MWFKTk0rbDFDNm1XSUVVN05xRGptS0FpVGhqdlp0bGwxTkpxUlJFbmJHRlRRMC82REdCNFRBVEJna3Foa2lHOXcwQkNSVXhCZ1FFQVFBQUFEQmRCZ2txaGtpRzl3MEJDUlF4VUI1T0FIUUFaUUF0QUdVQU13QmpBRGdBTUFBMEFHRUFOd0F0QURrQU5RQXpBRGdBTFFBMEFEZ0FNd0ExQUMwQVlnQXhBREVBT1FBdEFEVUFZd0F3QUdNQU9BQTBBRE1BT1FBMEFEUUFZd0JsTUdzR0NTc0dBUVFCZ2pjUkFURmVIbHdBVFFCcEFHTUFjZ0J2QUhNQWJ3Qm1BSFFBSUFCRkFHNEFhQUJoQUc0QVl3QmxBR1FBSUFCREFISUFlUUJ3QUhRQWJ3Qm5BSElBWVFCd0FHZ0FhUUJqQUNBQVVBQnlBRzhBZGdCcEFHUUFaUUJ5QUNBQWRnQXhBQzRBTURDQ0JDWUdDU3FHU0liM0RRRUhBYUNDQkJjRWdnUVRNSUlFRHpDQ0JBc0dDeXFHU0liM0RRRU1DZ0VEb0lJRHNUQ0NBNjBHQ2lxR1NJYjNEUUVKRmdHZ2dnT2RCSUlEbVRDQ0E1VXdnZ0o5b0FNQ0FRSUNFRWk5NldaYWJ6dUJTTEE0TTJuTWM4Z3dEUVlKS29aSWh2Y05BUUVGQlFBd1BURTdNRGtHQTFVRUF3d3lkM2QzTG5CcmMzTmxjblpwWTJWbVlXSnlhV011ZDJWemRHVjFjbTl3WlM1amJHOTFaR0Z3Y0M1aGVuVnlaUzVqYjIwd0hoY05NVFl3TXpBMU1UUXdPVE00V2hjTk1UY3dNekExTVRReU9UTTRXakE5TVRzd09RWURWUVFERERKM2QzY3VjR3R6YzJWeWRtbGpaV1poWW5KcFl5NTNaWE4wWlhWeWIzQmxMbU5zYjNWa1lYQndMbUY2ZFhKbExtTnZiVENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFMeWd5cyt3UE9laWhDVG5aUVJNTHJoS2Q2Zjh0SHpma1o5bFRFOTRnK083aHBHM2UyWnU1ZFBOMHdMRDdWRmJMMW1rUG1RSEtnNWFiSm93NHlaZE9EUHhEVWdtYjVWdzZWNXJCMDVrclhRZUJ2S2hmVzcrVzM2U2hObFRLYllBdExXOVhxR3VIQVJQa0g2RkJhMm9VUDBSMEE3cXBvSFZZS1ZnM0tkOXBXN1pVcmlZZ2orT3MrVXAxUDFzUzJNM2xkT2hZUzNhSzlRcDEzaGs0TXFSRGlObjFodThJdzV1T2dGRHVRNE9qS2ovQUI4RzF0SitiNnZZVmJiWWRFU1VYU0xaMzEwTTFJUGU3S3VaUk95eVUyUE55TjJETGVrWDgweVl5YTdGNkt3RUNtRkJ4eUp1azA1bDlWRGVGL09Dbks3NmRZN1ZMUlFtRFlHU0FmelRNNTBDQXdFQUFhT0JrRENCalRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdJR0NDc0dBUVVGQndNQk1EMEdBMVVkRVFRMk1EU0NNbmQzZHk1d2EzTnpaWEoyYVdObFptRmljbWxqTG5kbGMzUmxkWEp2Y0dVdVkyeHZkV1JoY0hBdVlYcDFjbVV1WTI5dE1CMEdBMVVkRGdRV0JCU2g1QTVFSlhReXl6dXhmazBNZDVCYmE1MUFIREFOQmdrcWhraUc5dzBCQVFVRkFBT0NBUUVBVlZWeE0vcklPK0hnazI5UUJnTjhHUWxZeXpBSWE3M3FhVVNhY21lU0FFMEY5MEU4SlJodVo1TmRmUW5pMk84UzA3Y1VPZUE0SWxqaHo3VEtDczhVa0R1SjZFWm9hblRGSm5DWTNqekN0T3V4R2dkbHVkNEM5R0xLcDNvR251R2JpaUV3ZUZSeDIrNWpWenoyM2x3VFk0eEk1T08ySllIZENJOVJEd29YelNaYmVRejBHcmljQ0lkdTVXRkZhUVk1ZmJ2V1ZjcmFHei9TNGorV3puZjUzK0MrcTlTN1ZxWnFFREJYY1JleE12T2tBZHZTY3JTeC9ETkRLK0YvL3pZVHhZRWMyK3E5NW5UUktqQVllay9uQnFFSjhKREpmTWx4dGp0MDZnSXB6d2JZZVpCSHc3SWtESXZselhXdHhVU2hENEJnZXVuYUhtTTFpZEhBOXA1b0V6RkhNQk1HQ1NxR1NJYjNEUUVKRlRFR0JBUUJBQUFBTURBR0Npc0dBUVFCZ2pjUkEwY3hJZ1FnUkFCRkFGTUFTd0JVQUU4QVVBQXRBRVFBTWdCUUFFTUFUd0JVQUU0QUFBQXdPekFmTUFjR0JTc09Bd0lhQkJSR1l5U3BmT3dHanhuaVdMOXk5bzV5cHRHbjdBUVVSSXFyOVdPc1RNRzZwbGw1Vi9QYy95ZVVHSDBDQWdmUSIsDQogICAgImRhdGFUeXBlIjogICJwZngiLA0KICAgICJwYXNzd29yZCI6ICAiMTIzNDU2Ig0KfQ==";
            var obj  = JObject.Parse(Encoding.UTF8.GetString(Convert.FromBase64String(str)));
            var cert = new X509Certificate2(Convert.FromBase64String(obj["data"].ToString()), obj["password"].ToString());

            var valueToEncrypt = "adsada";

            byte[] encoded = System.Text.UTF8Encoding.UTF8.GetBytes(valueToEncrypt);
            var    content = new ContentInfo(encoded);
            var    env     = new EnvelopedCms(content);

            env.Encrypt(new CmsRecipient(cert));

            string encrypted64 = Convert.ToBase64String(env.Encode());

            Console.WriteLine(encrypted64);

            var envelope = new EnvelopedCms();

            envelope.Decode(Convert.FromBase64String(encrypted64));
            envelope.Decrypt();

            Console.WriteLine(Encoding.UTF8.GetString(envelope.ContentInfo.Content));
        }
        public void DecryptX509CertificateExCollectionNull()
        {
            EnvelopedCms ep = new EnvelopedCms();
            X509Certificate2Collection xec = null; // do not confuse compiler

            ep.Decrypt(xec);
        }
Пример #12
0
        [PlatformSpecific(~TestPlatforms.Windows)] /* Applies to managed PAL only. */
        public static void FromManagedPal_CompatWithOctetStringWrappedContents_Decrypt()
        {
            byte[] expectedContent = new byte[] { 1, 2, 3 };
            byte[] encodedMessage  =
                ("3082010C06092A864886F70D010703A081FE3081FB0201003181C83081C5020100302" +
                 "E301A311830160603550403130F5253414B65795472616E7366657231021031D935FB" +
                 "63E8CFAB48A0BF7B397B67C0300D06092A864886F70D0101010500048180586BCA530" +
                 "9A74A211859714715D90B8E13A7712838746877DF7D68B0BCF36DE3F77854276C8EAD" +
                 "389ADD8402697E4FFF215143E0E63676349592CB3A86FF556230D5F4AC4A9A6758219" +
                 "9E65281A8B63DFBCFB7180E6B54C6E38BECAF09624C6B6D2B3058F280FE8F0BF8EBA3" +
                 "57AECC1B9B177E98671A9659B034501AE3D58789302B06092A864886F70D010701301" +
                 "406082A864886F70D0307040810B222648FDC0DE38008036BB59C8B6A784B").HexToByteArray();
            EnvelopedCms ecms = new EnvelopedCms();

            ecms.Decode(encodedMessage);

            using (X509Certificate2 privateCert = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
            {
                if (privateCert == null)
                {
                    return; //Private key not available.
                }

                ecms.Decrypt(new X509Certificate2Collection(privateCert));
            }

            Assert.Equal(expectedContent, ecms.ContentInfo.Content);
        }
        public void Decrypt()
        {
            byte[]       encoded = { 0x30, 0x82, 0x01, 0x1C, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x82, 0x01, 0x0D, 0x30, 0x82, 0x01, 0x09, 0x02, 0x01, 0x00, 0x31, 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x02, 0x01, 0x00, 0x30, 0x3C, 0x30, 0x28, 0x31, 0x26, 0x30, 0x24, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x1D, 0x4D, 0x6F, 0x74, 0x75, 0x73, 0x20, 0x54, 0x65, 0x63, 0x68, 0x6E, 0x6F, 0x6C, 0x6F, 0x67, 0x69, 0x65, 0x73, 0x20, 0x69, 0x6E, 0x63, 0x2E, 0x28, 0x74, 0x65, 0x73, 0x74, 0x29, 0x02, 0x10, 0x91, 0xC4, 0x4B, 0x0D, 0xB7, 0xD8, 0x10, 0x84, 0x42, 0x26, 0x71, 0xB3, 0x97, 0xB5, 0x00, 0x97, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80, 0xCA, 0x4B, 0x97, 0x9C, 0xAB, 0x79, 0xC6, 0xDF, 0x6A, 0x27, 0xC7, 0x24, 0xC4, 0x5E, 0x3B, 0x31, 0xAD, 0xBC, 0x25, 0xE6, 0x38, 0x5E, 0x79, 0x26, 0x0E, 0x68, 0x46, 0x1D, 0x21, 0x81, 0x38, 0x92, 0xEC, 0xCB, 0x7C, 0x91, 0xD6, 0x09, 0x38, 0x91, 0xCE, 0x50, 0x5B, 0x70, 0x31, 0xB0, 0x9F, 0xFC, 0xE2, 0xEE, 0x45, 0xBC, 0x4B, 0xF8, 0x9A, 0xD9, 0xEE, 0xE7, 0x4A, 0x3D, 0xCD, 0x8D, 0xFF, 0x10, 0xAB, 0xC8, 0x19, 0x05, 0x54, 0x5E, 0x40, 0x7A, 0xBE, 0x2B, 0xD7, 0x22, 0x97, 0xF3, 0x23, 0xAF, 0x50, 0xF5, 0xEB, 0x43, 0x06, 0xC3, 0xFB, 0x17, 0xCA, 0xBD, 0xAD, 0x28, 0xD8, 0x10, 0x0F, 0x61, 0xCE, 0xF8, 0x25, 0x70, 0xF6, 0xC8, 0x1E, 0x7F, 0x82, 0xE5, 0x94, 0xEB, 0x11, 0xBF, 0xB8, 0x6F, 0xEE, 0x79, 0xCD, 0x63, 0xDD, 0x59, 0x8D, 0x25, 0x0E, 0x78, 0x55, 0xCE, 0x21, 0xBA, 0x13, 0x6B, 0x30, 0x2B, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, 0x07, 0x04, 0x08, 0x8C, 0x5D, 0xC9, 0x87, 0x88, 0x9C, 0x05, 0x72, 0x80, 0x08, 0x2C, 0xAF, 0x82, 0x91, 0xEC, 0xAD, 0xC5, 0xB5 };
            EnvelopedCms ep      = new EnvelopedCms();

            ep.Decode(encoded);

            X509Certificate2           x509 = GetCertificate(true);
            X509Certificate2Collection xc   = new X509Certificate2Collection();

            xc.Add(x509);
            ep.Decrypt(xc);
            // properties
            Assert.AreEqual(0, ep.Certificates.Count, "Certificates");
            Assert.AreEqual(192, ep.ContentEncryptionAlgorithm.KeyLength, "ContentEncryptionAlgorithm.KeyLength");
            Assert.AreEqual(tdesName, ep.ContentEncryptionAlgorithm.Oid.FriendlyName, "ContentEncryptionAlgorithm.Oid.FriendlyName");
            Assert.AreEqual(tdesOid, ep.ContentEncryptionAlgorithm.Oid.Value, "ContentEncryptionAlgorithm.Oid.Value");
            Assert.AreEqual(16, ep.ContentEncryptionAlgorithm.Parameters.Length, "ContentEncryptionAlgorithm.Parameters");
            Assert.AreEqual(p7DataName, ep.ContentInfo.ContentType.FriendlyName, "ContentInfo.ContentType.FriendlyName");
            Assert.AreEqual(p7DataOid, ep.ContentInfo.ContentType.Value, "ContentInfo.ContentType.Value");
            Assert.AreEqual("05-00", BitConverter.ToString(ep.ContentInfo.Content), "ContentInfo.Content");
            Assert.AreEqual(1, ep.RecipientInfos.Count, "RecipientInfos");
            Assert.AreEqual(0, ep.UnprotectedAttributes.Count, "UnprotectedAttributes");
            Assert.AreEqual(0, ep.Version, "Version");
        }
Пример #14
0
        private byte[] Unprotect(byte[] data, X509Certificate2 signingCertificate)
        {
            X509Certificate2Collection encryptionCertificates = new X509Certificate2Collection(EncryptionCertificate);

            if (LegacyEncryptionCertificate != null)
            {
                encryptionCertificates.Add(LegacyEncryptionCertificate);
            }

            // first we decrypt the data
            EnvelopedCms envelopedCms = new EnvelopedCms();

            envelopedCms.Decode(data);
            try
            {
                envelopedCms.Decrypt(envelopedCms.RecipientInfos[0], encryptionCertificates);
            }
            catch (System.Security.Cryptography.CryptographicException ce)
            {
                var cert = envelopedCms?.RecipientInfos[0]?.RecipientIdentifier?.Value as System.Security.Cryptography.Xml.X509IssuerSerial?;
                if (cert.HasValue)
                {
                    throw new SecurityException($"Message encrypted with certificate SerialNumber {cert.Value.SerialNumber}, IssueName {cert.Value.IssuerName } " +
                                                $"could not be decrypted. Certification details: {cert} Exception: {ce.Message}");
                }

                throw new SecurityException($"Encryption certificate not found. Exception: {ce.Message}");
            }
            // Retrieve the decrypted content.
            byte[] content = envelopedCms.ContentInfo.Content;

            // then we validate the signature
            SignedCms signedCms = new SignedCms();

            signedCms.Decode(content);

            // there have been cases when the sender doesn't specify a FromHerId; makes it impossible to find the signature certificate
            // the decryption certificate will be ours, so we since we sign first, we can decrypt the data and see if that gives us any clues
            // if no decryption certicate has been provided, we assume we don't have valid certificate
            if (signingCertificate != null)
            {
                // check if the certificate is in the list of certificates used to sign the package
                // there may be more than one; have seen the root certificate being included some times
                if (signedCms.Certificates.Find(X509FindType.FindBySerialNumber, signingCertificate.SerialNumber, false).Count == 0)
                {
                    var actualSignedCertificate = signedCms.Certificates.Count > 0
                        ? signedCms.Certificates[signedCms.Certificates.Count - 1] : null;

                    // it looks like that last certificate in the collection is the one at the end of the chain
                    throw new CertificateException(
                              $"Expected signingcertificate: {Environment.NewLine} {signingCertificate} {Environment.NewLine}{Environment.NewLine}" +
                              $"Actual signingcertificate: {Environment.NewLine} {actualSignedCertificate} {Environment.NewLine}{Environment.NewLine}",
                              content);
                }

                signedCms.CheckSignature(new X509Certificate2Collection(signingCertificate), true);
            }
            // Return the raw content (without a signature).
            return(signedCms.ContentInfo.Content);
        }
Пример #15
0
        private static void Assert_Certificate_Roundtrip(CertLoader certificateLoader)
        {
            ContentInfo  contentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms        = new EnvelopedCms(contentInfo);

            using (X509Certificate2 cert = certificateLoader.GetCertificate())
            {
                CmsRecipient recipient = new CmsRecipient(cert);
                ecms.Encrypt(recipient);
            }

            byte[] encodedMessage = ecms.Encode();

            ecms = new EnvelopedCms();
            ecms.Decode(encodedMessage);

            using (X509Certificate2 privateCert = certificateLoader.TryGetCertificateWithPrivateKey())
            {
                if (privateCert == null)
                {
                    return; // CertLoader can't load the private certificate.
                }
                ecms.Decrypt(new X509Certificate2Collection(privateCert));
            }
            Assert.Equal(contentInfo.ContentType.Value, ecms.ContentInfo.ContentType.Value);
            Assert.Equal <byte>(contentInfo.Content, ecms.ContentInfo.Content);
        }
        private static void CheckSignedEncrypted(byte[] docBytes, SubjectIdentifierType expectedType)
        {
            SignedCms signedCms = new SignedCms();

            signedCms.Decode(docBytes);

            Assert.Equal(Oids.Pkcs7Enveloped, signedCms.ContentInfo.ContentType.Value);

            SignerInfoCollection signers = signedCms.SignerInfos;

            Assert.Equal(1, signers.Count);
            Assert.Equal(expectedType, signers[0].SignerIdentifier.Type);

            // Assert.NotThrows
            signedCms.CheckSignature(true);

            EnvelopedCms envelopedCms = new EnvelopedCms();

            envelopedCms.Decode(signedCms.ContentInfo.Content);

            using (X509Certificate2 cert = Certificates.RSAKeyTransferCapi1.TryGetCertificateWithPrivateKey())
            {
                envelopedCms.Decrypt(new X509Certificate2Collection(cert));
            }

            Assert.Equal("42", envelopedCms.ContentInfo.Content.ByteArrayToHex());
        }
Пример #17
0
        public static byte[] Decrypt(byte[] kryptertData)
        {
            var envelopedCms = new EnvelopedCms();

            envelopedCms.Decode(kryptertData);
            envelopedCms.Decrypt(envelopedCms.RecipientInfos[0]);
            return(envelopedCms.ContentInfo.Content);
        }
Пример #18
0
        private static byte[] Decrypt(byte[] payload, X509Certificate2Collection col)
        {
            var enveloped = new EnvelopedCms();

            enveloped.Decode(payload);
            enveloped.Decrypt(col);
            return(enveloped.ContentInfo.Content);
        }
        /// <summary>
        /// The decript data.
        /// </summary>
        /// <param name="source">
        /// The source.
        /// </param>
        /// <param name="destination">
        /// The destination.
        /// </param>
        protected void DecryptData(byte[] source, byte[] destination)
        {
            var envelopedCms = new EnvelopedCms();

            envelopedCms.Decode(source);
            envelopedCms.Decrypt(new X509Certificate2Collection(this.certificate));
            Buffer.BlockCopy(envelopedCms.ContentInfo.Content, 0, destination, 0, envelopedCms.ContentInfo.Content.Length);
        }
Пример #20
0
        public static void PostDecrypt_Decrypt()
        {
            byte[] expectedContent = { 6, 3, 128, 33, 44 };

            byte[] encodedMessage =
                ("308202b006092a864886f70d010703a08202a13082029d020100318202583081c5020100302e301a31183016060355040313"
                 + "0f5253414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d010101050004"
                 + "81801026d9fb60d1a55686b73cf859c8bd66b58defda5e23e3da5f535f1427e3c5f7a4a2a94373e8e3ba5488a7c6a1059bfb"
                 + "57301156698e7fca62671426d388fb3fb4373c9cb53132fda067598256bbfe8491b14dadaaf04d5fdfb2463f358ad0d6a594"
                 + "bf6a4fbab6b3d725f08032e601492265e6336d5a638096f9975025ccd6393081c5020100302e301a31183016060355040313"
                 + "0f5253414b65795472616e736665723202102bce9f9ece39f98044f0cd2faa9a14e7300d06092a864886f70d010101050004"
                 + "8180b6497a2b789728f200ca1f974a676c531a4769f03f3929bd7526e7333ea483b4abb530a49c8532db5d4a4df66f173e3e"
                 + "a4ba9e4814b584dc987ac87c46bb131daab535140968aafad8808100a2515e9c6d0c1f382b024992ce36b70b841628e0eb43"
                 + "4db89545d702a8fbd3403188e7de7cb4bc1dcc3bc325467570654aaf2ee83081c5020100302e301a31183016060355040313"
                 + "0f5253414b65795472616e736665723302104497d870785a23aa4432ed0106ef72a6300d06092a864886f70d010101050004"
                 + "81807517e594c353d41abff334c6162988b78e05df7d79457c146fbc886d2d8057f594fa3a96cd8df5842c9758baac1fcdd5"
                 + "d9672a9f8ef9426326cccaaf5954f2ae657f8c7b13aef2f811adb4954323aa8319a1e8f2ad4e5c96c1d3fbe413ae479e471b"
                 + "b701cbdfa145c9b64f5e1f69f472804995d56c31351553f779cf8efec237303c06092a864886f70d010701301d0609608648"
                 + "01650304012a041023a114c149d7d4017ce2f5ec7c5d53f980104e50ab3c15533743dd054ef3ff8b9d83").HexToByteArray();

            EnvelopedCms ecms = new EnvelopedCms();

            ecms.Decode(encodedMessage);

            using (X509Certificate2 cert1 = Certificates.RSAKeyTransfer1.TryGetCertificateWithPrivateKey())
                using (X509Certificate2 cert2 = Certificates.RSAKeyTransfer2.TryGetCertificateWithPrivateKey())
                    using (X509Certificate2 cert3 = Certificates.RSAKeyTransfer3.TryGetCertificateWithPrivateKey())
                    {
                        if (cert1 == null || cert2 == null || cert3 == null)
                        {
                            return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
                        }
                        X509Certificate2Collection extraStore = new X509Certificate2Collection();
                        extraStore.Add(cert1);
                        extraStore.Add(cert2);
                        extraStore.Add(cert3);
                        RecipientInfoCollection r = ecms.RecipientInfos;
                        ecms.Decrypt(r[0], extraStore);
                        ContentInfo contentInfo = ecms.ContentInfo;
                        Assert.Equal <byte>(expectedContent, contentInfo.Content);

                        // Though this doesn't seem like a terribly unreasonable thing to attempt, attempting to call Decrypt() again
                        // after a successful Decrypt() throws a CryptographicException saying "Already decrypted."
                        Assert.ThrowsAny <CryptographicException>(() => ecms.Decrypt(r[1], extraStore));
                    }
        }
        public byte[] GetMessage()
        {
            EnvelopedCms envelopedCms = new EnvelopedCms();

            envelopedCms.Decode(Convert.FromBase64String(dataEncrypted));
            envelopedCms.Decrypt(envelopedCms.RecipientInfos[0]);
            return(envelopedCms.ContentInfo.Content);
        }
Пример #22
0
        private static string DecryptMessage(byte[] buffer)
        {
            EnvelopedCms cms = new EnvelopedCms();

            cms.Decode(buffer);
            cms.Decrypt();
            return(Encoding.UTF8.GetString(cms.ContentInfo.Content));
        }
Пример #23
0
        public static string DecryptText(string cipherText)
        {
            var content  = Convert.FromBase64String(cipherText);
            var envelope = new EnvelopedCms();

            envelope.Decode(content);
            envelope.Decrypt();
            return(Encoding.Unicode.GetString(envelope.ContentInfo.Content));
        }
        public static void DecryptMultipleRecipients()
        {
            // Force Decrypt() to try multiple recipients. Ensure that a failure to find a matching cert in one doesn't cause it to quit early.

            CertLoader[] certLoaders = new CertLoader[]
            {
                Certificates.RSAKeyTransfer1,
                Certificates.RSAKeyTransfer2,
                Certificates.RSAKeyTransfer3,
            };

            byte[]                 content    = { 6, 3, 128, 33, 44 };
            EnvelopedCms           ecms       = new EnvelopedCms(new ContentInfo(content), new AlgorithmIdentifier(new Oid(Oids.Aes256)));
            CmsRecipientCollection recipients = new CmsRecipientCollection();

            foreach (CertLoader certLoader in certLoaders)
            {
                recipients.Add(new CmsRecipient(certLoader.GetCertificate()));
            }
            ecms.Encrypt(recipients);
            byte[] encodedMessage = ecms.Encode();

            ecms = new EnvelopedCms();
            ecms.Decode(encodedMessage);

            // How do we know that Decrypt() tries receipients in the order they appear in ecms.RecipientInfos? Because we wrote the implementation.
            // Not that some future implementation can't ever change it but it's the best guess we have.
            RecipientInfo me = ecms.RecipientInfos[2];

            CertLoader matchingCertLoader = null;

            for (int index = 0; index < recipients.Count; index++)
            {
                if (recipients[index].Certificate.Issuer == ((X509IssuerSerial)(me.RecipientIdentifier.Value)).IssuerName)
                {
                    matchingCertLoader = certLoaders[index];
                    break;
                }
            }
            Assert.NotNull(matchingCertLoader);

            using (X509Certificate2 cert = matchingCertLoader.TryGetCertificateWithPrivateKey())
            {
                if (cert == null)
                {
                    return; // Sorry - CertLoader is not configured to load certs with private keys - we've tested as much as we can.
                }
                X509Certificate2Collection extraStore = new X509Certificate2Collection();
                extraStore.Add(cert);
                ecms.Decrypt(extraStore);
            }

            ContentInfo contentInfo = ecms.ContentInfo;

            Assert.Equal <byte>(content, contentInfo.Content);
        }
        public static string DecryptWithCertificate(byte[] encryptedBytes, X509Certificate2 cert)
        {
            EnvelopedCms envelopedCms = new EnvelopedCms();

            envelopedCms.Decode(encryptedBytes);
            X509Certificate2Collection extraStore = new X509Certificate2Collection(cert);

            envelopedCms.Decrypt(extraStore);
            return(Encoding.UTF8.GetString(envelopedCms.ContentInfo.Content));
        }
        public static byte[] Decrypt(byte[] data, params X509Certificate2[] certs)
        {
            var envelopedCms = new EnvelopedCms();

            envelopedCms.Decode(data);

            envelopedCms.Decrypt(new X509Certificate2Collection(certs));

            return(envelopedCms.Encode());
        }
Пример #27
0
        public static void EnvelopedCmsDecryptNullExtraStore()
        {
            byte[] encodedMessage =
                ("3082010c06092a864886f70d010703a081fe3081fb0201003181c83081c5020100302e301a311830160603550403130f5253"
                 + "414b65795472616e7366657231021031d935fb63e8cfab48a0bf7b397b67c0300d06092a864886f70d01010105000481805e"
                 + "bb2d08773594be9ec5d30c0707cf339f2b982a4f0797b74d520a0c973d668a9a6ad9d28066ef36e5b5620fef67f4d79ee50c"
                 + "25eb999f0c656548347d5676ac4b779f8fce2b87e6388fbe483bb0fcf78ab1f1ff29169600401fded7b2803a0bf96cc160c4"
                 + "96726216e986869eed578bda652855c85604a056201538ee56b6c4302b06092a864886f70d010701301406082a864886f70d"
                 + "030704083adadf63cd297a86800835edc437e31d0b70").HexToByteArray();

            EnvelopedCms ecms = new EnvelopedCms();

            ecms.Decode(encodedMessage);
            RecipientInfo recipientInfo           = ecms.RecipientInfos[0];
            X509Certificate2Collection extraStore = null;

            Assert.Throws <ArgumentNullException>(() => ecms.Decrypt(extraStore));
            Assert.Throws <ArgumentNullException>(() => ecms.Decrypt(recipientInfo, extraStore));
        }
Пример #28
0
/*		[Test]
 *              [ExpectedException (typeof (ArgumentNullException))]
 *              public void DecryptX509CertificateExCollectionNull ()
 *              {
 *                      EnvelopedPkcs7 ep = new EnvelopedPkcs7 ();
 *                      RecipientInfo ri =
 *                      ep.Decrypt (ri, null);
 *              }*/

        private void RoundTrip(byte[] encoded)
        {
            X509Certificate2Collection xc = new X509Certificate2Collection();

            xc.Add(GetCertificate(true));
            EnvelopedCms ep = new EnvelopedCms();

            ep.Decode(encoded);
            ep.Decrypt(xc);
            Assert.AreEqual("05-00", BitConverter.ToString(ep.ContentInfo.Content), "ContentInfo.Content");
        }
        public async Task TestMethod2()
        {
            var encrypted64 = "MIICPQYJKoZIhvcNAQcDoIICLjCCAioCAQAxggFUMIIBUAIBADA4MCQxIjAgBgNVBAMTGUluZnJhc3RydWN0dXJlQ2VydGlmaWNhdGUCEHfQ9F46gkusRYefvXJ+eA8wDQYJKoZIhvcNAQEBBQAEggEAeGSbkOGopXM9qMB0equADz9oT4juNilfAgqYOLPPIjDbMpdqOQtN7KnlkNCjq82la0vPBQGWCyBeIrTc/J5hW9d+YRVtXLFG6ezlUXxDvpUZGowg9hhGaIOJ2yA46fyBm2tQSwSPmgJjddybWwkAzcLkElf6YCPUZeypAxPQmoWjBQiRG8yXRIDH62k2ClbFw5KSarPSGbk9qbDR6WfmdFCiCnpbBxIz0JzCAWYUE3NalfC80HfqlXIZfB7H6D4i78ZFEeD8VUvxDoVtw8VrmXRKcXDkTc2TRzbEFTYHARbbVPxV2Nd/xj13QI6oAOIxdC6fqnkm+ddpjPXW+XOMsTCBzAYJKoZIhvcNAQcBMBQGCCqGSIb3DQMHBAirmDtRcIIg6oCBqK/HjjpbxcLcP2FIVe7cRig+gHJd1XRP4jpDntq0sTWvui8rMyCKFbpBM3cWr7VeBrPpqMwgivgilIyLSVsEXdKkF1ei7t0m3mzSamv/URztSJJCVFB66e1TNNSRREylAJbzvVuSWnGsoA/8BJHAGjshWgl5+pIBJ4S2yEXmZBU3cExSDyXQKcRTpcc9INro333jotCk5tHROnoGHyP7zoY4/JiaN/hx5g==";

            var envelope = new EnvelopedCms();

            envelope.Decode(Convert.FromBase64String(encrypted64));
            envelope.Decrypt();

            Console.WriteLine(Encoding.Unicode.GetString(envelope.ContentInfo.Content));
        }
Пример #30
0
        public static void PostEncrypt_Decrypt()
        {
            ContentInfo  expectedContentInfo = new ContentInfo(new byte[] { 1, 2, 3 });
            EnvelopedCms ecms = new EnvelopedCms(expectedContentInfo);

            using (X509Certificate2 cert = Certificates.RSAKeyTransfer1.GetCertificate())
            {
                ecms.Encrypt(new CmsRecipient(cert));
            }
            Assert.ThrowsAny <CryptographicException>(() => ecms.Decrypt());
        }