private void Dispose(bool disposing, bool force)
{
if (disposing & force)
{
_key.Dispose();
}
}
private void Dispose(bool disposing)
{
if (disposing)
{
if (_implementation != null)
{
_implementation.Dispose();
_implementation = null;
}
}
}
internal static T Decrypt <T>(string encryptedData, KeyVaultKeyResolver cloudResolver, string keyId)
{
CipherData cb = Deserialize <CipherData>(encryptedData);
IKey keyEncryptionKey = null;
try
{
keyEncryptionKey = cloudResolver.ResolveKeyAsync(keyId, CancellationToken.None).GetAwaiter().GetResult();
var currentKeyVersion = new Uri(keyEncryptionKey.Kid).Segments.Last();
if (!currentKeyVersion.Equals(cb.KeyVersion))
{
Console.WriteLine("Data encrypted with different key version: {0} vs {1}", currentKeyVersion, cb.KeyVersion);
// version doesn't match - go get the correct key version to unwrap with.
string newKey = keyId + "/" + cb.KeyVersion;
Console.WriteLine("Retrieving different key: " + newKey);
try
{
keyEncryptionKey = cloudResolver.ResolveKeyAsync(newKey, CancellationToken.None).GetAwaiter().GetResult();
}
catch (AggregateException ae)
{
Console.WriteLine("Cloudresolver could not retrieve key, version '" + cb.KeyVersion + "': " + ae.Message);
return(default(T));
}
}
// Unwrap Key using KeyVault
byte[] aesKey = keyEncryptionKey.UnwrapKeyAsync(Convert.FromBase64String(cb.WrapedKey), cb.AlgorithmName, CancellationToken.None).GetAwaiter().GetResult();
string plainJson = Decrypt(Convert.FromBase64String(cb.CipherText), aesKey);
using (var streamReader = new StringReader(plainJson))
{
JsonReader jreader = new JsonTextReader(streamReader);
return(new JsonSerializer().Deserialize <T>(jreader));
}
}
finally
{
if (keyEncryptionKey != null)
{
keyEncryptionKey.Dispose();
}
}
}
internal static void DecryptFile(string cipherTextPath, string encryptedMetadata, string decryptedOutput, KeyVaultKeyResolver cloudResolver, string keyId)
{
// Make sure encrypted file exists.
if (!File.Exists(cipherTextPath))
{
throw new FileNotFoundException("File not found.", cipherTextPath);
}
CipherData cb = Deserialize <CipherData>(encryptedMetadata);
IKey keyEncryptionKey = null;
try
{
keyEncryptionKey = cloudResolver.ResolveKeyAsync(keyId, CancellationToken.None).GetAwaiter().GetResult();
var currentKeyVersion = new Uri(keyEncryptionKey.Kid).Segments.Last();
if (!currentKeyVersion.Equals(cb.KeyVersion))
{
Console.WriteLine("Data encrypted with different key version: {0} vs {1}", currentKeyVersion, cb.KeyVersion);
// version doesn't match - go get the correct key version to unwrap with.
string newKey = keyId + "/" + cb.KeyVersion;
Console.WriteLine("Retrieving different key: " + newKey);
keyEncryptionKey = cloudResolver.ResolveKeyAsync(newKey, CancellationToken.None).GetAwaiter().GetResult();
}
// Unwrap Key using KeyVault
byte[] aesKey = keyEncryptionKey.UnwrapKeyAsync(Convert.FromBase64String(cb.WrapedKey), cb.AlgorithmName, CancellationToken.None).GetAwaiter().GetResult();
DecryptFile(cipherTextPath, decryptedOutput, aesKey);
}
finally
{
if (keyEncryptionKey != null)
{
keyEncryptionKey.Dispose();
}
}
}