/// <summary> /// Encrypts given plaintext using JWE and applies requested encryption/compression algorithms. /// </summary> /// <param name="plaintext">Binary data to encrypt (not null)</param> /// <param name="recipients">The details of who to encrypt the plaintext (or rather the CEK) to.</param> /// <param name="enc">encryption algorithm to be used to encrypt the plaintext.</param> /// <param name="mode">serialization mode to use. Note only one recipient can be specified for compact and flattened json serialization.</param> /// <param name="compression">optional compression type to use.</param> /// <param name="extraHeaders">optional extra headers to put in the JoseProtectedHeader.</param> /// <param name="settings">optional settings to override global DefaultSettings</param> /// <returns>JWT in compact serialization form, encrypted and/or compressed.</returns> public static string Encrypt(byte[] plaintext, IEnumerable <Recipient> recipients, JweEncryption enc, byte[] aad = null, SerializationMode mode = SerializationMode.Compact, JweCompression?compression = null, IDictionary <string, object> extraHeaders = null, JwtSettings settings = null) { if (plaintext == null) { throw new ArgumentNullException(nameof(plaintext)); } settings = GetSettings(settings); IJweAlgorithm _enc = settings.Jwe(enc); if (_enc == null) { throw new JoseException(string.Format("Unsupported JWE enc requested: {0}", enc)); } IDictionary <string, object> joseProtectedHeader = Dictionaries.MergeHeaders( new Dictionary <string, object> { { "enc", settings.JweHeaderValue(enc) } }, extraHeaders); byte[] cek = null; var recipientsOut = new List <(byte[] EncryptedKey, IDictionary <string, object> Header)>(); foreach (var recipient in recipients) { IKeyManagement keys = settings.Jwa(recipient.Alg); if (keys == null) { throw new JoseException(string.Format("Unsupported JWE alg requested: {0}", recipient.Alg)); } // joseHeader - is merge of headers // - key management will read from (e.g. enc,apv,apu - ECDH-ES) // - key management will write to (e.g. iv, tag - AesGcmKW) IDictionary <string, object> joseHeader = Dictionaries.MergeHeaders( joseProtectedHeader, new Dictionary <string, object> { { "alg", settings.JwaHeaderValue(recipient.Alg) } }, recipient.PerRecipientHeaders); byte[] encryptedCek; if (cek == null) { byte[][] contentKeys = keys.WrapNewKey(_enc.KeySize, recipient.Key, joseHeader); cek = contentKeys[0]; encryptedCek = contentKeys[1]; } else { encryptedCek = keys.WrapKey(cek, recipient.Key, joseHeader); } // For the per-receipient header we want the headers from the result of IKeyManagements key wrapping.. but without the // protected headers that were merged in IDictionary <string, object> recipientHeader = joseHeader.Except(joseProtectedHeader).ToDictionary(x => x.Key, v => v.Value); recipientsOut.Add((EncryptedKey: encryptedCek, Header: recipientHeader)); } if (compression.HasValue) { joseProtectedHeader["zip"] = settings.CompressionHeader(compression.Value); plaintext = settings.Compression(compression.Value).Compress(plaintext); } switch (mode) { case SerializationMode.Compact: { if (recipientsOut.Count != 1) { throw new JoseException("Only one recipient is supported by the JWE Compact Serialization."); } if (aad != null) { throw new JoseException("JWE AAD value is not valid for JWE Compact Serialization."); } joseProtectedHeader = Dictionaries.MergeHeaders(recipientsOut[0].Header, joseProtectedHeader); byte[] header = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader)); aad = Encoding.UTF8.GetBytes(Compact.Serialize(header)); byte[][] encParts = _enc.Encrypt(aad, plaintext, cek); return(Compact.Serialize(header, recipientsOut[0].EncryptedKey, encParts[0], encParts[1], encParts[2])); } case SerializationMode.Json: { var protectedHeaderBytes = Encoding.UTF8.GetBytes(settings.JsonMapper.Serialize(joseProtectedHeader)); byte[] asciiEncodedProtectedHeader = Encoding.ASCII.GetBytes(Base64Url.Encode(protectedHeaderBytes)); var aadToEncrypt = aad == null ? asciiEncodedProtectedHeader : asciiEncodedProtectedHeader.Concat(new byte[] { 0x2E }).Concat(aad).ToArray(); byte[][] encParts = _enc.Encrypt(aadToEncrypt, plaintext, cek); var toSerialize = new Dictionary <string, object> { { "protected", Base64Url.Encode(protectedHeaderBytes) }, { "iv", Base64Url.Encode(encParts[0]) }, { "ciphertext", Base64Url.Encode(encParts[1]) }, { "tag", Base64Url.Encode(encParts[2]) }, }; if (aad != null) { toSerialize["aad"] = Base64Url.Encode(aad); } if (recipientsOut.Count == 1) { toSerialize["header"] = recipientsOut.Select(r => r.Header).First(); toSerialize["encrypted_key"] = recipientsOut.Select(r => Base64Url.Encode(r.EncryptedKey)).First(); } else { toSerialize["recipients"] = recipientsOut.Select(r => new { header = r.Header, encrypted_key = Base64Url.Encode(r.EncryptedKey), }); } return(settings.JsonMapper.Serialize(toSerialize)); } default: throw new JoseException($"Unsupported serializtion mode: {mode}."); } }