public async Task Run_EncryptData(string key) { try { string a = "abcDEF123$%^"; TransitEncryptedItem response = await TB.Encrypt(key, a); Console.WriteLine("Encrypt Data Routine:"); Console.WriteLine(" encrypted: {0} to {1}", a, response.EncryptedValue); } catch (Exception e) { Console.WriteLine("Errors - {0}", e.Message); Console.WriteLine(e.ToString()); } }
public async Task Run_ReEncrypt(string key) { Console.WriteLine("Running Re-Encrypt Data Process:"); string a = "abcDEF123$%^"; TransitKeyInfo TKIA = await TB.ReadEncryptionKey(key); Console.WriteLine(" -- Encryption Key Current Version is {0}", TKIA.LatestVersionNum); TransitEncryptedItem response = await TB.Encrypt(key, a); bool success = await TB.RotateKey(key); if (!success) { Console.WriteLine(" -- Failed to rotate the key. Stopping the Re-Encryption test."); return; } TransitKeyInfo TKIB = await TB.ReadEncryptionKey(key); Console.WriteLine(" -- Encryption Key New Version is {0}", TKIB.LatestVersionNum); TransitEncryptedItem response2 = await TB.ReEncrypt(key, response.EncryptedValue); if (response2 != null) { Console.WriteLine(" -- Reencryption completed."); // Now validate by decrypting original value and new value. Should be same. TransitDecryptedItem decryptA = await TB.Decrypt(key, response.EncryptedValue); TransitDecryptedItem decryptB = await TB.Decrypt(key, response2.EncryptedValue); if (a == decryptB.DecryptedValue) { Console.WriteLine(" -- ReEncryption successfull. Original Data = {0} and after re-encrypt value = {1}", a, decryptB.DecryptedValue); } else { Console.WriteLine(" -- ReEncryption FAILED. Original value = {0}, re-Encryption value = {1}.", a, decryptB.DecryptedValue); } } Console.WriteLine(" encrypted: {0} to {1}", a, response.EncryptedValue); }
// Test decrypting a convergent encrypted value with an invalid context. Should throw error. public async Task DerivedEncryptDecrypt_WithBadContextFails() { string key = await Transit_InitWithKey(TransitEnumKeyType.aes256, true); // Get a random value to encrypt. string toEncrypt = "123456abcdefzyx"; // Set the "Context" value for derived encryption. string toContext = "ZYXabc"; // Now encrypt with that key. TransitEncryptedItem response = await _transitSecretEngine.Encrypt(key, toEncrypt, toContext); Assert.IsNotEmpty(response.EncryptedValue); // Now decrypt it, but pass invalid context. Assert.That(() => _transitSecretEngine.Decrypt(key, response.EncryptedValue, "zyxabc"), Throws.Exception.TypeOf <VaultInternalErrorException>()); //.With.Property("Message").Contains("unable to decrypt")); }
public async Task DerivedEncryptDecrypt_ResultsInSameValue() { string key = await Transit_InitWithKey(TransitEnumKeyType.aes256, true); // Get a random value to encrypt. string toEncrypt = Guid.NewGuid().ToString(); // Set the "Context" value for derived encryption. string toContext = "ZYXabc"; // Now encrypt with that key. TransitEncryptedItem response = await _transitSecretEngine.Encrypt(key, toEncrypt, toContext); Assert.IsNotEmpty(response.EncryptedValue); // Now decrypt it. TransitDecryptedItem responseB = await _transitSecretEngine.Decrypt(key, response.EncryptedValue, toContext); Assert.AreEqual(responseB.DecryptedValue, toEncrypt); }
// Tests that when using derivation encryption the same encryption string value is unique even with same context key. public async Task KeyDerivationEncryption_ProducesEncryptionWithDifferentValue() { string key = await Transit_InitWithKey(TransitEnumKeyType.aes256, true); // Get a random value to encrypt. string toEncrypt = "ABCXYXZ"; // Set the "Context" value for derived encryption. string toContext = "ZYXabc"; // Now encrypt with that key. TransitEncryptedItem response = await _transitSecretEngine.Encrypt(key, toEncrypt, toContext); Assert.IsNotEmpty(response.EncryptedValue); // Now encrypt another item with same unencrypted value and same context. Should produce same results. TransitEncryptedItem response2 = await _transitSecretEngine.Encrypt(key, toEncrypt, toContext); Assert.IsNotEmpty(response.EncryptedValue); Assert.AreNotEqual(response.EncryptedValue, response2.EncryptedValue); }
public async Task EncryptDecrypt_ResultsInSameValue() { // Get a random value to encrypt. string toEncrypt = Guid.NewGuid().ToString(); string encKey = Guid.NewGuid().ToString(); // Create an encryption key. bool rc = await _transitSecretEngine.CreateEncryptionKey(encKey, true, true, TransitEnumKeyType.rsa4096); Assert.AreEqual(true, rc); // Now encrypt with that key. TransitEncryptedItem response = await _transitSecretEngine.Encrypt(encKey, toEncrypt); Assert.IsNotEmpty(response.EncryptedValue); // Now decrypt it. TransitDecryptedItem responseB = await _transitSecretEngine.Decrypt(encKey, response.EncryptedValue); Assert.AreEqual(responseB.DecryptedValue, toEncrypt); }
// Test that Reencrypt results in same original un-encrypted value. public async Task RencryptionResultsInSameStartingValue() { string valA = Guid.NewGuid().ToString(); string key = _uniqueKeys.GetKey(); // Create key, validate the version and then encrypt some data with that key. Assert.True(await _transitSecretEngine.CreateEncryptionKey(key, true, true, TransitEnumKeyType.aes256)); TransitEncryptedItem encA = await _transitSecretEngine.Encrypt(key, valA); TransitKeyInfo tkiA = await _transitSecretEngine.ReadEncryptionKey(key); // Rotate Key, Read value of key version, Re-Encrypt data. Decrypt Data. Assert.True(await _transitSecretEngine.RotateKey(key)); TransitKeyInfo tkiB = await _transitSecretEngine.ReadEncryptionKey(key); TransitEncryptedItem encB = await _transitSecretEngine.ReEncrypt(key, encA.EncryptedValue); TransitDecryptedItem decB = await _transitSecretEngine.Decrypt(key, encB.EncryptedValue); // Validate Results. Key version incremented by 1. Assert.AreEqual(tkiA.LatestVersionNum + 1, tkiB.LatestVersionNum, "Key Version should have been incremented."); Assert.AreEqual(valA, decB.DecryptedValue, "After Key Rotation and Rencryption, expected value of encrypted item to be same, but they are different"); }
// Performs a complex set of operations to ensure a backup and restore of a key is successful. Including rotating the key // encrypting with the key, etc. public async Task RestoreKey_Success() { string key = await Transit_InitWithKey(TransitEnumKeyType.aes256); // A. Enable deletion of the key. Dictionary <string, string> keyconfig = new Dictionary <string, string> { { TransitConstants.KeyConfig_DeleteAllowed, "true" } }; TransitKeyInfo tki = await _transitSecretEngine.UpdateKey(key, keyconfig); Assert.True(tki.CanDelete); // B. Rotate the key a few times. await _transitSecretEngine.RotateKey(key); await _transitSecretEngine.RotateKey(key); await _transitSecretEngine.RotateKey(key); // C. Encrypt a piece of data. string encryptedValue = "ABCzyx123"; TransitEncryptedItem encItem = await _transitSecretEngine.Encrypt(key, encryptedValue); // D. Rotate Keys a few more times. await _transitSecretEngine.RotateKey(key); await _transitSecretEngine.RotateKey(key); await _transitSecretEngine.RotateKey(key); tki = await _transitSecretEngine.ReadEncryptionKey(key); Assert.AreEqual(tki.Name, key); // E. Back it up. TransitBackupRestoreItem tbri = await _transitSecretEngine.BackupKey(key); Assert.True(tbri.Success); Assert.AreNotEqual(null, tbri.KeyBackup); // F. Delete key. Assert.True(await _transitSecretEngine.DeleteKey(key)); // G. Restore the key Assert.True(await _transitSecretEngine.RestoreKey(key, tbri)); // H. Decrypt an item with restored key. TransitDecryptedItem decItem = await _transitSecretEngine.Decrypt(key, encItem.EncryptedValue); Assert.AreEqual(encryptedValue, decItem.DecryptedValue); // I. Validate the restore. TransitKeyInfo tkiRestore = await _transitSecretEngine.ReadEncryptionKey(key); Assert.AreEqual(tki.Type, tkiRestore.Type); Assert.AreEqual(tki.LatestVersionNum, tkiRestore.LatestVersionNum); Assert.AreEqual(tki.Name, tkiRestore.Name); Assert.AreEqual(tki.Keys.Count, tkiRestore.Keys.Count); }