public override UnwrapResult UnwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken)
{
Argument.AssertNotNull(encryptedKey, nameof(encryptedKey));
if (MustRemote)
{
// A private key is required to decrypt. Send to the server.
KeysEventSource.Singleton.PrivateKeyRequired(nameof(UnwrapKey));
return(null);
}
RSAEncryptionPadding padding = algorithm.GetRsaEncryptionPadding();
if (padding is null)
{
KeysEventSource.Singleton.AlgorithmNotSupported(nameof(UnwrapKey), algorithm);
return(null);
}
byte[] key = Decrypt(encryptedKey, padding);
UnwrapResult result = null;
if (key != null)
{
result = new UnwrapResult
{
Algorithm = algorithm,
Key = key,
KeyId = KeyMaterial.Id,
};
}
return(result);
}
/// <inheritdoc/>
byte[] IKeyEncryptionKey.UnwrapKey(string algorithm, ReadOnlyMemory <byte> encryptedKey, CancellationToken cancellationToken)
{
byte[] buffer = MemoryMarshal.TryGetArray(encryptedKey, out ArraySegment <byte> segment) ? segment.Array : encryptedKey.ToArray();
UnwrapResult result = UnwrapKey(new KeyWrapAlgorithm(algorithm), buffer, cancellationToken);
return(result.Key);
}
/// <inheritdoc/>
async Task <byte[]> IKeyEncryptionKey.UnwrapKeyAsync(string algorithm, ReadOnlyMemory <byte> encryptedKey, CancellationToken cancellationToken)
{
byte[] buffer = MemoryMarshal.TryGetArray(encryptedKey, out ArraySegment <byte> segment) ? segment.Array : encryptedKey.ToArray();
UnwrapResult result = await UnwrapKeyAsync(new KeyWrapAlgorithm(algorithm), buffer, cancellationToken).ConfigureAwait(false);
return(result.Key);
}
/// <summary>
/// Decrypts the specified encrypted key.
/// </summary>
/// <param name="algorithm">The <see cref="KeyWrapAlgorithm"/> to use.</param>
/// <param name="encryptedKey">The encrypted key.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> to cancel the operation.</param>
/// <returns>
/// The result of the unwrap operation. The returned <see cref="UnwrapResult"/> contains the key
/// along with information regarding the algorithm and key used to unwrap it.
/// </returns>
/// <exception cref="ArgumentException">The specified <paramref name="algorithm"/> does not match the key corresponding to the key identifier.</exception>
/// <exception cref="CryptographicException">The local cryptographic provider threw an exception.</exception>
/// <exception cref="InvalidOperationException">The key is invalid for the current operation.</exception>
/// <exception cref="NotSupportedException">The operation is not supported with the specified key.</exception>
public virtual UnwrapResult UnwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken = default)
{
UnwrapResult result = null;
if (_provider.SupportsOperation(KeyOperation.UnwrapKey))
{
result = _provider.UnwrapKey(algorithm, encryptedKey, cancellationToken);
}
return(result ?? throw LocalCryptographyProvider.CreateOperationNotSupported(nameof(KeyOperation.UnwrapKey)));
}
/// <summary>
/// Decrypts the specified encrypted key.
/// </summary>
/// <param name="algorithm">The <see cref="KeyWrapAlgorithm"/> to use.</param>
/// <param name="encryptedKey">The encrypted key.</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> to cancel the operation.</param>
/// <returns>
/// The result of the unwrap operation. The returned <see cref="UnwrapResult"/> contains the key
/// along with information regarding the algorithm and key used to unwrap it.
/// </returns>
/// <exception cref="ArgumentException">The specified <paramref name="algorithm"/> does not match the key corresponding to the key identifier.</exception>
/// <exception cref="CryptographicException">The local cryptographic provider threw an exception.</exception>
/// <exception cref="InvalidOperationException">The key is invalid for the current operation.</exception>
/// <exception cref="NotSupportedException">The operation is not supported with the specified key.</exception>
public virtual async Task <UnwrapResult> UnwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken = default)
{
UnwrapResult result = null;
if (_provider.SupportsOperation(KeyOperation.UnwrapKey))
{
result = await _provider.UnwrapKeyAsync(algorithm, encryptedKey, cancellationToken).ConfigureAwait(false);
}
return(result ?? throw LocalCryptographyProvider.CreateOperationNotSupported(nameof(KeyOperation.UnwrapKey)));
}
public override UnwrapResult UnwrapKey(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken)
{
Argument.AssertNotNull(encryptedKey, nameof(encryptedKey));
RSAEncryptionPadding padding = algorithm.GetRsaEncryptionPadding();
byte[] key = Decrypt(encryptedKey, padding);
UnwrapResult result = null;
if (key != null)
{
result = new UnwrapResult
{
Algorithm = algorithm,
Key = key,
KeyId = KeyMaterial.Id,
};
}
return(result);
}
public virtual Task <UnwrapResult> UnwrapKeyAsync(KeyWrapAlgorithm algorithm, byte[] encryptedKey, CancellationToken cancellationToken = default)
{
UnwrapResult result = UnwrapKey(algorithm, encryptedKey, cancellationToken);
return(Task.FromResult(result));
}
/// <summary>
/// Decrypts the specified key using the specified algorithm
/// </summary>
/// <param name="algorithm">The algorithm to use to decrypt the key</param>
/// <param name="encryptedKey">The encrypted key to be decrypted</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> to cancel the operation.</param>
/// <returns>The decrypted key</returns>
async Task <Memory <byte> > IKeyEncryptionKey.UnwrapKeyAsync(string algorithm, ReadOnlyMemory <byte> encryptedKey, CancellationToken cancellationToken)
{
UnwrapResult result = await UnwrapKeyAsync(new KeyWrapAlgorithm(algorithm), encryptedKey.ToArray(), cancellationToken).ConfigureAwait(false);
return(result.Key);
}
/// <summary>
/// Decrypts the specified key using the specified algorithm
/// </summary>
/// <param name="algorithm">The algorithm to use to decrypt the key</param>
/// <param name="encryptedKey">The encrypted key to be decrypted</param>
/// <param name="cancellationToken">A <see cref="CancellationToken"/> to cancel the operation.</param>
/// <returns>The decrypted key</returns>
Memory <byte> IKeyEncryptionKey.UnwrapKey(string algorithm, ReadOnlyMemory <byte> encryptedKey, CancellationToken cancellationToken)
{
UnwrapResult result = UnwrapKey(new KeyWrapAlgorithm(algorithm), encryptedKey.ToArray(), cancellationToken);
return(result.Key);
}
