Пример #1
0
        public IAuthenticatedEncryptorConfiguration FromXml([NotNull] XElement element)
        {
            // <cbcEncryptor reader="{TYPE}">
            //   <encryption algorithm="{STRING}" provider="{STRING}" keyLength="{INT}" />
            //   <secret>...</secret>
            // </cbcEncryptor>

            CryptoUtil.Assert(element.Name == CngGcmAuthenticatedEncryptorConfiguration.GcmEncryptorElementName,
                              @"TODO: Bad element.");

            var options = new CngGcmAuthenticatedEncryptorConfigurationOptions();

            // read <encryption> element
            var encryptionElement = element.Element(CngGcmAuthenticatedEncryptorConfiguration.EncryptionElementName);

            options.EncryptionAlgorithm         = (string)encryptionElement.Attribute("algorithm");
            options.EncryptionAlgorithmProvider = (string)encryptionElement.Attribute("provider");
            options.EncryptionAlgorithmKeySize  = (int)encryptionElement.Attribute("keyLength");

            // read the child of the <secret> element, then decrypt it
            var encryptedSecretElement         = element.Element(CngGcmAuthenticatedEncryptorConfiguration.SecretElementName).Elements().Single();
            var secretElementDecryptorTypeName = (string)encryptedSecretElement.Attribute("decryptor");
            var secretElementDecryptorType     = Type.GetType(secretElementDecryptorTypeName, throwOnError: true);
            var secretElementDecryptor         = (IXmlDecryptor)_typeActivator.CreateInstance(_serviceProvider, secretElementDecryptorType);
            var decryptedSecretElement         = secretElementDecryptor.Decrypt(encryptedSecretElement);

            CryptoUtil.Assert(decryptedSecretElement.Name == CngGcmAuthenticatedEncryptorConfiguration.SecretElementName,
                              @"TODO: Bad element.");

            byte[] decryptedSecretBytes = Convert.FromBase64String((string)decryptedSecretElement);
            try
            {
                var protectedMemoryBlob = new ProtectedMemoryBlob(decryptedSecretBytes);
                return(new CngGcmAuthenticatedEncryptorConfiguration(options, protectedMemoryBlob));
            }
            finally
            {
                Array.Clear(decryptedSecretBytes, 0, decryptedSecretBytes.Length);
            }
        }
Пример #2
0
 public CngGcmAuthenticatedEncryptorConfiguration(CngGcmAuthenticatedEncryptorConfigurationOptions options, ISecret secret)
 {
     _options = options;
     _secret  = secret;
 }
Пример #3
0
 public CngGcmAuthenticatedEncryptorConfigurationFactory([NotNull] IOptions <CngGcmAuthenticatedEncryptorConfigurationOptions> optionsAccessor)
 {
     _options = optionsAccessor.Options.Clone();
 }