/// <summary> /// Encrypts the specified plaintext expression /// </summary> /// <param name="thumbprint">The thumbprint of the certificate to use for encryption</param> /// <param name="plaintext">The plaintext expression to encrypt</param> /// <param name="Context">The certificate store where the encryption certificate resides</param> /// <param name="verbose">True enables verbose logging</param> /// <returns></returns> /// <example> /// <code> /// string thumbprint = @"ccdc673c40ebb2a433300c0c8a2ba6f443da5688"; /// <see cref="X509Context"/> certStore = <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>; /// string plaintext = @"Please encrypt this"; /// string ciphertext = <see cref="X509Utils"/>.EncryptText(thumbprint, plaintext, certStore); /// </code> /// </example> public static string EncryptText(string thumbprint, string plaintext, X509Context Context, bool verbose = false) { using (X509CryptoAgent cryptoAgent = new X509CryptoAgent(FormatThumbprint(thumbprint), Context)) { return(cryptoAgent.EncryptText(plaintext)); } }
internal X509Secret(X509Alias Alias, string key, string value) { string cipherText; try { Key = key; using (X509CryptoAgent Agent = new X509CryptoAgent(Alias)) { cipherText = Agent.EncryptText(value); } Value = cipherText; } catch (Exception ex) { throw new X509CryptoException($"Could not encrypt new secret named \"{key}\" in alias \"{Alias.Name}\"", ex); } }
/// <summary> /// Re-encrypts a ciphertext expression using a different certificate /// </summary> /// <param name="oldThumbprint">The thumbprint of the old certificate used for prior encryption</param> /// <param name="newThumbprint">The thumbprint of the new certificate to be used for re-encryption</param> /// <param name="ciphertext">The ciphertext expression to be re-encrypted</param> /// <param name="OldContext">(Optional) The X509Context where the old encryption certificate resides (Default: <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>)</param> /// <param name="NewContext">(Optional) The X509Context where the new encryption certificate resides (Default: <see cref="X509Context"/>.<see cref="X509Context.UserReadOnly"/>)</param> /// <param name="verbose">(Optional) True enables verbose logging (Default: false)</param> /// <returns>The text expression re-encrypted using the new certificate</returns> /// <example> /// <code> /// string oldThumbprint = @"ccdc673c40ebb2a433300c0c8a2ba6f443da5688"; /// string newThumbprint = @"0e7e327aab74e47a702c02d90c659da1115b29f7"; /// string ciphertext = File.ReadAllText(@"C:\data\connectionString.txt"); /// string updatedCiphertext = <see cref="X509Utils"/>.ReEncryptText(oldThumbprint, newThumbprint, ciphertext); /// File.WriteAllText(@"C:\data\connectionString.txt", updatedCiphertext); /// </code> /// </example> public static string ReEncryptText(string oldThumbprint, string newThumbprint, string ciphertext, X509Context OldContext = null, X509Context NewContext = null, bool verbose = false) { if (OldContext == null) { OldContext = X509Context.UserReadOnly; } if (NewContext == null) { NewContext = X509Context.UserReadOnly; } using (X509CryptoAgent oldAgent = new X509CryptoAgent(FormatThumbprint(oldThumbprint), OldContext)) { using (X509CryptoAgent newAgent = new X509CryptoAgent(FormatThumbprint(newThumbprint), NewContext)) { return(newAgent.EncryptText(oldAgent.DecryptText(ciphertext))); } } }
/// <summary> /// Re-encrypts the specified ciphertext expression using a different X509CryptoAgent /// </summary> /// <param name="ciphertext">the ciphertext expression to be re-encrypted</param> /// <param name="newAgent">the X509CryptoAgent to be used to perform re-encryption</param> /// <returns></returns> public string ReEncryptText(string ciphertext, X509CryptoAgent newAgent) { return(newAgent.EncryptText(DecryptText(ciphertext))); }