static async Task Main(string[] args) { Encoding.RegisterProvider(CodePagesEncodingProvider.Instance); CryptOptions cryptInfo = new CryptOptions(); cryptInfo.CryptCPpath = @"c:\Users\tsapov.m\Documents\work\35411\CryptoPro\cryptcp.win32.exe"; cryptInfo.EncryptCertificate = "413ddcd06e9c4aebe2c2ae5e76b077318639f855"; // THUMBPRINT сертификата для шифрования (сертификат партнера для шифрования TLS - без закрытого ключа) cryptInfo.SignCertificate = "11734753f99fc664380c5413741c80f96d801589"; // THUMBPRINT сертификата для подписи (собственный сертификат для ЭЦП - с закрытым ключом) cryptInfo.DecryptCertificate = "11734753f99fc664380c5413741c80f96d801589"; // THUMBPRINT сертификата для расшифровки (собственный сертификат с закрытым ключом - TLS сертификат) cryptInfo.UnSignCertificate = "413ddcd06e9c4aebe2c2ae5e76b077318639f855"; // THUMBPRINT сертификата для проверки подписи (сертификат партнера - который прислал данные, без закрытого ключа) /* * string inputFilePath = @"c:\Users\tsapov.m\TEST\E1J_SC_1_20210407_0002.csv"; * await ExecuteSign(inputFilePath, cryptInfo); */ string inputFilePath = @"c:\Users\tsapov.m\TEST\outbox_E1J_SC_1_20210407_0002_out.zip.sgn.enc"; await ExecuteUnSign(inputFilePath, cryptInfo); Console.WriteLine("Press any key to continue"); Console.ReadKey(); }
public void EncryptQueryWithSchemaStepwise() { var listCollectionsReply = ReadJsonTestFile("collection-info.json"); var schema = new BsonDocument("test.test", listCollectionsReply["options"]["validator"]["$jsonSchema"]); var options = new CryptOptions( new[] { CreateKmsCredentials("aws") }, BsonUtil.ToBytes(schema)); using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartEncryptionContext( db: "test", command: BsonUtil.ToBytes(ReadJsonTestFile("cmd.json")))) { var(state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_MARKINGS); var mongoCryptdCommand = ReadJsonTestFile("mongocryptd-command.json"); mongoCryptdCommand["isRemoteSchema"] = false; operationSent.Should().Equal(mongoCryptdCommand); (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_MONGO_KEYS); operationSent.Should().Equal(ReadJsonTestFile("key-filter.json")); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_NEED_KMS); // kms fluent assertions inside ProcessState() (state, _, operationSent) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); operationSent.Should().Equal((ReadJsonTestFile("encrypted-command.json"))); } }
private static async Task ExecuteSign(string inputFilePath, CryptOptions cryptInfo, CancellationToken?token = null) { string logicalFilename = Path.GetFileName(inputFilePath); byte[] inputData = await File.ReadAllBytesAsync(inputFilePath); byte[] packedData = await TestCryptoProcessor.ExecuteOutput(inputData, cryptInfo, logicalFilename); await File.WriteAllBytesAsync(@$ "c:\Users\tsapov.m\TEST\{Path.GetFileNameWithoutExtension(logicalFilename)}.zip.sgn.enc", packedData);
public BsonDocument DecryptCommand(IKmsCredentials credentials, IMongoDatabase db, BsonDocument doc) { CryptOptions options = new CryptOptions(credentials); using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartDecryptionContext(BsonUtil.ToBytes(doc))) { return(ProcessState(context, db, null)); } }
public BsonDocument EncryptCommand(IKmsCredentials credentials, IMongoCollection <BsonDocument> coll, BsonDocument cmd) { CryptOptions options = new CryptOptions(credentials); using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartEncryptionContext(coll.Database.DatabaseNamespace.DatabaseName, command: BsonUtil.ToBytes(cmd))) { return(ProcessState(context, coll.Database, cmd)); } }
static int Crypt(CryptOptions o) { if (!File.Exists(o.PathIn)) { Console.WriteLine("Input path doesn't exist."); return(1); } SaveCrypt.CryptFile(o.PathIn, o.PathOut, o.SteamId); return(0); }
public void TestGetKmsProviderName(string kmsName) { var key = CreateKmsCredentials(kmsName); var keyId = CreateKmsKeyId(kmsName); var cryptOptions = new CryptOptions(new[] { key }); using (var cryptClient = CryptClientFactory.Create(cryptOptions)) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var request = context.GetKmsMessageRequests().Single(); request.KmsProvider.Should().Be(kmsName); } }
public void TestLocalKeyCreation() { var key = CreateKmsCredentials("local"); var keyId = CreateKmsKeyId("local"); var cryptOptions = new CryptOptions(new[] { key }); using (var cryptClient = CryptClientFactory.Create(cryptOptions)) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(_, dataKeyDocument) = ProcessContextToCompletion(context); dataKeyDocument.Should().NotBeNull(); } }
public Guid GenerateKey(IKmsCredentials credentials, IKmsKeyId kmsKeyId) { CryptOptions options = new CryptOptions(credentials); BsonDocument key = null; using (var cryptClient = CryptClientFactory.Create(options)) using (var context = cryptClient.StartCreateDataKeyContext(kmsKeyId)) { key = ProcessState(context, _keyVault.Database, null); } _keyVault.InsertOne(key); Guid g = key["_id"].AsGuid; return(g); }
public void TestLocalKeyCreationStepwise() { var key = CreateKmsCredentials("local"); var keyId = CreateKmsKeyId("local"); var cryptOptions = new CryptOptions(new[] { key }); using (var cryptClient = CryptClientFactory.Create(cryptOptions)) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(state, _, dataKeyDocument) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); dataKeyDocument.Should().NotBeNull(); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
public void TestLocalKeyCreationWithkeyAltNames() { var keyAltNames = new[] { "KeyMaker", "Architect" }; var keyAltNameDocuments = keyAltNames.Select(name => new BsonDocument("keyAltName", name)); var keyAltNameBuffers = keyAltNameDocuments.Select(BsonUtil.ToBytes); var key = CreateKmsCredentials("local"); var keyId = CreateKmsKeyId("local", keyAltNameBuffers: keyAltNameBuffers); var cryptOptions = new CryptOptions(new[] { key }); using (var cryptClient = CryptClientFactory.Create(cryptOptions)) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(_, dataKeyDocument) = ProcessContextToCompletion(context); dataKeyDocument.Should().NotBeNull(); var actualKeyAltNames = dataKeyDocument["keyAltNames"].AsBsonArray.Select(x => x.AsString); var expectedKeyAltNames = keyAltNames.Reverse(); // https://jira.mongodb.org/browse/CDRIVER-3277? actualKeyAltNames.Should().BeEquivalentTo(expectedKeyAltNames); } }
/// <summary> /// Для обработки исходящего файла /// </summary> /// <param name="data">входящие нешифрованные данные</param> /// <param name="zippedFileName">имя файла в архиве</param> /// <returns></returns> public static async Task <byte[]> ExecuteOutput(byte[] data, CryptOptions cryptInfo, string zippedFileName) { string tempFile = Path.GetTempFileName(); string workingDirectory = Path.GetDirectoryName(tempFile); string fileName = Path.GetFileName(tempFile); await File.WriteAllBytesAsync(tempFile, data); var processor = GetCryptoProcessor(Direction.Output); await using (CryptoContext context = new CryptoContext(cryptInfo, workingDirectory, fileName, Direction.Output, zippedFileName)) { await processor.Execute(context); // получаем результат последовательность (исходные байты -> zip.sgn.enc) byte[] result = await File.ReadAllBytesAsync(Path.Combine(context.WorkDirectory, context.LastFileName)); return(result); } }
public void TestLocalKeyCreationWithkeyAltNamesStepwise() { var keyAltNames = new[] { "KeyMaker", "Architect" }; var keyAltNameDocuments = keyAltNames.Select(name => new BsonDocument("keyAltName", name)); var keyAltNameBuffers = keyAltNameDocuments.Select(BsonUtil.ToBytes); var key = new LocalKmsCredentials(new byte[96]); var keyId = new LocalKeyId(keyAltNameBuffers); var cryptOptions = new CryptOptions(CreateCredentialsMap(key)); using (var cryptClient = CryptClientFactory.Create(cryptOptions)) using (var context = cryptClient.StartCreateDataKeyContext(keyId)) { var(state, _, dataKeyDocument) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_READY); dataKeyDocument.Should().NotBeNull(); var actualKeyAltNames = dataKeyDocument["keyAltNames"].AsBsonArray.Select(x => x.AsString); var expectedKeyAltNames = keyAltNames.Reverse(); // https://jira.mongodb.org/browse/CDRIVER-3277? actualKeyAltNames.Should().BeEquivalentTo(expectedKeyAltNames); (state, _, _) = ProcessState(context); state.Should().Be(CryptContext.StateCode.MONGOCRYPT_CTX_DONE); } }
private static ExitCode RunCryptOptionsAndReturnExitCode(CryptOptions cryptOptions) { AesEncryptionResult aesEncryptionResult = null; switch (cryptOptions.InputType.ToLower()) { case "string": { aesEncryptionResult = (cryptOptions.Algorithm.ToLower()) switch { "aes128cbc" => new AE_AES_128_CBC_HMAC_SHA_256().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password), "aes192cbc" => new AE_AES_192_CBC_HMAC_SHA_384().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password), "aes256cbc" => new AE_AES_256_CBC_HMAC_SHA_512().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password), "aes128gcm" => new AEAD_AES_128_GCM().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password, cryptOptions.AssociatedData), "aes192gcm" => new AEAD_AES_192_GCM().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password, cryptOptions.AssociatedData), "aes256gcm" => new AEAD_AES_256_GCM().EncryptString(cryptOptions.InputToBeEncrypted, cryptOptions.Password, cryptOptions.AssociatedData), _ => new AesEncryptionResult() { Success = false, Message = $"Unknown algorithm \"{cryptOptions.Algorithm}\"." }, }; } break; case "file": { switch (cryptOptions.Algorithm.ToLower()) { case "aes128cbc": { using (var progressBar = new ProgressBar()) { var aes128 = new AE_AES_128_CBC_HMAC_SHA_256(); aes128.OnEncryptionProgress += (percentageDone, message) => { progressBar.Report((double)percentageDone / 100); }; aes128.OnEncryptionMessage += (msg) => { progressBar.WriteLine(msg); }; aesEncryptionResult = aes128.EncryptFile(cryptOptions.InputToBeEncrypted, cryptOptions.OutputFilePath, cryptOptions.Password, cryptOptions.DeleteSourceFile); } } break; case "aes192cbc": { using (var progressBar = new ProgressBar()) { var aes192 = new AE_AES_192_CBC_HMAC_SHA_384(); aes192.OnEncryptionProgress += (percentageDone, message) => { progressBar.Report((double)percentageDone / 100); }; aes192.OnEncryptionMessage += (msg) => { progressBar.WriteLine(msg); }; aesEncryptionResult = aes192.EncryptFile(cryptOptions.InputToBeEncrypted, cryptOptions.OutputFilePath, cryptOptions.Password, cryptOptions.DeleteSourceFile); } } break; case "aes256cbc": { using (var progressBar = new ProgressBar()) { var aes256 = new AE_AES_256_CBC_HMAC_SHA_512(); aes256.OnEncryptionProgress += (percentageDone, message) => { progressBar.Report((double)percentageDone / 100); }; aes256.OnEncryptionMessage += (msg) => { progressBar.WriteLine(msg); }; aesEncryptionResult = aes256.EncryptFile(cryptOptions.InputToBeEncrypted, cryptOptions.OutputFilePath, cryptOptions.Password, cryptOptions.DeleteSourceFile); } } break; case "aes128gcm": case "aes192gcm": case "aes256gcm": aesEncryptionResult = new AesEncryptionResult() { Success = false, Message = $"Algorithm \"{cryptOptions.Algorithm}\" currently not available for file encryption." }; break; default: aesEncryptionResult = new AesEncryptionResult() { Success = false, Message = $"Unknown algorithm \"{cryptOptions.Algorithm}\"." }; break; } } break; default: aesEncryptionResult = new AesEncryptionResult() { Success = false, Message = $"Unknown input type \"{cryptOptions.InputType}\"." }; break; } if (aesEncryptionResult.Success) { Console.WriteLine(cryptOptions.InputType.ToLower().Equals("string") ? aesEncryptionResult.EncryptedDataBase64String : aesEncryptionResult.Message); return(ExitCode.Sucess); } else { Console.WriteLine(aesEncryptionResult.Message); return(ExitCode.Error); } }
private CryptClient CreateCryptClient(CryptOptions options) { return(CryptClientFactory.Create(options)); }
/// <summary> /// Для обработки входящего файла /// </summary> /// <param name="data">входящие zip.sgn.enc данные</param> /// <returns>расшифрованные байты даннных и имя файла из архива</returns> public static async Task <(byte[] result, string fileName)> ExecuteInput(byte[] data, CryptOptions cryptInfo) { string tempFile = Path.GetTempFileName(); string workingDirectory = Path.GetDirectoryName(tempFile); string fileName = Path.GetFileName(tempFile); await File.WriteAllBytesAsync(tempFile, data); var processor = GetCryptoProcessor(Direction.Input); await using (CryptoContext context = new CryptoContext(cryptInfo, workingDirectory, fileName, Direction.Input)) { await processor.Execute(context); string logicalFileName = context.LogicalFileName; byte[] result = await File.ReadAllBytesAsync(Path.Combine(context.WorkDirectory, context.LastFileName)); return(result, logicalFileName); } }