public void TestEncryptedKeysetForNonEncryptedData()
{
var nonEncryptedPath = Util.TestDataPath(TEST_DATA, "rsa");
using (var pbereader = KeySet.LayerSecurity(
FileSystemKeySet.Creator(nonEncryptedPath),
PbeKeySet.Creator(() => "dummy")
))
{
var key = pbereader.GetKey(1);
Expect(key, Is.Not.Null);
}
using (var crypter = new Crypter(nonEncryptedPath))
using (var encreader = KeySet.LayerSecurity(
FileSystemKeySet.Creator(nonEncryptedPath),
EncryptedKeySet.Creator(crypter)
))
{
var key = encreader.GetKey(1);
Expect(key, Is.Not.Null);
}
}
public void TestSign()
{
using (var stream = File.OpenRead(Util.TestDataPath(TEST_DATA, "cryptkey.zip")))
using (var keySet = new BlobKeySet(stream))
using (var crypter = new Crypter(keySet))
using (var signstream = File.OpenRead(Util.TestDataPath(TEST_DATA, "signkey.zip")))
using (var signkeySet = KeySet.LayerSecurity(
BlobKeySet.Creator(signstream),
EncryptedKeySet.Creator(crypter)
))
using (var verifier = new Verifier(signkeySet))
{
var sig = (WebBase64)File.ReadAllText(Util.TestDataPath(TEST_DATA, "sign.out"));
Expect(verifier.Verify(input, sig), Is.True);
}
}
public void TestAesEncryptedKeyDecrypt(string subDir, string nestedDir)
{
// Test reading and using encrypted keys
var basePath = Util.TestDataPath(TEST_DATA, nestedDir);
var keyPath = Path.Combine(basePath, subDir);
var dataPath = Path.Combine(basePath, subDir + "-crypted");
using (var keyDecrypter = new Crypter(keyPath))
using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(dataPath),
EncryptedKeySet.Creator(keyDecrypter)))
using (var dataDecrypter = new Crypter(ks))
{
HelperDecrypt(dataDecrypter, dataPath);
}
}
public void Decrypt()
{
var keyPath = TestData("aes");
var dataPath = TestData("aes-crypted");
var activeCiphertext = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "1.out")).First();
var primaryCiphertext = (WebBase64)File.ReadAllLines(Path.Combine(dataPath, "2.out")).First();
using (var keyDecrypter = new Crypter(keyPath))
using (var ks = KeySet.LayerSecurity(FileSystemKeySet.Creator(dataPath),
EncryptedKeySet.Creator(keyDecrypter)))
using (var crypter = new Crypter(ks))
{
var activeDecrypted = crypter.Decrypt(activeCiphertext);
Expect(activeDecrypted, Is.EqualTo(Input));
var primaryDecrypted = crypter.Decrypt(primaryCiphertext);
Expect(primaryDecrypted, Is.EqualTo(Input));
}
}
public void CreateAndCrypted(string keyType, string topDir, string subDir)
{
KeyType type = keyType;
var kspath = Util.TestDataPath(WRITE_DATA, topDir, subDir);
var writer = new FileSystemKeySetWriter(kspath, overwrite: true);
using (var ks = CreateNewKeySet(type.Kind, KeyPurpose.DecryptAndEncrypt))
{
var success = ks.Save(writer);
Expect(success, Is.True);
}
HelperCryptCreate(writer, new FileSystemKeySet(kspath), kspath, type);
var kscryptpath = Util.TestDataPath(WRITE_DATA, topDir + "-crypted", subDir);
var baseWriter = new FileSystemKeySetWriter(kscryptpath, overwrite: true);
using (var ks = CreateNewKeySet(type.Kind, KeyPurpose.DecryptAndEncrypt))
{
var success = ks.Save(baseWriter);
Expect(success, Is.True);
}
using (var encrypter = new Crypter(kspath))
{
var cryptedwriter = new EncryptedKeySetWriter(baseWriter, encrypter);
using (var eks = KeySet.LayerSecurity(FileSystemKeySet.Creator(kscryptpath),
EncryptedKeySet.Creator(encrypter)))
{
HelperCryptCreate(cryptedwriter, eks, kscryptpath, type,
new FileSystemKeySet(kscryptpath), baseWriter);
}
}
}
public void TestOperateOnPbeCryptKeys()
{
string result;
var path = Util.TestDataPath(TEST_DATA, "rsa-pbe2");
var pathc = Util.TestDataPath(TEST_DATA, "rsa-crypted2");
if (Directory.Exists(path))
{
Directory.Delete(path, true);
}
if (Directory.Exists(pathc))
{
Directory.Delete(pathc, true);
}
result = Util.KeyczarTool(create: null, location: path, purpose: "crypt", unofficial: null);
Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKeySet));
result = Util.KeyczarTool("cartman", "cartman", addkey: null, location: path, password: null,
status: "primary");
Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKey));
result = Util.KeyczarTool(create: null, location: pathc, purpose: "crypt", asymmetric: null);
Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKeySet));
result = Util.KeyczarTool("cartman", addkey: null, location: pathc, crypter: path, password: null,
status: "primary");
Expect(result, Does.Contain(KeyczarTool.Localized.MsgCreatedKey));
var pathi = Path.Combine(pathc, "out.pem");
result = Util.KeyczarTool(
"cartman",
"pass",
"pass",
export: null,
location: pathc,
password: null,
crypter: path,
destination: pathi);
Expect(result, Does.Contain(KeyczarTool.Localized.MsgExportedPem));
result = Util.KeyczarTool("cartman", "pass",
importkey: null,
location: pathc,
status: "primary",
crypter: path,
password: null,
importlocation: pathi);
Expect(result, Does.Contain(KeyczarTool.Localized.MsgImportedNewKey));
var pathp = Path.Combine(pathc, "export");
result = Util.KeyczarTool(
"cartman",
pubkey: null,
location: pathc,
crypter: path,
password: null,
destination: pathp
);
Expect(result, Does.Contain(KeyczarTool.Localized.MsgNewPublicKeySet));
var patho = Path.Combine(pathc, "1.out");
result = Util.KeyczarTool(
"cartman",
usekey: null,
location: pathc,
crypter: path,
password: null,
destination: patho,
additionalArgs: new[] { input }
);
using (var pks = KeySet.LayerSecurity(
FileSystemKeySet.Creator(path),
PbeKeySet.Creator(() => "cartman" /*hardcoding because this is a test*/)))
using (var kcrypter = new Crypter(pks))
{
using (var eks = KeySet.LayerSecurity(FileSystemKeySet.Creator(pathc),
EncryptedKeySet.Creator(kcrypter)))
using (var crypter = new Crypter(eks))
{
Expect(pks.Metadata.Encrypted, Is.True);
Expect(eks.Metadata.Encrypted, Is.True);
result = crypter.Decrypt((WebBase64)File.ReadAllText(patho));
Expect(result, Is.EqualTo(input));
}
}
Directory.Delete(pathc, true);
}