public static void Test_Manual_Decryption_Rsa_To_AeadAes256CbcHmacSha512()
{
// Arrange
var keyring = new Keyring(new IKey[]
{
new Key("publickey", Encoding.UTF8.GetBytes("!mysecretkey#9^5usdk39d&dlf)03sL")),
new Key("hmacKey", Encoding.UTF8.GetBytes("mysecret")),
new Key("upgrade-key", FakeKeyGenerator.GetKey(64))
});
var legacyJson =
"{\"__crypt_bar\":{\"alg\":\"AES-256-CBC-HMAC-SHA256\",\"kid\":\"publickey\",\"ciphertext\":\"zOcxunCOdTSMxic4xz/F2w==\",\"sig\":\"7VYNnEBxuC8IvBu0egS3AM922NqWE6Mfy08KEghJ62Q=\",\"iv\":\"03AUmzwQqnbs/JhkWGrIkw==\"},\"foo\":2}";
var provider = new AeadAes256CbcHmacSha512Provider(new AeadAes256CbcHmacSha512Cipher(), keyring);
var cryptoManager = DefaultCryptoManager.Builder()
.LegacyAesDecrypters(keyring, "hmacKey")
.DefaultEncrypter(provider.Encrypter("upgrade-key"))
.Decrypter(provider.Decrypter())
.Build();
var jsonObject = JObject.Parse(legacyJson);
jsonObject.DecryptLegacyAes256 <string>(cryptoManager, "hmacKey", "__crypt_bar");
Assert.Equal("bar", jsonObject.SelectToken("bar").Value <string>());
Assert.Equal(2, jsonObject.SelectToken("foo").Value <int>());
jsonObject.EncryptField(cryptoManager, "bar");
Assert.NotNull(jsonObject.SelectToken("encrypted$bar.ciphertext").Value <string>());
}
public void Test_Upgrade_From_Rsa_To_AeadAes256CbcHmacSha512()
{
var keyring = new Keyring(new IKey[]
{
new Key("MyKeyName", GetKey("./Docs/rsa-private.xml")),
new Key("upgrade-key", FakeKeyGenerator.GetKey(64))
});
var provider =
new AeadAes256CbcHmacSha512Provider(
new AeadAes256CbcHmacSha512Cipher(), keyring);
var cryptoManager = DefaultCryptoManager.Builder()
.DefaultEncrypter(provider.Encrypter("upgrade-key"))
.LegacyRsaDecrypter(keyring, "MyKeyName")
.Build();
var jsonObject = JObject.Parse(File.ReadAllText("./Docs/poco-rsa.json"));
jsonObject.DecryptLegacyRsa <string>(cryptoManager, "__crypt_bar");
jsonObject.DecryptLegacyRsa <int>(cryptoManager, "__crypt_foo");
jsonObject.DecryptLegacyRsa <PocoMoco>(cryptoManager, "__crypt_childObject");
jsonObject.DecryptLegacyRsa <List <int> >(cryptoManager, "__crypt_baz");
jsonObject.DecryptLegacyRsa <string[]>(cryptoManager, "__crypt_faz");
Assert.Equal("Bar", jsonObject.SelectToken("bar").Value <string>());
Assert.Equal(90, jsonObject.SelectToken("foo").Value <int>());
Assert.Equal("Bar2", jsonObject.SelectToken("childObject.Bar").Value <string>());
Assert.Equal(new List <int> {
3, 4
}, jsonObject.SelectToken("baz").Values <int>());
Assert.Equal(new[] { "ted", "alice", "bill" }, jsonObject.SelectToken("faz").Values <string>());
jsonObject.EncryptField(cryptoManager, "bar");
jsonObject.EncryptField(cryptoManager, "foo");
jsonObject.EncryptField(cryptoManager, "childObject");
jsonObject.EncryptField(cryptoManager, "baz");
jsonObject.EncryptField(cryptoManager, "faz");
Assert.NotEqual("Bar", jsonObject.SelectToken("encrypted$bar.ciphertext").Value <string>());
Assert.NotNull(jsonObject.SelectToken("encrypted$foo.ciphertext").Value <string>());
Assert.NotEqual("Bar2", jsonObject.SelectToken("encrypted$bar.ciphertext").Value <string>());
Assert.NotNull(jsonObject.SelectToken("encrypted$baz.ciphertext").Value <string>());
Assert.NotNull(jsonObject.SelectToken("encrypted$faz.ciphertext").Value <string>());
}
public void Test_Upgrade_With_Attributes()
{
// Arrange
var keyring = new Keyring(new IKey[]
{
new Key("publickey", Encoding.UTF8.GetBytes("!mysecretkey#9^5usdk39d&dlf)03sL")),
new Key("hmacKey", Encoding.UTF8.GetBytes("mysecret")),
new Key("upgrade-key", FakeKeyGenerator.GetKey(64))
});
var legacyJson =
"{\"__crypt_bar\":{\"alg\":\"AES-256-CBC-HMAC-SHA256\",\"kid\":\"publickey\",\"ciphertext\":\"zOcxunCOdTSMxic4xz/F2w==\",\"sig\":\"7VYNnEBxuC8IvBu0egS3AM922NqWE6Mfy08KEghJ62Q=\",\"iv\":\"03AUmzwQqnbs/JhkWGrIkw==\"},\"foo\":2}";
var provider = new AeadAes256CbcHmacSha512Provider(new AeadAes256CbcHmacSha512Cipher(), keyring);
var cryptoManager = DefaultCryptoManager.Builder()
.LegacyAesDecrypters(keyring, "hmacKey")
.DefaultEncrypter(provider.Encrypter("upgrade-key"))
.Decrypter(provider.Decrypter())
.Build();
//We will need separate settings for deserialize and serialize so that the prefix is correctly applied
var deserializerSettings = new JsonSerializerSettings
{
ContractResolver = new LegacyEncryptedFieldContractResolver(cryptoManager, "__crypt_")
};
var serializerSettings = new JsonSerializerSettings
{
ContractResolver = new EncryptedFieldContractResolver(cryptoManager)//uses the default "new" prefix for 2.0 "encrypted$"
};
// Act
var decryptedPoco = JsonConvert.DeserializeObject <Poco>(legacyJson, deserializerSettings);
var encryptedJson = JsonConvert.SerializeObject(decryptedPoco, serializerSettings);
// Assert
Assert.Equal("bar", decryptedPoco.Bar);
Assert.Contains("upgrade-key", encryptedJson);
Assert.Contains("AEAD_AES_256_CBC_HMAC_SHA512", encryptedJson);
Assert.Contains("encrypted$", encryptedJson);
}
