public static JsonGeneral Import(string jwe)
{
JsonGeneral result;
try
{
result = JsonConvert.DeserializeObject <JsonGeneral>(jwe);
}
catch (Exception)
{
string[] parts = jwe.Split('.');
result = new JsonGeneral
{
ProtectedHeader = parts[0],
EncryptedKey = parts[1],
InitializationVector = parts[2],
CipherText = parts[3],
AuthenticationTag = parts[4],
};
}
if (result == null)
{
throw new Exception("Wrong JWE format");
}
return(result);
}
private void Encrypt(object key)
{
var alg = _keyAlgorithms[(Algorithms)_protectedHeader.Algorithm];
var enc = _encAlgorithms[(Encryptions)_protectedHeader.EncryptionAlgorithm];
if (alg == null)
{
throw new Exception("Unsupported JWA algorithm requested");
}
if (enc == null)
{
throw new Exception("Unsupported JWE encryption requested");
}
var cek = Utils.Random(enc.KeySize);
var iv = Utils.Random(128);
var encryptedCek = alg.WrapKey(cek, key);
var encParts = enc.Encrypt(Base64Url.Decode(_message), cek, iv, _aad != null ? Base64Url.Decode(_aad) : new byte[0]);
_result = new JsonGeneral
{
ProtectedHeader = Base64Url.Encode(JsonConvert.SerializeObject(_protectedHeader)),
EncryptedKey = Base64Url.Encode(encryptedCek),
AdditionalAuthenticatedData = _aad,
InitializationVector = Base64Url.Encode(iv),
CipherText = Base64Url.Encode(encParts[0]),
AuthenticationTag = Base64Url.Encode(encParts[1]),
};
}
public static byte[] Decrypt(JsonGeneral jwe, object key)
{
var protectedHeader = JsonConvert.DeserializeObject <JsonHeader>(Encoding.UTF8.GetString(Base64Url.Decode(jwe.ProtectedHeader)));
var enc = _encAlgorithms[(Encryptions)protectedHeader.EncryptionAlgorithm];
if (enc == null)
{
throw new Exception("Unsupported JWE encryption requested");
}
byte[] cek = null;
if (jwe.EncryptedKey != null)
{
var alg = _keyAlgorithms[(Algorithms)protectedHeader.Algorithm];
if (alg == null)
{
throw new Exception("Unsupported JWA algorithm requested");
}
var encryptedKey = Base64Url.Decode(jwe.EncryptedKey);
cek = alg.UnwrapKey(encryptedKey, key);
}
else if (jwe.Recipients != null)
{
foreach (var recipient in jwe.Recipients)
{
var alg = _keyAlgorithms[(Algorithms)recipient.Header.Algorithm];
if (alg == null)
{
throw new Exception("Unsupported JWA algorithm requested");
}
var encryptedKey = Base64Url.Decode(recipient.EncryptedKey);
try
{
cek = alg.UnwrapKey(encryptedKey, key);
break;
}
catch (Exception) { }
}
}
var iv = Base64Url.Decode(jwe.InitializationVector);
var aad = jwe.AdditionalAuthenticatedData != null?Base64Url.Decode(jwe.AdditionalAuthenticatedData) : new byte[0];
var cipherText = Base64Url.Decode(jwe.CipherText);
var tag = Base64Url.Decode(jwe.AuthenticationTag);
return(enc.Decrypt(cipherText, cek, iv, aad, tag));
}