public static byte[] Decrypt(byte[] secretKeyBytes, JweObject jweObject)
{
// Extract the encryption key
byte[] aesKey = new byte[16];
Array.Copy(secretKeyBytes, 16, aesKey, 0, aesKey.Length);
byte[] plaintext;
using (var aes = Aes.Create())
{
aes.Key = aesKey;
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
aes.IV = Base64Utils.URLDecode(jweObject.Iv);
byte[] ciphertext = Base64Utils.URLDecode(jweObject.CipherText);
using (var decryptor = aes.CreateDecryptor())
{
using (var memoryStream = new MemoryStream(ciphertext))
{
using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
var output = new MemoryStream();
var decrypted = new byte[Math.Min(1024, ciphertext.Length)];
int byteCount;
while ((byteCount = cryptoStream.Read(decrypted, 0, decrypted.Length)) > 0)
{
output.Write(decrypted, 0, byteCount);
}
plaintext = output.ToArray();
}
}
}
}
return(plaintext);
}
public void TestDecrypt_ShouldReturnDecryptedPayload_WhenPayloadIsCbcEncrypted()
{
// GIVEN
JweObject jweObject = TestUtils.GetTestCbcJweObject();
// WHEN
string decryptedPayload = jweObject.Decrypt(TestUtils.GetTestJweConfigBuilder().Build());
// THEN
Assert.AreEqual("bar", decryptedPayload);
}
internal static byte[] Decrypt(byte[] secretKeyBytes, JweObject jweObject)
{
#if NETSTANDARD2_1
byte[] plaintext;
using (var aes = new System.Security.Cryptography.AesGcm(secretKeyBytes))
{
byte[] nonce = Base64Utils.URLDecode(jweObject.Iv);
byte[] aad = Encoding.ASCII.GetBytes(jweObject.RawHeader);
byte[] authTag = Base64Utils.URLDecode(jweObject.AuthTag);
byte[] ciphertext = Base64Utils.URLDecode(jweObject.CipherText);
plaintext = new byte[ciphertext.Length];
aes.Decrypt(nonce, ciphertext, authTag, plaintext, aad);
}
return(plaintext);
#else
throw new EncryptionException("AES/GCM/NoPadding is unsupported on .NET Standard < 2.1");
#endif
}
internal static JweObject GetTestGcmJweObject()
{
return(JweObject.Parse("eyJraWQiOiI3NjFiMDAzYzFlYWRlM2E1NDkwZTUwMDBkMzc4ODdiYWE1ZTZlYzBlMjI2YzA3NzA2ZTU5OTQ1MWZjMDMyYTc5IiwiY3R5IjoiYXBwbGljYXRpb25cL2pzb24iLCJlbmMiOiJBMjU2R0NNIiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.8c6vxeZOUBS8A9SXYUSrRnfl1ht9xxciB7TAEv84etZhQQ2civQKso-htpa2DWFBSUm-UYlxb6XtXNXZxuWu-A0WXjwi1K5ZAACc8KUoYnqPldEtC9Q2bhbQgc_qZF_GxeKrOZfuXc9oi45xfVysF_db4RZ6VkLvY2YpPeDGEMX_nLEjzqKaDz_2m0Ae_nknr0p_Nu0m5UJgMzZGR4Sk1DJWa9x-WJLEyo4w_nRDThOjHJshOHaOU6qR5rdEAZr_dwqnTHrjX9Qm9N9gflPGMaJNVa4mvpsjz6LJzjaW3nJ2yCoirbaeJyCrful6cCiwMWMaDMuiBDPKa2ovVTy0Sw.w0Nkjxl0T9HHNu4R.suRZaYu6Ui05Z3-vsw.akknMr3Dl4L0VVTGPUszcA"));
}
internal static JweObject GetTestCbcJweObject()
{
return(JweObject.Parse("eyJraWQiOiI3NjFiMDAzYzFlYWRlM2E1NDkwZTUwMDBkMzc4ODdiYWE1ZTZlYzBlMjI2YzA3NzA2ZTU5OTQ1MWZjMDMyYTc5IiwiY3R5IjoiYXBwbGljYXRpb25cL2pzb24iLCJlbmMiOiJBMTI4Q0JDLUhTMjU2IiwiYWxnIjoiUlNBLU9BRVAtMjU2In0.5bsamlChk0HR3Nqg2UPJ2Fw4Y0MvC2pwWzNv84jYGkOXyqp1iwQSgETGaplIa7JyLg1ZWOqwNHEx3N7gsN4nzwAnVgz0eta6SsoQUE9YQ-5jek0COslUkoqIQjlQYJnYur7pqttDibj87fcw13G2agle5fL99j1QgFPjNPYqH88DMv481XGFa8O3VfJhW93m73KD2gvE5GasOPOkFK9wjKXc9lMGSgSArp3Awbc_oS2Cho_SbsvuEQwkhnQc2JKT3IaSWu8yK7edNGwD6OZJLhMJzWJlY30dUt2Eqe1r6kMT0IDRl7jHJnVIr2Qpe56CyeZ9V0aC5RH1mI5dYk4kHg.yI0CS3NdBrz9CCW2jwBSDw.6zr2pOSmAGdlJG0gbH53Eg.UFgf3-P9UjgMocEu7QA_vQ"));
}