public string Decrypt(JweConfig config) { byte[] unwrappedKey = RsaEncryption.UnwrapSecretKey(config, Base64Utils.URLDecode(EncryptedKey), "SHA-256"); if (unwrappedKey == null) { throw new EncryptionException(String.Format("Failed to unwrap key {0}", EncryptedKey)); } string encryptionMethod = Header.Enc; byte[] plaintext; if (A256GCM.Equals(encryptionMethod)) { plaintext = AesGcm.Decrypt(unwrappedKey, this); } else if (A128CBC_HS256.Equals(encryptionMethod)) { plaintext = AesCbc.Decrypt(unwrappedKey, this); } else { throw new EncryptionException(String.Format("Encryption method {0} is not supported", encryptionMethod)); } return(Encoding.UTF8.GetString(plaintext)); }
public void TestWrapUnwrapSecretKey_ShouldReturnTheOriginalKey() { // GIVEN var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder().Build(); var originalKeyBytes = Convert.FromBase64String("mZzmzoURXI3Vk0vdsPkcFw=="); // WHEN var wrappedKeyBytes = RsaEncryption.WrapSecretKey(config.EncryptionCertificate.GetRSAPublicKey(), originalKeyBytes, config.OaepPaddingDigestAlgorithm); var unwrappedKeyBytes = RsaEncryption.UnwrapSecretKey(config, wrappedKeyBytes, config.OaepPaddingDigestAlgorithm); // THEN Assert.IsTrue(originalKeyBytes.SequenceEqual(unwrappedKeyBytes)); }
public void TestUnwrapSecretKey_InteroperabilityTest_OaepSha512() { // GIVEN var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder() .WithOaepPaddingDigestAlgorithm("SHA-512") .Build(); const string wrappedKey = "RuruMYP5rG6VP5vS4kVznIrSOjUzXyOhtD7bYlVqwniWTvxxZC73UDluwDhpLwX5QJCsCe8TcwGiQRX1u+yWpBveHDRmDa03hrc3JRJALEKPyN5tnt5w7aI4dLRnLuNoXbYoTSc4V47Z3gaaK6q2rEjydx2sQ/SyVmeUJN7NgxkhtHTyVWTymEM1ythL+AaaQ5AaXedhpWKhG06XYZIX4KV7T9cHEn+See6RVGGB2RUPHBJjrxJo5JoVSfnWN0gkTMyuwbmVaTWfsowbvh8GFibFT7h3uXyI3b79NiauyB7scXp9WidGues3MrTx4dKZrSbs3uHxzPKmCDZimuKfwg=="; var wrappedKeyBytes = Convert.FromBase64String(wrappedKey); // WHEN var unwrappedKeyBytes = RsaEncryption.UnwrapSecretKey(config, wrappedKeyBytes, config.OaepPaddingDigestAlgorithm); // THEN var expectedKeyBytes = Convert.FromBase64String("mZzmzoURXI3Vk0vdsPkcFw=="); Assert.IsTrue(expectedKeyBytes.SequenceEqual(unwrappedKeyBytes)); }
public void TestUnwrapSecretKey_InteroperabilityTest_OaepSha256() { // GIVEN var config = TestUtils.GetTestFieldLevelEncryptionConfigBuilder() .WithOaepPaddingDigestAlgorithm("SHA-256") .Build(); const string wrappedKey = "ZLB838BRWW2/BtdFFAWBRYShw/gBxXSwItpxEZ9zaSVEDHo7n+SyVYU7mayd+9vHkR8OdpqwpXM68t0VOrWI8LD8A2pRaYx8ICyhVFya4OeiWlde05Rhsk+TNwwREPbiw1RgjT8aedRJJYbAZdLb9XEI415Kb/UliHyvsdHMb6vKyYIjUHB/pSGAAmgds56IhIJGfvnBLPZfSHmGgiBT8WXLRuuf1v48aIadH9S0FfoyVGTaLYr+2eznSTAFC0ZBnzebM3mQI5NGQNviTnEJ0y+uZaLE/mthiKgkv1ZybyDPx2xJK2n05sNzfIWKmnI/SOb65RZLlo1Q+N868l2m9g=="; var wrappedKeyBytes = Convert.FromBase64String(wrappedKey); // WHEN var unwrappedKeyBytes = RsaEncryption.UnwrapSecretKey(config, wrappedKeyBytes, config.OaepPaddingDigestAlgorithm); // THEN var expectedKeyBytes = Convert.FromBase64String("mZzmzoURXI3Vk0vdsPkcFw=="); Assert.IsTrue(expectedKeyBytes.SequenceEqual(unwrappedKeyBytes)); }