static void doRecover()
{
if (!File.Exists(backupToRecover))
{
Console.WriteLine($"Backup file {backupToRecover} does not exists. Quitting.");
Environment.Exit(1);
}
Console.Clear();
displayRecoverInitialInfo();
Console.ReadLine();
displayShareHolderInvitation(quorum);
Console.ReadLine();
Share[] shares = new Share[quorum];
for (var i = 0; i < shares.Length; i++)
{
var share = shares[i] = new Share();
share.n = quorum + 1; // just to satisfy validations in SharedSecretGenerator
share.k = quorum;
readShare(share, quorum, i + 1, true);
}
var secret = SharedSecretGenerator.joinShares(shares);
var encryptedKey = File.ReadAllText(backupToRecover, Encoding.UTF8);
var keyJson = SharedSecretGenerator.decryptKey(encryptedKey, shares);
var key = JsonConvert.DeserializeObject <KeyGenerator.JwtRsaKey>(keyJson);
//=========================
Console.Clear();
displayKeyRecoveredInfo();
Console.ReadLine();
Console.Clear();
displayAzureVaultPrompt();
Console.ReadLine();
string token = null;
if (!testModeFlag)
{
token = getToken(tenant).Result.AccessToken;
}
Console.WriteLine($"Token:\n{token}");
displayVaultImportConfirm();
Console.ReadLine();
if (!testModeFlag)
{
importKeyToVault(key, token, vaultUrl);
}
Console.WriteLine("Press [Enter] to continue");
Console.ReadLine();
Console.Clear();
displayFinishInfo();
Console.ReadLine();
}
public void Test2()
{
var key = SharedSecretGenerator.genKey("sec.oper");
var shares = SharedSecretGenerator.generateSharedSecret(32, 6, 3);
var encryptedKey = SharedSecretGenerator.encryptKey(key, shares);
var secret = PQ.bytes2hex(SharedSecretGenerator.joinShares(shares));
var secretMac = secret.Substring(0, secret.Length / 2);
var secretEnc = secret.Substring(secret.Length / 2);
Console.WriteLine("Secret:\n" + secret);
Console.WriteLine("SecretMac:\n" + secretMac);
Console.WriteLine("SecretEnc:\n" + secretEnc);
Console.WriteLine("----");
Console.WriteLine("Encrypted key:\n" + encryptedKey);
Console.WriteLine("----");
string[] parts = encryptedKey.Split('.');
Console.WriteLine("--Authenticated header:\n" + parts[0]);
Console.WriteLine("--Encrypted key:\n" + parts[1]);
Console.WriteLine("--IV:\n" + parts[2]);
Console.WriteLine("--Cipher text:\n" + parts[3]);
Console.WriteLine("--Auth Tag:\n" + parts[4]);
Console.WriteLine("----");
var authenticatedHeader = Base64Url.Decode(parts[0]);
byte[] iv = Base64Url.Decode(parts[2]);
var cipherText = Base64Url.Decode(parts[3]);
Console.WriteLine("You can test decryption using followinf openssl command.");
Console.WriteLine(String.Format("echo -n {0} | xxd -r -p | openssl enc -aes-128-cbc -d -K {1} -iv {2} ",
PQ.bytes2hex(cipherText), secretEnc, PQ.bytes2hex(iv)));
var decrypted = SharedSecretGenerator.decryptKey(encryptedKey, shares);
Console.WriteLine("Decrypted key: \n" + decrypted);
Console.WriteLine("----");
}