// Validates that Bulk encryption, decryption and re-encryption works for Key Derivation encryption keys that need contexts.
public async Task BulkEncryptionDecryptionContextual_Works()
{
// Create key, validate the version and then encrypt some data with that key.
string key = _uniqueKeys.GetKey();
// Create key.
bool fa = await _transitSecretEngine.CreateEncryptionKey(key, true, true, TransitEnumKeyType.aes256, true);
Assert.True(fa);
// Confirm key is new:
TransitKeyInfo TKI = await _transitSecretEngine.ReadEncryptionKey(key);
Assert.AreEqual(TKI.LatestVersionNum, 1);
// Confirm it supports key derivation.
Assert.AreEqual(true, TKI.SupportsDerivation);
// Step A. Build list of items to encrypt along with contextual encryption value.
List <KeyValuePair <string, string> > items = new List <KeyValuePair <string, string> >
{
new KeyValuePair <string, string>("abc", "123"),
new KeyValuePair <string, string>("ZYX", "argue"),
new KeyValuePair <string, string>("45332092214", "20180623")
};
// Step B.
// Encrypt several items in bulk. Storing both the item to encrypt and contextual encryption value.
List <TransitBulkItemToEncrypt> bulkEnc = new List <TransitBulkItemToEncrypt>();
foreach (KeyValuePair <string, string> item in items)
{
bulkEnc.Add(new TransitBulkItemToEncrypt(item.Key, item.Value));
}
// Encrypt.
TransitEncryptionResultsBulk bulkEncResponse = await _transitSecretEngine.EncryptBulk(key, bulkEnc);
int sentCnt = bulkEnc.Count;
int recvCnt = bulkEncResponse.EncryptedValues.Count;
// It's critical that items received = items sent.
Assert.AreEqual(sentCnt, recvCnt);
// Step C
// Decrypt in Bulk these Same Items. We need to send the encrypted item as well as the original context value that was used to encrypt
// that specific item.
List <TransitBulkItemToDecrypt> bulkDecrypt = new List <TransitBulkItemToDecrypt>();
for (int i = 0; i < recvCnt; i++)
{
bulkDecrypt.Add(new TransitBulkItemToDecrypt(bulkEncResponse.EncryptedValues [i].EncryptedValue, items [i].Value));
}
TransitDecryptionResultsBulk bulkDecResponse = await _transitSecretEngine.DecryptBulk(key, bulkDecrypt);
// Validate.
Assert.AreEqual(recvCnt, bulkDecResponse.DecryptedValues.Count);
for (int i = 0; i < recvCnt; i++)
{
Assert.AreEqual(items [i].Key, bulkDecResponse.DecryptedValues [i].DecryptedValue);
}
// Step D
// Rotate Key.
Assert.AreEqual(true, (await _transitSecretEngine.RotateKey(key)));
TransitKeyInfo TKI2 = await _transitSecretEngine.ReadEncryptionKey(key);
Assert.AreEqual(TKI2.LatestVersionNum, 2);
// Step E.
// Re-encrypt in bulk.
List <TransitBulkItemToDecrypt> bulkRewrap = new List <TransitBulkItemToDecrypt>();
foreach (KeyValuePair <string, string> item in items)
{
bulkRewrap.Add(new TransitBulkItemToDecrypt(item.Key, item.Value));
}
TransitEncryptionResultsBulk rewrapResponse = await _transitSecretEngine.ReEncryptBulk(key, bulkRewrap);
Assert.AreEqual(bulkEnc.Count, rewrapResponse.EncryptedValues.Count);
// Step F.
// Decrypt once again in bulk.
List <TransitBulkItemToDecrypt> bulkDecrypt2 = new List <TransitBulkItemToDecrypt>();
for (int i = 0; i < recvCnt; i++)
{
bulkDecrypt2.Add(new TransitBulkItemToDecrypt(bulkEncResponse.EncryptedValues [i].EncryptedValue, items [i].Value));
}
TransitDecryptionResultsBulk bulkDecResponse2 = await _transitSecretEngine.DecryptBulk(key, bulkDecrypt2);
// Validate.
Assert.AreEqual(recvCnt, bulkDecResponse2.DecryptedValues.Count);
for (int i = 0; i < recvCnt; i++)
{
Assert.AreEqual(items [i].Key, bulkDecResponse2.DecryptedValues [i].DecryptedValue);
}
}
public async Task Run_BulkOps()
{
string eKey = Guid.NewGuid().ToString();
// Encrypt Bulk Items
Console.WriteLine("Encrypting bulk Items");
List <TransitBulkItemToEncrypt> bulkEnc = new List <TransitBulkItemToEncrypt>();
bulkEnc.Add(new TransitBulkItemToEncrypt("ABC"));
bulkEnc.Add(new TransitBulkItemToEncrypt("DEF"));
bulkEnc.Add(new TransitBulkItemToEncrypt("GHI"));
bulkEnc.Add(new TransitBulkItemToEncrypt("JKL"));
bulkEnc.Add(new TransitBulkItemToEncrypt("MNO"));
TransitEncryptionResultsBulk results = await TB.EncryptBulk(eKey, bulkEnc);
int sentCnt = bulkEnc.Count;
int recvCnt = results.EncryptedValues.Count;
if (sentCnt == recvCnt)
{
Console.WriteLine(" - Bulk Encryption completed. Sent and recived items count same! SUCCESS!");
}
foreach (TransitEncryptedItem encrypted in results.EncryptedValues)
{
TransitDecryptedItem decrypted = await TB.Decrypt(eKey, encrypted.EncryptedValue);
Console.WriteLine(" - Decrypted Value = {0}", decrypted.DecryptedValue);
}
// Test Bulk Decryption
List <TransitBulkItemToDecrypt> bulkDecrypt = new List <TransitBulkItemToDecrypt>();
foreach (TransitEncryptedItem encrypted in results.EncryptedValues)
{
bulkDecrypt.Add(new TransitBulkItemToDecrypt(encrypted.EncryptedValue));
}
// Now decrypt.
TransitDecryptionResultsBulk resDecrypt = await TB.DecryptBulk(eKey, bulkDecrypt);
int sentCntD = bulkDecrypt.Count;
int recvCntD = resDecrypt.DecryptedValues.Count;
if (sentCntD == recvCntD)
{
Console.WriteLine(" - Bulk Decryption completed. Sent and recived items count same! SUCCESS!");
}
// Print results:
foreach (TransitDecryptedItem decrypted in resDecrypt.DecryptedValues)
{
Console.WriteLine(" Bulk Decryption result: {0}", decrypted.DecryptedValue);
}
// Rotate the Key.
// if (runRotateTest) {
Console.WriteLine("Rotating the Key.");
bool rotateAnswer = await TB.RotateKey(eKey);
if (rotateAnswer)
{
Console.WriteLine(" - Key rotation successful.");
}
// }
// if (runRekeyTest) {
Console.WriteLine("Rencrypting a key.");
await Run_ReEncrypt(eKey);
// }
// Test Bulk Rewrap.
TransitEncryptionResultsBulk bulkRewrap = await TB.ReEncryptBulk(eKey, bulkDecrypt);
foreach (TransitEncryptedItem encrypted in bulkRewrap.EncryptedValues)
{
// Decrypt the value:
TransitDecryptedItem tdiA = await TB.Decrypt(eKey, encrypted.EncryptedValue);
Console.WriteLine(" - Decrypted value from bulk Rewrap = {0}", tdiA.DecryptedValue);
}
}
public async Task BulkEncryptionDecryption_Works()
{
// Create key, validate the version and then encrypt some data with that key.
string key = _uniqueKeys.GetKey();
bool fa = await _transitSecretEngine.CreateEncryptionKey(key, true, true, TransitEnumKeyType.aes256);
Assert.True(fa);
// Confirm key is new:
TransitKeyInfo TKI = await _transitSecretEngine.ReadEncryptionKey(key);
Assert.AreEqual(TKI.LatestVersionNum, 1);
// Step A.
string valueA = "ABC";
string valueB = "def";
string valueC = "1234567890";
string valueD = Guid.NewGuid().ToString();
string valueE = "123456ABCDEFZYXWVU0987654321aaabbbcccddd";
// Step B.
// Encrypt several items in bulk.
List <TransitBulkItemToEncrypt> bulkEnc = new List <TransitBulkItemToEncrypt>
{
new TransitBulkItemToEncrypt(valueA),
new TransitBulkItemToEncrypt(valueB),
new TransitBulkItemToEncrypt(valueC),
new TransitBulkItemToEncrypt(valueD),
new TransitBulkItemToEncrypt(valueE)
};
TransitEncryptionResultsBulk bulkEncResponse = await _transitSecretEngine.EncryptBulk(key, bulkEnc);
int sentCnt = bulkEnc.Count;
int recvCnt = bulkEncResponse.EncryptedValues.Count;
Assert.AreEqual(sentCnt, recvCnt);
// Step C
// Decrypt in Bulk these Same Items.
List <TransitBulkItemToDecrypt> bulkDecrypt = new List <TransitBulkItemToDecrypt>();
foreach (TransitEncryptedItem item in bulkEncResponse.EncryptedValues)
{
bulkDecrypt.Add(new TransitBulkItemToDecrypt(item.EncryptedValue));
}
TransitDecryptionResultsBulk bulkDecResponse = await _transitSecretEngine.DecryptBulk(key, bulkDecrypt);
Assert.AreEqual(recvCnt, bulkDecResponse.DecryptedValues.Count);
Assert.AreEqual(valueA, bulkDecResponse.DecryptedValues [0].DecryptedValue);
Assert.AreEqual(valueB, bulkDecResponse.DecryptedValues [1].DecryptedValue);
Assert.AreEqual(valueC, bulkDecResponse.DecryptedValues [2].DecryptedValue);
Assert.AreEqual(valueD, bulkDecResponse.DecryptedValues [3].DecryptedValue);
Assert.AreEqual(valueE, bulkDecResponse.DecryptedValues [4].DecryptedValue);
// Step D
// Rotate Key.
Assert.AreEqual(true, (await _transitSecretEngine.RotateKey(key)));
TransitKeyInfo TKI2 = await _transitSecretEngine.ReadEncryptionKey(key);
Assert.AreEqual(TKI2.LatestVersionNum, 2);
// Step E.
// Re-encrypt in bulk.
List <TransitBulkItemToDecrypt> bulkRewrap = new List <TransitBulkItemToDecrypt>();
foreach (TransitEncryptedItem encItem in bulkEncResponse.EncryptedValues)
{
bulkRewrap.Add(new TransitBulkItemToDecrypt(encItem.EncryptedValue));
}
TransitEncryptionResultsBulk rewrapResponse = await _transitSecretEngine.ReEncryptBulk(key, bulkRewrap);
Assert.AreEqual(bulkEnc.Count, rewrapResponse.EncryptedValues.Count);
// Step F.
// Decrypt once again in bulk.
List <TransitBulkItemToDecrypt> bulkDecrypt2 = new List <TransitBulkItemToDecrypt>();
foreach (TransitEncryptedItem item in rewrapResponse.EncryptedValues)
{
bulkDecrypt2.Add(new TransitBulkItemToDecrypt(item.EncryptedValue));
}
TransitDecryptionResultsBulk bulkDecResponse2 = await _transitSecretEngine.DecryptBulk(key, bulkDecrypt2);
Assert.AreEqual(recvCnt, bulkDecResponse2.DecryptedValues.Count);
Assert.AreEqual(valueA, bulkDecResponse2.DecryptedValues [0].DecryptedValue);
Assert.AreEqual(valueB, bulkDecResponse2.DecryptedValues [1].DecryptedValue);
Assert.AreEqual(valueC, bulkDecResponse2.DecryptedValues [2].DecryptedValue);
Assert.AreEqual(valueD, bulkDecResponse2.DecryptedValues [3].DecryptedValue);
Assert.AreEqual(valueE, bulkDecResponse2.DecryptedValues [4].DecryptedValue);
}
