// Validates that Bulk encryption, decryption and re-encryption works for Key Derivation encryption keys that need contexts. public async Task BulkEncryptionDecryptionContextual_Works() { // Create key, validate the version and then encrypt some data with that key. string key = _uniqueKeys.GetKey(); // Create key. bool fa = await _transitSecretEngine.CreateEncryptionKey(key, true, true, TransitEnumKeyType.aes256, true); Assert.True(fa); // Confirm key is new: TransitKeyInfo TKI = await _transitSecretEngine.ReadEncryptionKey(key); Assert.AreEqual(TKI.LatestVersionNum, 1); // Confirm it supports key derivation. Assert.AreEqual(true, TKI.SupportsDerivation); // Step A. Build list of items to encrypt along with contextual encryption value. List <KeyValuePair <string, string> > items = new List <KeyValuePair <string, string> > { new KeyValuePair <string, string>("abc", "123"), new KeyValuePair <string, string>("ZYX", "argue"), new KeyValuePair <string, string>("45332092214", "20180623") }; // Step B. // Encrypt several items in bulk. Storing both the item to encrypt and contextual encryption value. List <TransitBulkItemToEncrypt> bulkEnc = new List <TransitBulkItemToEncrypt>(); foreach (KeyValuePair <string, string> item in items) { bulkEnc.Add(new TransitBulkItemToEncrypt(item.Key, item.Value)); } // Encrypt. TransitEncryptionResultsBulk bulkEncResponse = await _transitSecretEngine.EncryptBulk(key, bulkEnc); int sentCnt = bulkEnc.Count; int recvCnt = bulkEncResponse.EncryptedValues.Count; // It's critical that items received = items sent. Assert.AreEqual(sentCnt, recvCnt); // Step C // Decrypt in Bulk these Same Items. We need to send the encrypted item as well as the original context value that was used to encrypt // that specific item. List <TransitBulkItemToDecrypt> bulkDecrypt = new List <TransitBulkItemToDecrypt>(); for (int i = 0; i < recvCnt; i++) { bulkDecrypt.Add(new TransitBulkItemToDecrypt(bulkEncResponse.EncryptedValues [i].EncryptedValue, items [i].Value)); } TransitDecryptionResultsBulk bulkDecResponse = await _transitSecretEngine.DecryptBulk(key, bulkDecrypt); // Validate. Assert.AreEqual(recvCnt, bulkDecResponse.DecryptedValues.Count); for (int i = 0; i < recvCnt; i++) { Assert.AreEqual(items [i].Key, bulkDecResponse.DecryptedValues [i].DecryptedValue); } // Step D // Rotate Key. Assert.AreEqual(true, (await _transitSecretEngine.RotateKey(key))); TransitKeyInfo TKI2 = await _transitSecretEngine.ReadEncryptionKey(key); Assert.AreEqual(TKI2.LatestVersionNum, 2); // Step E. // Re-encrypt in bulk. List <TransitBulkItemToDecrypt> bulkRewrap = new List <TransitBulkItemToDecrypt>(); foreach (KeyValuePair <string, string> item in items) { bulkRewrap.Add(new TransitBulkItemToDecrypt(item.Key, item.Value)); } TransitEncryptionResultsBulk rewrapResponse = await _transitSecretEngine.ReEncryptBulk(key, bulkRewrap); Assert.AreEqual(bulkEnc.Count, rewrapResponse.EncryptedValues.Count); // Step F. // Decrypt once again in bulk. List <TransitBulkItemToDecrypt> bulkDecrypt2 = new List <TransitBulkItemToDecrypt>(); for (int i = 0; i < recvCnt; i++) { bulkDecrypt2.Add(new TransitBulkItemToDecrypt(bulkEncResponse.EncryptedValues [i].EncryptedValue, items [i].Value)); } TransitDecryptionResultsBulk bulkDecResponse2 = await _transitSecretEngine.DecryptBulk(key, bulkDecrypt2); // Validate. Assert.AreEqual(recvCnt, bulkDecResponse2.DecryptedValues.Count); for (int i = 0; i < recvCnt; i++) { Assert.AreEqual(items [i].Key, bulkDecResponse2.DecryptedValues [i].DecryptedValue); } }
public async Task Run_BulkOps() { string eKey = Guid.NewGuid().ToString(); // Encrypt Bulk Items Console.WriteLine("Encrypting bulk Items"); List <TransitBulkItemToEncrypt> bulkEnc = new List <TransitBulkItemToEncrypt>(); bulkEnc.Add(new TransitBulkItemToEncrypt("ABC")); bulkEnc.Add(new TransitBulkItemToEncrypt("DEF")); bulkEnc.Add(new TransitBulkItemToEncrypt("GHI")); bulkEnc.Add(new TransitBulkItemToEncrypt("JKL")); bulkEnc.Add(new TransitBulkItemToEncrypt("MNO")); TransitEncryptionResultsBulk results = await TB.EncryptBulk(eKey, bulkEnc); int sentCnt = bulkEnc.Count; int recvCnt = results.EncryptedValues.Count; if (sentCnt == recvCnt) { Console.WriteLine(" - Bulk Encryption completed. Sent and recived items count same! SUCCESS!"); } foreach (TransitEncryptedItem encrypted in results.EncryptedValues) { TransitDecryptedItem decrypted = await TB.Decrypt(eKey, encrypted.EncryptedValue); Console.WriteLine(" - Decrypted Value = {0}", decrypted.DecryptedValue); } // Test Bulk Decryption List <TransitBulkItemToDecrypt> bulkDecrypt = new List <TransitBulkItemToDecrypt>(); foreach (TransitEncryptedItem encrypted in results.EncryptedValues) { bulkDecrypt.Add(new TransitBulkItemToDecrypt(encrypted.EncryptedValue)); } // Now decrypt. TransitDecryptionResultsBulk resDecrypt = await TB.DecryptBulk(eKey, bulkDecrypt); int sentCntD = bulkDecrypt.Count; int recvCntD = resDecrypt.DecryptedValues.Count; if (sentCntD == recvCntD) { Console.WriteLine(" - Bulk Decryption completed. Sent and recived items count same! SUCCESS!"); } // Print results: foreach (TransitDecryptedItem decrypted in resDecrypt.DecryptedValues) { Console.WriteLine(" Bulk Decryption result: {0}", decrypted.DecryptedValue); } // Rotate the Key. // if (runRotateTest) { Console.WriteLine("Rotating the Key."); bool rotateAnswer = await TB.RotateKey(eKey); if (rotateAnswer) { Console.WriteLine(" - Key rotation successful."); } // } // if (runRekeyTest) { Console.WriteLine("Rencrypting a key."); await Run_ReEncrypt(eKey); // } // Test Bulk Rewrap. TransitEncryptionResultsBulk bulkRewrap = await TB.ReEncryptBulk(eKey, bulkDecrypt); foreach (TransitEncryptedItem encrypted in bulkRewrap.EncryptedValues) { // Decrypt the value: TransitDecryptedItem tdiA = await TB.Decrypt(eKey, encrypted.EncryptedValue); Console.WriteLine(" - Decrypted value from bulk Rewrap = {0}", tdiA.DecryptedValue); } }
public async Task BulkEncryptionDecryption_Works() { // Create key, validate the version and then encrypt some data with that key. string key = _uniqueKeys.GetKey(); bool fa = await _transitSecretEngine.CreateEncryptionKey(key, true, true, TransitEnumKeyType.aes256); Assert.True(fa); // Confirm key is new: TransitKeyInfo TKI = await _transitSecretEngine.ReadEncryptionKey(key); Assert.AreEqual(TKI.LatestVersionNum, 1); // Step A. string valueA = "ABC"; string valueB = "def"; string valueC = "1234567890"; string valueD = Guid.NewGuid().ToString(); string valueE = "123456ABCDEFZYXWVU0987654321aaabbbcccddd"; // Step B. // Encrypt several items in bulk. List <TransitBulkItemToEncrypt> bulkEnc = new List <TransitBulkItemToEncrypt> { new TransitBulkItemToEncrypt(valueA), new TransitBulkItemToEncrypt(valueB), new TransitBulkItemToEncrypt(valueC), new TransitBulkItemToEncrypt(valueD), new TransitBulkItemToEncrypt(valueE) }; TransitEncryptionResultsBulk bulkEncResponse = await _transitSecretEngine.EncryptBulk(key, bulkEnc); int sentCnt = bulkEnc.Count; int recvCnt = bulkEncResponse.EncryptedValues.Count; Assert.AreEqual(sentCnt, recvCnt); // Step C // Decrypt in Bulk these Same Items. List <TransitBulkItemToDecrypt> bulkDecrypt = new List <TransitBulkItemToDecrypt>(); foreach (TransitEncryptedItem item in bulkEncResponse.EncryptedValues) { bulkDecrypt.Add(new TransitBulkItemToDecrypt(item.EncryptedValue)); } TransitDecryptionResultsBulk bulkDecResponse = await _transitSecretEngine.DecryptBulk(key, bulkDecrypt); Assert.AreEqual(recvCnt, bulkDecResponse.DecryptedValues.Count); Assert.AreEqual(valueA, bulkDecResponse.DecryptedValues [0].DecryptedValue); Assert.AreEqual(valueB, bulkDecResponse.DecryptedValues [1].DecryptedValue); Assert.AreEqual(valueC, bulkDecResponse.DecryptedValues [2].DecryptedValue); Assert.AreEqual(valueD, bulkDecResponse.DecryptedValues [3].DecryptedValue); Assert.AreEqual(valueE, bulkDecResponse.DecryptedValues [4].DecryptedValue); // Step D // Rotate Key. Assert.AreEqual(true, (await _transitSecretEngine.RotateKey(key))); TransitKeyInfo TKI2 = await _transitSecretEngine.ReadEncryptionKey(key); Assert.AreEqual(TKI2.LatestVersionNum, 2); // Step E. // Re-encrypt in bulk. List <TransitBulkItemToDecrypt> bulkRewrap = new List <TransitBulkItemToDecrypt>(); foreach (TransitEncryptedItem encItem in bulkEncResponse.EncryptedValues) { bulkRewrap.Add(new TransitBulkItemToDecrypt(encItem.EncryptedValue)); } TransitEncryptionResultsBulk rewrapResponse = await _transitSecretEngine.ReEncryptBulk(key, bulkRewrap); Assert.AreEqual(bulkEnc.Count, rewrapResponse.EncryptedValues.Count); // Step F. // Decrypt once again in bulk. List <TransitBulkItemToDecrypt> bulkDecrypt2 = new List <TransitBulkItemToDecrypt>(); foreach (TransitEncryptedItem item in rewrapResponse.EncryptedValues) { bulkDecrypt2.Add(new TransitBulkItemToDecrypt(item.EncryptedValue)); } TransitDecryptionResultsBulk bulkDecResponse2 = await _transitSecretEngine.DecryptBulk(key, bulkDecrypt2); Assert.AreEqual(recvCnt, bulkDecResponse2.DecryptedValues.Count); Assert.AreEqual(valueA, bulkDecResponse2.DecryptedValues [0].DecryptedValue); Assert.AreEqual(valueB, bulkDecResponse2.DecryptedValues [1].DecryptedValue); Assert.AreEqual(valueC, bulkDecResponse2.DecryptedValues [2].DecryptedValue); Assert.AreEqual(valueD, bulkDecResponse2.DecryptedValues [3].DecryptedValue); Assert.AreEqual(valueE, bulkDecResponse2.DecryptedValues [4].DecryptedValue); }