public void EncryptAndDecryptStreamTest()
        {
            // Make a provider
            IBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider();

            // In all cases we are READING from streams 
            // (read from original, read from encrypted, read from decrypted).
            var encryptedStream = asymmetricProvider.EncryptedStream(streamSample);
            var decryptedStream = asymmetricProvider.DecryptedStream(encryptedStream);

            byte[] result = new byte[sampleStreamSize];
            decryptedStream.Read(result, 0, result.Length);

            Assert.IsTrue(
                result.SequenceEqual(streamSample.ToArray()),
                "Decrypted data does not match original data");
        }
        public void DecryptFailsWithX509IfPrivateKeyNotLoadedTest()
        {
            // Load Certificate
            X509Certificate2 cert = new X509Certificate2("4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);

            // Make a provider
            IBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider(cert, false);

            // In all cases we are READING from streams
            // (read from original, read from encrypted, read from decrypted).
            var encryptedStream = asymmetricProvider.EncryptedStream(streamSample);
            var decryptedStream = asymmetricProvider.DecryptedStream(encryptedStream);

            byte[] result = new byte[sampleStreamSize];
            decryptedStream.Read(result, 0, result.Length);

            Assert.IsTrue(
                result.SequenceEqual(streamSample.ToArray()),
                "Decrypted data does not match original data");
        }
        public static void UploadEncryptedFileAsymmetric(string path, X509Certificate2 certificate, CloudBlobContainer container)
        {
            // Create a blob named after the file we are uploading
            CloudBlockBlob blob = container.GetBlockBlobReference("AsymmetricUploadTest.jpg");

            // Create an Azure Encryption Extensions asymmetric encryption provider
            // from the certificate.
            // We only need the public key in this case.
            // -----
            // If we wanted to we could also let the library generate key material for us
            // by using the empty constructor.  
            var provider = new AsymmetricBlobCryptoProvider(certificate);

            // We also have to option to persist key material to a json file
            // with or without the private key if we don't want to keep using the certificate.
            // provider.WriteKeyFile(path, [bool publicOnly]);

            // Encrypt and upload the file to Azure, passing in our provider            
            blob.UploadFromFileEncrypted(provider, path, FileMode.Open);
        }
        public static void DownloadEncryptedFileAsymmetric(string destinationPath, X509Certificate2 certificate, CloudBlobContainer container)
        {
            // We will need the private key loaded to decrypt
            // If our certificate only has the public key we'll get an exception.
            var provider = new AsymmetricBlobCryptoProvider(certificate);

            // Get a reference to our Blob again
            CloudBlockBlob blob = container.GetBlockBlobReference("AsymmetricUploadTest.jpg");

            // Using our 'Encrypted' extension method to download an encrypted file
            // It will be decrypted during download and written to disk ready to use.
            blob.DownloadToFileEncrypted(provider, destinationPath, FileMode.Create);

            // You could instead download without our library, to see how it was stored encrypted in the cloud
            // blob.DownloadToFile(destinationPath, FileMode.Create);

            // Tidy up, delete our blob
            blob.DeleteIfExists();
        }
        public void BlockBlob_UploadDownload_Stream_Asymmetric()
        {
            // Prepare random memory stream
            Random random = new Random();
            byte[] buffer = new byte[512];
            random.NextBytes(buffer);
            MemoryStream testStream = new MemoryStream(buffer);

            // Get a blob reference
            CloudStorageAccount storageAccount = CloudStorageAccount.DevelopmentStorageAccount;
            CloudBlobClient blobClient = storageAccount.CreateCloudBlobClient();
            CloudBlobContainer container = blobClient.GetContainerReference("testcontainer");
            container.CreateIfNotExists();
            CloudBlockBlob blob = container.GetBlockBlobReference(Guid.NewGuid().ToString());

            // Create provider
            X509Certificate2 cert = new X509Certificate2("4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);
            var provider = new AsymmetricBlobCryptoProvider(cert, true);

            // Upload stream
            blob.UploadFromStreamEncrypted(provider, testStream);

            // Download stream
            MemoryStream downloadedStream = new MemoryStream();
            blob.DownloadToStreamEncrypted(provider, downloadedStream);

            // Compare raw and decrypted streams
            Assert.IsTrue(testStream.ToArray().SequenceEqual(downloadedStream.ToArray()));

            // Download file again, without our library, to ensure it was actually encrypted
            MemoryStream encryptedStream = new MemoryStream();
            blob.DownloadToStream(encryptedStream);

            // Delete blob
            blob.DeleteIfExists();

            // Compare raw and encrypted streams
            Assert.IsFalse(testStream.ToArray().SequenceEqual(encryptedStream.ToArray()));
        }
        public void ToKeyFileAndBackTest()
        {
            IBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider();

            asymmetricProvider.WriteKeyFile("keyfile.txt");

            IBlobCryptoProvider clonedProvider = ProviderFactory.CreateProviderFromKeyFile("keyfile.txt");

            var encryptedStream = asymmetricProvider.EncryptedStream(streamSample);
            var decryptedStream = clonedProvider.DecryptedStream(encryptedStream);

            byte[] result = new byte[sampleStreamSize];
            decryptedStream.Read(result, 0, result.Length);

            Assert.IsTrue(
                result.SequenceEqual(streamSample.ToArray()),
                "Decrypted data does not match original data");
        }
        public void ToKeyFileStringDecryptFailsWithNoPrivateKeyTest()
        {
            // Load Certificate
            X509Certificate2 cert = new X509Certificate2("4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);

            // Make a provider
            AsymmetricBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider(cert, true);

            string keyString = asymmetricProvider.ToKeyFileString(true);

            // Clone a new provider from exported keyfile
            IBlobCryptoProvider clonedProvider = ProviderFactory.CreateProviderFromKeyFileString(keyString);

            // Run an encryption loop using the cloned provider
            // which should not have a private key (And thus fail).
            var encryptedStream = clonedProvider.EncryptedStream(streamSample);
            var decryptedStream = clonedProvider.DecryptedStream(encryptedStream);

            byte[] result = new byte[sampleStreamSize];
            decryptedStream.Read(result, 0, result.Length);

            Assert.IsTrue(
                result.SequenceEqual(streamSample.ToArray()),
                "Decrypted data does not match original data");
        }
        public void ToKeyFileStringPublicOnlyCertificateTest()
        {
            // Load Certificate
            X509Certificate2 cert = new X509Certificate2("4096.pfx", string.Empty, X509KeyStorageFlags.Exportable);

            // Make a provider
            AsymmetricBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider(cert, true);

            string keyString = asymmetricProvider.ToKeyFileString(true);

            // Clone a new provider from exported keyfile
            IBlobCryptoProvider clonedProvider = ProviderFactory.CreateProviderFromKeyFileString(keyString);

            // Run an encryption loop using the two providers
            // Should be able to encrypt with the public only clone, and decrypt with the original
            var encryptedStream = clonedProvider.EncryptedStream(streamSample);
            var decryptedStream = asymmetricProvider.DecryptedStream(encryptedStream);

            byte[] result = new byte[sampleStreamSize];
            decryptedStream.Read(result, 0, result.Length);

            Assert.IsTrue(
                result.SequenceEqual(streamSample.ToArray()),
                "Decrypted data does not match original data");
        }
        public void IsActuallyEncryptedTest()
        {
            // Make a provider
            IBlobCryptoProvider asymmetricProvider = new AsymmetricBlobCryptoProvider();

            var encryptedStream = asymmetricProvider.EncryptedStream(streamSample);

            byte[] result = new byte[sampleStreamSize + (4096+256)/8];
            encryptedStream.Read(result, 0, result.Length);

            Assert.IsFalse(
                result.SequenceEqual(streamSample.ToArray()),
                "Encrypted stream is not encrypted");

            Assert.IsFalse(
                result.Take(5).SequenceEqual(streamSample.ToArray().Take(5)),
                "Encrypted stream is not encrypted");
        }