public async Task <IEnclaveKey> GetKey(IKeyIdentifier id) { using (var client = KeyVault.CreateClient()) { var keyId = Encoding.UTF8.GetString(Convert.FromBase64String(id.KeyId)); var key = await client.GetKeyAsync(keyId); return(new KeyVaultKey(key)); } }
public async Task <IQueryable <IKeyIdentifier> > ListKeys() { using (var client = KeyVault.CreateClient()) { var config = KeyVault.ServiceConfiguration; var keys = await client.GetKeysAsync(config.Vault); return(keys.Select(k => new KeyVaultKeyIdentifier(k.Identifier.Identifier)).AsQueryable()); } }
public async Task <IEnclaveKey> GenerateKey(string keyType) { using (var client = KeyVault.CreateClient()) { var config = KeyVault.ServiceConfiguration; var createdKey = await client.CreateKeyAsync(config.Vault, Guid.NewGuid().ToString(), keyType); return(new KeyVaultStorageService.KeyVaultKey(createdKey)); } }
public async Task <string> Encrypt(IEnclaveKey key, object value) { using (var client = KeyVault.CreateClient()) { var kvKey = key.RetrieveKey <JsonWebKey>(); var encrypted = await client.EncryptAsync(kvKey.Kid, JsonWebKeyEncryptionAlgorithm.RSAOAEP256, Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(value))); return(Convert.ToBase64String(encrypted.Result)); } }
public async Task <T> Decrypt <T>(IEnclaveKey key, string ciphertext) { using (var client = KeyVault.CreateClient()) { var kvKey = key.RetrieveKey <JsonWebKey>(); var result = await client.DecryptAsync(kvKey.Kid, JsonWebKeyEncryptionAlgorithm.RSAOAEP256, Convert.FromBase64String(ciphertext)); return(JsonConvert.DeserializeObject <T>(Encoding.UTF8.GetString(result.Result))); } }
public async Task <bool> Validate(IEnclaveKey key, string value) { using (var client = KeyVault.CreateClient()) { var signed = JsonConvert.DeserializeObject <SignaturePayload>( Encoding.UTF8.GetString(Convert.FromBase64String(value))); var kvKey = key.RetrieveKey <JsonWebKey>(); return(await client.VerifyAsync(kvKey.Kid, JsonWebKeySignatureAlgorithm.RS256, digest : signed.Dig, signature : signed.Sig)); } }
public async Task <string> Sign(IEnclaveKey key, object value) { using (var client = KeyVault.CreateClient()) using (var sha = SHA256.Create()) { var kvKey = key.RetrieveKey <JsonWebKey>(); var hashed = sha.ComputeHash(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(value))); var result = await client.SignAsync(kvKey.Kid, JsonWebKeySignatureAlgorithm.RS256, hashed); var signed = new SignaturePayload { Val = value, Dig = hashed, Kid = result.Kid, Sig = result.Result, }; return(Convert.ToBase64String(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(signed)))); } }