/// <summary> /// Unwrap key data with a key-decryption key. /// </summary> /// <param name="kek">The key-decryption key. This must be a valid AES key.</param> /// <param name="ciphertext">The encrypted key data, two or more 8-byte blocks.</param> /// <returns>The original key data.</returns> /// <exception cref="ArgumentNullException">One or more arguments was <b>null</b>.</exception> /// <exception cref="ArgumentOutOfRangeException">Either <c>kek</c> was an invalid AES key, or the ciphertext contained fewer than 16 bytes.</exception> /// <exception cref="ArgumentException"><c>ciphertext</c> was not made up of 64-bit blocks.</exception> /// <exception cref="CryptographicException">The decryption process failed an integrity check.</exception> public static byte[] UnwrapKey(byte[] kek, byte[] ciphertext, byte[] validationIV = null) { KeyWrapAlgorithm kwa = new KeyWrapAlgorithm(kek); return(kwa.UnwrapKey(ciphertext, validationIV ?? DefaultIV)); }
/// <remarks> /// RFC 3394 Key unwrapping (thanks to RFC3394 Key Wrapping Algorithm written by Jay Miller) /// </remarks> public static byte[] DecryptKey(byte[] key, byte[] iv, byte[] cipherText)//MemoryStream inputStream) { var decryptedData = KeyWrapAlgorithm.UnwrapKey(key, cipherText, iv); return(decryptedData); }