public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header) { byte[] numArray = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array.", new object[0]); Ensure.BitSize(numArray, this.keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", this.keyLengthBits, (int)numArray.Length * 8), new object[0]); Ensure.Contains(header, new string[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found", new object[0]); Ensure.Contains(header, new string[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found", new object[0]); byte[] numArray1 = Base64Url.Decode((string)header["iv"]); byte[] numArray2 = Base64Url.Decode((string)header["tag"]); return(AesGcm.Decrypt(numArray, numArray1, null, encryptedCek, numArray2)); }
public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header) { byte[] sharedKey = Ensure.Type <byte[]>(key, "AesGcmKeyWrapManagement alg expectes key to be byte[] array."); Ensure.BitSize(sharedKey, keyLengthBits, string.Format("AesGcmKeyWrapManagement management algorithm expected key of size {0} bits, but was given {1} bits", keyLengthBits, sharedKey.Length * 8L)); Ensure.Contains(header, new[] { "iv" }, "AesGcmKeyWrapManagement algorithm expects 'iv' param in JWT header, but was not found"); Ensure.Contains(header, new[] { "tag" }, "AesGcmKeyWrapManagement algorithm expects 'tag' param in JWT header, but was not found"); byte[] iv = Base64Url.Decode((string)header["iv"]); byte[] authTag = Base64Url.Decode((string)header["tag"]); return(AesGcm.Decrypt(sharedKey, iv, null, encryptedCek, authTag)); }
public byte[] Decrypt(byte[] aad, byte[] cek, byte[] iv, byte[] cipherText, byte[] authTag) { Ensure.BitSize(cek, keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", keyLength, cek.Length * 8L)); try { return(AesGcm.Decrypt(cek, iv, aad, cipherText, authTag)); } catch (CryptographicException e) { throw new EncryptionException("Unable to decrypt content or authentication tag do not match.", e); } }
public byte[] Decrypt(byte[] aad, byte[] cek, byte[] iv, byte[] cipherText, byte[] authTag) { byte[] numArray; Ensure.BitSize(cek, this.keyLength, string.Format("AES-GCM algorithm expected key of size {0} bits, but was given {1} bits", this.keyLength, (int)cek.Length * 8), new object[0]); try { numArray = AesGcm.Decrypt(cek, iv, aad, cipherText, authTag); } catch (CryptographicException cryptographicException) { throw new EncryptionException("Unable to decrypt content or authentication tag do not match.", cryptographicException); } return(numArray); }