public byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
var sharedPassphrase = Ensure.Type <string>(key, "Pbse2HmacShaKeyManagementWithAesKeyWrap management algorithm expectes key to be string.");
byte[] sharedKey = Encoding.UTF8.GetBytes(sharedPassphrase);
Ensure.Contains(header, new[] { "p2c" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2c' param in JWT header, but was not found");
Ensure.Contains(header, new[] { "p2s" }, "Pbse2HmacShaKeyManagementWithAesKeyWrap algorithm expects 'p2s' param in JWT header, but was not found");
byte[] algId = Encoding.UTF8.GetBytes((string)header["alg"]);
int iterationCount = Convert.ToInt32(header["p2c"]);
byte[] saltInput = Base64Url.Decode((string)header["p2s"]);
byte[] salt = Arrays.Concat(algId, Arrays.Zero, saltInput);
byte[] kek;
using (var prf = PRF)
{
kek = PBKDF2.DeriveKey(sharedKey, salt, iterationCount, keyLengthBits, prf);
}
return(aesKW.Unwrap(encryptedCek, kek, cekSizeBits, header));
}
public override byte[] Unwrap(byte[] encryptedCek, object key, int cekSizeBits, IDictionary <string, object> header)
{
byte[] kek = base.Unwrap(Arrays.Empty, key, keyLengthBits, header);
return(aesKW.Unwrap(encryptedCek, kek, cekSizeBits, header));
}
