private static JToken EncryptPayloadPath(JToken json, string jsonPathIn, string jsonPathOut, JweConfig config) { JToken token = json.SelectToken(jsonPathIn); if (JsonUtils.IsNullOrEmptyJson(token)) { // Nothing to encrypt return(json); } // Encode and encrypt string inJsonString = JsonUtils.SanitizeJson(token.ToString(Formatting.None)); JweHeader header = new JweHeader(ALGORITHM, ENCRYPTION, config.EncryptionKeyFingerprint, CONTENT_TYPE); string encrypted = JweObject.Encrypt(config, inJsonString, header); // Delete data in the clear if ("$".Equals(jsonPathIn)) { // Create a new object json = JObject.Parse("{}"); } else { token.Parent.Remove(); } JsonUtils.CheckOrCreateOutObject(json, jsonPathOut); var outJsonToken = json.SelectToken(jsonPathOut) as JObject; JsonUtils.AddOrReplaceJsonKey(outJsonToken, config.EncryptedValueFieldName, encrypted); return(outJsonToken); }
public static JweObject Parse(String encryptedPayload) { string[] fields = encryptedPayload.Trim().Split('.'); JweObject jweObject = new JweObject(); jweObject.RawHeader = fields[0]; jweObject.Header = JweHeader.Parse(jweObject.RawHeader); jweObject.EncryptedKey = fields[1]; jweObject.Iv = fields[2]; jweObject.CipherText = fields[3]; jweObject.AuthTag = fields[4]; return(jweObject); }
public static string Encrypt(JweConfig config, String payload, JweHeader header) { byte[] cek = AesEncryption.GenerateCek(256); byte[] encryptedSecretKeyBytes = RsaEncryption.WrapSecretKey(config.EncryptionCertificate.GetRSAPublicKey(), cek, "SHA-256"); string encryptedKey = Base64Utils.URLEncode(encryptedSecretKeyBytes); byte[] iv = AesEncryption.GenerateIV(); byte[] payloadBytes = Encoding.UTF8.GetBytes(payload); string headerString = header.Json.ToString(); string encodedHeader = Base64Utils.URLEncode(Encoding.UTF8.GetBytes(headerString)); byte[] aad = Encoding.ASCII.GetBytes(encodedHeader); var encrypted = AesGcm.Encrypt(cek, iv, payloadBytes, aad); return(Serialize(encodedHeader, encryptedKey, Base64Utils.URLEncode(iv), Base64Utils.URLEncode(encrypted.Ciphertext), Base64Utils.URLEncode(encrypted.AuthTag))); }