-
Notifications
You must be signed in to change notification settings - Fork 20
Expand file tree
/
Copy pathAsymmetricContentEncryption.cs
More file actions
111 lines (100 loc) · 6.74 KB
/
Copy pathAsymmetricContentEncryption.cs
File metadata and controls
111 lines (100 loc) · 6.74 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
using BytecodeApi.Extensions;
using System.Security.Cryptography;
namespace BytecodeApi.Cryptography;
/// <summary>
/// Class to encrypt and decrypt content asymmetrically using RSA and AES-256. Encrypted <see cref="byte" />[] objects generated by this class are proprietary and specific to this class only. For generic AES operations, see <see cref="Encryption" />. For generic RSA operations, see <see cref="AsymmetricEncryption" />.
/// </summary>
public static class AsymmetricContentEncryption
{
private static readonly byte[] Magic = "BAPI_RSA_1".ToAnsiBytes();
/// <summary>
/// Encrypts the specified <see cref="byte" />[] using the specified public key and returns a <see cref="byte" />[] representing the encrypted version of <paramref name="data" />. The resulting binary is proprietary and can be decrypted using the <see cref="Decrypt(byte[], RSAParameters)" /> method.
/// </summary>
/// <param name="data">A <see cref="byte" />[] with the data to be encrypted.</param>
/// <param name="key">An <see cref="RSAParameters" /> value containing the public key information.</param>
/// <returns>
/// A new <see cref="byte" />[] representing the encrypted version of <paramref name="data" />. The resulting binary is proprietary and can be decrypted using the <see cref="Decrypt(byte[], RSAParameters)" /> method.
/// </returns>
public static byte[] Encrypt(byte[] data, RSAParameters key)
{
Check.ArgumentNull(data);
byte[] iv = Encryption.GenerateIV();
byte[] aesKey = Encryption.GenerateKey(true);
byte[] encryptedKey = AsymmetricEncryption.Encrypt(aesKey, key);
return Magic.Concat(iv, BitConverter.GetBytes(encryptedKey.Length), encryptedKey, Encryption.Encrypt(data, iv, aesKey));
}
/// <summary>
/// Encrypts the specified <see cref="byte" />[] using the specified public key and returns a <see cref="byte" />[] representing the encrypted version of <paramref name="data" />. The resulting binary is proprietary and can be decrypted using the <see cref="Decrypt(byte[], RSAParameters)" /> method.
/// </summary>
/// <param name="data">A <see cref="byte" />[] with the data to be encrypted.</param>
/// <param name="derKey">A <see cref="byte" />[] containing the public key in its DER representation.</param>
/// <returns>
/// A new <see cref="byte" />[] representing the encrypted version of <paramref name="data" />. The resulting binary is proprietary and can be decrypted using the <see cref="Decrypt(byte[], RSAParameters)" /> method.
/// </returns>
public static byte[] Encrypt(byte[] data, byte[] derKey)
{
Check.ArgumentNull(data);
Check.ArgumentNull(derKey);
return Encrypt(data, AsymmetricKeyConvert.ToKey(derKey));
}
/// <summary>
/// Encrypts the specified <see cref="byte" />[] using the specified public key and returns a <see cref="byte" />[] representing the encrypted version of <paramref name="data" />. The resulting binary is proprietary and can be decrypted using the <see cref="Decrypt(byte[], RSAParameters)" /> method.
/// </summary>
/// <param name="data">A <see cref="byte" />[] with the data to be encrypted.</param>
/// <param name="pemKey">A <see cref="string" /> value with the public key in its PEM representation, starting with "-----BEGIN PUBLIC KEY-----".</param>
/// <returns>
/// A new <see cref="byte" />[] representing the encrypted version of <paramref name="data" />. The resulting binary is proprietary and can be decrypted using the <see cref="Decrypt(byte[], RSAParameters)" /> method.
/// </returns>
public static byte[] Encrypt(byte[] data, string pemKey)
{
Check.ArgumentNull(data);
Check.ArgumentNull(pemKey);
return Encrypt(data, AsymmetricKeyConvert.ToKey(pemKey));
}
/// <summary>
/// Decrypts the specified <see cref="byte" />[] using the specified private key and returns a <see cref="byte" />[] representing the decrypted version of <paramref name="data" />. The <paramref name="data" /> parameter is a proprietary binary, created by the <see cref="Encrypt(byte[], RSAParameters)" /> method.
/// </summary>
/// <param name="data">A <see cref="byte" />[] with the data to be decrypted.</param>
/// <param name="key">An <see cref="RSAParameters" /> value containing the private key information.</param>
/// <returns>
/// A new <see cref="byte" />[] representing the decrypted version of <paramref name="data" />.
/// </returns>
public static byte[] Decrypt(byte[] data, RSAParameters key)
{
Check.ArgumentNull(data);
Check.Format(data.Length >= Magic.Length && data.GetBytes(0, Magic.Length).Compare(Magic), $"Binary does not represent a valid {nameof(AsymmetricContentEncryption)} binary.");
byte[] iv = data.GetBytes(Magic.Length, 16);
byte[] encryptedKey = data.GetBytes(Magic.Length + 20, BitConverter.ToInt32(data.GetBytes(Magic.Length + 16, 4), 0));
byte[] aesKey = AsymmetricEncryption.Decrypt(encryptedKey, key);
int dataOffset = Magic.Length + 20 + encryptedKey.Length;
return Encryption.Decrypt(data.GetBytes(dataOffset, data.Length - dataOffset), iv, aesKey);
}
/// <summary>
/// Decrypts the specified <see cref="byte" />[] using the specified private key and returns a <see cref="byte" />[] representing the decrypted version of <paramref name="data" />. The <paramref name="data" /> parameter is a proprietary binary, created by the <see cref="Encrypt(byte[], RSAParameters)" /> method.
/// </summary>
/// <param name="data">A <see cref="byte" />[] with the data to be decrypted.</param>
/// <param name="derKey">A <see cref="byte" />[] containing the private key in its DER representation.</param>
/// <returns>
/// A new <see cref="byte" />[] representing the decrypted version of <paramref name="data" />.
/// </returns>
public static byte[] Decrypt(byte[] data, byte[] derKey)
{
Check.ArgumentNull(data);
Check.ArgumentNull(derKey);
return Decrypt(data, AsymmetricKeyConvert.ToKey(derKey));
}
/// <summary>
/// Decrypts the specified <see cref="byte" />[] using the specified private key and returns a <see cref="byte" />[] representing the decrypted version of <paramref name="data" />. The <paramref name="data" /> parameter is a proprietary binary, created by the <see cref="Encrypt(byte[], RSAParameters)" /> method.
/// </summary>
/// <param name="data">A <see cref="byte" />[] with the data to be decrypted.</param>
/// <param name="pemKey">A <see cref="string" /> value with the private key in its PEM representation, starting with "-----BEGIN RSA PRIVATE KEY-----".</param>
/// <returns>
/// A new <see cref="byte" />[] representing the decrypted version of <paramref name="data" />.
/// </returns>
public static byte[] Decrypt(byte[] data, string pemKey)
{
Check.ArgumentNull(data);
Check.ArgumentNull(pemKey);
return Decrypt(data, AsymmetricKeyConvert.ToKey(pemKey));
}
}