Stream ICryptoStreamProvider.GetDecryptStream(Stream stream, string keyId, CryptoStreamMode streamMode)
An initialization vector (IV) or starting variable (SV)[5] is a block of bits that is used by several modes to randomize the encryption and hence to produce distinct ciphertexts even if the same plaintext is encrypted multiple times, without the need for a slower re-keying process.[6]
An initialization vector has different security requirements than a key, so the IV usually does not need to be secret. However, in most cases, it is important that an initialization vector is never reused under the same key. For CBC and CFB, reusing an IV leaks some information about the first block of plaintext, and about any common prefix shared by the two messages.
busConfigCallback.UseEncryptedSerializer(new AesCryptoStreamProvider(new MyKeyProvider(), MyKeyProvider.DefaultKey));
publishCallback.Headers.Set(EncryptedMessageSerializer.EncryptionKeyHeader, MyKeyProvider.GetIdWithIV(someConfig));
// ISymmetricKeyProvider.TryGetKey would take requests for keys, split the keyid and iv out of the id parameter
busConfigCallback.UseEncryptedSerializer(new AesCryptoStreamProvider(new MyKeyProvider(), MyKeyProvider.DefaultKey));// ISymmetricKeyProvider.TryGetKey would take requests for keys, split the keyid and iv out of the id parameter
--
You received this message because you are subscribed to the Google Groups "masstransit-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to masstransit-dis...@googlegroups.com.
To post to this group, send email to masstrans...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/masstransit-discuss/cfcecde5-dba8-465d-90c5-e2ccda126ae3%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
You received this message because you are subscribed to the Google Groups "masstransit-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to masstransit-discuss+unsub...@googlegroups.com.
To post to this group, send email to masstransit-discuss@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/masstransit-discuss/9b843e58-7dba-4595-abcf-39994a582c8b%40googlegroups.com.
Did you enter an issue on https://github.com/MassTransit/MassTransit?
On Mon, Feb 6, 2017 at 2:50 PM, Mhano Harkness <mhano....@gmail.com> wrote:
Thanks Chris,You suggestion a MT code change to fix?My workaround to simply overload the encryption key id to also transmit the IV worked, but breaks the whole concept of a default key that the interfaces have:cb.Headers.Set(EncryptedMessageSerializer.EncryptionKeyHeader, publisherCfg.GetEncryptionKeyNameAndNewIv());Thus when the (de) serializer finds the AesCrypto stream and key provider attached it asking for the key by id actually gives it the key provider the IV allowing it to return the key + message specific iv.Cheers,Mhano
--
You received this message because you are subscribed to the Google Groups "masstransit-discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to masstransit-discuss+unsub...@googlegroups.com.
To post to this group, send email to masstrans...@googlegroups.com.
/// <summary>
/// A crypto stream provider that encrypts the contents using AES encryption
/// with a random IV for every message.
/// </summary>
public class AesCryptoStreamProviderWithRandomIV : ICryptoStreamProvider, IProbeSite
{
private readonly IKeyProvider _keyProvider;
private readonly PaddingMode _paddingMode;
public AesCryptoStreamProviderWithRandomIV(IKeyProvider keyProvider, PaddingMode paddingMode = PaddingMode.PKCS7)
{
_paddingMode = paddingMode;
_keyProvider = keyProvider;
}
public Stream GetEncryptStream(Stream stream, string keyId, CryptoStreamMode streamMode)
{
if (stream == null)
throw new ArgumentNullException(nameof(stream));
if (string.IsNullOrEmpty(keyId))
throw new ArgumentException("Encryption Key not specified", nameof(keyId));
byte[] key;
if (!_keyProvider.TryGetKey(keyId, out key))
throw new SerializationException("Encryption Key not found: " + keyId);
// Generate random IV to be used for this message.
// (AesCryptoServiceProvider generates a new one each time if not set)
using (var provider = new AesCryptoServiceProvider
{
Padding = _paddingMode,
Key = key // Supply Key, but not IV.
})
{
ICryptoTransform encryptor = provider.CreateEncryptor();
// Write the IV to the begining of the stream.
WriteIvToStream(stream, provider.IV);
return new DisposingCryptoStream(stream, encryptor, streamMode);
}
}
public Stream GetDecryptStream(Stream stream, string keyId, CryptoStreamMode streamMode)
{
if (stream == null)
throw new ArgumentNullException(nameof(stream));
if (string.IsNullOrEmpty(keyId))
throw new ArgumentException("Encryption Key not specified", nameof(keyId));
byte[] key;
if (!_keyProvider.TryGetKey(keyId, out key))
throw new SerializationException("Encryption Key not found: " + keyId);
using (var provider = new AesCryptoServiceProvider
{
Padding = _paddingMode,
Key = key, // Supply Key.
})
{
// Supply the IV from the begining of the stream.
provider.IV = ReadIvFromStream(stream, GetIvLength(provider));
ICryptoTransform encryptor = provider.CreateDecryptor();
return new DisposingCryptoStream(stream, encryptor, streamMode);
}
}
/// <summary>
/// Returns the IV length based on the algorithm's block size.
/// </summary>
/// <param name="provider"></param>
/// <returns></returns>
private static int GetIvLength(SymmetricAlgorithm provider)
{
return provider.BlockSize / 8;
}
/// <summary>
/// Write IV to the begining of the stream.
/// </summary>
/// <param name="stream"></param>
/// <param name="iv"></param>
public void WriteIvToStream(Stream stream, byte[] iv)
{
// Leave the stream open when we dispose the writer
using (var writer = new BinaryWriter(stream, new UTF8Encoding(), true))
{
writer.Write(iv);
}
}
/// <summary>
/// Read IV from the begining of the stream.
/// </summary>
/// <param name="stream"></param>
/// <param name="ivLength"></param>
/// <returns></returns>
public byte[] ReadIvFromStream(Stream stream, int ivLength)
{
// Leave the stream open when we dispose the reader
using (var reader = new BinaryReader(stream, new UTF8Encoding(), true))
{
return reader.ReadBytes(ivLength);
}
}
public void Probe(ProbeContext context)
{
context.Add("paddingMode", _paddingMode.ToString());
}
// Copied directly out of the Mass Transit code.
private class DisposingCryptoStream :
CryptoStream
{
Stream _stream;
ICryptoTransform _transform;
public DisposingCryptoStream(Stream stream, ICryptoTransform transform, CryptoStreamMode mode)
: base(stream, transform, mode)
{
_stream = stream;
_transform = transform;
}
protected override void Dispose(bool disposing)
{
if (!disposing)
return;
base.Dispose(true);
if (_stream != null)
{
_stream.Dispose();
_stream = null;
}
if (_transform != null)
{
_transform.Dispose();
_transform = null;
}
}
}
}
public interface IKeyProvider
{
bool TryGetKey(string id, out byte[] key);
}