0

I'm trying to use an RSA key I have already generated on my Azure Key Vault in the following way:

  1. Retrieve the public key
  2. Encrypt some textual data with it (-locally-)
  3. Decrypt it (in a different app) using Azure Key Vault

What I already managed to do is:

            string clientId = "XYZ";
            string tenantId = "ABC";
            string clientSecret = "123";

            string keyVaultName = "kvn";
            string keyVaultKeyName = "kvkn";
            string textToEncrypt = "StuffIDoNotWantYouToKnow";

            ClientSecretCredential clientSecretCredential = new ClientSecretCredential(
                tenantId, // your tenant id
                clientId, // your AD application appId
                clientSecret // your AD application app secret
            );


            //get key
            KeyClient keyClient = new KeyClient(new Uri($"https://{keyVaultName}.vault.azure.net/"), clientSecretCredential); ;
            var key = keyClient.GetKey(keyVaultKeyName);

What I'm currently struggling to understand is how to use the retrieved key to encrypt the textual data.

Any help would be appreciated!

P.S I use .NET framework 4.6.1

Daniel Fridman
  • 167
  • 9

1 Answers1

0

Solved it

private static string clientId;
private static string tenantId;
private static string clientSecret;

private static string keyVaultName;
private static string keyVaultKeyName;

private static ClientSecretCredential clientSecretCredential;

public static void Main(string[] args)
{
    PopulateParams();

    KeyClient keyClient = new KeyClient(new Uri($"https://{keyVaultName}.vault.azure.net/"), clientSecretCredential); ;
    var key = keyClient.GetKey(keyVaultKeyName);

    byte[] N = key.Value.Key.N; //modulus
    byte[] E = key.Value.Key.E; //exponent

    string textToEncrypt = "StuffIDoNotWantYouToKnow";
    byte[] encryptedData = EncryptLocally(textToEncrypt, N, E);
    string res = DecryptRemotely(key.Value.Id, encryptedData);
    Console.WriteLine(res);
}

public static void PopulateParams()
{
    //TODO not hard coded
    clientId = "XYZ";
    tenantId = "ABC";
    clientSecret = "123";

    keyVaultName = "kvm";
    keyVaultKeyName = "kvkm";

    clientSecretCredential = new ClientSecretCredential(
        tenantId,
        clientId,
        clientSecret
    );
}

public static byte[] EncryptLocally(string data, byte[] N, byte[] E)
{
    byte[] encryptedData = null;

    try
    {
        RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
        RSAParameters RSAKeyInfo = new RSAParameters();

        //Set RSAKeyInfo to the public key values. 
        RSAKeyInfo.Modulus = N;
        RSAKeyInfo.Exponent = E;

        RSA.ImportParameters(RSAKeyInfo);

        byte[] dataBytes = Encoding.ASCII.GetBytes(data);

        encryptedData = RSA.Encrypt(dataBytes, true);
    }
    catch (CryptographicException e)
    {
        Console.WriteLine(e);
    }

    return encryptedData;
}

public static string DecryptRemotely(Uri keyId, byte[] encryptedData)
{
    string decryptedText = null;

    CryptographyClient cryptoClient = new CryptographyClient(keyId, clientSecretCredential);

    var decryptedBytes = cryptoClient.Decrypt(EncryptionAlgorithm.RsaOaep, encryptedData);
    decryptedText = System.Text.Encoding.UTF8.GetString(decryptedBytes.Plaintext);

    return decryptedText;
}
Daniel Fridman
  • 167
  • 9