Class X509Alias

Represents an X509Context, a certificate/key pair and 0 or more secrets encrypted by the certificate/key pair

Inheritance

System.Object

X509Alias

Namespace: Org.X509Crypto

Assembly: EasyPKIView.dll

Syntax

public class X509Alias : IDisposable

Constructors

X509Alias(String, X509Context)

This constructor is intended to load an already-existing X509Alias

Declaration

public X509Alias(string Name, X509Context Context)

Parameters

Type	Name	Description
System.String	Name	The desired identifier for the alias (must be unique within the specified context
X509Context	Context	The context in which to create the alias

X509Alias(String, String, X509Context, Boolean)

This constructor is intended to create a new X509Alias pointing to the specified encryption certificate

Declaration

public X509Alias(string Name, string Thumbprint, X509Context Context, bool complainIfExists)

Parameters

Type	Name	Description
System.String	Name	The desired identifier for the alias
System.String	Thumbprint	The SHA1 thumbprint of the certificate to be used for cryptographic operations. Must exist in the specified Context
X509Context	Context	The context in which to create the alias
System.Boolean	complainIfExists	If set to true, an exception is thrown if an existing alias identifier is specified for "Name"

Properties

Certificate

Declaration

public X509Certificate2 Certificate { get; }

Property Value

Type	Description
X509Certificate2

Context

The context where cryptographic operations shoudl occur (either system or user)

Declaration

public X509Context Context { get; set; }

Property Value

Type	Description
X509Context

FullName

The fully-qualified name of the X509Alias in the format [Context][Name]

Declaration

public string FullName { get; }

Property Value

Type	Description
System.String

Name

The identifier assigned to this alias

Declaration

public string Name { get; set; }

Property Value

Type	Description
System.String

Thumbprint

The thumbprint of the certificate used for cryptographic operations in this alias

Declaration

public string Thumbprint { get; set; }

Property Value

Type	Description
System.String

Methods

AddSecret(KeyValuePair<String, String>, Boolean)

Adds a secret (which has already been encrypted using the certificate associated with this X509Alias) and its identifier to this X509Alias

Declaration

public void AddSecret(KeyValuePair<string, string> tuple, bool overwriteExisting)

Parameters

Type	Name	Description
KeyValuePair<System.String, System.String>	tuple	Key should be the secret identifier, Value should be the encrypted secret
System.Boolean	overwriteExisting	Indicates whether an existing secret in the alias with the same value for "Name" as specified may be overwritten

AddSecret(String, X509Alias, Boolean)

Re-encrypts a secret from a different X509Alias and stores it in this X509Alias

Declaration

public string AddSecret(string key, X509Alias OldAlias, bool overwriteExisting)

Parameters

Type	Name	Description
System.String	key	The identifier of the secret as it is stored in the old X509Alias
X509Alias	OldAlias	The old X509Alias where the secret is currently encrypted and stored
System.Boolean	overwriteExisting	If true, an existing secret in this X509Alias with the same identifier may be overwritten

Returns

Type	Description
System.String	A Base64-encoded ciphertext expression

AddSecret(String, String, Boolean)

Encrypts the specified plaintext expression and stores it in this X509Alias

Declaration

public string AddSecret(string key, string plaintext, bool overwriteExisting)

Parameters

Type	Name	Description
System.String	key	The desired identifier for the secret (must be unique within the alias)
System.String	plaintext	The plaintext expression to be encrypted
System.Boolean	overwriteExisting	Indicates whether an existing secret in the alias with the same value for "Name" as specified may be overwritten

Returns

Type	Description
System.String	A Base64-encoded ciphertext string

AliasExists(X509Alias)

Indicates whether there is already a storage path for the specified X509Alias on the system

Declaration

public static bool AliasExists(X509Alias Alias)

Parameters

Type	Name	Description
X509Alias	Alias	The X509Alias for which to check for a storage path

Returns

Type	Description
System.Boolean	true if a storage path exists for the specified X509Alias

Commit()

Writes the X509Alias to the local file system for later retrieval

Declaration

public void Commit()

DecryptFile(String, String, Int32)

Recovers the specified encrypted file

Declaration

public void DecryptFile(string inFile, string outFile, int wipeTimesToWrite = 0)

Parameters

Type	Name	Description
System.String	inFile	The path to the encrypted file to be recovered. Path must exist
System.String	outFile	The path in which to write the recovered plaintext file
System.Int32	wipeTimesToWrite	Performs n-pass forensic wipe of the disk sectors where the input file was stored.

DecryptText(String)

Decrypts the specified Base64-encoded ciphertext expression

Declaration

public string DecryptText(string ciphertext)

Parameters

Type	Name	Description
System.String	ciphertext	The Base64-encoded ciphertext expression to be decrypted

Returns

Type	Description
System.String	A recovered plaintext string

Dispose()

X509Alias Destructor

Declaration

public void Dispose()

DumpSecrets(SecretDumpFormat, Boolean)

Generates a data structure, in the selected format of all secret names and values contained within the X509Alias

Declaration

public dynamic DumpSecrets(SecretDumpFormat selectedFormat, bool reveal)

Parameters

Type	Name	Description
Org.X509Crypto.SecretDumpFormat	selectedFormat	The desired fromat in which to return the data
System.Boolean	reveal	indicates whether the encrypted value for each secret should be decrypted and included with the output.

Returns

Type	Description
System.Object

EncryptFile(String, String, Int32)

Encrypts the specified file. All file types are supported.

Declaration

public void EncryptFile(string inFile, string outFile, int wipeTimesToWrite = 0)

Parameters

Type	Name	Description
System.String	inFile	The path to the file to be encrypted. Path must exist.
System.String	outFile	he path in which to write the encrypted file.
System.Int32	wipeTimesToWrite	Performs n-pass forensic wipe of the disk sectors where the input file was stored.

EncryptText(String)

Encrypts the specified text expression

Declaration

public string EncryptText(string plaintext)

Parameters

Type	Name	Description
System.String	plaintext	the text expression to be encrypted

Returns

Type	Description
System.String	Base64-encoded ciphertext string

Exists()

Indicates whether the X509Alias already exists on the local system (meaning committed to storage)

Declaration

public bool Exists()

Returns

Type	Description
System.Boolean	True if the X509Alias already exists on the local system

Export(ref String, Boolean, Boolean)

Exports this X509Alias to a Json-formatted file Note: This method does NOT export the encryption certificate or the associated key pair.

Declaration

public void Export(ref string exportPath, bool includeCert, bool overwriteExisting = false)

Parameters

Type	Name	Description
System.String	exportPath	The path where the export file should be written (a .json extension is added if no file extension is specified)
System.Boolean	includeCert
System.Boolean	overwriteExisting	Indicates whether an existing file may be overwritten if a file should exist at the indicated export path

ExportCert(String)

Exports the encryption certificate contained in this alias to a Base64-encoded text file. The private key is not exported.

Declaration

public void ExportCert(string path)

Parameters

Type	Name	Description
System.String	path	The fully-qualified path where the export file should be written

GetSecret(String)

Gets the ciphertext value for the specified secret from the current X509Alias

Declaration

public string GetSecret(string key)

Parameters

Type	Name	Description
System.String	key	The identifier of the secret

Returns

Type	Description
System.String	A Base64-encoded ciphertext expression

HasCert(X509Context)

Declaration

public bool HasCert(X509Context Context)

Parameters

Type	Name	Description
X509Context	Context

Returns

Type	Description
System.Boolean

Import(String, X509Context, String)

Imports the X509Alias from the specified Json file Note: This method does not import the encryption certificate or its associated key pair needed to work with the X509Alias.

Declaration

public static X509Alias Import(string importPath, X509Context Context, string newName = "")

Parameters

Type	Name	Description
System.String	importPath	The path where the json file is located
X509Context	Context	The X509Context in which to load the alias
System.String	newName	If specified, the alias will be identified by the specified expression. Otherwise, the alias name imported from the json file will be used.

Returns

Type	Description
X509Alias

RecoverSecret(String)

Recovers a secret from an X509Alias with the specified identifier

Declaration

public string RecoverSecret(string key)

Parameters

Type	Name	Description
System.String	key	The identifier of the secret to be recovered

Returns

Type	Description
System.String	The recovered, plaintext secret

ReEncrypt(String, X509Context)

Updates this X509Alias to use a new encryption certificate and key pair. The old certificate and key pair must still be available to perform this operation.

Declaration

public void ReEncrypt(string newThumbprint, X509Context newContext = null)

Parameters

Type	Name	Description
System.String	newThumbprint	The SHA1 thumbprint of the new encryption certificate. The certificate and associated key pair must exist and be available in the specified X509Context
X509Context	newContext	The X509Context where the new encryption certificate and key pair is located

ReEncryptFile(String, X509Alias)

Re-encrypts the specified file using this X509Alias

Declaration

public void ReEncryptFile(string inFile, X509Alias OldAlias)

Parameters

Type	Name	Description
System.String	inFile	The path to the ciphertext file to re-encrypt
X509Alias	OldAlias	The X509Alias which was previously used to encrypt the file

ReEncryptSecret(String, X509Alias)

Re-Encrypts a secret that is stored in a different X509Alias

Declaration

public string ReEncryptSecret(string secretName, X509Alias OldAlias)

Parameters

Type	Name	Description
System.String	secretName	The identifier of the secret to be re-encrypted
X509Alias	OldAlias	The X509Alias where the secret is stored

Returns

Type	Description
System.String	A Base64-encoded ciphtertext string

ReEncryptText(String, X509Alias)

Re-Encrypts a ciphertext expression, currently encrypted in a different X509Alias, using this X509Alias

Declaration

public string ReEncryptText(string ciphertext, X509Alias OldAlias)

Parameters

Type	Name	Description
System.String	ciphertext	The ciphertext expression to be reencrypted
X509Alias	OldAlias	The identifier of the X509Alias where the input secret is located

Returns

Type	Description
System.String	A Bas64-encoded ciphertext string

Remove(Boolean)

Removes this X509Alias from the file system

Declaration

public void Remove(bool deleteCert = false)

Parameters

Type	Name	Description
System.Boolean	deleteCert

SecretExists(String)

Indicates whether a secret with the specified identifier exists within this X509Alias

Declaration

public bool SecretExists(string key)

Parameters

Type	Name	Description
System.String	key	The secret identifier to check the X509Alias for

Returns

Type	Description
System.Boolean	true if a secret with the specified identifier is found in this X509Alias