in src/EncryptionUtils.cs [394:442]
internal static EncryptionInstructions BuildInstructionsFromObjectMetadata(
GetObjectResponse response, EncryptionMaterialsBase materials, byte[] decryptedEnvelopeKeyKMS)
{
MetadataCollection metadata = response.Metadata;
var materialDescription = GetMaterialDescriptionFromMetaData(response.Metadata);
if (metadata[XAmzKeyV2] != null)
{
EnsureSupportedAlgorithms(metadata);
var base64EncodedEncryptedEnvelopeKey = metadata[XAmzKeyV2];
var encryptedEnvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);
var base64EncodedIV = metadata[XAmzIV];
var IV = Convert.FromBase64String(base64EncodedIV);
var cekAlgorithm = metadata[XAmzCekAlg];
var wrapAlgorithm = metadata[XAmzWrapAlg];
if (decryptedEnvelopeKeyKMS != null)
{
return new EncryptionInstructions(materialDescription, decryptedEnvelopeKeyKMS, encryptedEnvelopeKey, IV, wrapAlgorithm, cekAlgorithm);
}
else
{
byte[] decryptedEnvelopeKey;
if (XAmzWrapAlgRsaOaepSha1.Equals(wrapAlgorithm) || XAmzWrapAlgAesGcmValue.Equals(wrapAlgorithm))
{
decryptedEnvelopeKey = DecryptNonKmsEnvelopeKeyV2(encryptedEnvelopeKey, materials);
}
else
{
decryptedEnvelopeKey = DecryptNonKMSEnvelopeKey(encryptedEnvelopeKey, materials);
}
return new EncryptionInstructions(materialDescription, decryptedEnvelopeKey, encryptedEnvelopeKey, IV, wrapAlgorithm, cekAlgorithm);
}
}
else
{
string base64EncodedEncryptedEnvelopeKey = metadata[XAmzKey];
byte[] encryptedEnvelopeKey = Convert.FromBase64String(base64EncodedEncryptedEnvelopeKey);
byte[] decryptedEnvelopeKey = DecryptNonKMSEnvelopeKey(encryptedEnvelopeKey, materials);
string base64EncodedIV = metadata[XAmzIV];
byte[] IV = Convert.FromBase64String(base64EncodedIV);
return new EncryptionInstructions(materialDescription, decryptedEnvelopeKey, encryptedEnvelopeKey, IV);
}
}