Skip to main content

Class TokenEncryptionUtil

Provides utility methods for AES encryption and decryption of authentication tokens and sensitive string data.

Namespace: Workspace.XBR.Xperiflow.Utilities

Assembly: Xperiflow.dll

Declaration
public class TokenEncryptionUtil

Examples

Basic token encryption and decryption:

// Encrypt a sensitive token
string originalToken = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...";
var (encryptedToken, iv) = TokenEncryptionUtil.AesEncryptToken(originalToken);

// Store the encrypted token and IV (both are Base64 encoded)
await secureStorage.StoreAsync("token", encryptedToken);
await secureStorage.StoreAsync("token_iv", iv);

// Later, retrieve and decrypt the token
string storedToken = await secureStorage.GetAsync("token");
string storedIV = await secureStorage.GetAsync("token_iv");
string decryptedToken = TokenEncryptionUtil.DecryptToken(storedToken, storedIV);

// Use the decrypted token
Assert.AreEqual(originalToken, decryptedToken);

Usage in authentication workflows:

// Secure token storage in user session
public async Task StoreUserTokenAsync(string userToken)
{
    var (encryptedToken, iv) = TokenEncryptionUtil.AesEncryptToken(userToken);

    // Store in database or secure cache
    await userSessionRepository.UpdateAsync(new UserSession
    {
        UserId = currentUser.Id,
        EncryptedToken = encryptedToken,
        TokenIV = iv,
        UpdatedAt = DateTime.UtcNow
    });
}

// Retrieve and decrypt token for API calls
public async Task GetUserTokenAsync()
{
    var session = await userSessionRepository.GetByUserIdAsync(currentUser.Id);
    return TokenEncryptionUtil.DecryptToken(session.EncryptedToken, session.TokenIV);
}

Remarks

The Workspace.XBR.Xperiflow.Utilities.TokenEncryptionUtil class provides static methods for encrypting and decrypting sensitive string data, particularly authentication tokens, using AES (Advanced Encryption Standard) encryption with CBC (Cipher Block Chaining) mode and PKCS7 padding. This ensures secure storage and transmission of sensitive information within the Xperiflow system.

Security Features:

  • AES EncryptionUses industry-standard AES encryption algorithm

  • CBC ModeCipher Block Chaining mode for enhanced security

  • Random IVGenerates a new random initialization vector for each encryption

  • PKCS7 PaddingStandard padding scheme for proper block alignment

Key Management:

The class uses a pre-configured encryption key from Workspace.XBR.Xperiflow.Core.XperiflowConstants.TokenKey. This key should be securely managed and rotated according to your organization's security policies.

Thread Safety:

All methods in this class are thread-safe as they create new instances of cryptographic objects for each operation and do not maintain any shared state.

Methods

AesEncryptToken(string)

Encrypts a token string using AES encryption with a randomly generated initialization vector.

Declaration
public static (string EncryptedToken, string InitializationVector) AesEncryptToken(string tokenString)
Remarks

This method uses AES encryption in CBC mode with PKCS7 padding to encrypt the provided token string. A new random initialization vector (IV) is generated for each encryption operation to ensure that identical plaintext values produce different ciphertext results, enhancing security.

Security Considerations:

Output Format:

Both the encrypted token and IV are returned as Base64-encoded strings for safe storage and transmission across various systems and protocols.

Returns

System.ValueTuple<System.String,System.String>

A tuple containing the Base64-encoded encrypted token and the Base64-encoded initialization vector. Both values are required for decryption.

Parameters
TypeNameDescription
System.StringtokenStringThe plain text token string to encrypt
Exceptions

System.ArgumentNullException Thrown when tokenString is null System.Security.Cryptography.CryptographicException Thrown when encryption fails due to cryptographic errors System.InvalidOperationException Thrown when the encryption key is not properly configured

DecryptToken(string, string)

Decrypts a previously encrypted token using the provided ciphertext and initialization vector.

Declaration
public static string DecryptToken(string base64CipherText, string base64IV)
Remarks

This method decrypts token data that was previously encrypted using Workspace.XBR.Xperiflow.Utilities.TokenEncryptionUtil.AesEncryptToken(string). The same encryption key and initialization vector must be used to successfully decrypt the data. Both the ciphertext and IV should be provided exactly as returned by the encryption method.

Input Requirements:

Error Handling:

If the ciphertext or IV is invalid, corrupted, or if the encryption key has changed, the method will throw a System.Security.Cryptography.CryptographicException. Applications should handle these exceptions appropriately, potentially by invalidating the stored token and requesting re-authentication.

Returns

System.String

The decrypted plain text token string

Parameters
TypeNameDescription
System.Stringbase64CipherTextThe Base64-encoded encrypted token string
System.Stringbase64IVThe Base64-encoded initialization vector used during encryption
Exceptions

System.ArgumentNullException Thrown when base64CipherText or base64IV is null System.FormatException Thrown when the Base64-encoded parameters are not valid Base64 strings System.Security.Cryptography.CryptographicException Thrown when decryption fails due to invalid ciphertext, IV, or key mismatch System.InvalidOperationException Thrown when the encryption key is not properly configured

Inherited Members

  • System.Object.Equals(System.Object)
  • System.Object.Equals(System.Object,System.Object)
  • System.Object.GetHashCode
  • System.Object.GetType
  • System.Object.MemberwiseClone
  • System.Object.ReferenceEquals(System.Object,System.Object)
  • System.Object.ToString
Last updated on by Jeremy Meiss

Was this page helpful?