DataHandler.DataEncryptions

Provides methods to serialize, encrypt, decrypt, and deserialize objects using JSON + AES-256-GCM.

Shared Settings

  • _jsonOpts (JsonSerializerOptions):
    • IncludeFields = true
      Enables JSON serialization of public fields as well as properties.

Methods

PackData(object data, SecureData Key)

Serializes an object of type T to binary, wraps it with its assembly-qualified type name in JSON, Base64-encodes, then encrypts via AES-GCM with per-operation salt.

  • Parameters:
    • data: The object to serialize (must be castable to T).
    • Key: SecureData used to derive the AES encryption key via Argon2id + random salt.
  • Process:
    1. Convert data to a byte array via BinaryConverter.NCObjectToByteArrayAsync.
    2. Create a tuple (assemblyQualifiedTypeName, payloadBytes).
    3. Serialize the tuple to UTF-8 JSON bytes (JsonSerializer.SerializeToUtf8Bytes).
    4. Base64-encode the JSON bytes.
    5. Encrypt the Base64 string using SimpleAESEncryption.Encrypt (includes random salt + IV).
    6. Return the encrypted payload as AESEncryptedText.ToString() → Salt|IV|Ciphertext+Tag (all Base64).
  • Returns: Task — The encrypted wrapper in Salt|IV|Ciphertext format.

UnpackData(string data, SecureData Key)

Decrypts and deserializes a string previously produced by PackData back into the original object.

  • Parameters:
    • data: The encrypted payload string in Salt|IV|Ciphertext+Tag format.
    • Key: SecureData used to derive the decryption key (re-derives using stored salt).
  • Process:
    1. Parse data into SimpleAESEncryption.AESEncryptedText (handles Salt|IV|Ciphertext).
    2. Decrypt using stored salt → recovers Base64-encoded JSON wrapper.
    3. Base64-decode to JSON bytes.
    4. Deserialize JSON into (string assemblyQualifiedTypeName, byte[] payloadBytes).
    5. Resolve the Type from assemblyQualifiedTypeName.
    6. Use reflection to call BinaryConverter.NCByteArrayToObjectAsync.
    7. Await and return the original object.
  • Returns: Task — The fully restored object instance.
  • Exceptions:
    • Throws if decryption/auth fails, JSON is invalid, type cannot be resolved, or deserialization errors occur.