// Wyprowadza wartość klucza z podanego hasła private void DeriveKey(string password) { if (ArchiveKey != null) { ArchiveKey.Derive(password); } }
/// <summary> /// Creates a new <see cref="UserKeyAuthorization"/> entry for a user key and a particular archive. /// </summary> /// <param name="friendlyName">A friendly name to help the user identify the key.</param> /// <param name="userKey">The <see cref="UserKey"/> to authorize.</param> /// <param name="archiveKey">The key used to encrypt the archive that the user key is being authorized for.</param> /// <param name="securitySettings">The archive's <see cref="SecuritySettings"/>.</param> /// <returns>The new <see cref="UserKeyAuthorization"/> entry.</returns> public static UserKeyAuthorization CreateNewAuthorization( UserKeyAuthorizationParameters newKeyParams, ReadOnlySpan <byte> keyDerivationSalt, ArchiveKey archiveKey, SecuritySettings securitySettings) { ArgCheck.IsValid(newKeyParams, nameof(newKeyParams)); ArgCheck.NotEmpty(keyDerivationSalt, nameof(keyDerivationSalt)); ArgCheck.NotNull(archiveKey, nameof(archiveKey)); ArgCheck.IsValid(securitySettings, nameof(securitySettings)); using var userKey = UserKey.DeriveFrom( newKeyParams.UserSecret, keyDerivationSalt, securitySettings); // The SecureArchive file format requires that the friendly name and keyId be // checked for tampering when using authenticated cyphers. var additionalData = Encoding.UTF8.GetBytes(newKeyParams.FriendlyName + userKey.KeyId); var cryptoStrategy = CryptoHelpers.GetCryptoStrategy(securitySettings.EncryptionAlgo); var encryptedArchiveKey = userKey.EncryptSecret(cryptoStrategy, archiveKey, additionalData); return(new UserKeyAuthorization { AuthorizationId = Guid.NewGuid(), FriendlyName = newKeyParams.FriendlyName, KeyId = userKey.KeyId, TimeAdded = DateTime.UtcNow, EncryptedArchiveKey = encryptedArchiveKey, SecretMetadata = newKeyParams.SecretMetadata, }); }
/* * Metody publiczne realizujące operacje na otwartym archiwum */ // Zamyka otwarte archiwum public void Close() { if (IsOpen) { Connection.Close(); ArchiveKey.Reset(); FilePath = ""; IdFileNamePairs.Clear(); } }
/// <summary> /// Serializes a given object as JSON and encrypts it. /// </summary> /// <typeparam name="T">The type of the object to serialize.</typeparam> /// <param name="objectToSerialize">The object to serialize.</param> /// <param name="key">The archive's ecryption key to use.</param> /// <param name="securitySettings">The archive's security settings.</param> /// <returns>The serialized and encrypted data.</returns> public static EncryptedPacket SerializeAndEncrypt <T>( T objectToSerialize, ArchiveKey key, SecuritySettings securitySettings) { var rawData = JsonSerializer.SerializeToUtf8Bytes(objectToSerialize); var cryptoStrategy = CryptoHelpers.GetCryptoStrategy(securitySettings.EncryptionAlgo); return(key.Encrypt(cryptoStrategy, rawData)); }
/// <summary> /// Decrypts and deserializes an encrypted JSON object. /// </summary> /// <typeparam name="T">The type of the object to deserialize.</typeparam> /// <param name="encryptedData">The encrypted object data.</param> /// <param name="key">The archive's decryption key to use.</param> /// <param name="securitySettings">The archive's security settings.</param> /// <returns>The requested deserialized object.</returns> public static T DecryptAndDeserialize <T>( EncryptedPacket encryptedData, ArchiveKey key, SecuritySettings securitySettings) { var cryptoStrategy = CryptoHelpers.GetCryptoStrategy(securitySettings.EncryptionAlgo); var rawData = key.Decrypt(cryptoStrategy, encryptedData); return(JsonSerializer.Deserialize <T>(rawData)); }
/// <summary> /// Decrypts the <see cref="FileIndex"/> data structure contained in the given <see cref="EncryptedPacket"/>. /// </summary> /// <param name="encryptedPacket">The encrypted data to decrypt the <see cref="FileIndex"/> from.</param> /// <param name="archiveKey">The key used for decryption.</param> /// <param name="securitySettings">The <see cref="SecuritySettings"/> for the secure archive.</param> /// <returns>The decrypted <see cref="FileIndex"/>.</returns> public static FileIndex DecryptFrom( EncryptedPacket encryptedPacket, ArchiveKey archiveKey, SecuritySettings securitySettings) { var indexEntries = JsonHelpers.DecryptAndDeserialize <List <FileIndexEntry> >( encryptedPacket, archiveKey, securitySettings); return(new FileIndex(indexEntries)); }
// Tworzy głęboką kopię wystąpienia (niezbędne dla przechowania backupu) public FileArchive Clone() { FileArchive copy = new FileArchive(); copy.FilePath = FilePath; copy.ArchiveKey = ArchiveKey.Clone(); copy.IsCompressed = IsCompressed; Hashtable idFileNamePairs = new Hashtable(); foreach (int id in IdFileNamePairs.Keys) { idFileNamePairs.Add(id, IdFileNamePairs[id]); } copy.IdFileNamePairs = idFileNamePairs; copy.Connection = (SQLiteConnection)Connection.Clone(); return(copy); }
public static bool TryDecryptArchiveKey( this UserKeyAuthorization authorization, UserKey userKey, SecuritySettings securitySettings, out ArchiveKey archiveKey) { ArgCheck.NotNull(authorization, nameof(authorization)); ArgCheck.NotNull(userKey, nameof(userKey)); ArgCheck.IsValid(securitySettings, nameof(securitySettings)); archiveKey = null; if (!CryptoHelpers.SecureEquals(userKey.KeyId, authorization.KeyId)) { return(false); } try { // The SecureArchive file format requires that the friendly name and keyId be // checked for tampering when using authenticated cyphers. var additionalData = Encoding.UTF8.GetBytes(authorization.FriendlyName + authorization.KeyId); var cryptoStrategy = CryptoHelpers.GetCryptoStrategy(securitySettings.EncryptionAlgo); var decryptedArchiveKey = userKey.Decrypt(cryptoStrategy, authorization.EncryptedArchiveKey, additionalData); if (!decryptedArchiveKey.IsEmpty) { archiveKey = new ArchiveKey(decryptedArchiveKey.ToArray()); } } catch { return(false); } return(archiveKey != null); }
public static int RunArchive(Options.ArchiveKey ArchiveKeyOpts) { // Checks int inError = 0; StringBuilder errMsgText = new StringBuilder(); if (!File.Exists(ArchiveKeyOpts.KeyFile)) { // Provided key file doesn't exist inError = 10; errMsgText.Append($"- Provided import file, {ArchiveKeyOpts.KeyFile}, doesn't exist.\n"); } try { using (FileStream tef = File.OpenWrite(ArchiveKeyOpts.Archivefile)) { } } catch (UnauthorizedAccessException) { inError = 11; errMsgText.Append($"- Unable to open output file, {ArchiveKeyOpts.Archivefile}, for writting\n"); } catch (DirectoryNotFoundException) { inError = 12; errMsgText.Append($"- Directory not found: {ArchiveKeyOpts.Archivefile}\n"); } catch (Exception ex) { inError = 19; errMsgText.Append($"- Other error occured:\n{ex.Message}\n"); } if (ArchiveKeyOpts.Password.Trim() == string.Empty) { inError = 13; errMsgText.Append($"- Provided password value is empty ({ArchiveKeyOpts.Password})\n"); } ValidatePasswordResult pwresult = Validate.Password(ArchiveKeyOpts.Password.Trim()); if (pwresult.IsFailed) { inError = 14; errMsgText.Append($"- Failed password validation:\n\n{pwresult.FailedReason.Replace("-", " -")}\n"); } if (inError > 0) { Console.Write($"\nTHere is a problem with the provided parameters:\n\n{errMsgText.ToString()}"); return(inError); } // Do stuff FileInfo keyToArchive = new FileInfo(ArchiveKeyOpts.KeyFile); ArchiveKeyResult result = ArchiveKey.Archive(ArchiveKeyOpts.Archivefile, ArchiveKeyOpts.Password, keyToArchive); if (result.IsInError) { Console.Write($"\nUnable to archive secure key. Exception message is:\n{result.ErrorString}"); return(15); } if (File.Exists(ArchiveKeyOpts.Archivefile) && new FileInfo(ArchiveKeyOpts.Archivefile).Length > 10) { Console.Write($"\nKey archive created successfully. To transfer the key, copy to another computer and restore it."); return(0); } else { Console.Write($"\nKey archive creation failed."); return(-1); } }
/// <summary> /// Encrypts the <see cref="FileIndex"/> for secure storage. /// </summary> /// <param name="archiveKey">The encryption key to use.</param> /// <param name="securitySettings">The <see cref="SecuritySettings"/> for the secure archive.</param> /// <returns>The encrypted <see cref="FileIndex"/> data.</returns> public EncryptedPacket Encrypt(ArchiveKey archiveKey, SecuritySettings securitySettings) => JsonHelpers.SerializeAndEncrypt <List <FileIndexEntry> >( this.FileEntriesById.Values.Select(i => i.IndexEntry).ToList(), archiveKey, securitySettings);
/// <summary> /// Creates a new <see cref="AegisArchive"/> that contains no files. /// </summary> /// <param name="fileSettings">Settings for where the archive and related files are stored.</param> /// <param name="creationParameters">The <see cref="SecureArchiveCreationParameters"/> to use when creating the archive.</param> /// <returns>A new <see cref="AegisArchive"/> that is opened but not yet persisted to disk.</returns> public static AegisArchive CreateNew( SecureArchiveFileSettings fileSettings, SecureArchiveCreationParameters creationParameters) { ArgCheck.IsValid(fileSettings, nameof(fileSettings)); ArgCheck.IsValid(creationParameters, nameof(creationParameters)); var currentTime = DateTimeOffset.UtcNow; var archiveId = Guid.NewGuid(); ArchiveKey tempArchiveKey = null; AegisArchive tempArchive = null; AegisArchive archive = null; try { tempArchiveKey = ArchiveKey.CreateNew(creationParameters.SecuritySettings); // Derive and authorize the first user key. var keyDerivationSalt = CryptoHelpers.GetRandomBytes(creationParameters.KeyDerivationSaltSizeInBytes); var firstUserKeyAuthorization = UserKeyAuthorizationExtensions.CreateNewAuthorization( creationParameters.FirstKeyAuthorizationParams, keyDerivationSalt, tempArchiveKey, creationParameters.SecuritySettings); var authCanary = tempArchiveKey.Encrypt( CryptoHelpers.GetCryptoStrategy(creationParameters.SecuritySettings.EncryptionAlgo), archiveId.ToByteArray()); var archiveMetadata = new SecureArchiveMetadata { Id = archiveId, SecuritySettings = creationParameters.SecuritySettings, CreateTime = currentTime, LastModifiedTime = currentTime, KeyDerivationSalt = new List <byte>(keyDerivationSalt), AuthCanary = authCanary, UserKeyAuthorizations = new List <UserKeyAuthorization> { firstUserKeyAuthorization }, }; tempArchive = new AegisArchive { ArchiveMetadata = archiveMetadata, ArchiveKey = tempArchiveKey, FileSettings = fileSettings, FileIndex = new FileIndex(), SecureArchive = OpenSecureArchiveFile(fileSettings, createNewArchive: true), }; tempArchive.PersistMetadata(); // Transfer the archive reference to the return variable. archive = tempArchive; tempArchive = null; // Dispose ownership of the archive key now belongs to the archive. tempArchiveKey = null; } finally { tempArchive?.Dispose(); tempArchiveKey?.Dispose(); } return(archive); }