/// <summary>
/// encrypt the stream asymmetrically using the encryption information
/// of specific security profile in the configuration file
/// </summary>
/// <param name="data">stream data</param>
/// <param name="profile">security profile name</param>
/// <param name="key">output parameter for generated secret key</param>
/// <param name="iv">output parameter for generated iv</param>
/// <param name="signature">out parameters for the digital signature</param>
/// <returns>stream data</returns>
public static Stream Encrypt(Stream data, string profile, out byte[] key, out byte[] iv, out byte[] signature)
{
SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
CryptographyConfiguration cc = cm.CryptographyConfig;
//retrieve the security profile information from the configuration file
XmlNode cryptoInfo = cc.SearchCryptoInfoByProfileName(profile);
bool symmetric = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value);
ICryptoTransform encryptor = null;
RSACryptoServiceProvider provider = null;
if (symmetric != false)
{
throw new System.Exception("This method id not intended for symmetric encryption");
}
provider = (RSACryptoServiceProvider)cc.GetAymmetricAlgorithmProvider(profile);
//retireve the sneder and receiver's certification information for encryption
string senderCert = cryptoInfo.SelectSingleNode("SenderCertificate").InnerText;
string sendCertStore = cryptoInfo.SelectSingleNode("SenderCertificate").Attributes["store"].Value;
string receiverCert = cryptoInfo.SelectSingleNode("ReceiverCertificate").InnerText;
string receiverCertStore = cryptoInfo.SelectSingleNode("ReceiverCertificate").Attributes["store"].Value;
string symmatricAlgorithm = cryptoInfo.SelectSingleNode("SymmatricAlgorithm").InnerText;
//obtain the X509 certificate object for the sender and receiver
X509Certificate senderCertificate = Certificate.SearchCertificateBySubjectName(sendCertStore, senderCert);
X509Certificate receiverCertificate = Certificate.SearchCertificateBySubjectName(receiverCertStore, receiverCert);
//receive the sender's private key and receiver's public key for encryption
RSAParameters sender_privateKey = senderCertificate.Key.ExportParameters(true);
RSAParameters receiver_publicKey = receiverCertificate.PublicKey.ExportParameters(false);
SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create(symmatricAlgorithm);
encryptor = symmProvider.CreateEncryptor();
CryptoStream encStream = new CryptoStream(data, encryptor, CryptoStreamMode.Read);
MemoryStream encrypted = new MemoryStream();
byte[] buffer = new byte[1024];
int count = 0;
while ((count = encStream.Read(buffer, 0, 1024)) > 0)
{
encrypted.Write(buffer, 0, count);
}
//encrypt the screte key, iv key using receiver's public key
//that are used to decrypt the data
provider.ImportParameters(receiver_publicKey);
key = provider.Encrypt(symmProvider.Key, false);
iv = provider.Encrypt(symmProvider.IV, false);
//sign the data with sender's private key
provider.ImportParameters(sender_privateKey);
signature = provider.SignData(encrypted.ToArray(), new SHA1CryptoServiceProvider());
encrypted.Position = 0;
return((Stream)encrypted);
}
/// <summary>
/// decrypt the stream data asymmetrically using the security profile
/// information stored in the configuration file
/// </summary>
/// <param name="data">encrypted stream data</param>
/// <param name="profile">security profile name</param>
/// <param name="key">generated key</param>
/// <param name="iv">generated iv</param>
/// <param name="signature">generated signature</param>
/// <returns>decrypted stream</returns>
public static Stream Decrypt(Stream data, string profile, byte[] key, byte[] iv, byte[] signature)
{
SAF.Configuration.ConfigurationManager cm = (SAF.Configuration.ConfigurationManager)System.Configuration.ConfigurationManager.GetSection("Framework");
CryptographyConfiguration cc = cm.CryptographyConfig;
//retrieve the security profile information
XmlNode cryptoInfo = cc.SearchCryptoInfoByProfileName(profile);
bool symmetric = Boolean.Parse(cryptoInfo.Attributes["symmetric"].Value);
ICryptoTransform decryptor = null;
RSACryptoServiceProvider provider = null;
if (symmetric != false)
{
throw new System.Exception("This method id not intended for symmetric encryption");
}
provider = (RSACryptoServiceProvider)cc.GetAymmetricAlgorithmProvider(profile);
//retrieve the sender and receiver's certification information for decryption
string senderCert = cryptoInfo.SelectSingleNode("SenderCertificate").InnerText;
string sendCertStore = cryptoInfo.SelectSingleNode("SenderCertificate").Attributes["store"].Value;
string receiverCert = cryptoInfo.SelectSingleNode("ReceiverCertificate").InnerText;
string receiverCertStore = cryptoInfo.SelectSingleNode("ReceiverCertificate").Attributes["store"].Value;
string symmatricAlgorithm = cryptoInfo.SelectSingleNode("SymmatricAlgorithm").InnerText;
//obtain X509 certification object
X509Certificate senderCertificate = Certificate.SearchCertificateBySubjectName(sendCertStore, senderCert);
X509Certificate receiverCertificate = Certificate.SearchCertificateBySubjectName(receiverCertStore, receiverCert);
//retrieve the sender's private key and receiver's public
RSAParameters sender_privateKey = senderCertificate.Key.ExportParameters(true);
RSAParameters receiver_publicKey = receiverCertificate.PublicKey.ExportParameters(false);
//import the public key information to verify the data
provider.ImportParameters(receiver_publicKey);
MemoryStream ms = new MemoryStream();
byte[] buffer = new Byte[1024];
int count = 0;
while ((count = data.Read(buffer, 0, buffer.Length)) > 0)
{
ms.Write(buffer, 0, count);
}
byte[] encryptedData = ms.ToArray();
//data.Position = 0 ;
//data.Read(encryptedData,0,encryptedData.Length);
//verify if the data has been tempered with
bool v = provider.VerifyData(encryptedData, new SHA1CryptoServiceProvider(), signature);
if (v == false)
{
throw new CryptographicException();
}
//import the private key information to decrypt data
provider.ImportParameters(sender_privateKey);
//decrypt the secret key and iv
byte[] decryptedkey = provider.Decrypt(key, false);
byte[] decryptediv = provider.Decrypt(iv, false);
SymmetricAlgorithm symmProvider = SymmetricAlgorithm.Create(symmatricAlgorithm);
symmProvider.Key = decryptedkey;
symmProvider.IV = decryptediv;
decryptor = symmProvider.CreateDecryptor();
ms.Position = 0;
//decrypt the stream
CryptoStream decStream = new CryptoStream(ms, decryptor, CryptoStreamMode.Read);
MemoryStream decrypted = new MemoryStream();
count = 0;
while ((count = decStream.Read(buffer, 0, buffer.Length)) != 0)
{
decrypted.Write(buffer, 0, count);
}
decrypted.Position = 0;
return((Stream)decrypted);
}
