public static byte[] DecryptBlob(byte[] blob, byte[] password, DerivedKeyCache keyCache) { // 1. Parse var parsed = ParseEncryptedBlob(blob); // 2. Derive the key and IV // // Depending on the mode, the key is either the actual encryption key or an interim key // that is used to derive the iv, HMAC and the encryption keys. var key = ComputeEncryptionKey(password, parsed.Salt, parsed.CryptoConfig, keyCache); var iv = DeriveIv(key, parsed); // 3. Derive the encryption key and the HMAC key var keyHmacKey = DeriveKeyAndHmacKey(key, parsed.CryptoConfig); var encryptionKey = keyHmacKey.Item1; var hmacKey = keyHmacKey.Item2; // 4. Check the MAC if (!DoesHashMatch(parsed, iv, hmacKey)) { throw new BadCredentialsException( "The password is incorrect or the data in the vault is corrupted (MAC doesn't match)"); } // 5. Decrypt var plaintext = Decrypt(parsed.Ciphertext, iv, encryptionKey); // 6. Inflate return(Inflate(plaintext.Sub(6, int.MaxValue))); }
public static byte[] ComputeEncryptionKey(byte[] password, byte[] salt, CryptoConfig config, DerivedKeyCache cache) { return(cache.GetOrDerive(password, salt, config.KdfConfig)); }
public static Account[] ExtractEncryptedAccounts(byte[] blob, string password, DerivedKeyCache keyCache) { return(ExtractAccountsFromXml(DecryptBlob(blob, password, keyCache).ToUtf8())); }
public static byte[] DecryptBlob(byte[] blob, string password, DerivedKeyCache keyCache) { return(DecryptBlob(blob, PasswordToBytes(password), keyCache)); }