public static string Encrypt(string value, IEncryptionCredentials credentials)
{
if (string.IsNullOrEmpty(value))
{
return(value);
}
byte[] passwordBytes = null;
byte[] saltBytes = null;
byte[] initialVectorBytes = null;
byte[] derivedBytes = null;
byte[] valueBytes = null;
byte[] buffer = null;
try
{
passwordBytes = credentials.Password.ToByteArray(Encoding.ASCII, clearAfterUse: true);
saltBytes = credentials.Salt.ToByteArray(Encoding.ASCII, clearAfterUse: true);
initialVectorBytes = credentials.InitialVector.ToByteArray(Encoding.ASCII, clearAfterUse: true);
var passwordIterations = credentials.PasswordIterations;
var keySize = credentials.KeySize;
using var rfcDeriveBytes = new Rfc2898DeriveBytes(passwordBytes, saltBytes, passwordIterations);
using var aesManaged = new AesManaged { Mode = CipherMode.CBC };
derivedBytes = rfcDeriveBytes.GetBytes(keySize / 8);
using var encryptor = aesManaged.CreateEncryptor(derivedBytes, initialVectorBytes);
using var memoryStream = new MemoryStream();
using var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
valueBytes = Encoding.UTF8.GetBytes(value);
cryptoStream.Write(valueBytes, 0, valueBytes.Length);
cryptoStream.FlushFinalBlock();
buffer = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
aesManaged.Clear();
return(Convert.ToBase64String(buffer));
}
finally
{
if (buffer != null && buffer.Any())
{
Array.Clear(buffer, 0, buffer.Length);
}
if (passwordBytes != null && passwordBytes.Any())
{
Array.Clear(passwordBytes, 0, passwordBytes.Length);
}
if (valueBytes != null && valueBytes.Any())
{
Array.Clear(valueBytes, 0, valueBytes.Length);
}
if (saltBytes != null && saltBytes.Any())
{
Array.Clear(saltBytes, 0, saltBytes.Length);
}
if (initialVectorBytes != null && initialVectorBytes.Any())
{
Array.Clear(initialVectorBytes, 0, initialVectorBytes.Length);
}
if (derivedBytes != null && derivedBytes.Any())
{
Array.Clear(derivedBytes, 0, derivedBytes.Length);
}
}
}
public static async Task <byte[]> DecryptAsync(byte[] value, IEncryptionCredentials credentials,
CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
if (value == null || value.Length == 0)
{
return(value);
}
byte[] passwordBytes = null;
byte[] saltBytes = null;
byte[] initialVectorBytes = null;
byte[] derivedBytes = null;
byte[] valueBytes = null;
byte[] buffer = null;
try
{
passwordBytes = credentials.Password.ToByteArray(Encoding.ASCII, clearAfterUse: true);
saltBytes = credentials.Salt.ToByteArray(Encoding.ASCII, clearAfterUse: true);
initialVectorBytes = credentials.InitialVector.ToByteArray(Encoding.ASCII, clearAfterUse: true);
var passwordIterations = credentials.PasswordIterations;
var keySize = credentials.KeySize;
valueBytes = Convert.FromBase64String(Encoding.ASCII.GetString(value));
buffer = new byte[valueBytes.Length];
using var rfcDeriveBytes = new Rfc2898DeriveBytes(passwordBytes, saltBytes, passwordIterations);
using var aesManaged = new AesManaged { Mode = CipherMode.CBC };
derivedBytes = rfcDeriveBytes.GetBytes(keySize / 8);
using var decryptor = aesManaged.CreateDecryptor(derivedBytes, initialVectorBytes);
await using var memoryStream = new MemoryStream(valueBytes);
await using var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
var count = await cryptoStream.ReadAsync(buffer, 0, buffer.Length, cancellationToken);
memoryStream.Close();
cryptoStream.Close();
aesManaged.Clear();
Array.Resize(ref buffer, count);
return(buffer);
}
finally
{
if (buffer != null && buffer.Any())
{
Array.Clear(buffer, 0, buffer.Length);
}
if (passwordBytes != null && passwordBytes.Any())
{
Array.Clear(passwordBytes, 0, passwordBytes.Length);
}
if (valueBytes != null && valueBytes.Any())
{
Array.Clear(valueBytes, 0, valueBytes.Length);
}
if (saltBytes != null && saltBytes.Any())
{
Array.Clear(saltBytes, 0, saltBytes.Length);
}
if (initialVectorBytes != null && initialVectorBytes.Any())
{
Array.Clear(initialVectorBytes, 0, initialVectorBytes.Length);
}
if (derivedBytes != null && derivedBytes.Any())
{
Array.Clear(derivedBytes, 0, derivedBytes.Length);
}
}
}
public static async Task <byte[]> ToAesDecryptedBytesAsync(this byte[] value, IEncryptionCredentials credentials,
CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
return(await DecryptAsync(value, credentials, cancellationToken));
}
public static string ToAesDecryptedString(this string value, IEncryptionCredentials credentials)
{
return(Decrypt(value, credentials));
}
public static byte[] ToAesDecryptedBytes(this byte[] value, IEncryptionCredentials credentials)
{
return(Decrypt(value, credentials));
}
public static async Task <string> ToAesEncryptedStringAsync(this string value, IEncryptionCredentials credentials,
CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
return(await EncryptAsync(value, credentials, cancellationToken));
}
public static byte[] FromRijndaelBytes(this byte[] value, IEncryptionCredentials credentials)
{
return(Decrypt(value, credentials));
}
public static string FromRijndaelString(this string value, IEncryptionCredentials credentials)
{
return(Decrypt(value, credentials));
}
public static string Decrypt(string value, IEncryptionCredentials credentials)
{
if (string.IsNullOrEmpty(value))
{
return(value);
}
byte[] passwordBytes = null;
byte[] saltBytes = null;
byte[] initialVectorBytes = null;
byte[] derivedBytes = null;
byte[] valueBytes = null;
byte[] buffer = null;
try
{
passwordBytes = credentials.Password.ToByteArray(Encoding.ASCII, clearAfterUse: true);
saltBytes = credentials.Salt.ToByteArray(Encoding.ASCII, clearAfterUse: true);
initialVectorBytes = credentials.InitialVector.ToByteArray(Encoding.ASCII, clearAfterUse: true);
var passwordIterations = credentials.PasswordIterations;
var keySize = credentials.KeySize;
valueBytes = Convert.FromBase64String(value);
buffer = new byte[valueBytes.Length];
using var rfcDeriveBytes = new Rfc2898DeriveBytes(passwordBytes, saltBytes, passwordIterations);
using var rijndaelManaged = new RijndaelManaged { Mode = CipherMode.CBC };
derivedBytes = rfcDeriveBytes.GetBytes(keySize / 8);
using var decryptor = rijndaelManaged.CreateDecryptor(derivedBytes, initialVectorBytes);
using var memoryStream = new MemoryStream(valueBytes);
using var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
var count = cryptoStream.Read(buffer, 0, buffer.Length);
memoryStream.Close();
cryptoStream.Close();
rijndaelManaged.Clear();
return(Encoding.UTF8.GetString(buffer, 0, count));
}
finally
{
if (buffer != null && buffer.Any())
{
Array.Clear(buffer, 0, buffer.Length);
}
if (passwordBytes != null && passwordBytes.Any())
{
Array.Clear(passwordBytes, 0, passwordBytes.Length);
}
if (valueBytes != null && valueBytes.Any())
{
Array.Clear(valueBytes, 0, valueBytes.Length);
}
if (saltBytes != null && saltBytes.Any())
{
Array.Clear(saltBytes, 0, saltBytes.Length);
}
if (initialVectorBytes != null && initialVectorBytes.Any())
{
Array.Clear(initialVectorBytes, 0, initialVectorBytes.Length);
}
if (derivedBytes != null && derivedBytes.Any())
{
Array.Clear(derivedBytes, 0, derivedBytes.Length);
}
}
}
public static async Task <byte[]> EncryptAsync(byte[] value, IEncryptionCredentials credentials,
CancellationToken cancellationToken = default)
{
cancellationToken.ThrowIfCancellationRequested();
if (value == null || value.Length == 0)
{
return(value);
}
byte[] passwordBytes = null;
byte[] saltBytes = null;
byte[] initialVectorBytes = null;
byte[] derivedBytes = null;
byte[] buffer = null;
try
{
passwordBytes = credentials.Password.ToByteArray(Encoding.ASCII, clearAfterUse: true);
saltBytes = credentials.Salt.ToByteArray(Encoding.ASCII, clearAfterUse: true);
initialVectorBytes = credentials.InitialVector.ToByteArray(Encoding.ASCII, clearAfterUse: true);
var passwordIterations = credentials.PasswordIterations;
var keySize = credentials.KeySize;
using var rfcDeriveBytes = new Rfc2898DeriveBytes(passwordBytes, saltBytes, passwordIterations);
using var rijndaelManaged = new RijndaelManaged { Mode = CipherMode.CBC };
derivedBytes = rfcDeriveBytes.GetBytes(keySize / 8);
using var encryptor = rijndaelManaged.CreateEncryptor(derivedBytes, initialVectorBytes);
await using var memoryStream = new MemoryStream();
await using var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
await cryptoStream.WriteAsync(value, 0, value.Length, cancellationToken);
cryptoStream.FlushFinalBlock();
buffer = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
rijndaelManaged.Clear();
return(Encoding.ASCII.GetBytes(Convert.ToBase64String(buffer)));
}
finally
{
if (buffer != null && buffer.Any())
{
Array.Clear(buffer, 0, buffer.Length);
}
if (passwordBytes != null && passwordBytes.Any())
{
Array.Clear(passwordBytes, 0, passwordBytes.Length);
}
if (value.Any())
{
Array.Clear(value, 0, value.Length);
}
if (saltBytes != null && saltBytes.Any())
{
Array.Clear(saltBytes, 0, saltBytes.Length);
}
if (initialVectorBytes != null && initialVectorBytes.Any())
{
Array.Clear(initialVectorBytes, 0, initialVectorBytes.Length);
}
if (derivedBytes != null && derivedBytes.Any())
{
Array.Clear(derivedBytes, 0, derivedBytes.Length);
}
}
}
