public byte[] DecryptData(EncryptedPacket encryptedPacket, RSAWithRSAParameterKey rsaParams,
DigitalSignature digitalSignature)
{
var decryptedSessionKey = rsaParams.DecryptData(encryptedPacket.EncryptedSessionKey);
using (var hmac = new HMACSHA256(decryptedSessionKey))
{
var hmacToCheck = hmac.ComputeHash(Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv));
if (!Compare(encryptedPacket.Hmac, hmacToCheck))
{
throw new CryptographicException(
"HMAC for decryption does not match encrypted packet.");
}
}
if (!digitalSignature.VerifySignature(encryptedPacket.Hmac,
encryptedPacket.Signature))
{
throw new CryptographicException(
"Digital Signature can not be verified.");
}
var decryptedData = _aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey,
encryptedPacket.Iv);
return(decryptedData);
}
public EncryptedPacket EncryptData(byte[] original, RSAWithRSAParameterKey rsaParams,
DigitalSignature digitalSignature)
{
var sessionKey = _aes.GenerateRandomNumber(32);
var encryptedPacket = new EncryptedPacket {
Iv = _aes.GenerateRandomNumber(12)
};
(byte[] ciphereText, byte[] tag)encrypted = _aes.Encrypt(original, sessionKey, encryptedPacket.Iv, null);
encryptedPacket.EncryptedData = encrypted.ciphereText;
encryptedPacket.Tag = encrypted.tag;
encryptedPacket.EncryptedSessionKey = rsaParams.EncryptData(sessionKey);
using (var hmac = new HMACSHA256(sessionKey))
{
var temp = hmac.ComputeHash(Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv));
encryptedPacket.Hmac = hmac.ComputeHash(Combine(temp, encryptedPacket.Tag));
}
encryptedPacket.Signature = digitalSignature.SignData(encryptedPacket.Hmac);
return(encryptedPacket);
}
public byte[] DecryptData(EncryptedPacket encryptedPacket, RSAWithRSAParameterKey rsaParams,
DigitalSignature digitalSignature)
{
var decryptedSessionKey = rsaParams.DecryptData(encryptedPacket.EncryptedSessionKey);
if (!digitalSignature.VerifySignature(encryptedPacket.Hmac,
encryptedPacket.Signature))
{
throw new CryptographicException(
"Digital Signature can not be verified.");
}
var decryptedData = _aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey,
encryptedPacket.Iv, encryptedPacket.Tag, null);
return(decryptedData);
}
static void Main()
{
//The example provided is not good since we only have one public/private key pair
var data = "Hello, World!";
var rsaKey = new RSAWithRSAParameterKey();
rsaKey.AssignNewKey();
var digitalSignature = new DigitalSignature();
digitalSignature.AssignNewKey();
var aliceHybridEncryption = new HybridEncryption();
var encryptedData = aliceHybridEncryption.EncryptData(Encoding.UTF8.GetBytes(data), rsaKey, digitalSignature);
//Data is transmitted
Console.WriteLine("Encrypted Data: " + Convert.ToBase64String(encryptedData.EncryptedData));
Console.WriteLine("Encrypted Session Key: " + Convert.ToBase64String(encryptedData.EncryptedSessionKey));
Console.WriteLine("Initialization Vector: " + Convert.ToBase64String(encryptedData.Iv));
Console.WriteLine("Hmac: " + Convert.ToBase64String(encryptedData.Hmac));
var bobHybridEncryption = new HybridEncryption();
var decryptedData = bobHybridEncryption.DecryptData(encryptedData, rsaKey, digitalSignature);
Console.WriteLine(Encoding.UTF8.GetString(decryptedData));
Console.WriteLine();
Console.WriteLine("Tamper data");
encryptedData.EncryptedSessionKey[0]--;
try
{
decryptedData = bobHybridEncryption.DecryptData(encryptedData, rsaKey, digitalSignature);
Console.WriteLine(Encoding.UTF8.GetString(decryptedData));
}
catch (CryptographicException ex)
{
Console.WriteLine("Data has been changed during transmission");
Console.WriteLine(ex.Message);
}
}
public EncryptedPacket EncryptData(byte[] original, RSAWithRSAParameterKey rsaParams,
DigitalSignature digitalSignature)
{
var sessionKey = _aes.GenerateRandomNumber(32);
var encryptedPacket = new EncryptedPacket {
Iv = _aes.GenerateRandomNumber(16)
};
encryptedPacket.EncryptedData = _aes.Encrypt(original, sessionKey, encryptedPacket.Iv);
encryptedPacket.EncryptedSessionKey = rsaParams.EncryptData(sessionKey);
using (var hmac = new HMACSHA256(sessionKey))
{
encryptedPacket.Hmac = hmac.ComputeHash(Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv));
}
encryptedPacket.Signature = digitalSignature.SignData(encryptedPacket.Hmac);
return(encryptedPacket);
}
static void Main()
{
const string original = "Very secret and important information that can not fall into the wrong hands.";
var hybrid = new HybridEncryption();
var rsaParams = new RSAWithRSAParameterKey();
rsaParams.AssignNewKey();
var digitalSignature = new DigitalSignature();
digitalSignature.AssignNewKey();
Console.WriteLine("Hybrid Encryption with Integrity Check and Digital Signature Demonstration in .NET");
Console.WriteLine("----------------------------------------------------------------------------------");
Console.WriteLine();
try
{
var encryptedBlock = hybrid.EncryptData(Encoding.UTF8.GetBytes(original), rsaParams,
digitalSignature);
var decrpyted = hybrid.DecryptData(encryptedBlock, rsaParams, digitalSignature);
Console.WriteLine("Original Message = " + original);
Console.WriteLine();
Console.WriteLine("Message After Decryption = " + Encoding.UTF8.GetString(decrpyted));
}
catch (CryptographicException ex)
{
Console.WriteLine("Error : " + ex.Message);
}
Console.ReadLine();
}
