public async Task <string> GetPasswordAsync(string dpapiFilePath, System.Security.Cryptography.DataProtectionScope scope, Config.KeyVaultSecret secretsTuple)
{
if (secretsTuple == null)
{
if (string.IsNullOrWhiteSpace(dpapiFilePath))
{
return(null);
}
if (!File.Exists(dpapiFilePath))
{
throw new BadConfigException("Protected file missing", dpapiFilePath);
}
return(DPAPIHelper.ReadDataFromFile(dpapiFilePath, scope));
}
if (string.IsNullOrWhiteSpace(secretsTuple.ApplicationIdEnvironmentVariableName))
{
throw new BadConfigException("Application ID", "Empty Application ID variable name");
}
if (string.IsNullOrWhiteSpace(secretsTuple.ApplicationSecretEnvironmentVariableName))
{
throw new BadConfigException("Application Secret", "Empty Application Secret variable name");
}
clientId = GetRequiredEnvironmentVariable(secretsTuple.ApplicationIdEnvironmentVariableName);
clientSecret = GetRequiredEnvironmentVariable(secretsTuple.ApplicationSecretEnvironmentVariableName);
var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken));
var result = await kv.GetSecretAsync(secretsTuple.KeyVaultPath);
return(result.Value);
}
public string GetPassword(string dpapiFilePath, System.Security.Cryptography.DataProtectionScope scope, Config.KeyVaultSecret secretsTuple)
{
var task = GetPasswordAsync(dpapiFilePath, scope, secretsTuple);
task.Wait();
if (task.IsFaulted)
{
throw task.Exception;
}
return(task.Result);
}
public static string Encryption_AES()
{
string StringToEncrypt = RandomString(16);
// Registry...
string keyName = @"HKEY_CURRENT_USER";
string subKey = @"AESEncrytion";
string valueName = "AESKeyData";
string valueName2 = "AppPassword";
System.Security.Cryptography.DataProtectionScope dpScope = DataProtectionScope.CurrentUser;
string key;
int keysize = 128;
// Create Encryption Key.
key = TTC1.GenerateKey(keysize);
// For additional security Pin the key.
GCHandle gch = GCHandle.Alloc(key, GCHandleType.Pinned);
// Store key into registry, using DPAPI.
TTC1.StoreKey(keyName, subKey, valueName, key, dpScope);
// Encrypt the string.
string EncryptedHexString = TTC1.Encrypt(StringToEncrypt, key, keysize);
TTC1.StoreKey(keyName, subKey, valueName2, EncryptedHexString, dpScope);
// Decrypt the string.
string DecryptedHexString = TTC1.Decrypt(EncryptedHexString, TTC1.ReadKey(keyName, subKey, valueName), keysize);
//Console.WriteLine("{0}", DecryptedHexString);
return(DecryptedHexString);
}
public static void StoreKey(string keyName, string subKey, string valueName, string key, System.Security.Cryptography.DataProtectionScope dpScope)
{
// Turn string key into byte array.
byte[] keyAsBytes = UnicodeEncoding.ASCII.GetBytes(key);
// Store key to protected byte array.
byte[] encryptedKeyPair = ProtectedData.Protect(keyAsBytes, null, dpScope);
// Create a security context.
string user = Environment.UserDomainName + "\\" + Environment.UserName;
RegistrySecurity security = new RegistrySecurity();
RegistryAccessRule rule = new RegistryAccessRule(user
, RegistryRights.FullControl
, InheritanceFlags.ContainerInherit
, PropagationFlags.None
, AccessControlType.Allow);
// Add rule to RegistrySecurity.
security.AddAccessRule(rule);
// Create registry key and apply security context
Registry.CurrentUser.CreateSubKey(subKey, RegistryKeyPermissionCheck.ReadWriteSubTree, security);
// Write the encrypted connection string into the registry
Registry.SetValue(keyName + @"\" + subKey, valueName, encryptedKeyPair);
}
