public List <Message> GetEncryptedMessages(string token, string privatekey)
{
string privatekeyhash = SymmetricCryptoProvider.GetSecureHashForString(privatekey);
WebClient client = new WebClient();
client.Headers.Add("token", token);
client.Headers.Add("privatekeyhash", privatekeyhash);
try
{
byte[] response = client.DownloadData(ServiceUrl);
var responseText = Encoding.Default.GetString(response);
var jss = new JavaScriptSerializer();
var resource = jss.Deserialize <List <Message> >(responseText);
return(resource);
}
catch (WebException e)
{
HandleWebException(e);
//throw;
return(null);
}
}
public void Encrypt_Decrypt_Hash_ReturnsOriginalValue()
{
var crypto = new SymmetricCryptoProvider();
string hashedPassword = SymmetricCryptoProvider.GetSecureHashForString(password);
var cryptoText = crypto.EncryptWithKey(secret, hashedPassword);
var original = crypto.DecryptWithKey(cryptoText, hashedPassword);
Assert.AreEqual(secret, original);
}
public ActionResult Read(int messageId, string passphrase, string hash)
{
var model = new SelfDestructingMessageModel();
try
{
var message = selfDestructingMessageRepository.GetMessage(messageId, passphrase);
string originalHash = SymmetricCryptoProvider.GetSecureHashForString(message.Message);
if (hash != originalHash)
{
model.MessageText = "Error: hash of retrieved message does not match the original message hash." + Environment.NewLine +
"The message may have been tampered with!";
model.InvalidMessageId = true;
return(View("Read", model));
}
// File Attachments
if (message.HasAttachment)
{
Message attachment = new Message {
EncryptionKey = passphrase, MessageId = message.MessageId
};
StoreEncryptedFileInTemporaryMemory(attachment);
model.HasAttachment = true;
model.TemporaryDownloadId = attachment.TemporaryDownloadId;
//model.AttachmentName = message.AttachmentName;
}
else
{
model.HasAttachment = false;
}
model.MessageText = message.Message;
}
catch (Exception ex)
{
model.InvalidMessageId = true;
model.MessageText = ex.Message;
}
return(View("Read", model));
}
public void Message_Encrypt_Decrypt_ReturnsOriginalValue()
{
// Arrange
var crypto = new AsymmetricCryptoProvider();
var key = AsymmetricCryptoProvider.GenerateKeys();
string hash;
string encryptedPassword;
// Act
var encryptedMessage = crypto.EncryptMessageWithKey(secret, key.PublicKey, out encryptedPassword, out hash);
string messageDecryptionKey;
var decryptedSecret = crypto.DecryptMessageWithKey(key.PrivateKey, encryptedMessage, encryptedPassword, hash, out messageDecryptionKey);
// Assert
Assert.AreEqual(secret, decryptedSecret);
Assert.AreEqual(SymmetricCryptoProvider.GetSecureHashForString(secret), hash, "hashes do not match");
}
public static CryptoKey CreateRequestWithPassPhrase(string passphrase)
{
var key = AsymmetricCryptoProvider.GenerateKeys();
var request = new CryptoKey
{
RequestDate = DateTime.UtcNow,
ReleaseDate = DateTime.Now,
KeyToken = UniqueIdGenerator.GetUniqueId(),
PublicKey = key.PublicKey,
PrivateKey = new SymmetricCryptoProvider().EncryptWithKey(key.PrivateKey, passphrase),
PrivateKeyHash = SymmetricCryptoProvider.GetSecureHashForString(key.PrivateKey),
IsPrivateKeyEncrypted = true,
IsPublicKeyOnly = false,
Notifications = new EntityCollection<Notification>(),
Messages = new EntityCollection<Message>(),
};
return request;
}
public ActionResult Send(SelfDestructingMessageModel message)
{
// verify email
if (!Domain.Validation.IsValidEmail(message.Email))
{
throw new ArgumentException("email", "invalid email format");
}
string passphrase = PronounceablePasswordGenerator.Generate(32);
passphrase = HttpUtility.UrlEncode(passphrase);
int messageId = selfDestructingMessageRepository.StoreMessage(new SelfDestructingMessage()
{
Message = message.MessageText
},
passphrase,
message.AttachmentName,
message.Attachment);
string hash = SymmetricCryptoProvider.GetSecureHashForString(message.MessageText);
const string notification = @"
Hello,
You have received a self-destructing message. This message will be decrypted and erased when you open the link below.
You can read it at
https://{0}:{1}/selfdestruct/read/?messageId={2}&passphrase={3}&hash={4}
CryptAByte.com is not responsible for the contents of messages. For more information, please visit https://CryptAByte.com/SelfDestruct
";
MailMessage mailMessage = new MailMessage {
From = new MailAddress("*****@*****.**")
};
mailMessage.To.Add(new MailAddress(message.Email));
mailMessage.Subject = "New self-destructing message @ CryptAByte";
if (Request == null)
{
string messageText = string.Format(notification, "cryptabyte.com", 443, messageId, passphrase, hash);
Debug.WriteLine(messageText);
mailMessage.Body = messageText;
}
else
{
mailMessage.Body = string.Format(notification, Request.Url.Host, Request.Url.Port, messageId, passphrase, hash);;
}
SmtpClient client = new SmtpClient();
client.Send(mailMessage);
return(Content("Message sent"));
}
