static Result Decrypt(string encryptedFilePath, EncryptedFileInfo encryptionInfoXml, string privateKeyXml)
{
var folderPath = Path.GetDirectoryName(encryptedFilePath);
var filePath = Path.Combine(folderPath, encryptionInfoXml.FileName);
var aesKey = DecryptBytesRsa(Convert.FromBase64String(encryptionInfoXml.EncryptedAesKey), privateKeyXml);
var aesIv = DecryptBytesRsa(Convert.FromBase64String(encryptionInfoXml.EncryptedAesIv), privateKeyXml);
var signatureKey = DecryptBytesRsa(Convert.FromBase64String(encryptionInfoXml.EncryptedFileDigestKey), privateKeyXml);
var signatureCalculated = Convert.ToBase64String(CryptoHashers.CalculateFileDigest(encryptedFilePath, encryptionInfoXml.FileDigestHashAlgorithmType, signatureKey));
var signatureTransmitted = encryptionInfoXml.EncryptedFileDigest;
if (signatureTransmitted != signatureCalculated)
{
return(Result.Fail(
"File manifest calculated for the encrypted file does not match the value in the XML doc. File may have been modified, aborting decryption operation."));
}
using (var aes = new AesCryptoServiceProvider {
KeySize = 128, Key = aesKey, IV = aesIv
})
using (var decryptor = aes.CreateDecryptor())
using (var fsPlain = File.Open(filePath, FileMode.Create, FileAccess.Write, FileShare.None))
using (var fsEncrypted = File.Open(encryptedFilePath, FileMode.Open, FileAccess.Read, FileShare.Read))
using (var cs = new CryptoStream(fsPlain, decryptor, CryptoStreamMode.Write))
{
fsEncrypted.CopyTo(cs);
}
return(Result.Ok());
}
static EncryptedFileInfo Encrypt(string filePath, string publicKeyXml, HashAlgorithmType hashAlgorithm)
{
var folderPath = Path.GetDirectoryName(filePath);
var fileName = Path.GetFileName(filePath);
var encryptedFileName = $"{fileName}.encrypted";
var encryptedFilePath = Path.Combine(folderPath, encryptedFileName);
var signatureKey = CryptoRandom.GetRandomBytes(64);
var encryptionKey = CryptoRandom.GetRandomBytes(16);
var encryptionIv = CryptoRandom.GetRandomBytes(16);
using (var aes = new AesCryptoServiceProvider {
KeySize = 128, Key = encryptionKey, IV = encryptionIv
})
using (var encryptor = aes.CreateEncryptor())
using (var fsInput = File.Open(filePath, FileMode.Open, FileAccess.Read, FileShare.Read))
using (var fsEncrypted = File.Open(encryptedFilePath, FileMode.Create, FileAccess.Write, FileShare.None))
using (var cs = new CryptoStream(fsEncrypted, encryptor, CryptoStreamMode.Write))
{
fsInput.CopyTo(cs);
}
var encryptedAesKey = Convert.ToBase64String(EncryptBytesRsa(encryptionKey, publicKeyXml));
var encryptedAesIv = Convert.ToBase64String(EncryptBytesRsa(encryptionIv, publicKeyXml));
var encryptedFileDigestKey = Convert.ToBase64String(EncryptBytesRsa(signatureKey, publicKeyXml));
var encryptedFileDigestBytes = CryptoHashers.CalculateFileDigest(encryptedFilePath, hashAlgorithm, signatureKey);
var encryptedFileDigest = Convert.ToBase64String(encryptedFileDigestBytes);
return(new EncryptedFileInfo
{
FileName = fileName,
EncryptedFileName = encryptedFileName,
FileEncryptionAlgorithmType = CipherAlgorithmType.Aes128,
EncryptedAesKey = encryptedAesKey,
EncryptedAesIv = encryptedAesIv,
FileDigestHashAlgorithmType = hashAlgorithm,
EncryptedFileDigest = encryptedFileDigest,
FileDigestKeyEncryptionAlgorithmType = ExchangeAlgorithmType.RsaKeyX,
EncryptedFileDigestKey = encryptedFileDigestKey
});
}