private static string GetPassword(IConfigSection host)
{
var password = host.Get("password", false);
if (string.IsNullOrEmpty(password))
{
return(password);
}
using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("he1sQWc8SSPpkdIA")))
{
if (password.StartsWith("enc:"))
{
password = password.Substring(4);
var data = Convert.FromBase64String(password);
return(Encoding.UTF8.GetString(cipher.Decrypt(data)));
}
else
{
var data = cipher.Encrypt(Encoding.UTF8.GetBytes(password));
host.Set("password", "enc:" + Convert.ToBase64String(data));
host.Config.Save();
return(password);
}
}
}
public void AesCipherTest()
{
using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit")))
{
var content = "password";
var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content));
var password = Encoding.UTF8.GetString(cipher.Decrypt(passwordEnc));
Assert.AreEqual(content, password);
}
}
public void CipherRefTest()
{
var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit"));
var content = "password";
var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content));
var cipher2 = cipher.Clone();
cipher.Dispose();
Assert.Catch <ObjectDisposedException>(() => cipher.Decrypt(passwordEnc));
var password = Encoding.UTF8.GetString(cipher2.Decrypt(passwordEnc));
Assert.AreEqual(content, password);
cipher2.Dispose();
Assert.Catch <ObjectDisposedException>(() => cipher2.Decrypt(passwordEnc));
}
private byte[] OpenInternal(KeyProviderQueryContext ctx)
{
SafeVaultConf conf = new SafeVaultConf(ctx.DatabaseIOInfo);
var required = new[] {
conf.ClientCertificateName,
conf.ServerUrl,
conf.ServerCertificateName,
conf.Salt,
conf.Username,
conf.VaultKeyname,
conf.DatabaseKeyA
};
if (required.Any(string.IsNullOrEmpty))
{
throw new ConfigurationException("SafeVault not configured.");
}
byte[] salt = Convert.FromBase64String(conf.Salt);
using (var rsa = RsaCipher.LoadFromX509Store(conf.ClientCertificateName))
{
salt = rsa.Decrypt(salt);
}
string sKeyB = string.Empty;
VaultKeyPromptForm promptForm = new VaultKeyPromptForm();
promptForm.InitEx("Enter SafeVault Password", "Open Database", (oneTimePassword) => {
var query = new SafeVaultWebClient(conf);
try
{
sKeyB = query.GetDbxKey(conf.VaultKeyname, oneTimePassword);
return(true);
}
catch (SafeVaultException ex)
{
MessageService.ShowWarning(
query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "",
ex.Message
);
}
return(false);
});
if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK)
{
return(null);
}
byte[] keyA = Convert.FromBase64String(conf.DatabaseKeyA);
byte[] keyB = Convert.FromBase64String(sKeyB);
using (var aes = new Aes256Cipher())
{
aes.SetPassPhrase(salt);
keyA = aes.Decrypt(keyA);
keyB = aes.Decrypt(keyB);
}
if (keyA.Length != keyB.Length)
{
throw new SafevaultKeyProviderException("Incompatible KEYA and KEYB");
}
for (int i = 0; i < keyB.Length; i++)
{
keyA[i] ^= keyB[i];
}
int keyL = BitConverter.ToUInt16(keyA, 0);
if (keyL > keyA.Length)
{
throw new SafevaultKeyProviderException("Invalid KEYB");
}
byte[] masterKey = new byte[keyL];
Array.Copy(keyA, 2, masterKey, 0, masterKey.Length);
return(masterKey);
}
