private static string GetPassword(IConfigSection host)
{
var password = host.Get("password", false);
if (string.IsNullOrEmpty(password))
{
return(password);
}
using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("he1sQWc8SSPpkdIA")))
{
if (password.StartsWith("enc:"))
{
password = password.Substring(4);
var data = Convert.FromBase64String(password);
return(Encoding.UTF8.GetString(cipher.Decrypt(data)));
}
else
{
var data = cipher.Encrypt(Encoding.UTF8.GetBytes(password));
host.Set("password", "enc:" + Convert.ToBase64String(data));
host.Config.Save();
return(password);
}
}
}
public void AesCipherTest()
{
using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit")))
{
var content = "password";
var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content));
var password = Encoding.UTF8.GetString(cipher.Decrypt(passwordEnc));
Assert.AreEqual(content, password);
}
}
public void CipherRefTest()
{
var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit"));
var content = "password";
var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content));
var cipher2 = cipher.Clone();
cipher.Dispose();
Assert.Catch <ObjectDisposedException>(() => cipher.Decrypt(passwordEnc));
var password = Encoding.UTF8.GetString(cipher2.Decrypt(passwordEnc));
Assert.AreEqual(content, password);
cipher2.Dispose();
Assert.Catch <ObjectDisposedException>(() => cipher2.Decrypt(passwordEnc));
}
private byte[] Create(KeyProviderQueryContext ctx)
{
var vaultConf = new SafeVaultConf(ctx.DatabaseIOInfo);
var vaultConnectionForm = new VaultConnectionConfigForm();
vaultConnectionForm.InitEx(vaultConf);
if (UIUtil.ShowDialogAndDestroy(vaultConnectionForm) != DialogResult.OK)
{
return(null);
}
VaultKeyCreateForm createForm = new VaultKeyCreateForm();
createForm.InitEx(vaultConf, ctx);
if (UIUtil.ShowDialogAndDestroy(createForm) != DialogResult.OK)
{
return(null);
}
vaultConf.Type = PROVIDER_TYPE;
vaultConf.Version = PROVIDER_VERSION;
var masterKey = Encoding.UTF8.GetBytes(vaultConf.DatabaseKeyA);
var keyLen = (masterKey.Length > 254) ? masterKey.Length : 254;
var keyA = new byte[keyLen + 2];
Array.Copy(BitConverter.GetBytes((ushort)masterKey.Length), keyA, 2);
Array.Copy(masterKey, 0, keyA, 2, masterKey.Length);
var keyB = Random.Get(keyA.Length);
for (int i = 0; i < keyB.Length; i++)
{
keyA[i] ^= keyB[i];
}
var salt = Random.Get(64);
using (var aes = new Aes256Cipher())
{
aes.SetPassPhrase(salt);
keyA = aes.Encrypt(keyA);
keyB = aes.Encrypt(keyB);
}
using (var rsa = RsaCipher.LoadFromX509Store(vaultConf.ClientCertificateName))
{
salt = rsa.Encrypt(salt);
}
vaultConf.Salt = Convert.ToBase64String(salt);
vaultConf.DatabaseKeyA = Convert.ToBase64String(keyA);
vaultConf.VaultKeyname = Guid.NewGuid().ToString();
var databaseKeyB = Convert.ToBase64String(keyB);
VaultKeyPromptForm promptForm = new VaultKeyPromptForm();
promptForm.InitEx("Enter SafeVault Password", "Save KeyB to SafeVault", (oneTimePassword) => {
string status = "";
var query = new SafeVaultWebClient(vaultConf);
try
{
status = Async.Invoke(() => query.SetDbxKey(vaultConf.VaultKeyname, databaseKeyB, oneTimePassword));
if (status == "OK")
{
return(true);
}
MessageService.ShowWarning(
query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "",
status);
}
catch (CryptographicException ex)
{
MessageService.ShowWarning(
query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "",
ex.Message);
}
return(false);
});
if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK)
{
return(null);
}
try
{
vaultConf.Save();
}
catch (Exception e)
{
MessageService.ShowWarning(e.Message);
return(null);
}
return(masterKey);
}
