private static extern bool CryptDecryptMessage(
ref CRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
IntPtr pbEncryptedBlob,
Int32 cbEncryptedBlob,
IntPtr pbDecrypted,
ref int pcbDecrypted,
IntPtr ppXchgCert);
internal static extern bool CryptDecryptMessage(
ref CRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
byte[] pbEncryptedBlob,
int cbEncryptedBlob,
[In, Out] byte[] pbDecrypted,
ref int pcbDecrypted,
IntPtr ppXchgCert);
public static byte[] Decrypt(byte[] enCryptedData, bool useLocalSystemStorage = false)
{
var storeHandle = OpenStore("my", CERT_STORE_READONLY_FLAG | (useLocalSystemStorage ? CERT_SYSTEM_STORE_LOCAL_MACHINE : CERT_SYSTEM_STORE_CURRENT_USER));
var pinnedStoreHandle = GCHandle.Alloc(storeHandle, GCHandleType.Pinned);
var decryptParameters =
new CRYPT_DECRYPT_MESSAGE_PARA
{
cbSize = Marshal.SizeOf(typeof(CRYPT_DECRYPT_MESSAGE_PARA)),
dwMsgAndCertEncodingType = ENCODING,
cCertStore = 1,
rghCertStore = pinnedStoreHandle.AddrOfPinnedObject()
};
var bufferLength = (int)0;
var inBufferHandle = GCHandle.Alloc(enCryptedData, GCHandleType.Pinned);
try
{
try
{
if (!CryptDecryptMessage(ref decryptParameters, inBufferHandle.AddrOfPinnedObject(),
enCryptedData.Length, IntPtr.Zero, ref bufferLength, IntPtr.Zero))
{
throw new Win32Exception();
}
var buffer = new byte[bufferLength];
var outBufferHandle = GCHandle.Alloc(buffer, GCHandleType.Pinned);
try
{
if (!CryptDecryptMessage(ref decryptParameters, inBufferHandle.AddrOfPinnedObject(),
enCryptedData.Length, outBufferHandle.AddrOfPinnedObject(),
ref bufferLength,
IntPtr.Zero))
{
throw new Win32Exception();
}
var finalBuffer = new byte[bufferLength];
Array.Copy(buffer, finalBuffer, bufferLength);
return(finalBuffer);
}
finally
{
outBufferHandle.Free();
}
}
finally
{
inBufferHandle.Free();
}
}
finally
{
CloseStore(storeHandle);
}
}
public static byte[] Decrypt(byte[] enCryptedData, bool useLocalSystemStorage = false)
{
var storeHandle = OpenStore("my", CERT_STORE_READONLY_FLAG | (useLocalSystemStorage ? CERT_SYSTEM_STORE_LOCAL_MACHINE : CERT_SYSTEM_STORE_CURRENT_USER));
var pinnedStoreHandle = GCHandle.Alloc(storeHandle, GCHandleType.Pinned);
var decryptParameters =
new CRYPT_DECRYPT_MESSAGE_PARA
{
cbSize = Marshal.SizeOf(typeof (CRYPT_DECRYPT_MESSAGE_PARA)),
dwMsgAndCertEncodingType = ENCODING,
cCertStore = 1,
rghCertStore = pinnedStoreHandle.AddrOfPinnedObject()
};
var bufferLength = (int)0;
var inBufferHandle = GCHandle.Alloc(enCryptedData, GCHandleType.Pinned);
try
{
try
{
if (!CryptDecryptMessage(ref decryptParameters, inBufferHandle.AddrOfPinnedObject(),
enCryptedData.Length, IntPtr.Zero, ref bufferLength, IntPtr.Zero))
throw new Win32Exception();
var buffer = new byte[bufferLength];
var outBufferHandle = GCHandle.Alloc(buffer, GCHandleType.Pinned);
try
{
if (!CryptDecryptMessage(ref decryptParameters, inBufferHandle.AddrOfPinnedObject(),
enCryptedData.Length, outBufferHandle.AddrOfPinnedObject(),
ref bufferLength,
IntPtr.Zero))
throw new Win32Exception();
var finalBuffer = new byte[bufferLength];
Array.Copy(buffer, finalBuffer, bufferLength);
return finalBuffer;
}
finally
{
outBufferHandle.Free();
}
}
finally
{
inBufferHandle.Free();
}
}
finally
{
CloseStore(storeHandle);
}
}
public static extern bool CryptDecryptMessage(
ref CRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
byte[] pbEncryptedBlob,
int cbEncryptedBlob,
[In, Out] byte[] pbDecrypted,
ref int pcbDecrypted,
IntPtr ppXchgCert);
internal static SecureString DecryptValue(string certificateStoreName, string encryptedString)
{
IntPtr localMachineStoreHandle = IntPtr.Zero;
SecureString decryptedValue = new SecureString();
byte[] decryptedBuffer = null;
char[] decryptedChars = null;
CRYPT_DECRYPT_MESSAGE_PARA decryptMessageParameter = new CRYPT_DECRYPT_MESSAGE_PARA();
try
{
localMachineStoreHandle = CertOpenStore(CERT_STORE_PROV_SYSTEM,
PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
IntPtr.Zero,
CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_LOCAL_MACHINE,
certificateStoreName);
if (localMachineStoreHandle == IntPtr.Zero)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, StringResources.Error_CertOpenStoreReturnsError, Marshal.GetLastWin32Error()));
}
decryptMessageParameter.cbSize = Marshal.SizeOf(decryptMessageParameter);
decryptMessageParameter.dwMsgAndCertEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING;
decryptMessageParameter.cCertStore = 1;
decryptMessageParameter.rghCertStore = Marshal.AllocHGlobal(IntPtr.Size);
Marshal.WriteIntPtr(decryptMessageParameter.rghCertStore, localMachineStoreHandle);
byte[] encryptedBuffer = Convert.FromBase64String(encryptedString);
int decryptedBufferSize = 0;
bool decryptSuccess = CryptDecryptMessage(ref decryptMessageParameter, encryptedBuffer, encryptedBuffer.Length, null, ref decryptedBufferSize, IntPtr.Zero);
int errorCode = Marshal.GetLastWin32Error();
if (decryptSuccess)
{
decryptedBuffer = new byte[decryptedBufferSize];
decryptSuccess = CryptDecryptMessage(ref decryptMessageParameter, encryptedBuffer, encryptedBuffer.Length, decryptedBuffer, ref decryptedBufferSize, IntPtr.Zero);
errorCode = Marshal.GetLastWin32Error();
if (decryptSuccess)
{
decryptedChars = Encoding.Unicode.GetChars(decryptedBuffer, 0, decryptedBufferSize);
return(CharArrayToSecureString(decryptedChars));
}
}
if (!decryptSuccess)
{
throw new InvalidOperationException(string.Format(CultureInfo.InvariantCulture, StringResources.Error_CryptDecryptMessageReturnsError, errorCode));
}
}
catch (Exception e)
{
FabricValidator.TraceSource.WriteError(
FabricValidatorUtility.TraceTag,
"Decryption failed. StoreLocation: {0}, EncryptedString: {1}, Exception: {2}",
certificateStoreName,
encryptedString,
e);
throw;
}
finally
{
decryptedValue.MakeReadOnly();
if (decryptedBuffer != null)
{
Array.Clear(decryptedBuffer, 0, decryptedBuffer.Length);
}
if (decryptedChars != null)
{
Array.Clear(decryptedChars, 0, decryptedChars.Length);
}
if (decryptMessageParameter.rghCertStore != IntPtr.Zero)
{
Marshal.FreeHGlobal(decryptMessageParameter.rghCertStore);
}
if (localMachineStoreHandle != IntPtr.Zero)
{
CertCloseStore(localMachineStoreHandle, 0);
}
}
return(null);
}
public static extern bool CryptDecryptMessage(ref CRYPT_DECRYPT_MESSAGE_PARA parameters, IntPtr encryptedData, Int32 encryptedDataSize, IntPtr decryptedDataBuffer, ref int bufferLength, IntPtr certificate);
private static extern bool CryptDecryptMessage(
ref CRYPT_DECRYPT_MESSAGE_PARA pDecryptPara,
IntPtr pbEncryptedBlob,
Int32 cbEncryptedBlob,
IntPtr pbDecrypted,
ref int pcbDecrypted,
IntPtr ppXchgCert);
