Example #1
0
 public async Task DecryptFileAes(FileItemViewModel fileToDecrypt)
 {
     if (fileToDecrypt.IsEncrypted)
     {
         XmlSerializer        serializer = new XmlSerializer(typeof(SerialisableAuthData));
         SerialisableAuthData tagData    = null;
         using (Stream stream = await fileToDecrypt.File.OpenStreamForReadAsync())
         {
             tagData = serializer.Deserialize(stream) as SerialisableAuthData;
             stream.Dispose();
         }
         if (tagData != null)
         {
             IBuffer data          = tagData.GetData();
             IBuffer tag           = tagData.GetTag();
             var     decryptedData = CryptographicEngine.DecryptAndAuthenticate(aesKey, data,
                                                                                fileToDecrypt.Nonce, tag, null);
             await FileIO.WriteBufferAsync(fileToDecrypt.File, decryptedData);
         }
         fileToDecrypt.IsEncrypted = false;
     }
     else
     {
         throw new Exception("Tried to dencrypt file with encrypted flag already set to false");
     }
 }
Example #2
0
        public void AuthenticatedDecryptionSender(
            String strAlgName, string key, string message, string nonce, string tag)
        {
            // Open a SymmetricKeyAlgorithmProvider object for the specified algorithm.
            SymmetricKeyAlgorithmProvider objAlgProv = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);


            IBuffer encryptedAESKey = CryptographicBuffer.DecodeFromBase64String(key);

            asymmetricDecryptAESKeySender(strAsymmetricAlgName, encryptedAESKey);

            IBuffer          decryptedAESKeyBuff    = CryptographicBuffer.DecodeFromBase64String(keyMaterialStringSender);
            CryptographicKey keyFromEncryptedString = objAlgProv.CreateSymmetricKey(decryptedAESKeyBuff);

            IBuffer encryptedDataFromStringBuff = CryptographicBuffer.DecodeFromBase64String(message);
            IBuffer nonceFromString             = CryptographicBuffer.DecodeFromBase64String(nonce);
            IBuffer authenticationTagFromString = CryptographicBuffer.DecodeFromBase64String(tag);

            // The input key must be securely shared between the sender of the encrypted message
            // and the recipient. The nonce must also be shared but does not need to be shared
            // in a secure manner. If the sender encodes the message string to a buffer, the
            // binary encoding method must also be shared with the recipient.
            // The recipient uses the DecryptAndAuthenticate() method as follows to decrypt the
            // message, authenticate it, and verify that it has not been altered in transit.
            buffDecrypted = CryptographicEngine.DecryptAndAuthenticate(
                keyFromEncryptedString,
                encryptedDataFromStringBuff,
                nonceFromString,
                authenticationTagFromString,
                null);


            strDecrypted = CryptographicBuffer.ConvertBinaryToString(encoding, buffDecrypted);
        }
Example #3
0
        /// <summary>
        /// This is the click handler for the 'RunSample' button.  It is responsible for executing the sample code.
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void RunSample_Click(object sender, RoutedEventArgs e)
        {
            String algName = AlgorithmNames.SelectionBoxItem.ToString();
            UInt32 keySize = UInt32.Parse(KeySizes.SelectionBoxItem.ToString());

            Scenario6Text.Text = "";

            IBuffer Decrypted;
            IBuffer Data;
            IBuffer Nonce;
            String  Cookie = "Some Cookie to Encrypt";

            // Data to encrypt.
            Data = CryptographicBuffer.ConvertStringToBinary(Cookie, BinaryStringEncoding.Utf16LE);

            // Created a SymmetricKeyAlgorithmProvider object for the algorithm specified on input.
            SymmetricKeyAlgorithmProvider Algorithm = SymmetricKeyAlgorithmProvider.OpenAlgorithm(algName);

            Scenario6Text.Text += "*** Sample Authenticated Encryption\n";
            Scenario6Text.Text += "    Algorithm Name: " + Algorithm.AlgorithmName + "\n";
            Scenario6Text.Text += "    Key Size: " + keySize + "\n";
            Scenario6Text.Text += "    Block length: " + Algorithm.BlockLength + "\n";

            // Generate a random key.
            IBuffer          keymaterial = CryptographicBuffer.GenerateRandom((keySize + 7) / 8);
            CryptographicKey key         = Algorithm.CreateSymmetricKey(keymaterial);


            // Microsoft GCM implementation requires a 12 byte Nonce.
            // Microsoft CCM implementation requires a 7-13 byte Nonce.
            Nonce = GetNonce();

            // Encrypt and create an authenticated tag on the encrypted data.
            EncryptedAndAuthenticatedData Encrypted = CryptographicEngine.EncryptAndAuthenticate(key, Data, Nonce, null);

            Scenario6Text.Text += "    Plain text: " + Data.Length + " bytes\n";
            Scenario6Text.Text += "    Encrypted: " + Encrypted.EncryptedData.Length + " bytes\n";
            Scenario6Text.Text += "    AuthTag: " + Encrypted.AuthenticationTag.Length + " bytes\n";

            // Create another instance of the key from the same material.
            CryptographicKey key2 = Algorithm.CreateSymmetricKey(keymaterial);

            if (key.KeySize != key2.KeySize)
            {
                Scenario6Text.Text += "CreateSymmetricKey failed!  The imported key's size did not match the original's!";
                return;
            }

            // Decrypt and verify the authenticated tag.
            Decrypted = CryptographicEngine.DecryptAndAuthenticate(key2, Encrypted.EncryptedData, Nonce, Encrypted.AuthenticationTag, null);

            if (!CryptographicBuffer.Compare(Decrypted, Data))
            {
                Scenario6Text.Text += "Decrypted does not match original!";
                return;
            }
        }
        public byte[] Decrypt([ReadOnlyArray] byte[] aad, [ReadOnlyArray] byte[] cek, [ReadOnlyArray] byte[] iv, [ReadOnlyArray] byte[] cipherText, [ReadOnlyArray] byte[] authTag)
        {
            Ensure.BitSize(cek, keySizeBits, string.Format("AesGcmEncryptor expected key of size {0} bits, but was given {1} bits", keySizeBits, cek.Length * 8));

            SymmetricKeyAlgorithmProvider alg = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesGcm);

            CryptographicKey key = alg.CreateSymmetricKey(CryptographicBuffer.CreateFromByteArray(cek));

            return(Buffer.ToBytes(
                       CryptographicEngine.DecryptAndAuthenticate(key,
                                                                  CryptographicBuffer.CreateFromByteArray(cipherText),
                                                                  CryptographicBuffer.CreateFromByteArray(iv),
                                                                  CryptographicBuffer.CreateFromByteArray(authTag),
                                                                  CryptographicBuffer.CreateFromByteArray(aad))));
        }
Example #5
0
 public void DecryptString(StringItemViewModel stringToDecrypt)
 {
     if (stringToDecrypt.IsEncrypted)
     {
         IBuffer stringBuffer    = CryptographicBuffer.ConvertStringToBinary(stringToDecrypt.Content, BinaryStringEncoding.Utf8);
         var     decryptedString = CryptographicEngine.DecryptAndAuthenticate(aesKey, stringBuffer, stringToDecrypt.Nonce,
                                                                              stringToDecrypt.AuthenticationTag, null);
         stringToDecrypt.Content = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf8,
                                                                             decryptedString);
         stringToDecrypt.IsEncrypted = false;
     }
     else
     {
         throw new Exception("Tried to encrypt string with encrypted flag set to false");
     }
 }
Example #6
0
        /// <summary>
        /// The decrypt symmetric.
        /// </summary>
        /// <param name="keyBuffer">
        /// The key buffer.
        /// </param>
        /// <param name="data">
        /// The data.
        /// </param>
        /// <returns>
        /// The <see cref="string"/>.
        /// </returns>
        private string DecryptSymmetric(IBuffer keyBuffer, string data)
        {
            IBuffer initializationBuffer = null;
            IBuffer authenticationTag    = null;
            IBuffer message;

            if (this.HasAuthentication)
            {
                var parts = data.Split('|');
                if (parts.Length != 2)
                {
                    throw new Exception("Missing authentication tag, encrypted data, or both.");
                }

                authenticationTag = CryptographicBuffer.DecodeFromBase64String(parts[0]);
                message           = CryptographicBuffer.DecodeFromBase64String(parts[1]);
            }
            else
            {
                message = CryptographicBuffer.DecodeFromBase64String(data);
            }

            var algorithm = SymmetricKeyAlgorithmProvider.OpenAlgorithm(this.AlgorithmName);

            CryptographicKey keyMaterial = algorithm.CreateSymmetricKey(EnsureLength(keyBuffer, 32, true));

            if (this.ModeOfOperation.Equals(ModeOfOperation.CBC))
            {
                var initialationVector =
                    CryptographicBuffer.ConvertStringToBinary(Iv, Encoding);
                initializationBuffer = EnsureLength(
                    initialationVector, (int)algorithm.BlockLength, true);
            }

            if (this.HasAuthentication)
            {
                var authenticationData = CryptographicBuffer.ConvertStringToBinary(AuthenticationData, Encoding);
                var decryptedData      = CryptographicEngine.DecryptAndAuthenticate(
                    keyMaterial, message, GetNonce(), authenticationTag, authenticationData);
                return(CryptographicBuffer.ConvertBinaryToString(Encoding, decryptedData));
            }

            var decryptedBuffer = CryptographicEngine.Decrypt(
                keyMaterial, message, initializationBuffer);

            return(CryptographicBuffer.ConvertBinaryToString(Encoding, decryptedBuffer));
        }
        public void AuthenticatedDecryption(
            String strAlgName,
            String buffNonce)
        {
            // Open a SymmetricKeyAlgorithmProvider object for the specified algorithm.
            SymmetricKeyAlgorithmProvider objAlgProv = SymmetricKeyAlgorithmProvider.OpenAlgorithm(strAlgName);


            IBuffer encryptedAESKey = CryptographicBuffer.DecodeFromBase64String(encryptedKeyString);

            asymmetricDecryptAESKey(strAsymmetricAlgName, encryptedAESKeyBuff);

            IBuffer          decryptedAESKeyBuff    = CryptographicBuffer.DecodeFromBase64String(decryptedAesKeyString);
            CryptographicKey keyFromEncryptedString = objAlgProv.CreateSymmetricKey(decryptedAESKeyBuff);

            IBuffer encryptedDataFromStringBuff = CryptographicBuffer.DecodeFromBase64String(plaintext);
            IBuffer nonceFromString             = CryptographicBuffer.DecodeFromBase64String(nonceString);
            IBuffer authenticationTagFromString = CryptographicBuffer.DecodeFromBase64String(authenticationTagString);

            // The input key must be securely shared between the sender of the encrypted message
            // and the recipient. The nonce must also be shared but does not need to be shared
            // in a secure manner. If the sender encodes the message string to a buffer, the
            // binary encoding method must also be shared with the recipient.
            // The recipient uses the DecryptAndAuthenticate() method as follows to decrypt the
            // message, authenticate it, and verify that it has not been altered in transit.
            buffDecrypted = CryptographicEngine.DecryptAndAuthenticate(
                keyFromEncryptedString,
                encryptedDataFromStringBuff,
                nonceFromString,
                authenticationTagFromString,
                null);

            // Convert the decrypted buffer to a string (for display). If the sender created the
            // original message buffer from a string, the sender must tell the recipient what
            // BinaryStringEncoding value was used. Here, BinaryStringEncoding.Utf8 is used to
            // convert the message to a buffer before encryption and to convert the decrypted
            // buffer back to the original plaintext.
            String strDecrypted = CryptographicBuffer.ConvertBinaryToString(encoding, buffDecrypted);

            plaintext   = strDecrypted;
            plain.Text  = plaintext;
            cipher.Text = plaintext;
        }
        /// <summary>
        /// This is the click handler for the 'RunSample' button.  It is responsible for executing the sample code.
        /// </summary>
        /// <param name="sender"></param>
        /// <param name="e"></param>
        private void RunEncryption_Click(object sender, RoutedEventArgs e)
        {
            EncryptDecryptText.Text = "";

            IBuffer encrypted;
            IBuffer decrypted;
            IBuffer iv = null;
            IBuffer data;
            IBuffer nonce;
            String  algName = AlgorithmNames.SelectionBoxItem.ToString();

            CryptographicKey key = null;

            if (bSymAlgs.IsChecked.Value || bAuthEncrypt.IsChecked.Value)
            {
                key = GenerateSymmetricKey();
            }
            else
            {
                key = GenerateAsymmetricKey();
            }

            data = GenearetData();

            if ((bool)bAuthEncrypt.IsChecked)
            {
                nonce = GetNonce();

                EncryptedAndAuthenticatedData encryptedData = CryptographicEngine.EncryptAndAuthenticate(key, data, nonce, null);

                EncryptDecryptText.Text += "    Plain text: " + data.Length + " bytes\n";
                EncryptDecryptText.Text += "    Encrypted: " + encryptedData.EncryptedData.Length + " bytes\n";
                EncryptDecryptText.Text += "    AuthTag: " + encryptedData.AuthenticationTag.Length + " bytes\n";

                decrypted = CryptographicEngine.DecryptAndAuthenticate(key, encryptedData.EncryptedData, nonce, encryptedData.AuthenticationTag, null);

                if (!CryptographicBuffer.Compare(decrypted, data))
                {
                    EncryptDecryptText.Text += "Decrypted does not match original!";
                    return;
                }
            }
            else
            {
                // CBC mode needs Initialization vector, here just random data.
                // IV property will be set on "Encrypted".
                if (algName.Contains("CBC"))
                {
                    SymmetricKeyAlgorithmProvider algorithm = SymmetricKeyAlgorithmProvider.OpenAlgorithm(algName);
                    iv = CryptographicBuffer.GenerateRandom(algorithm.BlockLength);
                }

                // Encrypt the data.
                try
                {
                    encrypted = CryptographicEngine.Encrypt(key, data, iv);
                }
                catch (ArgumentException ex)
                {
                    EncryptDecryptText.Text += ex.Message + "\n";
                    EncryptDecryptText.Text += "An invalid key size was selected for the given algorithm.\n";
                    return;
                }

                EncryptDecryptText.Text += "    Plain text: " + data.Length + " bytes\n";
                EncryptDecryptText.Text += "    Encrypted: " + encrypted.Length + " bytes\n";

                // Decrypt the data.
                decrypted = CryptographicEngine.Decrypt(key, encrypted, iv);

                if (!CryptographicBuffer.Compare(decrypted, data))
                {
                    EncryptDecryptText.Text += "Decrypted data does not match original!";
                    return;
                }
            }
        }