public void GenerateDerivedScryptKey()
{
PBKDF2Wrapper pbkdf2Wrapper = new PBKDF2Wrapper();
PBKDF2Params param = new PBKDF2Params();
param.Salt = "0f2274f6c0daf36d5822d97985be5a3d881d11e2e741bad4e038a099eecc3b6d";
param.Count = 262144;
param.DkLen = 32;
byte[] bytes = pbkdf2Wrapper.GetDerivedKey(System.Text.Encoding.Default.GetBytes("stronk_password"),
ByteUtil.HexStringToByteArray(param.Salt), param.Count, param.DkLen);
byte[] macArray = HashUtil.GenerateMac(bytes, ByteUtil.HexStringToByteArray("dc55047d51f795509ffb6969db837a4481887ccfb6bfb7c259fb77b19078c2a4"));
Console.WriteLine(ByteUtil.ByteArrayToHexString(macArray));
Assert.AreEqual(ByteUtil.ByteArrayToHexString(macArray).ToLower(), "dedc361c53c421974c2811f7f989bc530aebf9a90c487b4161e0e54ae6faba31");
}
public string DecryptPrivateKey(string encryptJson, string passphrase)
{
KeyStore keystore = JsonConvert.DeserializeObject <KeyStore>(encryptJson);
byte[] ciphertext = ByteUtil.HexStringToByteArray(keystore.Crypto.Ciphertext);
byte[] iv = ByteUtil.HexStringToByteArray(keystore.Crypto.Cipherparams.Iv);
KDFParams kp = keystore.Crypto.KdfParams;
string kdf = keystore.Crypto.Kdf;
byte[] derivedKey;
if (kdf == "pbkdf2")
{
PBKDF2Params pbkdf2Params = new PBKDF2Params();
pbkdf2Params.Salt = ByteUtil.ByteArrayToHexString(Encoding.UTF8.GetBytes(kp.Salt));
pbkdf2Params.DkLen = 32;
pbkdf2Params.Count = 262144;
derivedKey = GetDerivedKey(Encoding.Default.GetBytes(passphrase), pbkdf2Params);
}
else
{
KDFParams scryptParams = new KDFParams();
scryptParams.Salt = ByteUtil.ByteArrayToHexString(Encoding.UTF8.GetBytes(kp.Salt));
scryptParams.dklen = 32;
scryptParams.p = 1;
scryptParams.r = 8;
scryptParams.n = 8192;
derivedKey = GetDerivedKey(Encoding.Default.GetBytes(passphrase), scryptParams);
}
string mac = ByteUtil.ByteArrayToHexString(HashUtil.GenerateMac(derivedKey, ciphertext));
if (mac.ToUpper() != keystore.Crypto.Mac)
{
throw new Exception("Failed to decrypt.");
}
byte[] encryptKey = new byte[16];
Array.Copy(derivedKey, encryptKey, 16);
byte[] ciphertextByte = GenerateAesCtrCipher(iv, encryptKey, ciphertext);
return(ByteUtil.ByteArrayToHexString(ciphertextByte));
}
public static CipherParameters generateCipherParameters(
String algorithm,
char[] password,
ASN1Encodable pbeParameters)
{
String mechanism = (string)algorithms[algorithm.ToUpper()];
byte[] key;
CipherParameters parameters = null;
String type = (String)algorithmType[mechanism];
byte[] salt = null;
int iterationCount = 0;
if (isPKCS12(mechanism))
{
PKCS12PBEParams pbeParams = PKCS12PBEParams.getInstance(pbeParameters);
salt = pbeParams.getIV();
iterationCount = pbeParams.getIterations().intValue();
key = PBEParametersGenerator.PKCS12PasswordToBytes(password);
}
else if (isPKCS5Scheme2(mechanism))
{
PBKDF2Params pbeParams = PBKDF2Params.getInstance(pbeParameters);
salt = pbeParams.getSalt();
iterationCount = pbeParams.getIterationCount().intValue();
key = PBEParametersGenerator.PKCS5PasswordToBytes(password);
}
else
{
PBEParameter pbeParams = PBEParameter.getInstance(pbeParameters);
salt = pbeParams.getSalt();
iterationCount = pbeParams.getIterationCount().intValue();
key = PBEParametersGenerator.PKCS5PasswordToBytes(password);
}
if (mechanism.StartsWith("PBEwithSHA-1"))
{
PBEParametersGenerator generator = makePBEGenerator((String)algorithmType[mechanism], new SHA1Digest(), key, salt, iterationCount);
if (mechanism.Equals("PBEwithSHA-1and128bitRC4"))
{
parameters = generator.generateDerivedParameters(128);
}
else if (mechanism.Equals("PBEwithSHA-1and40bitRC4"))
{
parameters = generator.generateDerivedParameters(40);
}
else if (mechanism.Equals("PBEwithSHA-1and3-keyDESEDE-CBC"))
{
parameters = generator.generateDerivedParameters(192, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and2-keyDESEDE-CBC"))
{
parameters = generator.generateDerivedParameters(128, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and128bitRC2-CBC"))
{
parameters = generator.generateDerivedParameters(128, 64);
}
else if (mechanism.Equals("PBEwithSHA-1and40bitRC2-CBC"))
{
parameters = generator.generateDerivedParameters(40, 64);
}
else if (mechanism.Equals("PBEwithSHA1andDES-CBC"))
{
parameters = generator.generateDerivedParameters(64, 64);
}
else if (mechanism.Equals("PBEwithSHA1andRC2-CBC"))
{
parameters = generator.generateDerivedParameters(128, 64);
}
}
else if (mechanism.StartsWith("PBEwithMD5"))
{
PBEParametersGenerator generator = makePBEGenerator((String)algorithmType[mechanism], new MD5Digest(), key, salt, iterationCount);
if (mechanism.Equals("PBEwithMD5andDES-CBC"))
{
parameters = generator.generateDerivedParameters(64, 64);
}
else if (mechanism.Equals("PBEwithMD5andRC2-CBC"))
{
parameters = generator.generateDerivedParameters(64, 64);
}
}
else if (mechanism.StartsWith("PBEwithMD2"))
{
PBEParametersGenerator generator = makePBEGenerator((String)algorithmType[mechanism], new MD2Digest(), key, salt, iterationCount);
if (mechanism.Equals("PBEwithMD2andDES-CBC"))
{
parameters = generator.generateDerivedParameters(64, 64);
}
else if (mechanism.Equals("PBEwithMD2andRC2-CBC"))
{
parameters = generator.generateDerivedParameters(64, 64);
}
}
else if (mechanism.StartsWith("PBEwithHmac"))
{
if (mechanism.Equals("PBEwithHmacSHA-1"))
{
PBEParametersGenerator generator = makePBEGenerator((String)algorithmType[mechanism], new SHA1Digest(), key, salt, iterationCount);
parameters = generator.generateDerivedMacParameters(160);
}
else if (mechanism.Equals("PBEwithHmacSHA-224"))
{
PBEParametersGenerator generator = makePBEGenerator((String)algorithmType[mechanism], new SHA224Digest(), key, salt, iterationCount);
parameters = generator.generateDerivedMacParameters(224);
}
else if (mechanism.Equals("PBEwithHmacSHA-256"))
{
PBEParametersGenerator generator = makePBEGenerator((String)algorithmType[mechanism], new SHA256Digest(), key, salt, iterationCount);
parameters = generator.generateDerivedMacParameters(256);
}
else if (mechanism.Equals("PBEwithHmacRIPEMD128"))
{
PBEParametersGenerator generator = makePBEGenerator((String)algorithmType[mechanism], new RIPEMD128Digest(), key, salt, iterationCount);
parameters = generator.generateDerivedMacParameters(128);
}
else if (mechanism.Equals("PBEwithHmacRIPEMD160"))
{
PBEParametersGenerator generator = makePBEGenerator((String)algorithmType[mechanism], new RIPEMD160Digest(), key, salt, iterationCount);
parameters = generator.generateDerivedMacParameters(160);
}
else if (mechanism.Equals("PBEwithHmacRIPEMD256"))
{
PBEParametersGenerator generator = makePBEGenerator((String)algorithmType[mechanism], new RIPEMD256Digest(), key, salt, iterationCount);
parameters = generator.generateDerivedMacParameters(256);
}
}
for (int i = 0; i != key.Length; i++)
{
key[i] = 0;
}
return(parameters);
}
public string EncryptPrivateKey(string privateKey, string passphrase, KDFType type)
{
string address = CryptoUtil.GetAddressFromPrivateKey(privateKey);
byte[] iv = CryptoUtil.GenerateRandomBytes(16);
byte[] salt = CryptoUtil.GenerateRandomBytes(32);
byte[] derivedKey;
if (type == KDFType.PBKDF2)
{
PBKDF2Params pbkdf2Params = new PBKDF2Params();
pbkdf2Params.Salt = ByteUtil.ByteArrayToHexString(salt);
pbkdf2Params.DkLen = 32;
pbkdf2Params.Count = 262144;
derivedKey = GetDerivedKey(Encoding.Default.GetBytes(passphrase), pbkdf2Params);
}
else
{
var scryptParams = new KDFParams();
scryptParams.Salt = ByteUtil.ByteArrayToHexString(salt);
scryptParams.dklen = 32;
scryptParams.p = 1;
scryptParams.r = 8;
scryptParams.n = 8192;
derivedKey = GetDerivedKey(Encoding.Default.GetBytes(passphrase), scryptParams);
}
byte[] encryptKey = new byte[16];
Array.Copy(derivedKey, encryptKey, 16);
KeyStore cry = new KeyStore();
byte[] ciphertext = cry.GenerateAesCtrCipher(iv, encryptKey, ByteUtil.HexStringToByteArray(privateKey));
//build struct
CipherParams cipherParams = new CipherParams();
cipherParams.Iv = ByteUtil.ByteArrayToHexString(iv);
var kp = new KDFParams()
{
Salt = Encoding.UTF8.GetString(salt)
};
var crypto = new MusCipher();
crypto.Cipher = "aes-128-ctr";
crypto.Cipherparams = cipherParams;
crypto.Ciphertext = ByteUtil.ByteArrayToHexString(ciphertext);
crypto.Kdf = (type == KDFType.PBKDF2 ? "pbkdf2" : "scrypt");
crypto.KdfParams = kp;
crypto.Mac = Encoding.UTF8.GetString(HashUtil.GenerateMac(derivedKey, ciphertext));
KeyStore key = new KeyStore();
key.Address = "0x" + address;
key.Crypto = crypto;
key.Id = Guid.NewGuid().ToString();
key.Version = 3;
return(JsonConvert.SerializeObject(key));
}
