public string HashText(string text, string salt, SHA256 hasher) { byte[] textWithSaltBytes = Encoding.UTF8.GetBytes(string.Concat(text, salt)); byte[] hashedBytes = hasher.ComputeHash(textWithSaltBytes); hasher.Clear(); return(Convert.ToBase64String(hashedBytes)); }
/// <summary> /// Encrypt a string using dual encryption method. Return a encrypted cipher Text /// </summary> /// <param name="text">string to be encrypted</param> /// <param name="useHashing">use hashing? send to for extra secirity</param> /// <returns></returns> public static string Encrypt(string text) { byte[] textBytes = UTF8Encoding.UTF8.GetBytes(text); SHA256 sha256 = SHA256.Create(); byte[] keyEncoded = sha256.ComputeHash(key); sha256.Clear(); RijndaelManaged SymmetricKey = new RijndaelManaged(); SymmetricKey.Mode = CipherMode.CBC; SymmetricKey.Padding = PaddingMode.Zeros; byte[] CipherTextBytes = null; using (ICryptoTransform Encryptor = SymmetricKey.CreateEncryptor(keyEncoded, salt)) { using (MemoryStream MemStream = new MemoryStream()) { using (CryptoStream CryptoStream = new CryptoStream(MemStream, Encryptor, CryptoStreamMode.Write)) { CryptoStream.Write(textBytes, 0, textBytes.Length); CryptoStream.FlushFinalBlock(); CipherTextBytes = MemStream.ToArray(); MemStream.Close(); CryptoStream.Close(); } } } SymmetricKey.Clear(); return(Convert.ToBase64String(CipherTextBytes)); }
static void Main(string[] args) { if (args.Length > 0) { string path = args[0]; if (File.Exists(path)) { string hash; var file = new FileInfo(path); using (FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read)) { SHA256 sha256 = SHA256.Create(); Byte[] buffer = sha256.ComputeHash(fs); sha256.Clear(); StringBuilder sb = new StringBuilder(); for (int i = 0; i < buffer.Length; i++) { sb.Append(buffer[i].ToString("x2")); } hash = sb.ToString(); } Console.WriteLine("------"); Console.WriteLine($"SHA256:{hash}"); Console.WriteLine("------"); return; } } }
public String SHA256CheckSum(string input_file) { if (!File.Exists(@input_file)) { return(String.Empty); } SHA256 sha = SHA256.Create(); StringBuilder sb = new StringBuilder(); try { FileStream input_f = File.OpenRead(input_file); byte[] out_bytes = sha.ComputeHash(input_f); foreach (byte o in out_bytes) { sb.Append(o.ToString("x2")); } sha.Clear(); input_f.Close(); } catch { return(String.Empty); } return(sb.ToString()); }
private string HashPassword(string password) { using (SHA256 mySHA256 = SHA256.Create()) { byte[] hashedBytes = mySHA256.ComputeHash(Encoding.UTF8.GetBytes(password)); mySHA256.Clear(); return(Convert.ToBase64String(hashedBytes)); } }
/// <exception cref="NetMQSecurityException">The Finished message must not be received while expecting a another message.</exception> /// <exception cref="NetMQSecurityException">The peer verification data must be valid.</exception> private void OnFinished(NetMQMessage incomingMessage, OutgoingMessageBag outgoingMessages) { if ( (SecurityParameters.Entity == ConnectionEnd.Client && (!m_secureChannel.ChangeSuiteChangeArrived || m_lastReceivedMessage != HandshakeType.ServerHelloDone || m_lastSentMessage != HandshakeType.Finished)) || (SecurityParameters.Entity == ConnectionEnd.Server && (!m_secureChannel.ChangeSuiteChangeArrived || m_lastReceivedMessage != HandshakeType.ClientKeyExchange || m_lastSentMessage != HandshakeType.ServerHelloDone))) { throw new NetMQSecurityException(NetMQSecurityErrorCode.HandshakeUnexpectedMessage, "Finished received when expecting another message"); } if (SecurityParameters.Entity == ConnectionEnd.Server) { HashLocal(incomingMessage); } var finishedMessage = SubProtocolVersion.SequenceEqual(Constants.V3_3)? new V0_2.HandshakeMessages.FinishedMessage(): new FinishedMessage(); finishedMessage.SetFromNetMQMessage(incomingMessage); m_remoteHash.TransformFinalBlock(EmptyArray <byte> .Instance, 0, 0); byte[] seed = m_remoteHash.Hash; #if NET40 m_remoteHash.Dispose(); #else m_remoteHash.Clear(); #endif m_remoteHash = null; var label = SecurityParameters.Entity == ConnectionEnd.Client ? ServerFinishedLabel : ClientFinshedLabel; var verifyData = PRF.Get(SecurityParameters.MasterSecret, label, seed, FinishedMessage.VerifyDataLength); #if DEBUG Debug.WriteLine("[verify_data]:" + BitConverter.ToString(verifyData)); #endif if (!verifyData.SequenceEqual(finishedMessage.VerifyData)) { throw new NetMQSecurityException(NetMQSecurityErrorCode.HandshakeVerifyData, "peer verify data wrong"); } if (SecurityParameters.Entity == ConnectionEnd.Server) { AddFinished(outgoingMessages); #if DEBUG Debug.WriteLine("[finish]"); #endif } m_done = true; }
/// <summary> /// シード値を生成します /// </summary> /// <param name="str">生成元バイト配列</param> /// <returns>シード値</returns> public static byte[] CreateSeed(byte[] str) { byte[] baseStr = str; SHA256 sha = SHA256.Create(); byte[] seed = sha.ComputeHash(baseStr); sha.Clear(); return(seed); }
/// <summary> /// シード値を生成します /// </summary> /// <param name="str">生成元文字列</param> /// <returns>シード値</returns> public static byte[] CreateSeed(string str) { byte[] baseStr = Encoding.UTF8.GetBytes(str); SHA256 sha = SHA256.Create(); byte[] seed = sha.ComputeHash(baseStr); sha.Clear(); return(seed); }
private Byte[] CreateSHA256FromFile(String Path) { FileStream fileStream = File.Open(Path, FileMode.Open); mySHAGenerator = SHA256Managed.Create(); Byte[] myHash = mySHAGenerator.ComputeHash(fileStream); mySHAGenerator.Clear(); fileStream.Close(); return(myHash); }
public static string FromString(string content) { string result = null; using (SHA256 sha = SHA256.Create()) using (BytesConverter bc = new BytesConverter()) { result = bc.ToHexString(sha.ComputeHash(System.Text.Encoding.UTF8.GetBytes(content))); sha.Clear(); } return(result); }
public static string FromStream(Stream contentStream) { string result = null; using (SHA256 sha = SHA256.Create()) using (BytesConverter bc = new BytesConverter()) { result = bc.ToHexString(sha.ComputeHash(contentStream)); sha.Clear(); } return(result); }
public static string FromContent(byte[] content, int offset, int count) { string result = null; using (SHA256 sha = SHA256.Create()) using (BytesConverter bc = new BytesConverter()) { result = bc.ToHexString(sha.ComputeHash(content, offset, count)); sha.Clear(); } return(result); }
public static string FromFile(string path, int buffersize) { string result = null; using (SHA256 sha = SHA256.Create()) using (FileStream fs = new FileStream(path, FileMode.Open, FileAccess.Read, FileShare.ReadWrite, buffersize)) using (BytesConverter bc = new BytesConverter()) { result = bc.ToHexString(sha.ComputeHash(fs)); sha.Clear(); } return(result); }
/// <summary> /// DeCrypt a string using dual encryption method. Return a DeCrypted clear string /// </summary> /// <param name="cipherString">encrypted string</param> /// <param name="useHashing">Did you use hashing to encrypt this data? pass true is yes</param> /// <returns></returns> public static string Decrypt(string CipherText) { byte[] CipherTextBytes = Convert.FromBase64String(CipherText); SHA256 sha256 = SHA256.Create(); byte[] keyEncoded = sha256.ComputeHash(key); sha256.Clear(); RijndaelManaged SymmetricKey = new RijndaelManaged(); SymmetricKey.Mode = CipherMode.CBC; SymmetricKey.Padding = PaddingMode.Zeros; byte[] PlainTextBytes = new byte[CipherTextBytes.Length]; int count = 0; int ByteCount = 0; using (ICryptoTransform Decryptor = SymmetricKey.CreateDecryptor(keyEncoded, salt)) { using (MemoryStream MemStream = new MemoryStream(CipherTextBytes)) { using (CryptoStream CryptoStream = new CryptoStream(MemStream, Decryptor, CryptoStreamMode.Read)) { ByteCount = CryptoStream.Read(PlainTextBytes, 0, PlainTextBytes.Length); MemStream.Close(); CryptoStream.Close(); } } } SymmetricKey.Clear(); for (int i = PlainTextBytes.Length - 1; i >= 0; i--) { if (PlainTextBytes[i] == 0) { count++; } } byte[] oldData = PlainTextBytes; ByteCount = PlainTextBytes.Length - count; PlainTextBytes = new byte[ByteCount]; Buffer.BlockCopy(oldData, 0, PlainTextBytes, 0, ByteCount); return(Encoding.UTF8.GetString(PlainTextBytes, 0, ByteCount)); }
// ファイルハッシュ化 private string GetHash(string targetFile) { using (FileStream fs = new FileStream(targetFile, FileMode.Open, FileAccess.Read, FileShare.Read)) { byte[] tempBytes; switch (GlobalItem.HashMode) { case GlobalItem.EHashMode.SHA256: SHA256 sha256 = SHA256.Create(); tempBytes = sha256.ComputeHash(fs); sha256.Clear(); return(BitConverter.ToString(tempBytes).Replace("-", "")); case GlobalItem.EHashMode.CRC32: int CRC32_TABLELENGTH = 256; int CRC32_BUFLENGTH = 255; uint[] crcTable = new uint[CRC32_TABLELENGTH]; for (uint i = 0; i < CRC32_TABLELENGTH; i++) { var x = i; for (int j = 0; j < 8; j++) { x = (uint)((x & 1) == 0 ? x >> 1 : -306674912 ^ x >> 1); } crcTable[i] = x; } byte[] buf = new byte[fs.Length]; fs.Read(buf, 0, buf.Length); uint num = uint.MaxValue; for (int i = 0; i < buf.Length; i++) { num = crcTable[(num ^ buf[i]) & CRC32_BUFLENGTH] ^ num >> 8; } tempBytes = BitConverter.GetBytes((uint)(num ^ -1)); if (BitConverter.IsLittleEndian) { Array.Reverse(tempBytes); } return(BitConverter.ToString(tempBytes).Replace("-", "")); case GlobalItem.EHashMode.MD5: default: MD5 md5 = MD5.Create(); tempBytes = md5.ComputeHash(fs); md5.Clear(); return(BitConverter.ToString(tempBytes).Replace("-", "")); } } }
private string Hash(string input) { string output = ""; using (SHA256 mySHA256 = SHA256.Create()) { var result = mySHA256 .ComputeHash( Encoding.ASCII.GetBytes(input)); output = Encoding.Default.GetString(result); mySHA256.Clear(); } return(output); }
private bool DecryptSecret(byte[] yubiResp, ChallengeInfo inf, out byte[] secret) { secret = new byte[keyLenBytes]; if (inf.IV == null) { return(false); } if (inf.Verification == null) { return(false); } //use the response to decrypt the secret SHA256 sha = SHA256Managed.Create(); byte[] key = sha.ComputeHash(yubiResp); // get a 256 bit key from the 160 bit hmac response StandardAesEngine aes = new StandardAesEngine(); using (MemoryStream msDecrypt = new MemoryStream(inf.EncryptedSecret)) { using (CryptoStream csDecrypt = (CryptoStream)aes.DecryptStream(msDecrypt, key, inf.IV)) { csDecrypt.Read(secret, 0, secret.Length); csDecrypt.Close(); } msDecrypt.Close(); } byte[] secretHash = sha.ComputeHash(secret); for (int i = 0; i < secretHash.Length; i++) { if (secretHash[i] != inf.Verification[i]) { //wrong response Array.Clear(secret, 0, secret.Length); return(false); } } //return the secret sha.Clear(); return(true); }
private static bool DecryptSecret(byte[] encryptedSecret, byte[] yubiResp, byte[] iv, byte[] verification, out byte[] secret) { //use the response to decrypt the secret SHA256 sha = SHA256Managed.Create(); byte[] key = sha.ComputeHash(yubiResp); // get a 256 bit key from the 160 bit hmac response AesManaged aes = new AesManaged(); aes.KeySize = key.Length * sizeof(byte) * 8; //pedantic, but foolproof aes.Key = key; aes.IV = iv; aes.Padding = PaddingMode.PKCS7; secret = new byte[keyLenBytes]; ICryptoTransform dec = aes.CreateDecryptor(); using (MemoryStream msDecrypt = new MemoryStream(encryptedSecret)) { using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, dec, CryptoStreamMode.Read)) { csDecrypt.Read(secret, 0, secret.Length); csDecrypt.Close(); csDecrypt.Clear(); } msDecrypt.Close(); } byte[] secretHash = sha.ComputeHash(secret); for (int i = 0; i < secretHash.Length; i++) { if (secretHash[i] != verification[i]) { MessageService.ShowWarning("Incorrect response!"); Array.Clear(secret, 0, secret.Length); return(false); } } //return the secret sha.Clear(); aes.Clear(); return(true); }
/// <summary> /// Creates the initial genesis block used in a blockchain /// </summary> /// <param name="block">output</param> /// <search> /// create, block, hash, sha256, blockchain, genesis, start /// </search> public static Block CreateGenesisBlock() { int index = 0; DateTime timestamp = DateTime.Now; string data = "Genesis Block"; string str = index.ToString() + timestamp.ToString() + data.ToString(); SHA256 hash = SHA256.Create(); using (MemoryStream ms = new MemoryStream(System.Text.Encoding.UTF8.GetBytes(str))) { hash.ComputeHash(ms); } SHA256 previousHash = SHA256.Create(); previousHash.Clear(); Block blk = dtBlockchain.Block.Create(index, timestamp, data, hash, previousHash); return(blk); }
public string encriptar(string pw) { string salt = "asdsadSapkfmpakfmapkfmasdasdh"; int iteraciones = 1500; SHA256 sha256 = SHA256.Create(); string finalContra = pw + salt; byte[] bytesPassword = System.Text.Encoding.UTF8.GetBytes(finalContra); try { for (int i = 0; i <= iteraciones - 1; i++) { bytesPassword = sha256.ComputeHash(bytesPassword); } } finally { sha256.Clear(); } return(BitConverter.ToString(bytesPassword).Replace("-", "")); }
/// <summary> /// A method for generating encrypted ChallengeInfo to be saved. For security, this method should /// be called every time you get a successful challenge-response pair from the Yubikey. Failure to /// do so will permit password re-use attacks. /// </summary> /// <param name="secret">The un-encrypted secret</param> /// <returns>A fully populated ChallengeInfo object ready to be saved</returns> public ChallengeInfo Encrypt(byte[] secret) { //generate a random challenge for use next time byte[] challenge = GenerateChallenge(); //generate the expected HMAC-SHA1 response for the challenge based on the secret byte[] resp = GenerateResponse(challenge, secret); //use the response to encrypt the secret SHA256 sha = SHA256Managed.Create(); byte[] key = sha.ComputeHash(resp); // get a 256 bit key from the 160 bit hmac response byte[] secretHash = sha.ComputeHash(secret); StandardAesEngine aes = new StandardAesEngine(); const uint aesIVLenBytes = 16; byte[] IV = CryptoRandom.Instance.GetRandomBytes(aesIVLenBytes); byte[] encrypted; using (MemoryStream msEncrypt = new MemoryStream()) { using (CryptoStream csEncrypt = (CryptoStream)aes.EncryptStream(msEncrypt, key, IV)) { csEncrypt.Write(secret, 0, secret.Length); csEncrypt.Close(); } encrypted = msEncrypt.ToArray(); msEncrypt.Close(); } ChallengeInfo inf = new ChallengeInfo(encrypted, IV, challenge, secretHash, LT64); sha.Clear(); return(inf); }
// FIXME [KeyContainerPermission (SecurityAction.Assert, KeyContainerName = "DAPI", // Flags = KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Decrypt)] public static byte[] Unprotect(byte[] encryptedData, byte[] optionalEntropy, DataProtectionScope scope) { if (encryptedData == null) { throw new ArgumentNullException("encryptedData"); } byte[] decdata = null; Rijndael aes = Rijndael.Create(); RSA rsa = GetKey(scope); int headerSize = (rsa.KeySize >> 3); bool valid1 = (encryptedData.Length >= headerSize); if (!valid1) { headerSize = encryptedData.Length; } byte[] header = new byte[headerSize]; Buffer.BlockCopy(encryptedData, 0, header, 0, headerSize); byte[] secret = null; byte[] key = null; byte[] iv = null; bool valid2 = false; bool valid3 = false; bool valid4 = false; SHA256 hash = SHA256.Create(); try { try { RSAOAEPKeyExchangeDeformatter deformatter = new RSAOAEPKeyExchangeDeformatter(rsa); secret = deformatter.DecryptKeyExchange(header); valid2 = (secret.Length == 68); } catch { valid2 = false; } if (!valid2) { secret = new byte[68]; } // known values for structure (version 1 or 2) valid3 = ((secret[1] == 16) && (secret[18] == 16) && (secret[35] == 32)); key = new byte[16]; Buffer.BlockCopy(secret, 2, key, 0, 16); iv = new byte[16]; Buffer.BlockCopy(secret, 19, iv, 0, 16); if ((optionalEntropy != null) && (optionalEntropy.Length > 0)) { // the decrypted data won't be valid if the entropy isn't // the same as the one used to protect (encrypt) it byte[] mask = hash.ComputeHash(optionalEntropy); for (int i = 0; i < 16; i++) { key[i] ^= mask[i]; iv[i] ^= mask[i + 16]; } valid3 &= (secret[0] == 2); // with entropy } else { valid3 &= (secret[0] == 1); // without entropy } using (MemoryStream ms = new MemoryStream()) { ICryptoTransform t = aes.CreateDecryptor(key, iv); using (CryptoStream cs = new CryptoStream(ms, t, CryptoStreamMode.Write)) { try { cs.Write(encryptedData, headerSize, encryptedData.Length - headerSize); cs.Close(); } catch { // whatever, we keep going } } decdata = ms.ToArray(); } byte[] digest = hash.ComputeHash(decdata); valid4 = true; for (int i = 0; i < 32; i++) { if (digest[i] != secret[36 + i]) { valid4 = false; } } } finally { if (key != null) { Array.Clear(key, 0, key.Length); key = null; } if (secret != null) { Array.Clear(secret, 0, secret.Length); secret = null; } if (iv != null) { Array.Clear(iv, 0, iv.Length); iv = null; } aes.Clear(); hash.Clear(); } // single point of error (also limits timing informations) if (!valid1 || !valid2 || !valid3 || !valid4) { if (decdata != null) { Array.Clear(decdata, 0, decdata.Length); decdata = null; } throw new CryptographicException("Invalid data."); } return(decdata); }
// FIXME [KeyContainerPermission (SecurityAction.Assert, KeyContainerName = "DAPI", // Flags = KeyContainerPermissionFlags.Open | KeyContainerPermissionFlags.Create)] public static byte[] Protect(byte[] userData, byte[] optionalEntropy, DataProtectionScope scope) { if (userData == null) { throw new ArgumentNullException("userData"); } Rijndael aes = Rijndael.Create(); aes.KeySize = 128; byte[] encdata = null; using (MemoryStream ms = new MemoryStream()) { ICryptoTransform t = aes.CreateEncryptor(); using (CryptoStream cs = new CryptoStream(ms, t, CryptoStreamMode.Write)) { cs.Write(userData, 0, userData.Length); cs.Close(); encdata = ms.ToArray(); } } byte[] key = null; byte[] iv = null; byte[] secret = null; byte[] header = null; SHA256 hash = SHA256.Create(); try { key = aes.Key; iv = aes.IV; secret = new byte[1 + 1 + 16 + 1 + 16 + 1 + 32]; byte[] digest = hash.ComputeHash(userData); if ((optionalEntropy != null) && (optionalEntropy.Length > 0)) { // the same optionalEntropy will be required to get the data back byte[] mask = hash.ComputeHash(optionalEntropy); for (int i = 0; i < 16; i++) { key[i] ^= mask[i]; iv[i] ^= mask[i + 16]; } secret[0] = 2; // entropy } else { secret[0] = 1; // without entropy } secret[1] = 16; // key size Buffer.BlockCopy(key, 0, secret, 2, 16); secret[18] = 16; // iv size Buffer.BlockCopy(iv, 0, secret, 19, 16); secret[35] = 32; // digest size Buffer.BlockCopy(digest, 0, secret, 36, 32); RSAOAEPKeyExchangeFormatter formatter = new RSAOAEPKeyExchangeFormatter(GetKey(scope)); header = formatter.CreateKeyExchange(secret); } finally { if (key != null) { Array.Clear(key, 0, key.Length); key = null; } if (secret != null) { Array.Clear(secret, 0, secret.Length); secret = null; } if (iv != null) { Array.Clear(iv, 0, iv.Length); iv = null; } aes.Clear(); hash.Clear(); } byte[] result = new byte[header.Length + encdata.Length]; Buffer.BlockCopy(header, 0, result, 0, header.Length); Buffer.BlockCopy(encdata, 0, result, header.Length, encdata.Length); return(result); }
/// <summary> /// Decrypt salted data using keys linked to the user account. /// </summary> /// <param name="encryptedData">The data to decrypt.</param> /// <param name="optionalEntropy">The salt to apply to the data after decryption.</param> /// <returns>The decrypted data.</returns> public static byte[] Unprotect(byte[] encryptedData, byte[] optionalEntropy) { if (encryptedData == null) { throw new ArgumentNullException("encryptedData"); } byte[] decdata = null; Rijndael aes = Rijndael.Create(); RSA rsa = GetKey(); int headerSize = rsa.KeySize >> 3; bool valid1 = encryptedData.Length >= headerSize; if (!valid1) { headerSize = encryptedData.Length; } byte[] header = new byte[headerSize]; Buffer.BlockCopy(encryptedData, 0, header, 0, headerSize); byte[] secret = null; byte[] key = null; byte[] iv = null; bool valid2 = false; bool valid3 = false; bool valid4 = false; SHA256 hash = SHA256.Create(); try { try { RSAOAEPKeyExchangeDeformatter deformatter = new RSAOAEPKeyExchangeDeformatter(rsa); secret = deformatter.DecryptKeyExchange(header); valid2 = secret.Length == 68; } catch { valid2 = false; } if (!valid2) { secret = new byte[68]; } valid3 = (secret[1] == 16) && (secret[18] == 16) && (secret[35] == 32); key = new byte[16]; Buffer.BlockCopy(secret, 2, key, 0, 16); iv = new byte[16]; Buffer.BlockCopy(secret, 19, iv, 0, 16); if ((optionalEntropy != null) && (optionalEntropy.Length > 0)) { byte[] mask = hash.ComputeHash(optionalEntropy); for (int i = 0; i < 16; i++) { key[i] ^= mask[i]; iv[i] ^= mask[i + 16]; } valid3 &= secret[0] == 2; } else { valid3 &= secret[0] == 1; } using (MemoryStream ms = new MemoryStream()) { ICryptoTransform t = aes.CreateDecryptor(key, iv); using (CryptoStream cs = new CryptoStream(ms, t, CryptoStreamMode.Write)) { try { cs.Write(encryptedData, headerSize, encryptedData.Length - headerSize); cs.Close(); } catch { } } decdata = ms.ToArray(); } byte[] digest = hash.ComputeHash(decdata); valid4 = true; for (int i = 0; i < 32; i++) { if (digest[i] != secret[36 + i]) { valid4 = false; } } } finally { if (key != null) { Array.Clear(key, 0, key.Length); key = null; } if (secret != null) { Array.Clear(secret, 0, secret.Length); secret = null; } if (iv != null) { Array.Clear(iv, 0, iv.Length); iv = null; } aes.Clear(); hash.Clear(); } if (!valid1 || !valid2 || !valid3 || !valid4) { if (decdata != null) { Array.Clear(decdata, 0, decdata.Length); decdata = null; } throw new CryptographicException("Invalid data."); } return(decdata); }
public void Dispose() { _sha256.Clear(); _sha256.Dispose(); }
private bool EncryptAndSave(byte[] secret) { //generate a random challenge for use next time byte[] challenge = GenerateChallenge(); //generate the expected HMAC-SHA1 response for the challenge based on the secret byte[] resp = GenerateResponse(challenge, secret); //use the response to encrypt the secret SHA256 sha = SHA256Managed.Create(); byte[] key = sha.ComputeHash(resp); // get a 256 bit key from the 160 bit hmac response byte[] secretHash = sha.ComputeHash(secret); AesManaged aes = new AesManaged(); aes.KeySize = key.Length * sizeof(byte) * 8; //pedantic, but foolproof aes.Key = key; aes.GenerateIV(); aes.Padding = PaddingMode.PKCS7; byte[] iv = aes.IV; byte[] encrypted; ICryptoTransform enc = aes.CreateEncryptor(); using (MemoryStream msEncrypt = new MemoryStream()) { using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, enc, CryptoStreamMode.Write)) { csEncrypt.Write(secret, 0, secret.Length); csEncrypt.FlushFinalBlock(); encrypted = msEncrypt.ToArray(); csEncrypt.Close(); csEncrypt.Clear(); } msEncrypt.Close(); } sha.Clear(); aes.Clear(); Stream s = null; try { FileTransactionEx ft = new FileTransactionEx(mInfo, false); s = ft.OpenWrite(); XmlWriterSettings settings = new XmlWriterSettings(); settings.CloseOutput = true; settings.Indent = true; settings.IndentChars = "\t"; settings.NewLineOnAttributes = true; XmlWriter xml = XmlWriter.Create(s, settings); xml.WriteStartDocument(); xml.WriteStartElement("data"); xml.WriteStartElement("aes"); xml.WriteElementString("encrypted", Convert.ToBase64String(encrypted)); xml.WriteElementString("iv", Convert.ToBase64String(iv)); xml.WriteEndElement(); xml.WriteElementString("challenge", Convert.ToBase64String(challenge)); xml.WriteElementString("verification", Convert.ToBase64String(secretHash)); xml.WriteElementString("lt64", LT64.ToString()); xml.WriteEndElement(); xml.WriteEndDocument(); xml.Close(); ft.CommitWrite(); } catch (Exception) { MessageService.ShowWarning(String.Format("Error: unable to write to file {0}", mInfo.Path)); return(false); } finally { s.Close(); } return(true); }