Example #1
0
        static void doRecover()
        {
            if (!File.Exists(backupToRecover))
            {
                Console.WriteLine($"Backup file {backupToRecover} does not exists. Quitting.");
                Environment.Exit(1);
            }

            Console.Clear();
            displayRecoverInitialInfo();
            Console.ReadLine();

            displayShareHolderInvitation(quorum);
            Console.ReadLine();

            Share[] shares = new Share[quorum];


            for (var i = 0; i < shares.Length; i++)
            {
                var share = shares[i] = new Share();
                share.n = quorum + 1; // just to satisfy validations in SharedSecretGenerator
                share.k = quorum;
                readShare(share, quorum, i + 1, true);
            }

            var secret       = SharedSecretGenerator.joinShares(shares);
            var encryptedKey = File.ReadAllText(backupToRecover, Encoding.UTF8);
            var keyJson      = SharedSecretGenerator.decryptKey(encryptedKey, shares);
            var key          = JsonConvert.DeserializeObject <KeyGenerator.JwtRsaKey>(keyJson);

            //=========================

            Console.Clear();
            displayKeyRecoveredInfo();
            Console.ReadLine();

            Console.Clear();
            displayAzureVaultPrompt();
            Console.ReadLine();
            string token = null;

            if (!testModeFlag)
            {
                token = getToken(tenant).Result.AccessToken;
            }
            Console.WriteLine($"Token:\n{token}");
            displayVaultImportConfirm();
            Console.ReadLine();
            if (!testModeFlag)
            {
                importKeyToVault(key, token, vaultUrl);
            }
            Console.WriteLine("Press [Enter] to continue");
            Console.ReadLine();

            Console.Clear();
            displayFinishInfo();
            Console.ReadLine();
        }
Example #2
0
        public void Test2()
        {
            var key          = SharedSecretGenerator.genKey("sec.oper");
            var shares       = SharedSecretGenerator.generateSharedSecret(32, 6, 3);
            var encryptedKey = SharedSecretGenerator.encryptKey(key, shares);
            var secret       = PQ.bytes2hex(SharedSecretGenerator.joinShares(shares));
            var secretMac    = secret.Substring(0, secret.Length / 2);
            var secretEnc    = secret.Substring(secret.Length / 2);

            Console.WriteLine("Secret:\n" + secret);
            Console.WriteLine("SecretMac:\n" + secretMac);
            Console.WriteLine("SecretEnc:\n" + secretEnc);
            Console.WriteLine("----");

            Console.WriteLine("Encrypted key:\n" + encryptedKey);
            Console.WriteLine("----");

            string[] parts = encryptedKey.Split('.');
            Console.WriteLine("--Authenticated header:\n" + parts[0]);
            Console.WriteLine("--Encrypted key:\n" + parts[1]);
            Console.WriteLine("--IV:\n" + parts[2]);
            Console.WriteLine("--Cipher text:\n" + parts[3]);
            Console.WriteLine("--Auth Tag:\n" + parts[4]);
            Console.WriteLine("----");

            var authenticatedHeader = Base64Url.Decode(parts[0]);

            byte[] iv         = Base64Url.Decode(parts[2]);
            var    cipherText = Base64Url.Decode(parts[3]);

            Console.WriteLine("You can test decryption using followinf openssl command.");
            Console.WriteLine(String.Format("echo -n {0} | xxd -r -p | openssl enc -aes-128-cbc -d -K {1} -iv {2} ",
                                            PQ.bytes2hex(cipherText), secretEnc, PQ.bytes2hex(iv)));

            var decrypted = SharedSecretGenerator.decryptKey(encryptedKey, shares);

            Console.WriteLine("Decrypted key: \n" + decrypted);
            Console.WriteLine("----");
        }