public string GenerateSecretCodeUrlSafe(int minLength, int maxLength) { var random = new RandomGenerator(); var length = random.RandomNumber(minLength, maxLength); var cryptoRandomDataGenerator = new RNGCryptoServiceProvider(); byte[] buffer = new byte[length]; cryptoRandomDataGenerator.GetBytes(buffer); string uniq = Convert.ToBase64String(buffer).Replace('+', '-').Replace('/', '-').TrimEnd('=').Trim('-'); return uniq; }
private static byte[] EncryptObject_Private(object input, string passPhrase, out string cipher) { RandomGenerator randGen = new RandomGenerator(); string strSalt = randGen.RandomString(8); byte[] saltValueBytes = Encoding.ASCII.GetBytes(strSalt); // Convert our plaintext into a byte array. // Let us assume that plaintext contains UTF8-encoded characters. byte[] plainTextBytes = Serializer.SerializeToByteArray(input); // First, we must create a password, from which the key will be derived. // This password will be generated from the specified passphrase and // salt value. The password will be created using the specified hash // algorithm. Password creation can be done in several iterations. Rfc2898DeriveBytes pw = new Rfc2898DeriveBytes(passPhrase, saltValueBytes, 2); // Use the password to generate pseudo-random bytes for the encryption // key. Specify the size of the key in bytes (instead of bits). byte[] keyBytes = pw.GetBytes(256 / 8); // Create uninitialized Rijndael encryption object. RijndaelManaged symmetricKey = new RijndaelManaged(); RandomGenerator randGen2 = new RandomGenerator(); string strIv = randGen2.RandomString(16); // Convert strings into byte arrays. // Let us assume that strings only contain ASCII codes. // If strings include Unicode characters, use Unicode, UTF7, or UTF8 // encoding. byte[] initVectorBytes = Encoding.ASCII.GetBytes(strIv); // It is reasonable to set encryption mode to Cipher Block Chaining // (CBC). Use default options for other symmetric key parameters. symmetricKey.Mode = CipherMode.CBC; // Generate encryptor from the existing key bytes and initialization // vector. Key size will be defined based on the number of the key // bytes. ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes); // Define memory stream which will be used to hold encrypted data. MemoryStream memoryStream = new MemoryStream(); // Define cryptographic stream (always use Write mode for encryption). CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write); // Start encrypting. cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length); // Finish encrypting. cryptoStream.FlushFinalBlock(); // Convert our encrypted data from a memory stream into a byte array. byte[] cipherTextBytes = memoryStream.ToArray(); // Close both streams. memoryStream.Close(); cryptoStream.Close(); //// Convert encrypted data into a base64-encoded string. //string cipherText = Convert.ToBase64String(cipherTextBytes); //// reconvert cipherText to bytes //byte[] cipherBytes = Convert.FromBase64String(cipherText); cipher = strIv + strSalt; return cipherTextBytes; }
private async Task<AsymmetricallyEncryptedObject> EncryptObject_PrivateAsync(object input, IPublicKey publicKey1, IPublicKey publicKey2) { if (input == null) { throw new ArgumentNullException(nameof(input)); } if (publicKey1 == null) { throw new ArgumentNullException(nameof(publicKey1)); } //if (string.IsNullOrEmpty(key1Id)) //{ // throw new ArgumentException("key1Id"); //} //if (publicKey2 != null && string.IsNullOrEmpty(key2Id)) //{ // throw new ArgumentException("key2Id"); //} //if (!string.IsNullOrEmpty(key2Id) && publicKey2 == null) //{ // throw new ArgumentNullException("publicKey2"); //} // password lengths int pwLen = 32; //var pwMinLen = pwLen; //var pwMaxLen = pwLen; // 40; if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000) { pwLen = 40; //// up the pw size //pwMinLen = 40; //pwMaxLen = 40; } //if (pwMinLen < 32) //{ // throw new NotImplementedException("pwMinLen is at least 32 bytes"); //} //if (pwMinLen == pwMaxLen) //{ // pwLen = pwMaxLen; //} //else //{ // pwLen = rand.RandomNumber(pwMinLen, pwMaxLen); //} byte[] passPhraseAsBytes = null; byte[] passPhrase2AsBytes = null; string passPhrase = null; string passPhrase2 = null; if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2) { // legacy uses a string var rand = new RandomGenerator(); passPhrase = rand.RandomPassword(pwLen); // pwMinLen, pwMaxLen); passPhraseAsBytes = Serializer.SerializeToByteArray(passPhrase); if (publicKey2 != null) { passPhrase2 = rand.RandomPassword(pwLen); // pwMinLen, pwMaxLen); passPhrase2AsBytes = Serializer.SerializeToByteArray(passPhrase2); } } else { var cryptoSvc = RNGCryptoServiceProvider.Create(); passPhraseAsBytes = new byte[pwLen]; cryptoSvc.GetBytes(passPhraseAsBytes); if (publicKey2 != null) { passPhrase2AsBytes = new byte[pwLen]; cryptoSvc.GetBytes(passPhrase2AsBytes); } } byte[] encryptedPassPhraseAsBytes = null; AsymmetricallyEncryptedObject asymEncObj = null; byte[] encryptionPassPhrase = null; // if there are two keys, then we double encrypt the passphrase if (publicKey2 == null) { var encRes = await publicKey1.WrapKeyAsync(passPhraseAsBytes); encryptedPassPhraseAsBytes = encRes; asymEncObj = new AsymmetricallyEncryptedObject() { KeyId = publicKey1.KeyId, Reference = encryptedPassPhraseAsBytes }; encryptionPassPhrase = passPhraseAsBytes; } else { // double passwords var dualPw = new DualKeyProtectedPassword(); // get encryption from key1 var encRes1 = await publicKey1.WrapKeyAsync(passPhraseAsBytes); dualPw.EncryptedPassphrase1 = encRes1; // get encryption from key2 var encRes2 = await publicKey2.WrapKeyAsync(passPhrase2AsBytes); dualPw.EncryptedPassphrase2 = encRes2; encryptedPassPhraseAsBytes = Encoding.UTF8.GetBytes(Serializer.SerializeToJson(dualPw)); asymEncObj = new AsymmetricallyEncryptedObject() { KeyId = publicKey1.KeyId, Key2Id = publicKey2.KeyId, Reference = encryptedPassPhraseAsBytes }; encryptionPassPhrase = passPhraseAsBytes.Concat(passPhrase2AsBytes).ToArray(); } // handle the different strategies // handle the different strategies if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2) { // this is the revised legacy handling that has been enhanced // Note that the passPhrase is a string, but the reference taht is stored is // -----> Serializer.SerializeToByteArray(passPhrase); // This is not a straight forward string to byte array conversion using encoding. // And the decrypte expects to use this serializer method. string cipher; #pragma warning disable 0618 asymEncObj.Data = BasicEncryptor.EncryptObject(input, passPhrase + passPhrase2, out cipher); #pragma warning restore 0618 asymEncObj.CipherText = cipher; asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Legacy_Aes2; // critical!!! } else if(this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_200000) { byte[] inputAsBytes = Serializer.SerializeToByteArray(input); asymEncObj.Data = AesEncryptor.Encrypt20000(inputAsBytes, encryptionPassPhrase); asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_200000; // critical!!! } else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Undefined || this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000) { byte[] inputAsBytes = Serializer.SerializeToByteArray(input); asymEncObj.Data = AesEncryptor.Encrypt1000(inputAsBytes, encryptionPassPhrase); asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_1000; // critical!!! } else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_5) { byte[] inputAsBytes = Serializer.SerializeToByteArray(input); asymEncObj.Data = AesEncryptor.Encrypt5(inputAsBytes, encryptionPassPhrase); asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_5; // critical!!! } else { throw new NotImplementedException(string.Format("AsymmetricStrategyOption '{0}' not implemented.", this.AsymmetricStrategy.ToString())); } passPhraseAsBytes.ClearByteArray(); passPhrase2AsBytes.ClearByteArray(); return asymEncObj; }