public string GenerateSecretCodeUrlSafe(int minLength, int maxLength)
{
var random = new RandomGenerator();
var length = random.RandomNumber(minLength, maxLength);
var cryptoRandomDataGenerator = new RNGCryptoServiceProvider();
byte[] buffer = new byte[length];
cryptoRandomDataGenerator.GetBytes(buffer);
string uniq = Convert.ToBase64String(buffer).Replace('+', '-').Replace('/', '-').TrimEnd('=').Trim('-');
return uniq;
}
private static byte[] EncryptObject_Private(object input, string passPhrase, out string cipher)
{
RandomGenerator randGen = new RandomGenerator();
string strSalt = randGen.RandomString(8);
byte[] saltValueBytes = Encoding.ASCII.GetBytes(strSalt);
// Convert our plaintext into a byte array.
// Let us assume that plaintext contains UTF8-encoded characters.
byte[] plainTextBytes = Serializer.SerializeToByteArray(input);
// First, we must create a password, from which the key will be derived.
// This password will be generated from the specified passphrase and
// salt value. The password will be created using the specified hash
// algorithm. Password creation can be done in several iterations.
Rfc2898DeriveBytes pw = new Rfc2898DeriveBytes(passPhrase, saltValueBytes, 2);
// Use the password to generate pseudo-random bytes for the encryption
// key. Specify the size of the key in bytes (instead of bits).
byte[] keyBytes = pw.GetBytes(256 / 8);
// Create uninitialized Rijndael encryption object.
RijndaelManaged symmetricKey = new RijndaelManaged();
RandomGenerator randGen2 = new RandomGenerator();
string strIv = randGen2.RandomString(16);
// Convert strings into byte arrays.
// Let us assume that strings only contain ASCII codes.
// If strings include Unicode characters, use Unicode, UTF7, or UTF8
// encoding.
byte[] initVectorBytes = Encoding.ASCII.GetBytes(strIv);
// It is reasonable to set encryption mode to Cipher Block Chaining
// (CBC). Use default options for other symmetric key parameters.
symmetricKey.Mode = CipherMode.CBC;
// Generate encryptor from the existing key bytes and initialization
// vector. Key size will be defined based on the number of the key
// bytes.
ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes);
// Define memory stream which will be used to hold encrypted data.
MemoryStream memoryStream = new MemoryStream();
// Define cryptographic stream (always use Write mode for encryption).
CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
// Start encrypting.
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
// Finish encrypting.
cryptoStream.FlushFinalBlock();
// Convert our encrypted data from a memory stream into a byte array.
byte[] cipherTextBytes = memoryStream.ToArray();
// Close both streams.
memoryStream.Close();
cryptoStream.Close();
//// Convert encrypted data into a base64-encoded string.
//string cipherText = Convert.ToBase64String(cipherTextBytes);
//// reconvert cipherText to bytes
//byte[] cipherBytes = Convert.FromBase64String(cipherText);
cipher = strIv + strSalt;
return cipherTextBytes;
}
private async Task<AsymmetricallyEncryptedObject> EncryptObject_PrivateAsync(object input, IPublicKey publicKey1, IPublicKey publicKey2)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (publicKey1 == null)
{
throw new ArgumentNullException(nameof(publicKey1));
}
//if (string.IsNullOrEmpty(key1Id))
//{
// throw new ArgumentException("key1Id");
//}
//if (publicKey2 != null && string.IsNullOrEmpty(key2Id))
//{
// throw new ArgumentException("key2Id");
//}
//if (!string.IsNullOrEmpty(key2Id) && publicKey2 == null)
//{
// throw new ArgumentNullException("publicKey2");
//}
// password lengths
int pwLen = 32;
//var pwMinLen = pwLen;
//var pwMaxLen = pwLen; // 40;
if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
{
pwLen = 40;
//// up the pw size
//pwMinLen = 40;
//pwMaxLen = 40;
}
//if (pwMinLen < 32)
//{
// throw new NotImplementedException("pwMinLen is at least 32 bytes");
//}
//if (pwMinLen == pwMaxLen)
//{
// pwLen = pwMaxLen;
//}
//else
//{
// pwLen = rand.RandomNumber(pwMinLen, pwMaxLen);
//}
byte[] passPhraseAsBytes = null;
byte[] passPhrase2AsBytes = null;
string passPhrase = null;
string passPhrase2 = null;
if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
{
// legacy uses a string
var rand = new RandomGenerator();
passPhrase = rand.RandomPassword(pwLen); // pwMinLen, pwMaxLen);
passPhraseAsBytes = Serializer.SerializeToByteArray(passPhrase);
if (publicKey2 != null)
{
passPhrase2 = rand.RandomPassword(pwLen); // pwMinLen, pwMaxLen);
passPhrase2AsBytes = Serializer.SerializeToByteArray(passPhrase2);
}
}
else
{
var cryptoSvc = RNGCryptoServiceProvider.Create();
passPhraseAsBytes = new byte[pwLen];
cryptoSvc.GetBytes(passPhraseAsBytes);
if (publicKey2 != null)
{
passPhrase2AsBytes = new byte[pwLen];
cryptoSvc.GetBytes(passPhrase2AsBytes);
}
}
byte[] encryptedPassPhraseAsBytes = null;
AsymmetricallyEncryptedObject asymEncObj = null;
byte[] encryptionPassPhrase = null;
// if there are two keys, then we double encrypt the passphrase
if (publicKey2 == null)
{
var encRes = await publicKey1.WrapKeyAsync(passPhraseAsBytes);
encryptedPassPhraseAsBytes = encRes;
asymEncObj = new AsymmetricallyEncryptedObject()
{
KeyId = publicKey1.KeyId,
Reference = encryptedPassPhraseAsBytes
};
encryptionPassPhrase = passPhraseAsBytes;
}
else
{
// double passwords
var dualPw = new DualKeyProtectedPassword();
// get encryption from key1
var encRes1 = await publicKey1.WrapKeyAsync(passPhraseAsBytes);
dualPw.EncryptedPassphrase1 = encRes1;
// get encryption from key2
var encRes2 = await publicKey2.WrapKeyAsync(passPhrase2AsBytes);
dualPw.EncryptedPassphrase2 = encRes2;
encryptedPassPhraseAsBytes = Encoding.UTF8.GetBytes(Serializer.SerializeToJson(dualPw));
asymEncObj = new AsymmetricallyEncryptedObject()
{
KeyId = publicKey1.KeyId,
Key2Id = publicKey2.KeyId,
Reference = encryptedPassPhraseAsBytes
};
encryptionPassPhrase = passPhraseAsBytes.Concat(passPhrase2AsBytes).ToArray();
}
// handle the different strategies
// handle the different strategies
if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
{
// this is the revised legacy handling that has been enhanced
// Note that the passPhrase is a string, but the reference taht is stored is
// -----> Serializer.SerializeToByteArray(passPhrase);
// This is not a straight forward string to byte array conversion using encoding.
// And the decrypte expects to use this serializer method.
string cipher;
#pragma warning disable 0618
asymEncObj.Data = BasicEncryptor.EncryptObject(input, passPhrase + passPhrase2, out cipher);
#pragma warning restore 0618
asymEncObj.CipherText = cipher;
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Legacy_Aes2; // critical!!!
}
else if(this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_200000)
{
byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
asymEncObj.Data = AesEncryptor.Encrypt20000(inputAsBytes, encryptionPassPhrase);
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_200000; // critical!!!
}
else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Undefined || this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
{
byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
asymEncObj.Data = AesEncryptor.Encrypt1000(inputAsBytes, encryptionPassPhrase);
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_1000; // critical!!!
}
else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_5)
{
byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
asymEncObj.Data = AesEncryptor.Encrypt5(inputAsBytes, encryptionPassPhrase);
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_5; // critical!!!
}
else
{
throw new NotImplementedException(string.Format("AsymmetricStrategyOption '{0}' not implemented.", this.AsymmetricStrategy.ToString()));
}
passPhraseAsBytes.ClearByteArray();
passPhrase2AsBytes.ClearByteArray();
return asymEncObj;
}