Example #1
        /// ----------------------------------------------------------------------------------------
        /// <summary>
        /// Helper method: Get preferences dictionary from decrypted data.
        /// In editing mode, users have to enter the right SEB administrator password
        /// before they can access the settings contents
        /// and returns the decrypted bytes
        /// </summary>
        /// ----------------------------------------------------------------------------------------
        private static DictObj GetPreferencesDictFromConfigData(byte[] sebData, bool forEditing)
            DictObj sebPreferencesDict = null;

                // Get preferences dictionary from decrypted data
                sebPreferencesDict = (DictObj)Plist.readPlist(sebData);
            catch (Exception readPlistException)
                MessageBox.Show(SEBUIStrings.loadingSettingsFailed, SEBUIStrings.loadingSettingsFailedReason, MessageBoxButtons.OK, MessageBoxIcon.Error);
            // In editing mode, the user has to enter the right SEB administrator password used in those settings before he can access their contents
            if (forEditing)
                // Get the admin password set in these settings
                string sebFileHashedAdminPassword = (string)SEBSettings.valueForDictionaryKey(sebPreferencesDict, SEBSettings.KeyHashedAdminPassword);
                // If there was no or empty admin password set in these settings, the user can access them anyways
                if (!String.IsNullOrEmpty(sebFileHashedAdminPassword))
                    // Get the current hashed admin password
                    string hashedAdminPassword = (string)SEBSettings.valueForDictionaryKey(SEBSettings.settingsCurrent, SEBSettings.KeyHashedAdminPassword);
                    if (hashedAdminPassword == null)
                        hashedAdminPassword = "";
                    // If the current hashed admin password is same as the hashed admin password from the settings file
                    // then the user is allowed to access the settings
                    if (String.Compare(hashedAdminPassword, sebFileHashedAdminPassword, StringComparison.OrdinalIgnoreCase) != 0)
                        // otherwise we have to ask for the SEB administrator password used in those settings and
                        // allow opening settings only if the user enters the right one

                        if (!askForPasswordAndCompareToHashedPassword(sebFileHashedAdminPassword, forEditing))
            // Reading preferences was successful!
Example #2
        /// ----------------------------------------------------------------------------------------
        /// <summary>
        /// Helper method which decrypts the byte array using an empty password,
        /// or the administrator password currently set in SEB
        /// or asks for the password used for encrypting this SEB file
        /// for configuring the client
        /// </summary>
        /// ----------------------------------------------------------------------------------------
        private static DictObj DecryptDataWithPasswordForConfiguringClient(byte[] sebData, bool forEditing, ref string sebFilePassword, ref bool passwordIsHash)
            passwordIsHash = false;
            string password;
            // First try to decrypt with the current admin password
            // get admin password hash
            string hashedAdminPassword = (string)SEBSettings.valueForDictionaryKey(SEBSettings.settingsCurrent, SEBSettings.KeyHashedAdminPassword);

            if (hashedAdminPassword == null)
                hashedAdminPassword = "";
            // We use always uppercase letters in the base16 hashed admin password used for encrypting
            hashedAdminPassword = hashedAdminPassword.ToUpper();
            DictObj sebPreferencesDict = null;

            byte[] decryptedSebData = SEBProtectionController.DecryptDataWithPassword(sebData, hashedAdminPassword);
            if (decryptedSebData == null)
                // If decryption with admin password didn't work, try it with an empty password
                decryptedSebData = SEBProtectionController.DecryptDataWithPassword(sebData, "");
                if (decryptedSebData == null)
                    // If decryption with empty and admin password didn't work, ask for the password the .seb file was encrypted with
                    // Allow up to 5 attempts for entering decoding password
                    int i = 5;
                    password = null;
                    string enterPasswordString = SEBUIStrings.enterEncryptionPassword;
                        // Prompt for password
                        password = SebPasswordDialogForm.ShowPasswordDialogForm(SEBUIStrings.reconfiguringLocalSettings, enterPasswordString);
                        // If cancel was pressed, abort
                        if (password == null)
                        string hashedPassword = SEBProtectionController.ComputePasswordHash(password);
                        // we try to decrypt with the hashed password
                        decryptedSebData = SEBProtectionController.DecryptDataWithPassword(sebData, hashedPassword);
                        // in case we get an error we allow the user to try it again
                        enterPasswordString = SEBUIStrings.enterEncryptionPasswordAgain;
                    } while (decryptedSebData == null && i > 0);
                    if (decryptedSebData == null)
                        //wrong password entered in 5th try: stop reading .seb file
                        MessageBox.Show(SEBUIStrings.reconfiguringLocalSettingsFailed, SEBUIStrings.reconfiguringLocalSettingsFailedWrongPassword, MessageBoxButtons.OK, MessageBoxIcon.Error);
                        // Decrypting with entered password worked: We save it for returning it later
                        if (forEditing)
                            sebFilePassword = password;
                //decrypting with hashedAdminPassword worked: we save it for returning as decryption password
                sebFilePassword = hashedAdminPassword;
                // identify that password as hash
                passwordIsHash = true;
            /// Decryption worked

            // Ungzip the .seb (according to specification >= v14) decrypted serialized XML plist data
            decryptedSebData = GZipByte.Decompress(decryptedSebData);

            // Check if the openend reconfiguring seb file has the same admin password inside like the current one

                sebPreferencesDict = (DictObj)Plist.readPlist(decryptedSebData);
            catch (Exception readPlistException)
                // Error when deserializing the decrypted configuration data
                // We abort reading the new settings here
                MessageBox.Show(SEBUIStrings.loadingSettingsFailed, SEBUIStrings.loadingSettingsFailedReason, MessageBoxButtons.OK, MessageBoxIcon.Error);
            // Get the admin password set in these settings
            string sebFileHashedAdminPassword = (string)SEBSettings.valueForDictionaryKey(sebPreferencesDict, SEBSettings.KeyHashedAdminPassword);

            if (sebFileHashedAdminPassword == null)
                sebFileHashedAdminPassword = "";
            // Has the SEB config file the same admin password inside as the current settings have?
            if (String.Compare(hashedAdminPassword, sebFileHashedAdminPassword, StringComparison.OrdinalIgnoreCase) != 0)
                //No: The admin password inside the .seb file wasn't the same as the current one
                if (forEditing)
                    // If the file is openend for editing (and not to reconfigure SEB)
                    // we have to ask the user for the admin password inside the file
                    if (!askForPasswordAndCompareToHashedPassword(sebFileHashedAdminPassword, forEditing))
                        // If the user didn't enter the right password we abort
                    // The file was actually opened for reconfiguring the SEB client:
                    // we have to ask for the current admin password and
                    // allow reconfiguring only if the user enters the right one
                    // We don't check this for the case the current admin password was used to encrypt the new settings
                    // In this case there can be a new admin pw defined in the new settings and users don't need to enter the old one
                    if (passwordIsHash == false && hashedAdminPassword.Length > 0)
                        // Allow up to 5 attempts for entering current admin password
                        int i = 5;
                        password = null;
                        string hashedPassword;
                        string enterPasswordString = SEBUIStrings.enterCurrentAdminPwdForReconfiguring;
                        bool   passwordsMatch;
                            // Prompt for password
                            password = SebPasswordDialogForm.ShowPasswordDialogForm(SEBUIStrings.reconfiguringLocalSettings, enterPasswordString);
                            // If cancel was pressed, abort
                            if (password == null)
                            if (password.Length == 0)
                                hashedPassword = "";
                                hashedPassword = SEBProtectionController.ComputePasswordHash(password);
                            passwordsMatch = (String.Compare(hashedPassword, hashedAdminPassword, StringComparison.OrdinalIgnoreCase) == 0);
                            // in case we get an error we allow the user to try it again
                            enterPasswordString = SEBUIStrings.enterCurrentAdminPwdForReconfiguringAgain;
                        } while (!passwordsMatch && i > 0);
                        if (!passwordsMatch)
                            //wrong password entered in 5th try: stop reading .seb file
                            MessageBox.Show(SEBUIStrings.reconfiguringLocalSettingsFailed, SEBUIStrings.reconfiguringLocalSettingsFailedWrongCurrentAdminPwd, MessageBoxButtons.OK, MessageBoxIcon.Error);

            // We need to set the right value for the key sebConfigPurpose to know later where to store the new settings
            sebPreferencesDict[SEBSettings.KeySebConfigPurpose] = (int)SEBSettings.sebConfigPurposes.sebConfigPurposeConfiguringClient;

            // Reading preferences was successful!