public EncryptedMessage EncryptData(Message email, RSAEncryption rsaEncryption,
DigitalSignature signature)
{
byte[] message = Encoding.ASCII.GetBytes(email.Text);
var sessionKey = _aes.GenerateRandomNumber(32);
var encryptedPacket = new EncryptedMessage
{
ReceiveDate = DateTime.Now,
Iv = _aes.GenerateRandomNumber(16),
SenderEmail = email.EmailSender,
ReceiverEmail = email.EmailReceiver
};
encryptedPacket.EncryptedData = _aes.Encrypt(message, sessionKey, encryptedPacket.Iv);
encryptedPacket.EncryptedSessionKey = rsaEncryption.EncryptData(sessionKey);
using (var hmac = new HMACSHA256(sessionKey))
{
encryptedPacket.Hmac = hmac.ComputeHash(encryptedPacket.EncryptedData);
}
encryptedPacket.Signature = signature.SignData(encryptedPacket.Hmac);
_dbContext.EncryptedMessages.Add(encryptedPacket);
_dbContext.SaveChanges();
return(encryptedPacket);
}
public void DecryptData(EncryptedFile encryptedFile, RSAEncryption rsaEncryption, DigitalSignature signature)
{
var decryptedSessionKey = rsaEncryption.DecryptData(encryptedFile.EncryptedSessionKey);
using (var hmac = new HMACSHA256(decryptedSessionKey))
{
var hmacToCheck = hmac.ComputeHash(encryptedFile.EncryptedData);
if (!Compare(encryptedFile.Hmac, hmacToCheck))
{
throw new CryptographicException("HMAC for decryption does not match encrypted packet.");
}
if (!signature.VerifySignature(encryptedFile.Hmac, encryptedFile.Signature))
{
throw new CryptographicException("Digital Signature can not be verified.");
}
}
byte[] fileInBytes = _aes.Decrypt(encryptedFile.EncryptedData, decryptedSessionKey, encryptedFile.Iv);
if (!Directory.Exists($"storage/{encryptedFile.ReceiverEmail}/files"))
{
Directory.CreateDirectory($"storage/{encryptedFile.ReceiverEmail}/files");
}
using (var fs = new FileStream($"storage/{encryptedFile.ReceiverEmail}/files/{encryptedFile.FileName}", FileMode.Create, FileAccess.Write))
{
fs.Write(fileInBytes, 0, fileInBytes.Length);
}
}
public void EncryptFile(IFormFile fileform, EncryptedMessage encryptedMessage, RSAEncryption rsaEncryption, DigitalSignature signature)
{
var sessionKey = _aes.GenerateRandomNumber(32);
var encryptedPacket = new EncryptedFile
{
Iv = _aes.GenerateRandomNumber(16),
SenderEmail = encryptedMessage.SenderEmail,
ReceiverEmail = encryptedMessage.ReceiverEmail,
EncryptedMessageId = encryptedMessage.EncryptedMessageId,
FileName = fileform.FileName,
};
byte[] fileInBytes;
using (var stream = new MemoryStream())
{
fileform.CopyToAsync(stream);
fileInBytes = stream.ToArray();
}
encryptedPacket.EncryptedData = _aes.Encrypt(fileInBytes, sessionKey, encryptedPacket.Iv);
encryptedPacket.EncryptedSessionKey = rsaEncryption.EncryptData(sessionKey);
using (var hmac = new HMACSHA256(sessionKey))
{
encryptedPacket.Hmac = hmac.ComputeHash(encryptedPacket.EncryptedData);
}
encryptedPacket.Signature = signature.SignData(encryptedPacket.Hmac);
_dbContext.EncryptedFiles.Add(encryptedPacket);
_dbContext.SaveChanges();
}
public byte[] DecryptData(EncryptedMessage encryptedPacket, RSAEncryption rsaEncryption, DigitalSignature signature)
{
var decryptedSessionKey = rsaEncryption.DecryptData(encryptedPacket.EncryptedSessionKey);
using (var hmac = new HMACSHA256(decryptedSessionKey))
{
var hmacToCheck = hmac.ComputeHash(encryptedPacket.EncryptedData);
if (!Compare(encryptedPacket.Hmac, hmacToCheck))
{
throw new CryptographicException("HMAC for decryption does not match encrypted packet.");
}
if (!signature.VerifySignature(encryptedPacket.Hmac, encryptedPacket.Signature))
{
throw new CryptographicException("Digital Signature can not be verified.");
}
}
var decryptedData = _aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey, encryptedPacket.Iv);
return(decryptedData);
}
