/// <inheritdoc/> protected override void UpdateSettingsFrom1To2(XElement root) { base.UpdateSettingsFrom1To2(root); // Handle protected password XElement oldPasswortElement = root.Element("cloud_storage")?.Element("cloud_password"); XElement cloudStorageAccount = root.Element("cloud_storage_account"); if ((oldPasswortElement != null) && (cloudStorageAccount != null)) { // Deobfuscate old password ICryptor decryptor = new Cryptor("snps", null); byte[] binaryCipher = CryptoUtils.Base64StringToBytes(oldPasswortElement.Value); byte[] unprotectedBinaryPassword = decryptor.Decrypt(binaryCipher, CryptoUtils.StringToSecureString(snpsk)); // Protect with new data protection service and add to XML char[] unprotectedChars = Encoding.UTF8.GetChars(unprotectedBinaryPassword); byte[] unprotectedUnicodePassword = Encoding.Unicode.GetBytes(unprotectedChars); string protectedPassword = _dataProtectionService.Protect(unprotectedUnicodePassword); cloudStorageAccount.Add(new XElement("protected_password", protectedPassword)); CryptoUtils.CleanArray(unprotectedBinaryPassword); CryptoUtils.CleanArray(unprotectedChars); CryptoUtils.CleanArray(unprotectedUnicodePassword); } }
public void EnsureBackwardsCompatibilityLongTimeDecryptionOfTwofishGcm() { // Ensure that a once stored cipher can always be decrypted even after changes in the liberary string base64Cipher = "dW5pdHRlc3QkdHdvZmlzaF9nY20kZHhMWFh4K0UrZ2MzWHdWc01rWUFxQT09JHBia2RmMiRma1BCWTdDWXp1OG5YUlJtYk9DUlp3PT0kMTAwMCRRc0ETSqDekQuBgKJ5x4Mvy02OHsivm0uJ9KchKdpGk+pmbF4Kq/EDbx9Uw54uEZUQLnK70dNKSEVtb1GyUOX1mitr"; byte[] cipher = CryptoUtils.Base64StringToBytes(base64Cipher); ICryptor decryptor = new Cryptor("unittest", null); string decryptedMessage = CryptoUtils.BytesToString(decryptor.Decrypt(cipher, CryptoUtils.StringToSecureString("brownie"))); Assert.AreEqual("The brown fox jumps over the lazy 🐢🖐🏿 doc.", decryptedMessage); }
public void EnsureBackwardsCompatibilityLongTimeDecryptionOfAesGcm() { // Ensure that a once stored cipher can always be decrypted even after changes in the liberary string base64Cipher = "dW5pdHRlc3QkYWVzX2djbSQ0NG04QXBFU1ptcXhnYll2OE5wcWl3PT0kcGJrZGYyJGgwSDdxSGZnVFlXNzBKS3lEb0JLeFE9PSQxMDAwJJsMDjdYEYXYmcqTOFRbge6iVfWo/iny4nrIOMVuoqYak6xB/MAe53G5H3AyxiTi8OENJbi9tzZStpe3p3nlDB7l+J8="; byte[] cipher = CryptoUtils.Base64StringToBytes(base64Cipher); ICryptor decryptor = new Cryptor("unittest", null); string decryptedMessage = CryptoUtils.BytesToString(decryptor.Decrypt(cipher, CryptoUtils.StringToSecureString("brownie"))); Assert.AreEqual("The brown fox jumps over the lazy 🐢🖐🏿 doc.", decryptedMessage); }
public void EnsureBackwardsCompatibilityLongTimeDecryptionOfXChaCha() { // Ensure that a once stored cipher can always be decrypted even after changes in the liberary string base64Cipher = "dW5pdHRlc3Qgdj0yJHhjaGFjaGEyMF9wb2x5MTMwNSRsT0FJVW5wZXEyL0g3Ti96UkdCSktqaW9MdmFTUWk5eCRwYmtkZjIkdmN0dmpXVmx1NEhGbGhqbTV0SGlWQT09JDEwMDAwJCTcCqQglE3Xmfe0lg9AOhzxJXOuj7wEj+kgaSnKlZgnMyQwpQCwa9W57jnz1RhrwUuLh0X3PJpPbf7lR07Le7TFRZc8"; byte[] cipher = CryptoUtils.Base64StringToBytes(base64Cipher); ICryptor decryptor = new Cryptor("unittest", null); string decryptedMessage = CryptoUtils.BytesToString(decryptor.Decrypt(cipher, CryptoUtils.StringToSecureString("brownie"))); Assert.AreEqual("The brown fox jumps over the lazy 🐢🖐🏿 doc.", decryptedMessage); }
/// <summary> /// Decrypts the note, if the belonging safe is open. /// </summary> /// <returns>Decrypted note content, or null if the safe is closed.</returns> private string UnlockIfSafeOpen(string lockedContent) { SafeModel safe = _safes.FindById(Model.SafeId); if ((safe != null) && safe.IsOpen) { byte[] binaryContent = CryptoUtils.Base64StringToBytes(lockedContent); byte[] unlockedContent = _cryptor.Decrypt(binaryContent, safe.Key); return(CryptoUtils.BytesToString(unlockedContent)); } return(null); }
/// <inheritdoc/> public byte[] Unprotect(string protectedData) { // Extract encrypted key and encrypted data string[] parts = protectedData.Split(Separator); if (parts.Length != 3) { throw new Exception("Invalid format of protected data"); } byte[] encryptedStoredKey = CryptoUtils.Base64StringToBytes(parts[0]); byte[] nonce = CryptoUtils.Base64StringToBytes(parts[1]); byte[] protectedDataPart = CryptoUtils.Base64StringToBytes(parts[2]); // Unprotect the random key with OS support byte[] storedKey = null; try { if (KeysExistInKeyStore()) { Cipher cipher = Cipher.GetInstance("RSA/ECB/PKCS1Padding"); // ECB mode is not used by RSA IKey privateKey = GetPrivateKeyFromKeyStore(); cipher.Init(CipherMode.DecryptMode, privateKey); storedKey = cipher.DoFinal(encryptedStoredKey); } } catch (Exception) { storedKey = null; } // Fallback to obfuscated key if (storedKey == null) { storedKey = CryptoUtils.Deobfuscate(encryptedStoredKey, CryptoUtils.StringToSecureString(Obcake)); } // Decrypt the data with the random key ISymmetricEncryptionAlgorithm decryptor; byte[] result; try { decryptor = new BouncyCastleXChaCha20(); result = decryptor.Decrypt(protectedDataPart, storedKey, nonce); } catch (Exception) { // Fallback to twofish, which was used before 3.2021 decryptor = new BouncyCastleTwofishGcm(); result = decryptor.Decrypt(protectedDataPart, storedKey, nonce); } return(result); }
public void EnsureBackwardsCompatibility() { // Ensure that a once stored packed header can always be unpacked even after changes in the liberary string packedBase64Header = "TXlBcHBOYW1lJFR3b2Zpc2gkUWtKQ1FrSkNRa0k9JFBCS0RGMiRUVTFOVFUxTlRVMD0kMTAkWFhYWFhYWFhYWFhYWFhYWA=="; byte[] packedHeader = CryptoUtils.Base64StringToBytes(packedBase64Header); CryptoHeaderPacker.UnpackHeaderAndCipher(packedHeader, "MyAppName", out CryptoHeader unpackedHeader, out byte[] unpackedCipher); Assert.AreEqual("MyAppName", unpackedHeader.PackageName); Assert.AreEqual("Twofish", unpackedHeader.AlgorithmName); Assert.AreEqual("PBKDF2", unpackedHeader.KdfName); Assert.AreEqual("10", unpackedHeader.Cost); Assert.AreEqual(CommonMocksAndStubs.FilledByteArray(8, 66), unpackedHeader.Nonce); Assert.AreEqual(CommonMocksAndStubs.FilledByteArray(8, 77), unpackedHeader.Salt); Assert.AreEqual(CommonMocksAndStubs.FilledByteArray(16, 88), unpackedCipher); }
public void EnsureCompatibilityToLibsodiumXChaCha20() { // Ensure that a once stored cipher can always be decrypted even after changes in the liberary. // This cypher was created with libsodium. string base64Cipher = "q8w/Zotsi3ZJp2eaAnFmMiAGgko+N2TkNgunS5+bDRNqrBBoN+XMQPSt7ojO4ODMP3Rf3aoYMNeJFL2/ZqK3AngIuQ=="; byte[] cipher = CryptoUtils.Base64StringToBytes(base64Cipher); ISymmetricEncryptionAlgorithm decryptor = new BouncyCastleXChaCha20(); ICryptoRandomService randomGenerator = CommonMocksAndStubs.CryptoRandomService(88); byte[] key = randomGenerator.GetRandomBytes(decryptor.ExpectedKeySize); byte[] nonce = randomGenerator.GetRandomBytes(decryptor.ExpectedNonceSize); string decryptedMessage = CryptoUtils.BytesToString(decryptor.Decrypt(cipher, key, nonce)); Assert.AreEqual("The brown fox jumps over the lazy 🐢🖐🏿 doc.", decryptedMessage); }
/// <summary> /// Test the password update from Version1 in Android to Version2 /// </summary> /// <param name="root"></param> protected override void UpdateSettingsFrom1To2(XElement root) { base.UpdateSettingsFrom1To2(root); SecureString snpsk = CryptoUtils.StringToSecureString("53EC49B1-6600+406b;B84F-0B9CFA1D2BE1"); // Handle protected password XElement oldPasswortElement = root.Element("cloud_storage")?.Element("cloud_password"); XElement cloudStorageAccount = root.Element("cloud_storage_account"); if ((oldPasswortElement != null) && (cloudStorageAccount != null)) { // Deobfuscate old password ICryptor decryptor = new Cryptor("snps", null); byte[] binaryCipher = CryptoUtils.Base64StringToBytes(oldPasswortElement.Value); byte[] unprotectedBinaryPassword = decryptor.Decrypt(binaryCipher, snpsk); // Protect with new data protection service and add to XML string protectedPassword = _dataProtectionService.Protect(unprotectedBinaryPassword); cloudStorageAccount.Add(new XElement("protected_password", protectedPassword)); CryptoUtils.CleanArray(unprotectedBinaryPassword); } }