internal void EncryptAndSign(byte[] inputNullable, int id, EncryptedFieldIds fieldId, out byte[] encrypted, out byte[] hmac) { if (inputNullable == null) { encrypted = null; hmac = null; return; } if (inputNullable.Length > 65535) { throw new ArgumentException(nameof(inputNullable)); } GetIVandKeys(id, fieldId, out var iv, out var aesKey, out var hmacKey); // encode length of input and add padding, to make it good for AES BinaryProcedures.CreateBinaryWriter(out var ms, out var w); w.Write((ushort)inputNullable.Length); w.Write(inputNullable); var bytesInLastBlock = (int)ms.Position % CryptoLibraries.AesBlockSize; if (bytesInLastBlock != 0) { var bytesRemainingTillFullAesBlock = CryptoLibraries.AesBlockSize - bytesInLastBlock; w.Write(_cryptoLibrary.GetRandomBytes(bytesRemainingTillFullAesBlock)); } var inputWithPadding = ms.ToArray(); encrypted = new byte[inputWithPadding.Length]; _cryptoLibrary.ProcessAesCbcBlocks(true, aesKey, iv, inputWithPadding, encrypted); hmac = _cryptoLibrary.GetSha256HMAC(hmacKey, encrypted); }