/// <summary>
/// Derives encryption key from password.
/// </summary>
/// <param name="password">Password.</param>
/// <param name="salt">Salt.</param>
/// <param name="iterations">Iterations.</param>
/// <returns>Encryption key.</returns>
public static byte[] DeriveKeyV1(string password, byte[] salt, int iterations)
{
var pdb = new Pkcs5S2ParametersGenerator(new Sha256Digest());
pdb.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray()), salt, iterations);
return(((KeyParameter)pdb.GenerateDerivedMacParameters(32 * 8)).GetKey());
}
private byte[] BcScrypt(char[] password, byte[] salt,
int costParameter, int blocksize, int parallelizationParam)
{
return(SCrypt.Generate(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password),
salt, costParameter, blocksize, parallelizationParam,
256 / 8));
}
internal override KeyParameter GetEncoded(string algorithmOid)
{
Pkcs5S2ParametersGenerator pkcs5S2ParametersGenerator = new Pkcs5S2ParametersGenerator();
pkcs5S2ParametersGenerator.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password), salt, iterationCount);
return((KeyParameter)pkcs5S2ParametersGenerator.GenerateDerivedParameters(algorithmOid, CmsEnvelopedHelper.Instance.GetKeySize(algorithmOid)));
}
private KeyParameter CreateKey(string password, byte[] salt, int iterations, int keySizeInBits)
{
var generator = new Pkcs5S2ParametersGenerator(new Sha256Digest());
generator.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray()), salt, iterations);
return((KeyParameter)generator.GenerateDerivedMacParameters(keySizeInBits));
}
private static ICipherParameters GenerateKey(string password, int keySize, int?ivSize = null)
{
var generator = new Pkcs5S2ParametersGenerator();
generator.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray()), SALT, 1000);
return(generator.GenerateDerivedParameters("AES", keySize, ivSize ?? keySize));
}
/// <summary>
/// Derives encryption key from password and gets HSA256 hash
/// </summary>
/// <param name="password">Password.</param>
/// <param name="salt">Salt.</param>
/// <param name="iterations">Iterations.</param>
/// <returns></returns>
public static byte[] DeriveV1KeyHash(string password, byte[] salt, int iterations)
{
var pdb = new Pkcs5S2ParametersGenerator(new Sha256Digest());
pdb.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray()), salt, iterations);
var key = ((KeyParameter)pdb.GenerateDerivedMacParameters(32 * 8)).GetKey();
return(SHA256.Create().ComputeHash(key));
}
// http://stackoverflow.com/questions/34950611/how-to-create-a-pbkdf2-sha256-password-hash-in-c-sharp-bouncy-castle//
internal static byte[] GeneratePbkdf2Sha256DerivedKey(string password, byte[] salt, int count, int dklen)
{
var pdb = new Pkcs5S2ParametersGenerator(new Sha256Digest());
pdb.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray()), salt, count);
var key = (KeyParameter)pdb.GenerateDerivedMacParameters(8 * dklen);
return(key.GetKey());
}
private byte[] BcPkcs5Scheme(char[] password, byte[] salt,
int iterationCount)
{
var generator = new Pkcs5S1ParametersGenerator(
GetDigest());
generator.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password),
salt,
iterationCount);
return(((KeyParameter)generator.GenerateDerivedParameters(_config.CipherAlgorithm.ToString(), GetKeySize())).GetKey());
}
//http://stackoverflow.com/questions/34950611/how-to-create-a-pbkdf2-sha256-password-hash-in-c-sharp-bouncy-castle//
public byte[] GeneratePbkdf2Sha256DerivedKey(string password, byte[] salt, int count, int dklen)
{
var pdb = new Pkcs5S2ParametersGenerator(new Sha256Digest());
//note Pkcs5PasswordToUtf8Bytes is the same as Encoding.UTF8.GetBytes(password)
//changing it to keep it as bouncy
pdb.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray()), salt,
count);
//if dklen == 32, then it is 256 (8 * 32)
var key = (KeyParameter)pdb.GenerateDerivedMacParameters(8 * dklen);
return key.GetKey();
}
// derive with PKCS5S2
public static byte[] derive(String password, byte[] salt)
{
int iterationCount = 1000;
int keyLength = 32 * 8;
byte[] keyBytes = null;
Pkcs5S2ParametersGenerator gen = new Pkcs5S2ParametersGenerator();
gen.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes((password).ToCharArray()), salt, iterationCount);
keyBytes = ((KeyParameter)gen.GenerateDerivedParameters(keyLength)).GetKey();
return(keyBytes);
}
/// <summary>
/// 获取用户密钥
/// </summary>
/// <param name="key"></param>
/// <param name="utf8"></param>
/// <returns></returns>
private byte[] GetUserKey(string key, bool utf8)
{
if (string.IsNullOrWhiteSpace(key))
{
return(null);
}
var gen = new Pkcs5S2ParametersGenerator();
var bytes = utf8
? PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(key.ToCharArray())
: PbeParametersGenerator.Pkcs5PasswordToBytes(key.ToCharArray());
gen.Init(bytes, header.UserSalt, header.Rounds);
var param = (KeyParameter)gen.GenerateDerivedParameters("AES256", AbHeader.PBKDF2_KEY_SIZE);
var userKey = param.GetKey();
return(userKey);
}
public static byte[] androidPBKDF2(char[] pwArray, byte[] salt, int rounds, bool useUtf8)
{
PbeParametersGenerator generator = new Pkcs5S2ParametersGenerator();
// Android treats password bytes as ASCII, which is obviously
// not the case when an AES key is used as a 'password'.
// Use the same method for compatibility.
// Android 4.4 however uses all char bytes
// useUtf8 needs to be true for KitKat
byte[] pwBytes = useUtf8 ? PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(pwArray)
: PbeParametersGenerator.Pkcs5PasswordToBytes(pwArray);
generator.Init(pwBytes, salt, rounds);
KeyParameter param = (KeyParameter)generator.GenerateDerivedParameters("AES256", PBKDF2_KEY_SIZE);
return(param.GetKey());
//return new byte[])(params.getKey(), "AES");
}
