public static DataProtectionParams CreateParams(string password)
{
var salt = new byte[16];
using (var random = new RNGCryptoServiceProvider())
{
random.GetBytes(salt);
}
var prms = new DataProtectionParams()
{
Salt = Convert.ToBase64String(salt)
};
var pbkdf2 = new Rfc2898DeriveBytes(
Encoding.UTF8.GetBytes(password),
Convert.FromBase64String(prms.Salt),
prms.IterationCount,
new HashAlgorithmName(prms.HashAlgorithmName));
byte[] key = pbkdf2.GetBytes(KEY_LEN);
var encrypted = CryptoHelper.Encrypt(Encoding.UTF8.GetBytes(MAGIC), key, out byte[] iv);
var verificationCode = new byte[iv.Length + VERIFY_CODE_LEN];
Array.Copy(encrypted, 0, verificationCode, 0, VERIFY_CODE_LEN);
Array.Copy(iv, 0, verificationCode, VERIFY_CODE_LEN, iv.Length);
prms.VerificationCode = Convert.ToBase64String(verificationCode);
return(prms);
}
public DataProtectionKey(int keyId, DataProtectionParams prms)
{
KeyId = keyId;
_prms = prms;
}
