private static string GetPassword(IConfigSection host) { var password = host.Get("password", false); if (string.IsNullOrEmpty(password)) { return(password); } using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("he1sQWc8SSPpkdIA"))) { if (password.StartsWith("enc:")) { password = password.Substring(4); var data = Convert.FromBase64String(password); return(Encoding.UTF8.GetString(cipher.Decrypt(data))); } else { var data = cipher.Encrypt(Encoding.UTF8.GetBytes(password)); host.Set("password", "enc:" + Convert.ToBase64String(data)); host.Config.Save(); return(password); } } }
public void AesCipherTest() { using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit"))) { var content = "password"; var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content)); var password = Encoding.UTF8.GetString(cipher.Decrypt(passwordEnc)); Assert.AreEqual(content, password); } }
public void CipherRefTest() { var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit")); var content = "password"; var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content)); var cipher2 = cipher.Clone(); cipher.Dispose(); Assert.Catch <ObjectDisposedException>(() => cipher.Decrypt(passwordEnc)); var password = Encoding.UTF8.GetString(cipher2.Decrypt(passwordEnc)); Assert.AreEqual(content, password); cipher2.Dispose(); Assert.Catch <ObjectDisposedException>(() => cipher2.Decrypt(passwordEnc)); }
private byte[] OpenInternal(KeyProviderQueryContext ctx) { SafeVaultConf conf = new SafeVaultConf(ctx.DatabaseIOInfo); var required = new[] { conf.ClientCertificateName, conf.ServerUrl, conf.ServerCertificateName, conf.Salt, conf.Username, conf.VaultKeyname, conf.DatabaseKeyA }; if (required.Any(string.IsNullOrEmpty)) { throw new ConfigurationException("SafeVault not configured."); } byte[] salt = Convert.FromBase64String(conf.Salt); using (var rsa = RsaCipher.LoadFromX509Store(conf.ClientCertificateName)) { salt = rsa.Decrypt(salt); } string sKeyB = string.Empty; VaultKeyPromptForm promptForm = new VaultKeyPromptForm(); promptForm.InitEx("Enter SafeVault Password", "Open Database", (oneTimePassword) => { var query = new SafeVaultWebClient(conf); try { sKeyB = query.GetDbxKey(conf.VaultKeyname, oneTimePassword); return(true); } catch (SafeVaultException ex) { MessageService.ShowWarning( query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "", ex.Message ); } return(false); }); if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK) { return(null); } byte[] keyA = Convert.FromBase64String(conf.DatabaseKeyA); byte[] keyB = Convert.FromBase64String(sKeyB); using (var aes = new Aes256Cipher()) { aes.SetPassPhrase(salt); keyA = aes.Decrypt(keyA); keyB = aes.Decrypt(keyB); } if (keyA.Length != keyB.Length) { throw new SafevaultKeyProviderException("Incompatible KEYA and KEYB"); } for (int i = 0; i < keyB.Length; i++) { keyA[i] ^= keyB[i]; } int keyL = BitConverter.ToUInt16(keyA, 0); if (keyL > keyA.Length) { throw new SafevaultKeyProviderException("Invalid KEYB"); } byte[] masterKey = new byte[keyL]; Array.Copy(keyA, 2, masterKey, 0, masterKey.Length); return(masterKey); }