/// <summary> /// Decrypt the encryptedTuple. /// </summary> /// <param name="context">Your Android Context, likely your Activity or Service</param> /// <param name="alias">Alias is the name you are using for the key, use sensible name</param> /// <param name="encryptedTuple">Encrypted tuple.</param> public static string Decrypt(Context context, string alias, EncryptedTuple encryptedTuple) { var confidentialKeyWrapper = new SecretKeyWrapper(context, alias); var secretKeys = confidentialKeyWrapper.CheckMacAndDecrypt(encryptedTuple.EncryptedSymmetricKey); return(AesCbcWithIntegrity.DecryptString(new AesCbcWithIntegrity.CipherTextIvMac(encryptedTuple.EncryptedText), secretKeys)); }
/// <summary> /// Encrypt the specified clearText. /// </summary> /// <param name="context">Your Android Context, likely your Activity or Service</param> /// <param name="alias">Alias is the name you are using for the key, use sensible name</param> /// <param name="clearText">The content you want to encrypt</param> public static EncryptedTuple Encrypt(Context context, string alias, string clearText) { var secretKeys = AesCbcWithIntegrity.GenerateKey(); var confidentialKeyWrapper = new SecretKeyWrapper(context, alias); var encryptedSymmetricKey = confidentialKeyWrapper.EncryptedThenMac(secretKeys); var encryptedBundle = AesCbcWithIntegrity.Encrypt(Encoding.UTF8.GetBytes(clearText), secretKeys); return(new EncryptedTuple(encryptedBundle.ToString(), encryptedSymmetricKey)); }
public void TestSecretKeyWrapperRoundTrip() { var secretKeyWrapper = new SecretKeyWrapper(context, UnitTestAlias); var secretKeys = AesCbcWithIntegrity.GenerateKey(); var wrappedKey = secretKeyWrapper.EncryptedThenMac(secretKeys); Assert.False(AesCbcWithIntegrity.KeyString(secretKeys) == wrappedKey); var unwrappedKey = secretKeyWrapper.CheckMacAndDecrypt(wrappedKey); Assert.True(AesCbcWithIntegrity.KeyString(secretKeys) == AesCbcWithIntegrity.KeyString(unwrappedKey)); }
public string EncryptedThenMac(AesCbcWithIntegrity.SecretKeys keys) { cipher.Init(CipherMode.EncryptMode, pair.Public); var cipherText = cipher.DoFinal(Encoding.UTF8.GetBytes(AesCbcWithIntegrity.KeyString(keys))); Signature s = Signature.GetInstance(HmacAlgorithm); s.InitSign(pair.Private); s.Update(cipherText); byte [] signature = s.Sign(); return(string.Format("{0}:{1}", Convert.ToBase64String(signature), Convert.ToBase64String(cipherText))); }
public void TestAesCbcWithIntegrityRoundTrip() { var privateKey = AesCbcWithIntegrity.GenerateKey(); var mySecretText = "This is my secret"; var mySecretBytes = Encoding.UTF8.GetBytes(mySecretText); var cipherText = AesCbcWithIntegrity.Encrypt(mySecretBytes, privateKey); Assert.False(AesCbcWithIntegrity.ConstantTimeEq(mySecretBytes, cipherText.GetCipherText())); var decryptedBytes = AesCbcWithIntegrity.Decrypt(cipherText, privateKey); var decryptedText = Encoding.UTF8.GetString(decryptedBytes); Assert.True(mySecretText == decryptedText, string.Format("Expect {0} but got {1}", mySecretText, decryptedText)); }
public AesCbcWithIntegrity.SecretKeys CheckMacAndDecrypt(string encryptedForm) { string [] separators = { ":" }; var stuffs = encryptedForm.Split(separators, StringSplitOptions.None); var signature = Convert.FromBase64String(stuffs [0]); var blob = Convert.FromBase64String(stuffs[1]); // prevent padding oracle attack Signature s = Signature.GetInstance(HmacAlgorithm); s.InitVerify(cert.PublicKey); s.Update(blob); if (!s.Verify(signature)) { throw new GeneralSecurityException("bad mac"); } cipher.Init(CipherMode.DecryptMode, pair.Private); var decrypted = cipher.DoFinal(blob); return(AesCbcWithIntegrity.Keys(Encoding.UTF8.GetString(decrypted))); }