/// <summary> /// encrypt the request /// </summary> protected void ProcessRequest(ITransportHeaders headers, ref Stream stream) { if (FEncryptionKey == null) { // create a symmetric key Rijndael alg = new RijndaelManaged(); alg.GenerateKey(); FEncryptionKey = alg.Key; SendKeyAgain = true; } if (SendKeyAgain) { // tell the server the symmetric key, // but encrypt with the public key of the server. // this means that only the server can read the secret key. RSACryptoServiceProvider serverRSA = new RSACryptoServiceProvider(); serverRSA.ImportParameters(FPublicKeyServer); string encryptedSymmetricKey = Convert.ToBase64String(serverRSA.Encrypt(FEncryptionKey, false)); headers[EncryptionRijndael.GetEncryptionName() + "KEY"] = encryptedSymmetricKey; SendKeyAgain = false; } headers["ClientGuid"] = CurrentClientGuid; byte[] EncryptionIV; stream = EncryptionRijndael.Encrypt(FEncryptionKey, stream, out EncryptionIV); headers[EncryptionRijndael.GetEncryptionName()] = "Yes"; // the initialisation vector is no secret, but we need to generate it for each encryption, and it is needed for decryption headers[EncryptionRijndael.GetEncryptionName() + "IV"] = Convert.ToBase64String(EncryptionIV); }
/// <summary> /// decrypt the response /// </summary> protected void ProcessResponse(ITransportHeaders headers, ref Stream stream) { if (headers[EncryptionRijndael.GetEncryptionName()] != null) { byte[] EncryptionIV = Convert.FromBase64String((String)headers[EncryptionRijndael.GetEncryptionName() + "IV"]); stream = EncryptionRijndael.Decrypt(FEncryptionKey, stream, EncryptionIV); } }
/// <summary> /// encrypt the response /// </summary> protected void ProcessResponse(ITransportHeaders headers, ref Stream stream, object state, string AClientGuid) { if (state != null) { byte[] EncryptionIV; stream = EncryptionRijndael.Encrypt(FEncryptionKeys[AClientGuid], stream, out EncryptionIV); headers[EncryptionRijndael.GetEncryptionName()] = "Yes"; // the initialisation vector is no secret, but we need to generate it for each encryption, and it is needed for decryption headers[EncryptionRijndael.GetEncryptionName() + "IV"] = Convert.ToBase64String(EncryptionIV); } }
public void EncipherTest() { uint[] keys = { 12, 23, 34, 45, 56, 67, 78, 89, }; byte[] expected = new byte[] { 96, 97, 98, 99 }; var encrypter = new EncryptionRijndael(); byte[] ciphertext = encrypter.Encrypt(expected, keys); byte[] actual = encrypter.Decrypt(ciphertext, keys); CollectionAssert.AreEqual(expected, actual); }
/// <summary> /// decrypt the request /// </summary> protected string ProcessRequest(ITransportHeaders headers, ref Stream stream, ref object state) { if (headers[EncryptionRijndael.GetEncryptionName()] != null) { string ClientGuid = headers["ClientGuid"].ToString(); if (headers[EncryptionRijndael.GetEncryptionName() + "KEY"] != null) { // read the symmetric key, which has been encrypted with our public key RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(); RSA.ImportParameters(FPrivateKey); // this can overwrite the encryption key of another connection? byte[] EncryptionKey = RSA.Decrypt( Convert.FromBase64String((String)headers[EncryptionRijndael.GetEncryptionName() + "KEY"]), false); if (!FEncryptionKeys.ContainsKey(ClientGuid)) { FEncryptionKeys.Add(ClientGuid, EncryptionKey); } else { FEncryptionKeys[ClientGuid] = EncryptionKey; } } byte[] EncryptionIV = Convert.FromBase64String((String)headers[EncryptionRijndael.GetEncryptionName() + "IV"]); stream = EncryptionRijndael.Decrypt(FEncryptionKeys[ClientGuid], stream, EncryptionIV); state = true; return(ClientGuid); } else { throw new Exception("EncryptionServerSink: We cannot allow non encrypted traffic"); } }