public void SecretAeadEncryptWithBadAdditionalData() { var key = new byte[] { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf, 0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27, 0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07 }; var nonce = new byte[] { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10 }; var ad = new byte[] { 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0, 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0, 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0 }; var m = new byte[] { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca }; if (SecretAeadAes.IsAvailable()) { Assert.Throws <AdditionalDataOutOfRangeException>( () => SecretAeadAes.Encrypt(m, nonce, key, ad)); } else { Assert.Warn("AES is not supported"); } }
public void AesAeadWithoutAdditionalDataTest() { var key = new byte[] { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf, 0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27, 0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07 }; var nonce = new byte[] { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79, 0x4a, 0x79, 0xc0, 0xd1, 0x10 }; var m = new byte[] { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca }; if (SecretAeadAes.IsAvailable()) { var encrypted = SecretAeadAes.Encrypt(m, nonce, key); var decrypted = SecretAeadAes.Decrypt(encrypted, nonce, key); CollectionAssert.AreEqual(m, decrypted); } else { Console.WriteLine("Missing AES support"); } }
public void SecretAeadDecryptWithBadNonce() { var key = new byte[] { 0x42, 0x90, 0xbc, 0xb1, 0x54, 0x17, 0x35, 0x31, 0xf3, 0x14, 0xaf, 0x57, 0xf3, 0xbe, 0x3b, 0x50, 0x06, 0xda, 0x37, 0x1e, 0xce, 0x27, 0x2a, 0xfa, 0x1b, 0x5d, 0xbd, 0xd1, 0x10, 0x0a, 0x10, 0x07 }; var nonce = new byte[] { 0xcd, 0x7c, 0xf6, 0x7b, 0xe3, 0x9c, 0x79 }; var ad = new byte[] { 0x87, 0xe2, 0x29, 0xd4, 0x50, 0x08, 0x45, 0xa0, 0x79, 0xc0 }; var m = new byte[] { 0x86, 0xd0, 0x99, 0x74, 0x84, 0x0b, 0xde, 0xd2, 0xa5, 0xca }; if (SecretAeadAes.IsAvailable()) { SecretAeadAes.Decrypt(m, nonce, key, ad); } else { throw new NonceOutOfRangeException("AES is not supported"); } }
// Function to generate encryption key. public static void GenerateEncryptionKey(string masterPassword) { // Generate random 32 byte encryption key, 12 byte random nonce and 32 byte hash to use as key from master password. byte[] encryptionKey = SodiumCore.GetRandomBytes(32); byte[] nonce = SecretAeadAes.GenerateNonce(); byte[] key = GenericHash.Hash(masterPassword, (byte[])null, 32); // Encrypt encryption key with master password. byte[] encryptedKey = SecretAeadAes.Encrypt(encryptionKey, nonce, key); // Store bytes in base64 encoding. File.WriteAllText(PIMUX_KEY, Convert.ToBase64String(encryptedKey)); File.WriteAllText(PIMUX_KEY_NONCE, Convert.ToBase64String(nonce)); }
// Function to get the encryption key for the main store. private static byte[] GetKey(string masterPassword) { // Get encrypted encryption key and nonce. //byte[] encryptedKey = Convert.FromBase64String(File.ReadAllText(PIMUX_KEY)); byte[] encryptedKey = Encoding.ASCII.GetBytes(File.ReadAllText(PIMUX_KEY)); byte[] keyNonce = Encoding.ASCII.GetBytes(File.ReadAllText(PIMUX_KEY_NONCE)); // Decrypt key with parameters stored in PIMUX_PATH. byte[] key = SecretAeadAes.Decrypt(encryptedKey, keyNonce, GenericHash.Hash(masterPassword, (byte[])null, 32)); return(key); }
public void addKey(string website, string username, string password) { var nonce = SecretAeadAes.GenerateNonce(); var totalString = username + separator + password; var encryptedData = SimpleAESEncryption(secretKey, totalString, nonce); //var bsonCredentials = new BsonDocument { // { "credentials", encryptedData}, // { "nonce", Encoding.UTF8.GetString(nonce) } //}; var doc = new BsonDocument { { "website", website }, { "credentials", encryptedData }, { "nonce", Encoding.UTF8.GetString(nonce) } }; collection.InsertOne(doc); }
// Function to decrypt the main store. public static List <string> DecryptStoreFile(string masterPassword) { // Get required variables. string[] storeFileContents = GetStoreFileContents(); byte[] nonce = GetNonce(); byte[] key = GetKey(masterPassword); List <string> decryptedList = new List <string>(); // Decrypt each password entry. Work backwards with last nonce used, as nonce decrements. for (int i = storeFileContents.Length - 1; i > -1; i--) { byte[] dataToDecrypt = Convert.FromBase64String(storeFileContents[i]); var decrypted = SecretAeadAes.Decrypt(dataToDecrypt, nonce, key); decryptedList.Add(Encoding.ASCII.GetString(decrypted)); // Decrement nonce to get each nonce used to encrypt password entry. ByteOperation.Decrement(ref nonce); } // Return list containing all decrypted password entries. return(decryptedList); }
// Function to change the master password. public static void ChangeMasterPassword(string oldMasterPassword, string newMasterPassword) { // Get current encryption key. byte[] key = GetKey(oldMasterPassword); // Re-encrypt key with new master password and store. byte[] nonce = SecretAeadAes.GenerateNonce(); byte[] keyToEncryptKey = GenericHash.Hash(newMasterPassword, (byte[])null, 32); byte[] encryptedKey = SecretAeadAes.Encrypt(key, nonce, keyToEncryptKey); // Store bytes in base64 encoding. File.WriteAllText(PIMUX_KEY, Convert.ToBase64String(encryptedKey)); File.WriteAllText(PIMUX_KEY_NONCE, Convert.ToBase64String(nonce)); // Change authentication hash. string newArgonHash = ArgonHash(newMasterPassword); File.WriteAllText(PIMUX_AUTH, newArgonHash); //Hashes the key in to PIMUX_KEY File.WriteAllText(PIMUX_KEY, newArgonHash); }
// Function to encrypt the main store. public static void EncryptStoreFile(string masterPassword, string[] dataToEncrypt) { // Get required variables. byte[] nonce = GetNonce(); byte[] key = GetKey(masterPassword); // Clear main store. File.WriteAllText(PIMUX_STORE, ""); // Encrypt each password entry. for (int i = 0; i < dataToEncrypt.Length; i++) { // Increment nonce so every password entry uses a different nonce. ByteOperation.Increment(ref nonce); byte[] byteDataToEnc = Encoding.ASCII.GetBytes(dataToEncrypt[i]); var encrypted = SecretAeadAes.Encrypt(byteDataToEnc, nonce, key); File.AppendAllText(PIMUX_STORE, Convert.ToBase64String(encrypted) + Environment.NewLine); } // Write nonce to file. File.WriteAllText(PIMUX_STORE_NONCE, Convert.ToBase64String(nonce)); }