/// <summary> /// Creates a new <see cref="UserKeyAuthorization"/> entry for a user key and a particular archive. /// </summary> /// <param name="friendlyName">A friendly name to help the user identify the key.</param> /// <param name="userKey">The <see cref="UserKey"/> to authorize.</param> /// <param name="archiveKey">The key used to encrypt the archive that the user key is being authorized for.</param> /// <param name="securitySettings">The archive's <see cref="SecuritySettings"/>.</param> /// <returns>The new <see cref="UserKeyAuthorization"/> entry.</returns> public static UserKeyAuthorization CreateNewAuthorization( UserKeyAuthorizationParameters newKeyParams, ReadOnlySpan <byte> keyDerivationSalt, ArchiveKey archiveKey, SecuritySettings securitySettings) { ArgCheck.IsValid(newKeyParams, nameof(newKeyParams)); ArgCheck.NotEmpty(keyDerivationSalt, nameof(keyDerivationSalt)); ArgCheck.NotNull(archiveKey, nameof(archiveKey)); ArgCheck.IsValid(securitySettings, nameof(securitySettings)); using var userKey = UserKey.DeriveFrom( newKeyParams.UserSecret, keyDerivationSalt, securitySettings); // The SecureArchive file format requires that the friendly name and keyId be // checked for tampering when using authenticated cyphers. var additionalData = Encoding.UTF8.GetBytes(newKeyParams.FriendlyName + userKey.KeyId); var cryptoStrategy = CryptoHelpers.GetCryptoStrategy(securitySettings.EncryptionAlgo); var encryptedArchiveKey = userKey.EncryptSecret(cryptoStrategy, archiveKey, additionalData); return(new UserKeyAuthorization { AuthorizationId = Guid.NewGuid(), FriendlyName = newKeyParams.FriendlyName, KeyId = userKey.KeyId, TimeAdded = DateTime.UtcNow, EncryptedArchiveKey = encryptedArchiveKey, SecretMetadata = newKeyParams.SecretMetadata, }); }
/// <summary> /// Unlocks (i.e. decrypts) the archive with the given raw user secret. /// </summary> /// <param name="userSecret">The user secret to use to unlock the archive.</param> public void Unlock(RawUserSecret userSecret) { ArgCheck.NotNull(userSecret, nameof(userSecret)); using var userKey = UserKey.DeriveFrom( userSecret, this.ArchiveMetadata.KeyDerivationSalt.ToArray(), this.ArchiveMetadata.SecuritySettings); this.Unlock(userKey); }