public string Unseal(string sealedString, string password, IronConfig config)
{
var macBase = MacBase.FromSealedString(sealedString);
if (!string.IsNullOrEmpty(macBase.Expiration))
{
CheckExpirationDate(macBase.Expiration, config);
}
var normalizedPassword = NormalizePassword(password);
var decryptOptions = config.EncryptionConfig;
decryptOptions.Salt = macBase.HmacSalt;
var mac = HmacWithPassword(normalizedPassword.Integrity, decryptOptions, macBase.ToShortString());
if (mac.Digest != macBase.Hmac)
{
throw new IronUnsealErrorException("Bad HMAC value");
}
var encryptedUnBase64 = Util.Base64UrlDecode(macBase.EncryptedB64);
decryptOptions.Iv = Util.Base64UrlDecode(macBase.EncryptionIv);
decryptOptions.Salt = macBase.EncryptionSalt;
var decrypted = Decrypt(normalizedPassword.Encryption, decryptOptions, encryptedUnBase64);
return(decrypted.DecryptedResult);
}
internal static MacBase FromParameters(string passwordid, string encryptionsalt, string iv, string encryptedB64String, string expiration)
{
var macBase = new MacBase();
macBase._passwordId = passwordid;
macBase.EncryptionSalt = encryptionsalt;
macBase.EncryptionIv = iv;
macBase.EncryptedB64 = encryptedB64String;
macBase.Expiration = expiration;
return(macBase);
}
public string Seal(string stringToSeal, string password, IronConfig options)
{
var date = DateTime.Now.AddMilliseconds(options.LocalTimeOffsetMsec);
var normalizedPassword = NormalizePassword(password);
var encrypted = Encrypt(password, options.EncryptionConfig, stringToSeal);
var encryptedB64 = Util.Base64UrlEncode(encrypted.EncryptedResult);
var iv = Util.Base64UrlEncode(encrypted.Key.Iv);
var expiration = DateTime.Now.AddMilliseconds(options.Ttl);
var hmacBase = MacBase.FromParameters("", encrypted.Key.Salt, iv, encryptedB64, "");
var hmac = HmacWithPassword(password, options.IntegrityConfig, hmacBase.ToShortString());
hmacBase.SetHmacSalt(hmac.Salt, hmac.Digest);
return(hmacBase.ToString());
}
internal static MacBase FromSealedString(string sealedString)
{
var mac = new MacBase();
var parts = sealedString.Split('*');
if (parts.Length != 8)
{
throw new IronUnsealErrorException("Sealed string must be 8 parts");
}
mac._macPrefix = parts[0];
mac._passwordId = parts[1];
mac.EncryptionSalt = parts[2];
mac.EncryptionIv = parts[3];
mac.EncryptedB64 = parts[4];
mac.Expiration = parts[5];
mac.HmacSalt = parts[6];
mac.Hmac = parts[7];
if (mac._macPrefix != MacPrefix)
{
throw new IronUnsealErrorException("Mac prefix is wrong");
}
return(mac);
}
