ProtectedKey ProtectKey(byte[] decryptedKey, DataProtectionScope protectionScope)
{
ProtectedKey key = ProtectedKey.CreateFromPlaintextKey(decryptedKey, protectionScope);
CryptographyUtility.ZeroOutBytes(decryptedKey);
return(key);
}
internal static RijndaelManaged GetAESCryptoProvider(string password)
{
RijndaelManaged managed = new RijndaelManaged();
byte[] bytes = Encoding.UTF8.GetBytes(password);
managed.KeySize = 0x100;
using (SHA256 sha = new SHA256Managed())
{
managed.Key = sha.ComputeHash(bytes);
}
using (SHA1 sha2 = new SHA1Managed())
{
byte[] buffer2 = sha2.ComputeHash(bytes);
byte[] buffer3 = new byte[0x10];
for (int i = 0; i < 0x10; i++)
{
buffer3[i] = buffer2[i];
}
managed.IV = buffer3;
CryptographyUtility.ZeroOutBytes(buffer3);
CryptographyUtility.ZeroOutBytes(buffer2);
}
CryptographyUtility.ZeroOutBytes(bytes);
return(managed);
}
internal static string CreateHash(IHashProvider provider, string plaintext)
{
byte[] bytes = Encoding.Unicode.GetBytes(plaintext);
byte[] inArray = provider.CreateHash(bytes);
CryptographyUtility.GetRandomBytes(bytes);
return(Convert.ToBase64String(inArray));
}
byte[] EncryptKeyForArchival(byte[] keyToExport, string passphrase, byte[] salt)
{
RijndaelManaged archivalEncryptionAlgorithm = new RijndaelManaged();
byte[] rgbKey = this.GenerateArchivalKey(archivalEncryptionAlgorithm, passphrase, salt);
byte[] rgbIV = new byte[archivalEncryptionAlgorithm.BlockSize / 8];
return(CryptographyUtility.Transform(archivalEncryptionAlgorithm.CreateEncryptor(rgbKey, rgbIV), keyToExport));
}
internal static bool CompareHash(IHashProvider provider, string plaintext, string hashedText)
{
byte[] bytes = Encoding.Unicode.GetBytes(plaintext);
byte[] hashedtext = Convert.FromBase64String(hashedText);
bool flag = provider.CompareHash(bytes, hashedtext);
CryptographyUtility.GetRandomBytes(bytes);
return(flag);
}
public static string EncryptWithPassword(string plaintext, string password)
{
byte[] bytes = Encoding.UTF8.GetBytes(plaintext);
byte[] inArray = EncryptWithPassword(bytes, password);
string str = Convert.ToBase64String(inArray);
CryptographyUtility.ZeroOutBytes(bytes);
CryptographyUtility.ZeroOutBytes(inArray);
return(str);
}
public static string DecryptWithPassword(string ciphertextBase64, string password)
{
byte[] ciphertext = Convert.FromBase64String(ciphertextBase64);
byte[] bytes = DecryptWithPassword(ciphertext, password);
string str = Encoding.UTF8.GetString(bytes);
CryptographyUtility.ZeroOutBytes(bytes);
CryptographyUtility.ZeroOutBytes(ciphertext);
return(str);
}
byte[] DecryptKeyForRestore(string passphrase, byte[] encryptedKey, byte[] salt)
{
RijndaelManaged archivalEncryptionAlgorithm = new RijndaelManaged();
byte[] rgbKey = this.GenerateArchivalKey(archivalEncryptionAlgorithm, passphrase, salt);
byte[] rgbIV = new byte[archivalEncryptionAlgorithm.BlockSize / 8];
byte[] buffer3 = CryptographyUtility.Transform(archivalEncryptionAlgorithm.CreateDecryptor(rgbKey, rgbIV), encryptedKey);
CryptographyUtility.ZeroOutBytes(rgbKey);
return(buffer3);
}
void AddSaltToPlainText(ref byte[] salt, ref byte[] plaintext)
{
if (this.saltEnabled)
{
if (salt == null)
{
salt = CryptographyUtility.GetRandomBytes(0x10);
}
plaintext = CryptographyUtility.CombineBytes(salt, plaintext);
}
}
internal static string EncryptSymmetric(ISymmetricCryptoProvider provider, string plaintext)
{
if (string.IsNullOrEmpty(plaintext))
{
throw new ArgumentException("The value can not be a null or empty string.", "plaintext");
}
byte[] bytes = Encoding.Unicode.GetBytes(plaintext);
byte[] inArray = provider.Encrypt(bytes);
CryptographyUtility.GetRandomBytes(bytes);
return(Convert.ToBase64String(inArray));
}
public byte[] Decrypt(byte[] encryptedText)
{
byte[] buffer = null;
byte[] buffer2 = this.ExtractIV(encryptedText);
this.algorithm.Key = this.Key;
using (ICryptoTransform transform = this.algorithm.CreateDecryptor())
{
buffer = Transform(transform, buffer2);
}
CryptographyUtility.ZeroOutBytes(this.algorithm.Key);
return(buffer);
}
internal static string DecryptSymmetric(ISymmetricCryptoProvider provider, string ciphertextBase64)
{
if (string.IsNullOrEmpty(ciphertextBase64))
{
throw new ArgumentException("The value can not be a null or empty string.", "ciphertextBase64");
}
byte[] ciphertext = Convert.FromBase64String(ciphertextBase64);
byte[] bytes = provider.Decrypt(ciphertext);
string str = Encoding.Unicode.GetString(bytes);
CryptographyUtility.GetRandomBytes(bytes);
return(str);
}
byte[] GetEncryptedKey(ProtectedKey keyToBeArchived, string passphrase, byte[] salt)
{
byte[] buffer2;
byte[] decryptedKey = keyToBeArchived.DecryptedKey;
try
{
buffer2 = this.EncryptKeyForArchival(decryptedKey, passphrase, salt);
}
finally
{
CryptographyUtility.ZeroOutBytes(decryptedKey);
}
return(buffer2);
}
public byte[] Encrypt(byte[] plaintext)
{
byte[] dst = null;
byte[] src = null;
this.algorithm.Key = this.Key;
using (ICryptoTransform transform = this.algorithm.CreateEncryptor())
{
src = Transform(transform, plaintext);
}
dst = new byte[this.IVLength + src.Length];
Buffer.BlockCopy(this.algorithm.IV, 0, dst, 0, this.IVLength);
Buffer.BlockCopy(src, 0, dst, this.IVLength, src.Length);
CryptographyUtility.ZeroOutBytes(this.algorithm.Key);
return(dst);
}
ProtectedKey GenerateKey(SymmetricAlgorithm algorithm, DataProtectionScope dataProtectionScope)
{
ProtectedKey key;
byte[] plaintextKey = this.GenerateUnprotectedKey(algorithm);
try
{
key = ProtectedKey.CreateFromPlaintextKey(plaintextKey, dataProtectionScope);
}
finally
{
if (plaintextKey != null)
{
CryptographyUtility.ZeroOutBytes(plaintextKey);
}
}
return(key);
}
byte[] GenerateSalt()
{
return(CryptographyUtility.GetRandomBytes(0x10));
}
static byte[] Transform(ICryptoTransform transform, byte[] buffer)
{
return(CryptographyUtility.Transform(transform, buffer));
}