/// <summary>
/// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in
/// transferring a key between machines.
/// </summary>
/// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param>
/// <param name="keyToArchive">Key to be archived.</param>
/// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param>
public static void ArchiveKey(Stream outputStream,
ProtectedKey keyToArchive,
string passphrase)
{
IKeyWriter writer = new KeyReaderWriter();
writer.Archive(outputStream, keyToArchive, passphrase);
}
internal KeyedHashAlgorithmProvider(Type algorithmType, bool saltEnabled, ProtectedKey protectedKey)
: base(algorithmType, saltEnabled)
{
if(protectedKey == null) throw new ArgumentNullException("key");
if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType");
this.key = protectedKey;
}
/// <summary>
/// <para>Initalize a new instance of the <see cref="SymmetricCryptographer"/> class with an algorithm type and a key.</para>
/// </summary>
/// <param name="algorithmType"><para>The qualified assembly name of a <see cref="SymmetricAlgorithm"/>.</para></param>
/// <param name="key"><para>The key for the algorithm.</para></param>
public SymmetricCryptographer(Type algorithmType, ProtectedKey key)
{
if (algorithmType == null) throw new ArgumentNullException("algorithmType");
if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType");
if (key == null) throw new ArgumentNullException("key");
this.key = key;
this.algorithm = GetSymmetricAlgorithm(algorithmType);
}
/// <summary>
/// Initialize a new instance of the <see cref="ExportKeyUI"/> class.
/// </summary>
public ExportKeyUI(ProtectedKey key)
{
this.key = key;
InitializeComponent();
btnCancel.Text = KeyManagerResources.ExportKeyUICancelButton;
btnOk.Text = KeyManagerResources.ExportKeyUIOkButton;
Text = KeyManagerResources.ExportKeyDialogTitle;
}
/// <summary>
/// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in
/// transferring a key between machines.
/// </summary>
/// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param>
/// <param name="keyToBeArchived">Key to be archived.</param>
/// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param>
public void Archive(Stream outputStream, ProtectedKey keyToBeArchived, string passphrase)
{
byte[] versionNumberBytes = BitConverter.GetBytes(versionNumber);
byte[] salt = GenerateSalt();
byte[] encryptedKey = GetEncryptedKey(keyToBeArchived, passphrase, salt);
outputStream.Write(versionNumberBytes, 0, versionNumberBytes.Length);
outputStream.Write(salt, 0, salt.Length);
outputStream.Write(encryptedKey, 0, encryptedKey.Length);
}
internal SymmetricAlgorithmProvider(Type algorithmType, ProtectedKey key)
{
if (algorithmType == null) throw new ArgumentNullException("algorithmType");
if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType");
this.algorithmType = algorithmType;
this.key = key;
this.instrumentationProvider = new SymmetricAlgorithmInstrumentationProvider();
}
internal KeyedHashAlgorithmProvider(Type algorithmType, bool saltEnabled, ProtectedKey protectedKey)
: base(algorithmType, saltEnabled)
{
if (protectedKey == null)
{
throw new ArgumentNullException("key");
}
if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType))
{
throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType");
}
this.key = protectedKey;
}
/// <summary>
/// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in
/// transferring a key between machines.
/// </summary>
/// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param>
/// <param name="keyToBeArchived">Key to be archived.</param>
/// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param>
public void Archive(Stream outputStream, ProtectedKey keyToBeArchived, string passphrase)
{
if (outputStream == null)
{
throw new ArgumentNullException("outputStream");
}
byte[] versionNumberBytes = BitConverter.GetBytes(versionNumber);
byte[] salt = GenerateSalt();
byte[] encryptedKey = GetEncryptedKey(keyToBeArchived, passphrase, salt);
outputStream.Write(versionNumberBytes, 0, versionNumberBytes.Length);
outputStream.Write(salt, 0, salt.Length);
outputStream.Write(encryptedKey, 0, encryptedKey.Length);
}
private ProtectedKey GenerateKey(SymmetricAlgorithm algorithm, DataProtectionScope dataProtectionScope)
{
byte[] generatedKey = GenerateUnprotectedKey(algorithm);
try
{
return(ProtectedKey.CreateFromPlaintextKey(generatedKey, dataProtectionScope));
}
finally
{
if (generatedKey != null)
{
CryptographyUtility.ZeroOutBytes(generatedKey);
}
}
}
internal SymmetricAlgorithmProvider(Type algorithmType, ProtectedKey key)
{
if (algorithmType == null)
{
throw new ArgumentNullException("algorithmType");
}
if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType))
{
throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType");
}
this.algorithmType = algorithmType;
this.key = key;
this.instrumentationProvider = new SymmetricAlgorithmInstrumentationProvider();
}
/// <summary>
/// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use.
/// </summary>
/// <param name="algorithmType">
/// The <see cref="KeyedHashAlgorithm"/> to use.
/// </param>
/// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param>
/// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param>
/// <param name="instrumentationProvider">The <see cref="IHashAlgorithmInstrumentationProvider"/> to use.</param>
public KeyedHashAlgorithmProvider(Type algorithmType,
bool saltEnabled,
ProtectedKey protectedKey,
IHashAlgorithmInstrumentationProvider instrumentationProvider)
: base(algorithmType, saltEnabled, instrumentationProvider)
{
if (protectedKey == null)
{
throw new ArgumentNullException("protectedKey");
}
if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType))
{
throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType");
}
key = protectedKey;
}
/// <summary>
/// Reads an encrypted key from an input file. This method is not intended to allow keys to be transferred
/// from another machine.
/// </summary>
/// <param name="protectedKeyFileName">Input file from which DPAPI-protected key is to be read.</param>
/// <param name="dpapiProtectionScope"><see cref="DataProtectionScope"/> used to protect the key on disk. </param>
/// <returns>Key read from stream, encapsulated in a <see cref="ProtectedKey"></see>.</returns>
public static ProtectedKey Read(string protectedKeyFileName, DataProtectionScope dpapiProtectionScope)
{
string completeFileName = Path.GetFullPath(protectedKeyFileName);
if (cache[completeFileName] != null)
{
return(cache[completeFileName]);
}
using (FileStream stream = new FileStream(protectedKeyFileName, FileMode.Open, FileAccess.Read, FileShare.Read))
{
ProtectedKey protectedKey = Read(stream, dpapiProtectionScope);
cache[completeFileName] = protectedKey;
return(protectedKey);
}
}
/// <summary>
/// <para>Initalize a new instance of the <see cref="SymmetricCryptographer"/> class with an algorithm type and a key.</para>
/// </summary>
/// <param name="algorithmType"><para>The qualified assembly name of a <see cref="SymmetricAlgorithm"/>.</para></param>
/// <param name="key"><para>The key for the algorithm.</para></param>
public SymmetricCryptographer(Type algorithmType, ProtectedKey key)
{
if (algorithmType == null)
{
throw new ArgumentNullException("algorithmType");
}
if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType))
{
throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType");
}
if (key == null)
{
throw new ArgumentNullException("key");
}
this.key = key;
this.algorithm = GetSymmetricAlgorithm(algorithmType);
}
/// <summary>
/// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use.
/// </summary>
/// <param name="algorithmType">
/// The <see cref="KeyedHashAlgorithm"/> to use.
/// </param>
/// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param>
/// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param>
public KeyedHashAlgorithmProvider(Type algorithmType,
bool saltEnabled,
ProtectedKey protectedKey)
: this(algorithmType, saltEnabled, protectedKey, new NullHashAlgorithmInstrumentationProvider())
{
}
/// <summary>
/// <para>Initialize a new instance of the <see cref="HashCryptographer"/> with an algorithm type and key.</para>
/// </summary>
/// <param name="algorithmType">A fully qualifed type name derived from <see cref="HashAlgorithm"/>.</param>
/// <param name="protectedKey"><para>The key for a <see cref="KeyedHashAlgorithm"/>.</para></param>
/// <remarks>
/// While this overload will work with a specified <see cref="HashAlgorithm"/>, the protectedKey
/// is only relevant when initializing with a specified <see cref="KeyedHashAlgorithm"/>.
/// </remarks>
public HashCryptographer(Type algorithmType, ProtectedKey protectedKey)
: this(algorithmType)
{
this.key = protectedKey;
}
public void CreateKey()
{
key = KeyManager.GenerateKeyedHashKey(typeof(HMACSHA1), DataProtectionScope.CurrentUser);
}
/// <summary>
/// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use.
/// </summary>
/// <param name="algorithmType">
/// The <see cref="KeyedHashAlgorithm"/> to use.
/// </param>
/// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param>
/// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param>
public KeyedHashAlgorithmProvider(Type algorithmType,
bool saltEnabled,
ProtectedKey protectedKey)
: this(algorithmType, saltEnabled, protectedKey, new NullHashAlgorithmInstrumentationProvider())
{
}
/// <summary>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </summary>
/// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
/// <param name="key">Encrypted key to be written to stream.</param>
public void Write(Stream outputStream, ProtectedKey key)
{
WriteVersionNumber(outputStream, versionNumber);
WriteEncryptedKey(outputStream, key);
}
/// <summary>
/// Reads a DPAPI-protected key from the given <see cref="Stream"/>.
/// </summary>
/// <param name="protectedKeyStream"><see cref="Stream"/> containing the DPAPI-protected key.</param>
/// <param name="protectionScope"><see cref="DataProtectionScope"></see> used to decrypt the key read from the stream.</param>
/// <returns>Key read from stream, encapsulated in a <see cref="ProtectedKey"></see>.</returns>
public ProtectedKey Read(Stream protectedKeyStream, DataProtectionScope protectionScope)
{
ValidateKeyVersion(protectedKeyStream);
return(ProtectedKey.CreateFromEncryptedKey(ReadEncryptedKey(protectedKeyStream), protectionScope));
}
/// <summary>
/// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use.
/// </summary>
/// <param name="algorithmType">
/// The <see cref="KeyedHashAlgorithm"/> to use.
/// </param>
/// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param>
/// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param>
/// <param name="instrumentationProvider">The <see cref="IHashAlgorithmInstrumentationProvider"/> to use.</param>
public KeyedHashAlgorithmProvider(Type algorithmType,
bool saltEnabled,
ProtectedKey protectedKey,
IHashAlgorithmInstrumentationProvider instrumentationProvider)
: base(algorithmType, saltEnabled, instrumentationProvider)
{
if (protectedKey == null)
throw new ArgumentNullException("protectedKey");
if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType))
throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType");
key = protectedKey;
}
/// <summary>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </summary>
/// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
/// <param name="key">Encrypted key to be written to stream.</param>
public static void Write(Stream outputStream, ProtectedKey key)
{
IKeyWriter writer = new KeyReaderWriter();
writer.Write(outputStream, key);
}
/// <summary>
/// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in
/// transferring a key between machines.
/// </summary>
/// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param>
/// <param name="keyToArchive">Key to be archived.</param>
/// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param>
public static void ArchiveKey(Stream outputStream, ProtectedKey keyToArchive, string passphrase)
{
IKeyWriter writer = new KeyReaderWriter();
writer.Archive(outputStream, keyToArchive, passphrase);
}
/// <summary>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </summary>
/// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
/// <param name="key">Encrypted key to be written to stream.</param>
public static void Write(Stream outputStream,
ProtectedKey key)
{
IKeyWriter writer = new KeyReaderWriter();
writer.Write(outputStream, key);
}
private byte[] GetEncryptedKey(ProtectedKey keyToBeArchived, string passphrase, byte[] salt)
{
byte[] decryptedKey = keyToBeArchived.DecryptedKey;
try
{
return EncryptKeyForArchival(decryptedKey, passphrase, salt);
}
finally
{
CryptographyUtility.ZeroOutBytes(decryptedKey);
}
}
/// <summary>
/// Initializes a new instance of the <see cref="SymmetricAlgorithmProvider"/> class.
/// </summary>
/// <param name="algorithmType">The symmetric algorithm type.</param>
/// <param name="key">The <see cref="ProtectedKey"/> for the provider.</param>
public SymmetricAlgorithmProvider(Type algorithmType,
ProtectedKey key)
: this(algorithmType, key, new NullSymmetricAlgorithmInstrumentationProvider())
{
}
/// <overloads>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </overloads>
/// <summary>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </summary>
/// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
/// <param name="encryptedKey">Encrypted key to be written to stream.</param>
/// <param name="dpapiProtectionScope"><see cref="DataProtectionScope"/> used to protect the key on disk. </param>
public static void Write(Stream outputStream, byte[] encryptedKey, DataProtectionScope dpapiProtectionScope)
{
ProtectedKey key = ProtectedKey.CreateFromEncryptedKey(encryptedKey, dpapiProtectionScope);
Write(outputStream, key);
}
/// <summary>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </summary>
/// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
/// <param name="key">Encrypted key to be written to stream.</param>
public void Write(Stream outputStream, ProtectedKey key)
{
WriteVersionNumber(outputStream, versionNumber);
WriteEncryptedKey(outputStream, key);
}
private void WriteEncryptedKey(Stream outputStream, ProtectedKey key)
{
outputStream.Write(key.EncryptedKey, 0, key.EncryptedKey.Length);
}
private void WriteEncryptedKey(Stream outputStream, ProtectedKey key)
{
outputStream.Write(key.EncryptedKey, 0, key.EncryptedKey.Length);
}
/// <summary>
/// <para>Initialize a new instance of the <see cref="HashCryptographer"/> with an algorithm type and key.</para>
/// </summary>
/// <param name="algorithmType">A fully qualifed type name derived from <see cref="HashAlgorithm"/>.</param>
/// <param name="protectedKey"><para>The key for a <see cref="KeyedHashAlgorithm"/>.</para></param>
/// <remarks>
/// While this overload will work with a specified <see cref="HashAlgorithm"/>, the protectedKey
/// is only relevant when initializing with a specified <see cref="KeyedHashAlgorithm"/>.
/// </remarks>
public HashCryptographer(Type algorithmType, ProtectedKey protectedKey)
: this(algorithmType)
{
this.key = protectedKey;
}
/// <summary>
/// Initializes a new instance of the <see cref="SymmetricAlgorithmProvider"/> class.
/// </summary>
/// <param name="algorithmType">The symmetric algorithm type.</param>
/// <param name="key">The <see cref="ProtectedKey"/> for the provider.</param>
public SymmetricAlgorithmProvider(Type algorithmType,
ProtectedKey key)
:this(algorithmType, key, new NullSymmetricAlgorithmInstrumentationProvider())
{
}