public static byte[] GetPlaintextMasterKey(this DBUser user, string password)
{
var pw_key = user.DeriveKeyFromPassword(password);
var aes = new AesManaged();
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aes.CreateDecryptor(pw_key, user.MasterKeySalt.ToByteArray());
// Create the streams used for decryption.
string plaintext;
using (MemoryStream msDecrypt = new MemoryStream(user.EncryptedMasterKey.ToByteArray()))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
return(plaintext.ToByteArray());
}
public static void CreateCryptoFields(this DBUser db_user, string password)
{
if (string.IsNullOrEmpty(password))
{
throw new ArgumentNullException("password");
}
var rng = new RNGCryptoServiceProvider();
var salt = rng.Create256BitLowerCaseHexKey();
db_user.PasswordSalt = salt.Substring(0, 32);
db_user.MasterKeySalt = salt.Substring(32, 32);
db_user.UpdatePassword(password);
// generate master key - always fix and will sustain password changes
string master_key = rng.Create256BitLowerCaseHexKey();
var pw_key = db_user.DeriveKeyFromPassword(password);
// now encrypt the cleartext masterkey with the password-derived key
using (var aes = new AesManaged()) {
ICryptoTransform encryptor = aes.CreateEncryptor(pw_key, db_user.MasterKeySalt.ToByteArray());
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(master_key);
}
var encrypted = msEncrypt.ToArray();
db_user.EncryptedMasterKey = encrypted.ToHexString();
}
}
}
}
