private async Task <AsymmetricallyEncryptedObject> EncryptObject_PrivateAsync(object input, IPublicKey publicKey1, IPublicKey publicKey2)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (publicKey1 == null)
{
throw new ArgumentNullException(nameof(publicKey1));
}
//if (string.IsNullOrEmpty(key1Id))
//{
// throw new ArgumentException("key1Id");
//}
//if (publicKey2 != null && string.IsNullOrEmpty(key2Id))
//{
// throw new ArgumentException("key2Id");
//}
//if (!string.IsNullOrEmpty(key2Id) && publicKey2 == null)
//{
// throw new ArgumentNullException("publicKey2");
//}
// password lengths
int pwLen = 32;
//var pwMinLen = pwLen;
//var pwMaxLen = pwLen; // 40;
if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
{
pwLen = 40;
//// up the pw size
//pwMinLen = 40;
//pwMaxLen = 40;
}
//if (pwMinLen < 32)
//{
// throw new NotImplementedException("pwMinLen is at least 32 bytes");
//}
//if (pwMinLen == pwMaxLen)
//{
// pwLen = pwMaxLen;
//}
//else
//{
// pwLen = rand.RandomNumber(pwMinLen, pwMaxLen);
//}
byte[] passPhraseAsBytes = null;
byte[] passPhrase2AsBytes = null;
string passPhrase = null;
string passPhrase2 = null;
var cryptoSvc = RNGCryptoServiceProvider.Create();
if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
{
// legacy uses a string
var rand = new RandomGenerator();
passPhrase = rand.GenerateSecretCodeUrlSafe(pwLen, pwLen); // pwMinLen, pwMaxLen);
passPhraseAsBytes = Serializer.SerializeToByteArray(passPhrase);
if (publicKey2 != null)
{
passPhrase2 = rand.GenerateSecretCodeUrlSafe(pwLen, pwLen); // pwMinLen, pwMaxLen);
passPhrase2AsBytes = Serializer.SerializeToByteArray(passPhrase2);
}
}
else
{
passPhraseAsBytes = new byte[pwLen];
cryptoSvc.GetBytes(passPhraseAsBytes);
if (publicKey2 != null)
{
passPhrase2AsBytes = new byte[pwLen];
cryptoSvc.GetBytes(passPhrase2AsBytes);
}
}
byte[] encryptedPassPhraseAsBytes = null;
AsymmetricallyEncryptedObject asymEncObj = null;
byte[] encryptionPassPhrase = null;
// if there are two keys, then we double encrypt the passphrase
if (publicKey2 == null)
{
var encRes = await publicKey1.WrapKeyAsync(passPhraseAsBytes);
encryptedPassPhraseAsBytes = encRes;
asymEncObj = new AsymmetricallyEncryptedObject()
{
KeyId = publicKey1.KeyId,
Reference = encryptedPassPhraseAsBytes
};
encryptionPassPhrase = passPhraseAsBytes;
}
else
{
// double passwords
var dualPw = new DualKeyProtectedPassword();
// get encryption from key1
var encRes1 = await publicKey1.WrapKeyAsync(passPhraseAsBytes);
dualPw.EncryptedPassphrase1 = encRes1;
// get encryption from key2
var encRes2 = await publicKey2.WrapKeyAsync(passPhrase2AsBytes);
dualPw.EncryptedPassphrase2 = encRes2;
encryptedPassPhraseAsBytes = Encoding.UTF8.GetBytes(Serializer.SerializeToJson(dualPw));
asymEncObj = new AsymmetricallyEncryptedObject()
{
KeyId = publicKey1.KeyId,
Key2Id = publicKey2.KeyId,
Reference = encryptedPassPhraseAsBytes
};
encryptionPassPhrase = passPhraseAsBytes.Concat(passPhrase2AsBytes).ToArray();
}
// handle the different strategies
// handle the different strategies
if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
{
// this is the revised legacy handling that has been enhanced
// Note that the passPhrase is a string, but the reference taht is stored is
// -----> Serializer.SerializeToByteArray(passPhrase);
// This is not a straight forward string to byte array conversion using encoding.
// And the decrypte expects to use this serializer method.
string cipher;
#pragma warning disable 0618
asymEncObj.Data = BasicEncryptor.EncryptObject(input, passPhrase + passPhrase2, out cipher);
#pragma warning restore 0618
asymEncObj.CipherText = cipher;
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Legacy_Aes2; // critical!!!
}
else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_20000)
{
byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
asymEncObj.Data = AesEncryptor.Encrypt20000(inputAsBytes, encryptionPassPhrase);
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_20000; // critical!!!
}
else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Undefined || this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
{
byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
asymEncObj.Data = AesEncryptor.Encrypt1000(inputAsBytes, encryptionPassPhrase);
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_1000; // critical!!!
}
else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_5)
{
byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
asymEncObj.Data = AesEncryptor.Encrypt5(inputAsBytes, encryptionPassPhrase);
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_5; // critical!!!
}
else
{
throw new NotImplementedException(string.Format("AsymmetricStrategyOption '{0}' not implemented.", this.AsymmetricStrategy.ToString()));
}
passPhraseAsBytes.ClearByteArray();
passPhrase2AsBytes.ClearByteArray();
return(asymEncObj);
}
private async Task<AsymmetricallyEncryptedObject> EncryptObject_PrivateAsync(object input, IPublicKey publicKey1, IPublicKey publicKey2)
{
if (input == null)
{
throw new ArgumentNullException(nameof(input));
}
if (publicKey1 == null)
{
throw new ArgumentNullException(nameof(publicKey1));
}
//if (string.IsNullOrEmpty(key1Id))
//{
// throw new ArgumentException("key1Id");
//}
//if (publicKey2 != null && string.IsNullOrEmpty(key2Id))
//{
// throw new ArgumentException("key2Id");
//}
//if (!string.IsNullOrEmpty(key2Id) && publicKey2 == null)
//{
// throw new ArgumentNullException("publicKey2");
//}
// password lengths
int pwLen = 32;
//var pwMinLen = pwLen;
//var pwMaxLen = pwLen; // 40;
if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
{
pwLen = 40;
//// up the pw size
//pwMinLen = 40;
//pwMaxLen = 40;
}
//if (pwMinLen < 32)
//{
// throw new NotImplementedException("pwMinLen is at least 32 bytes");
//}
//if (pwMinLen == pwMaxLen)
//{
// pwLen = pwMaxLen;
//}
//else
//{
// pwLen = rand.RandomNumber(pwMinLen, pwMaxLen);
//}
byte[] passPhraseAsBytes = null;
byte[] passPhrase2AsBytes = null;
string passPhrase = null;
string passPhrase2 = null;
if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
{
// legacy uses a string
var rand = new RandomGenerator();
passPhrase = rand.RandomPassword(pwLen); // pwMinLen, pwMaxLen);
passPhraseAsBytes = Serializer.SerializeToByteArray(passPhrase);
if (publicKey2 != null)
{
passPhrase2 = rand.RandomPassword(pwLen); // pwMinLen, pwMaxLen);
passPhrase2AsBytes = Serializer.SerializeToByteArray(passPhrase2);
}
}
else
{
var cryptoSvc = RNGCryptoServiceProvider.Create();
passPhraseAsBytes = new byte[pwLen];
cryptoSvc.GetBytes(passPhraseAsBytes);
if (publicKey2 != null)
{
passPhrase2AsBytes = new byte[pwLen];
cryptoSvc.GetBytes(passPhrase2AsBytes);
}
}
byte[] encryptedPassPhraseAsBytes = null;
AsymmetricallyEncryptedObject asymEncObj = null;
byte[] encryptionPassPhrase = null;
// if there are two keys, then we double encrypt the passphrase
if (publicKey2 == null)
{
var encRes = await publicKey1.WrapKeyAsync(passPhraseAsBytes);
encryptedPassPhraseAsBytes = encRes;
asymEncObj = new AsymmetricallyEncryptedObject()
{
KeyId = publicKey1.KeyId,
Reference = encryptedPassPhraseAsBytes
};
encryptionPassPhrase = passPhraseAsBytes;
}
else
{
// double passwords
var dualPw = new DualKeyProtectedPassword();
// get encryption from key1
var encRes1 = await publicKey1.WrapKeyAsync(passPhraseAsBytes);
dualPw.EncryptedPassphrase1 = encRes1;
// get encryption from key2
var encRes2 = await publicKey2.WrapKeyAsync(passPhrase2AsBytes);
dualPw.EncryptedPassphrase2 = encRes2;
encryptedPassPhraseAsBytes = Encoding.UTF8.GetBytes(Serializer.SerializeToJson(dualPw));
asymEncObj = new AsymmetricallyEncryptedObject()
{
KeyId = publicKey1.KeyId,
Key2Id = publicKey2.KeyId,
Reference = encryptedPassPhraseAsBytes
};
encryptionPassPhrase = passPhraseAsBytes.Concat(passPhrase2AsBytes).ToArray();
}
// handle the different strategies
// handle the different strategies
if (this.AsymmetricStrategy == AsymmetricStrategyOption.Legacy_Aes2)
{
// this is the revised legacy handling that has been enhanced
// Note that the passPhrase is a string, but the reference taht is stored is
// -----> Serializer.SerializeToByteArray(passPhrase);
// This is not a straight forward string to byte array conversion using encoding.
// And the decrypte expects to use this serializer method.
string cipher;
#pragma warning disable 0618
asymEncObj.Data = BasicEncryptor.EncryptObject(input, passPhrase + passPhrase2, out cipher);
#pragma warning restore 0618
asymEncObj.CipherText = cipher;
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Legacy_Aes2; // critical!!!
}
else if(this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_200000)
{
byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
asymEncObj.Data = AesEncryptor.Encrypt20000(inputAsBytes, encryptionPassPhrase);
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_200000; // critical!!!
}
else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Undefined || this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_1000)
{
byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
asymEncObj.Data = AesEncryptor.Encrypt1000(inputAsBytes, encryptionPassPhrase);
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_1000; // critical!!!
}
else if (this.AsymmetricStrategy == AsymmetricStrategyOption.Aes256_5)
{
byte[] inputAsBytes = Serializer.SerializeToByteArray(input);
asymEncObj.Data = AesEncryptor.Encrypt5(inputAsBytes, encryptionPassPhrase);
asymEncObj.AsymmetricStrategy = AsymmetricStrategyOption.Aes256_5; // critical!!!
}
else
{
throw new NotImplementedException(string.Format("AsymmetricStrategyOption '{0}' not implemented.", this.AsymmetricStrategy.ToString()));
}
passPhraseAsBytes.ClearByteArray();
passPhrase2AsBytes.ClearByteArray();
return asymEncObj;
}