public string Unseal(string sealedString, string password, IronConfig config) { var macBase = MacBase.FromSealedString(sealedString); if (!string.IsNullOrEmpty(macBase.Expiration)) { CheckExpirationDate(macBase.Expiration, config); } var normalizedPassword = NormalizePassword(password); var decryptOptions = config.EncryptionConfig; decryptOptions.Salt = macBase.HmacSalt; var mac = HmacWithPassword(normalizedPassword.Integrity, decryptOptions, macBase.ToShortString()); if (mac.Digest != macBase.Hmac) { throw new IronUnsealErrorException("Bad HMAC value"); } var encryptedUnBase64 = Util.Base64UrlDecode(macBase.EncryptedB64); decryptOptions.Iv = Util.Base64UrlDecode(macBase.EncryptionIv); decryptOptions.Salt = macBase.EncryptionSalt; var decrypted = Decrypt(normalizedPassword.Encryption, decryptOptions, encryptedUnBase64); return(decrypted.DecryptedResult); }
private static void CheckExpirationDate(string expiration, IronConfig config) { var _now = DateTime.Now.AddMilliseconds(config.LocalTimeOffsetMsec); var expiryDate = new DateTime(long.Parse(expiration)); if (expiryDate <= _now) { throw new IronUnsealErrorException("Expired seal"); } }
public string Seal(string stringToSeal, string password, IronConfig options) { var date = DateTime.Now.AddMilliseconds(options.LocalTimeOffsetMsec); var normalizedPassword = NormalizePassword(password); var encrypted = Encrypt(password, options.EncryptionConfig, stringToSeal); var encryptedB64 = Util.Base64UrlEncode(encrypted.EncryptedResult); var iv = Util.Base64UrlEncode(encrypted.Key.Iv); var expiration = DateTime.Now.AddMilliseconds(options.Ttl); var hmacBase = MacBase.FromParameters("", encrypted.Key.Salt, iv, encryptedB64, ""); var hmac = HmacWithPassword(password, options.IntegrityConfig, hmacBase.ToShortString()); hmacBase.SetHmacSalt(hmac.Salt, hmac.Digest); return(hmacBase.ToString()); }
public Iron(IronConfig config) { _config = config; }