public string Unseal(string sealedString, string password, IronConfig config)
{
var macBase = MacBase.FromSealedString(sealedString);
if (!string.IsNullOrEmpty(macBase.Expiration))
{
CheckExpirationDate(macBase.Expiration, config);
}
var normalizedPassword = NormalizePassword(password);
var decryptOptions = config.EncryptionConfig;
decryptOptions.Salt = macBase.HmacSalt;
var mac = HmacWithPassword(normalizedPassword.Integrity, decryptOptions, macBase.ToShortString());
if (mac.Digest != macBase.Hmac)
{
throw new IronUnsealErrorException("Bad HMAC value");
}
var encryptedUnBase64 = Util.Base64UrlDecode(macBase.EncryptedB64);
decryptOptions.Iv = Util.Base64UrlDecode(macBase.EncryptionIv);
decryptOptions.Salt = macBase.EncryptionSalt;
var decrypted = Decrypt(normalizedPassword.Encryption, decryptOptions, encryptedUnBase64);
return(decrypted.DecryptedResult);
}
private static void CheckExpirationDate(string expiration, IronConfig config)
{
var _now = DateTime.Now.AddMilliseconds(config.LocalTimeOffsetMsec);
var expiryDate = new DateTime(long.Parse(expiration));
if (expiryDate <= _now)
{
throw new IronUnsealErrorException("Expired seal");
}
}
public string Seal(string stringToSeal, string password, IronConfig options)
{
var date = DateTime.Now.AddMilliseconds(options.LocalTimeOffsetMsec);
var normalizedPassword = NormalizePassword(password);
var encrypted = Encrypt(password, options.EncryptionConfig, stringToSeal);
var encryptedB64 = Util.Base64UrlEncode(encrypted.EncryptedResult);
var iv = Util.Base64UrlEncode(encrypted.Key.Iv);
var expiration = DateTime.Now.AddMilliseconds(options.Ttl);
var hmacBase = MacBase.FromParameters("", encrypted.Key.Salt, iv, encryptedB64, "");
var hmac = HmacWithPassword(password, options.IntegrityConfig, hmacBase.ToShortString());
hmacBase.SetHmacSalt(hmac.Salt, hmac.Digest);
return(hmacBase.ToString());
}
public Iron(IronConfig config)
{
_config = config;
}
