public static string Decrypt(byte[] encryptedData, string pw, string salt)
{
IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary(salt, BinaryStringEncoding.Utf16LE);
IBuffer cipherBuffer = CryptographicBuffer.CreateFromByteArray(encryptedData);
KeyDerivationAlgorithmProvider keyDerivationProvider = Windows.Security.Cryptography.Core.KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32); CryptographicKey derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
IBuffer saltMaterial = CryptographicEngine.DeriveKeyMaterial(derivedPwKey, pbkdf2Parms, 16);
string keyMaterialString = CryptographicBuffer.EncodeToBase64String(keyMaterial);
string saltMaterialString = CryptographicBuffer.EncodeToBase64String(saltMaterial);
SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
CryptographicKey symmKey = symProvider.CreateSymmetricKey(keyMaterial);
IBuffer resultBuffer = CryptographicEngine.Decrypt(symmKey, cipherBuffer, saltMaterial);
string result = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf16LE, resultBuffer); return(result);
}
public void GenerateKey(string password, string salt, out Windows.Storage.Streams.IBuffer keyMaterial, out Windows.Storage.Streams.IBuffer iv)
{
IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary(salt, BinaryStringEncoding.Utf8);
KeyDerivationParameters keyParams = KeyDerivationParameters.BuildForSP800108(saltBuffer, GetNonce());
KeyDerivationAlgorithmProvider kdf = KeyDerivationAlgorithmProvider.OpenAlgorithm(Encryptor.Settings.KeyDerivationAlgorithm);
IBuffer passwordBuffer = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8);
CryptographicKey keyOriginal = kdf.CreateKey(passwordBuffer);
int keySize = 256;
int ivSize = 128 / 8;
uint totalData = (uint)(keySize + ivSize);
IBuffer keyDerived = CryptographicEngine.DeriveKeyMaterial(keyOriginal, keyParams, totalData);
byte[] keyMaterialBytes = keyDerived.ToArray();
keyMaterial = WindowsRuntimeBuffer.Create(keyMaterialBytes, 0, keySize, keySize);
iv = WindowsRuntimeBuffer.Create(keyMaterialBytes, keySize, ivSize, ivSize);
}
public override void Decrypt(Stream input, Stream output, string password, int bufferSize)
{
#if NETFX_CORE
var thisIV = new byte[ivSize];
input.Read(thisIV, 0, ivSize);
var iv = thisIV.AsBuffer();
var pwBuffer = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8);
var keyDerivationProvider = KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(iv, pwIterations);
// Create a key based on original key and derivation parameters.
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, keySize);
var provider = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesCbcPkcs7);
var key = provider.CreateSymmetricKey(keyMaterial);
// Get the input stream as an IBuffer.
IBuffer msg;
using (var ms = new MemoryStream())
{
input.CopyTo(ms);
msg = ms.ToArray().AsBuffer();
}
var buffDecrypt = CryptographicEngine.Decrypt(key, msg, iv);
output.Write(buffDecrypt.ToArray(), 0, (int)buffDecrypt.Length);
#else
using (var alg = Aes.Create())
{
var thisIV = new byte[ivSize];
input.Read(thisIV, 0, ivSize);
alg.IV = thisIV;
var key = new Rfc2898DeriveBytes(password, alg.IV, pwIterations);
alg.Key = key.GetBytes(keySize);
using (var decryptor = alg.CreateDecryptor())
using (var cryptoStream = new CryptoStream(input, decryptor, CryptoStreamMode.Read))
CopyStream(cryptoStream, output, bufferSize);
}
#endif
output.Position = 0;
}
/**** Cryptography *****/
public static string Hash(string data)
{
var bytes = Encoding.UTF8.GetBytes(data);
#if NETFX_CORE
/*if (sha1 == null)
* sha1 = KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithmNames.Pbkdf2Sha1);*/
throw new NotImplementedException("WinRT...");
#else
if (sha1 == null)
{
sha1 = Encryptor.Current.CreateHash();
}
var hash = sha1.Compute20(bytes);
return(BytesToString(hash));
#endif
}
private KeyMaterial(SecureString password, byte[] salt, int iterations)
{
if (iterations < 1000)
{
throw new SecurityException("The KDF iterations should not be lower than 1000");
}
if (password == null)
{
throw new ArgumentNullException(nameof(password));
}
if (salt == null)
{
throw new ArgumentNullException(nameof(salt));
}
// Possibly security critical
#if WINDOWS_UWP
var passwordBuffer = CryptographicBuffer.ConvertStringToBinary(password.GetString(), BinaryStringEncoding.Utf8);
var saltBuffer = CryptographicBuffer.CreateFromByteArray(salt);
var keyDerivationProvider = KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
var pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, (uint)iterations);
var keyOriginal = keyDerivationProvider.CreateKey(passwordBuffer);
var keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
var derivedPasswordKey = keyDerivationProvider.CreateKey(passwordBuffer);
this.key = keyMaterial.ToArray().ZipAsBytes();
this.initialisationVector = keyMaterial.ToArray().GetBytes(16).ZipAsBytes();
#else
using (Rfc2898DeriveBytes keyMaterial = new Rfc2898DeriveBytes(password.GetString(), salt, iterations))
{
this.key = keyMaterial.GetBytes(32).ZipAsBytes();
keyMaterial.Reset();
this.initialisationVector = keyMaterial.GetBytes(16).ZipAsBytes();
}
#endif
this.salt = salt.ZipAsBytes();
// Let us pin our variables so that the GC is not moving them around creating a lot of copies
this.saltHandle = GCHandle.Alloc(this.salt, GCHandleType.Pinned);
this.initialisationVectorHandle = GCHandle.Alloc(this.initialisationVector, GCHandleType.Pinned);
this.keyHandle = GCHandle.Alloc(this.key, GCHandleType.Pinned);
}
private IBuffer PBKDF2(IBuffer buffSecret, IBuffer buffSalt)
{
var algorithm = KeyDerivationAlgorithmNames.Pbkdf2Sha256;
var iterationCountIn = 100000u;
var targetSize = 32u;
var provider = KeyDerivationAlgorithmProvider.OpenAlgorithm(algorithm);
var pbkdf2Params = KeyDerivationParameters.BuildForPbkdf2(buffSalt, iterationCountIn);
var keyOriginal = provider.CreateKey(buffSecret);
var keyDerived = CryptographicEngine.DeriveKeyMaterial(
keyOriginal,
pbkdf2Params,
targetSize
);
return(keyDerived);
}
/// <summary>
/// Turns string password into a hash for use in AES
/// TODO remove magic numbers
/// </summary>
/// <param name="password"></param>
public async Task CreateAesKey(string password)
{
var hashProvider = KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithmNames.Pbkdf2Sha512);
var passwordBuffer = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8);
var salt = await GetSalt();
//var salt = await GenerateAndSaveSalt();
var keyCreationParameters = KeyDerivationParameters.BuildForPbkdf2(salt, 1000);
var originalKey = hashProvider.CreateKey(passwordBuffer);
var hashedKeyMaterial = CryptographicEngine.DeriveKeyMaterial(originalKey, keyCreationParameters, 32);
var aesProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesGcm);
var key = aesProvider.CreateSymmetricKey(hashedKeyMaterial);
aesKey = key;
}
private string DecodeAES(string cipherText)
{
var pwBuffer = CryptographicBuffer.ConvertStringToBinary(AES_KEY, BinaryStringEncoding.Utf8);
var cipherBuffer = CryptographicBuffer.ConvertStringToBinary(cipherText, BinaryStringEncoding.Utf8);
KeyDerivationAlgorithmProvider keyDerivationProvider = KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
var name = SymmetricAlgorithmNames.AesCbcPkcs7;
SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm(name);
CryptographicKey symmKey = symProvider.CreateSymmetricKey(pwBuffer);
var resultBuffer = CryptographicEngine.Decrypt(symmKey, cipherBuffer, null);
string result = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf16LE, resultBuffer);
return(result);
}
public static string Decrypt(byte[] encryptval, string pw, string salt)
{
IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary(salt, BinaryStringEncoding.Utf16LE);
IBuffer cipherBuffer = CryptographicBuffer.CreateFromByteArray(encryptval);
KeyDerivationAlgorithmProvider key = KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
KeyDerivationParameters parm = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
CryptographicKey ckey = key.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(ckey, parm, 32);
CryptographicKey dkey = key.CreateKey(pwBuffer);
IBuffer saltMaterial = CryptographicEngine.DeriveKeyMaterial(ckey, parm, 16);
SymmetricKeyAlgorithmProvider sp = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
CryptographicKey symmKey = sp.CreateSymmetricKey(keyMaterial);
IBuffer resultBuffer = CryptographicEngine.Decrypt(symmKey, cipherBuffer, saltMaterial);
string result = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf16LE, resultBuffer);
return(result);
}
/// <summary>
/// Шифрование текста
/// </summary>
/// <param name="SourceText">Исходный (открытый) текст</param>
/// <param name="InputKey">Ключ шифрование</param>
/// <param name="AlgorythmName">Имя алгоритма шифрования</param>
/// <returns>Зашифрованный текст</returns>
public string EncryptMode(string SourceText, string InputKey, string AlgorythmName, string IV, string KeySize)
{
SymmetricKeyAlgorithmProvider Algorithm = SymmetricKeyAlgorithmProvider.OpenAlgorithm(AlgorythmName);
IBuffer KeyBuffer = CryptographicBuffer.ConvertStringToBinary(InputKey, BinaryStringEncoding.Utf16LE);
IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary("ll234hl@kljh5:Annc!6002mz", BinaryStringEncoding.Utf16LE);
//CryptoKey = Algorithm.CreateSymmetricKey(KeyBuffer);
//#########################
KeyDerivationAlgorithmProvider keyDerivationProvider = KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithmNames.Pbkdf2Sha512);
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 10000);
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(KeyBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, Convert.ToUInt32(KeySize) / 8);
//string test = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf16LE, keyMaterial);
CryptoKey = Algorithm.CreateSymmetricKey(keyMaterial);
//###############
// CryptographicKey derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
//Надо присваивать IV пользовательское значение или генерированное значение IV
if (AlgorythmName.Contains("CBC"))
{
IVBuffer = CryptographicBuffer.ConvertStringToBinary(IV, BinaryStringEncoding.Utf16LE);
}
// Set the data to encrypt.
SourceTextBuffer = CryptographicBuffer.ConvertStringToBinary(SourceText, BinaryStringEncoding.Utf16LE);
// Encrypt
EncryptBuffer = Windows.Security.Cryptography.Core.CryptographicEngine.Encrypt(CryptoKey, SourceTextBuffer, IVBuffer);
//Convert to Base64
EncryptTextOutput = CryptographicBuffer.EncodeToBase64String(EncryptBuffer);
string test = CryptographicBuffer.EncodeToBase64String(keyMaterial);
//return test;//
return(EncryptTextOutput);
}
public static byte[] Encrypt(string plainText, string pw, string sult)
{
IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
IBuffer sultBuffer = CryptographicBuffer.ConvertStringToBinary(sult, BinaryStringEncoding.Utf16LE);
IBuffer plainBuffer = CryptographicBuffer.ConvertStringToBinary(plainText, BinaryStringEncoding.Utf16LE);
KeyDerivationAlgorithmProvider key = KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
KeyDerivationParameters parm = KeyDerivationParameters.BuildForPbkdf2(sultBuffer, 1000);
CryptographicKey ckey = key.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(ckey, parm, 32);
CryptographicKey dkey = key.CreateKey(pwBuffer);
IBuffer sulltMaterial = CryptographicEngine.DeriveKeyMaterial(dkey, parm, 16);
SymmetricKeyAlgorithmProvider sp = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
CryptographicKey symKey = sp.CreateSymmetricKey(keyMaterial);
IBuffer resultBuffer = CryptographicEngine.Encrypt(symKey, plainBuffer, sulltMaterial);
byte[] result;
CryptographicBuffer.CopyToByteArray(resultBuffer, out result);
return(result);
}
private byte[] EncryptDataV2(byte[] bytes, string pw, string salt)
{
var base64Text = Convert.ToBase64String(bytes);
var pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
var saltBuffer = CryptographicBuffer.ConvertStringToBinary(salt, BinaryStringEncoding.Utf16LE);
var plainBuffer = CryptographicBuffer.ConvertStringToBinary(base64Text, BinaryStringEncoding.Utf16LE);
// Derive key material for password size 32 bytes for AES256 algorithm
var keyDerivationProvider = KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithmNames.Pbkdf2Sha1);
// using salt and 1000 iterations
var pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
// create a key based on original key and derivation parmaters
var keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
var keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
var derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
// derive buffer to be used for encryption salt from derived password key
var saltMaterial = CryptographicEngine.DeriveKeyMaterial(derivedPwKey, pbkdf2Parms, 16);
// display the buffers – because KeyDerivationProvider always gets cleared after each use, they are very similar unforunately
//var keyMaterialString = CryptographicBuffer.EncodeToBase64String(keyMaterial);
//var saltMaterialString = CryptographicBuffer.EncodeToBase64String(saltMaterial);
var symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesCbcPkcs7);
// create symmetric key from derived password key
var symmKey = symProvider.CreateSymmetricKey(keyMaterial);
// encrypt data buffer using symmetric key and derived salt material
var resultBuffer = CryptographicEngine.Encrypt(symmKey, plainBuffer, saltMaterial);
byte[] result;
CryptographicBuffer.CopyToByteArray(resultBuffer, out result);
if (result.Length > 1000000)
{
GC.Collect();
}
return(result);
}
/// <summary>
/// Generates an encryption key derived using a password, a random salt, and specified number of rounds of PBKDF2
///
/// TODO: pass in password via SecureString?
/// </summary>
/// <param name="password"></param>
/// <param name="salt"></param>
/// <returns></returns>
public static IBuffer GetEncryptionKey(string password, string salt)
{
if (string.IsNullOrEmpty(password))
{
throw new ArgumentException("Password is empty");
}
if (salt == null || salt.Length == 0)
{
throw new ArgumentException("Salt is empty");
}
KeyDerivationAlgorithmProvider pbkdf2 = KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithmNames.Pbkdf2Sha1);
IBuffer buffSecret = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8);
CryptographicKey key = pbkdf2.CreateKey(buffSecret);
KeyDerivationParameters parameters = KeyDerivationParameters.BuildForPbkdf2(CryptographicBuffer.DecodeFromBase64String(salt), PBKDF2_ITERATIONS);
return(CryptographicEngine.DeriveKeyMaterial(key, parameters, KEY_SIZE_BYTES));
}
private static void GenerateKeyMaterial(IBuffer passwordBuffer, IBuffer saltBuffer, uint iterationCount, out IBuffer keyMaterial, out IBuffer iv)
{
KeyDerivationParameters kdfParameters = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, iterationCount);
// Get a KDF provider for PBKDF2, and store the source password in a Cryptographic Key
KeyDerivationAlgorithmProvider kdf = KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithmNames.Pbkdf2Sha256);
CryptographicKey passwordSourceKey = kdf.CreateKey(passwordBuffer);
// Generate key material from the source password, salt, and iteration count. Only call DeriveKeyMaterial once,
// since calling it twice will generate the same data for the key and IV.
int keySize = 256 / 8;
int ivSize = 128 / 8;
uint totalDataNeeded = (uint)(keySize + ivSize);
IBuffer keyAndIv = CryptographicEngine.DeriveKeyMaterial(passwordSourceKey, kdfParameters, totalDataNeeded);
// Split the derived bytes into a seperate key and IV
byte[] keyMaterialBytes = keyAndIv.ToArray();
keyMaterial = WindowsRuntimeBuffer.Create(keyMaterialBytes, 0, keySize, keySize);
iv = WindowsRuntimeBuffer.Create(keyMaterialBytes, keySize, ivSize, ivSize);
}
/// <summary>
/// Derives a cryptographically strong key from the specified password.
/// </summary>
/// <param name="password">The user-supplied password.</param>
/// <param name="salt">The salt.</param>
/// <param name="iterations">The rounds of computation to use in deriving a stronger key. The larger this is, the longer attacks will take.</param>
/// <param name="keySizeInBytes">The desired key size in bytes.</param>
/// <returns>The generated key.</returns>
public override byte[] DeriveKeyFromPassword(string password, byte[] salt, int iterations, int keySizeInBytes)
{
Requires.NotNullOrEmpty(password, "password");
Requires.NotNull(salt, "salt");
Requires.Range(iterations > 0, "iterations");
Requires.Range(keySizeInBytes > 0, "keySizeInBytes");
IBuffer passwordBuffer = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8);
IBuffer saltBuffer = salt.ToBuffer();
KeyDerivationAlgorithmProvider keyDerivationProvider =
KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithmNames.Pbkdf2Sha1);
KeyDerivationParameters pbkdf2Parms =
KeyDerivationParameters.BuildForPbkdf2(saltBuffer, (uint)iterations);
// create a key based on original key and derivation parameters
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(passwordBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, (uint)keySizeInBytes);
return(keyMaterial.ToArray());
}
public void DeriveEncryptionKey(byte[] passphrase, byte[] salt, ref byte[] encryptionKey)
{
var tokenData = SettingsHelper.LoadSetting <TFTokenData>(Consts.SETTINGS_TOKEN_SECRET_KEY);
IBuffer passphraseBuffer = CryptographicBuffer.CreateFromByteArray(passphrase);
IBuffer hmacKeyBuffer = CryptographicBuffer.CreateFromByteArray(tokenData.SecretKey);
MacAlgorithmProvider hmacProvider = MacAlgorithmProvider.OpenAlgorithm(MacAlgorithmNames.HmacSha1);
CryptographicHash saltHMAC = hmacProvider.CreateHash(hmacKeyBuffer);
IBuffer saltBuffer = saltHMAC.GetValueAndReset();
KeyDerivationAlgorithmProvider pbkdf2Provider = Windows.Security.Cryptography.Core.KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, (uint)NumberOfOterations);
CryptographicKey pbkdf2Key = pbkdf2Provider.CreateKey(passphraseBuffer);
IBuffer derivedKeyBuffer = CryptographicEngine.DeriveKeyMaterial(pbkdf2Key, pbkdf2Parms, (uint)encryptionKey.Length);
byte[] derivedKeyBytes = derivedKeyBuffer.ToArray();
Array.Copy(derivedKeyBytes, encryptionKey, encryptionKey.Length);
Array.Clear(derivedKeyBytes, 0, derivedKeyBytes.Length);
}
public IBuffer SampleDeriveKeyMaterialPbkdf(
String strAlgName,
UInt32 targetKeySize,
UInt32 iterationCount)
{
// Open the specified algorithm.
KeyDerivationAlgorithmProvider objKdfProv = KeyDerivationAlgorithmProvider.OpenAlgorithm(strAlgName);
// Demonstrate how to retrieve the algorithm name.
String strAlgUsed = objKdfProv.AlgorithmName;
// Create a buffer that contains the secret used during derivation.
String strSecret = "MyPassword";
IBuffer buffSecret = CryptographicBuffer.ConvertStringToBinary(strSecret, BinaryStringEncoding.Utf8);
// Create a random salt value.
IBuffer buffSalt = CryptographicBuffer.GenerateRandom(32);
// Create the derivation parameters.
KeyDerivationParameters pbkdf2Params = KeyDerivationParameters.BuildForPbkdf2(buffSalt, iterationCount);
// Create a key from the secret value.
CryptographicKey keyOriginal = objKdfProv.CreateKey(buffSecret);
// Derive a key based on the original key and the derivation parameters.
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(
keyOriginal,
pbkdf2Params,
targetKeySize);
// Demonstrate checking the iteration count.
UInt32 iterationCountOut = pbkdf2Params.IterationCount;
// Demonstrate returning the derivation parameters to a buffer.
IBuffer buffParams = pbkdf2Params.KdfGenericBinary;
// return the KDF key material.
return(keyMaterial);
}
public static bool GetPBKDFDerivedKey(string password,
byte[] salt, // length = 32 bytes (256 bits)
out byte[] encryptionKeyOut) // length = 32 bytes (256 bits)
{
IBuffer saltBuffer = CryptographicBuffer.CreateFromByteArray(salt);
KeyDerivationParameters kdfParameters = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 10000); // 10000 iterations
// Get a KDF provider for PBKDF2 and hash the source password to a Cryptographic Key using the SHA256 algorithm.
// The generated key for the SHA256 algorithm is 256 bits (32 bytes) in length.
KeyDerivationAlgorithmProvider kdf = KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithmNames.Pbkdf2Sha256);
IBuffer passwordBuffer = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8);
CryptographicKey passwordSourceKey = kdf.CreateKey(passwordBuffer);
// Generate key material from the source password, salt, and iteration count
const int keySize = 256 / 8; // 256 bits = 32 bytes
IBuffer key = CryptographicEngine.DeriveKeyMaterial(passwordSourceKey, kdfParameters, keySize);
// send the generated key back to the caller
CryptographicBuffer.CopyToByteArray(key, out encryptionKeyOut);
return(true); // success
}
private static byte[] DeriveKeyMaterial(CryptoPassword cp)
{
// Open the specified algorithm.
var provider = KeyDerivationAlgorithmProvider.OpenAlgorithm(_keyDerivationAlgorithmName);
// Create a buffer that contains the keyPhrase for use during derivation.
IBuffer bufferedSecret = CryptographicBuffer.ConvertStringToBinary(cp.KeyPhrase, _encoding);
// Restore salt bytes as buffer.
var bufferedSalt = CryptographicBuffer.CreateFromByteArray(cp.Salt);
// Create the required derivation parameters.
var pbkdf2Parameter = KeyDerivationParameters.BuildForPbkdf2(bufferedSalt, _iterationCount);
// Create a key from the buffered secret.
var keyOriginal = provider.CreateKey(bufferedSecret);
// Derive a key from the original created key and the derivation parameters.
var keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parameter, _targetKeySize);
return(CopyBufferToByteArray(keyMaterial));
}
public static string Decrypt(string encryptedData)
{
//Chuyen password sang IBuffer theo dinh dang Utf8
IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
//Chuyen salt theo dinh dang Utf8
IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary(salt, BinaryStringEncoding.Utf8);
//Chuyen du lieu chuoi sang IBuffer de giai ma
IBuffer cipherBuffer = CryptographicBuffer.DecodeFromBase64String(encryptedData);
KeyDerivationAlgorithmProvider keyDerivationProvider = KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
IBuffer saltMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 16);
SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
CryptographicKey symmKey = symProvider.CreateSymmetricKey(keyMaterial);
//Giai ma
IBuffer resultBuffer = CryptographicEngine.Decrypt(symmKey, cipherBuffer, saltMaterial);
//Chuyen tu dinh dang IBuffer ve chuoi ban dau
string result = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf8, resultBuffer);
return(result);
}
public async static Task <byte[]> Encrypt(string filePath)
{
byte[] fileBytes = await FileManager.ReadBytesFromFile(filePath);
IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(key1, BinaryStringEncoding.Utf8);
IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary(key2, BinaryStringEncoding.Utf16LE);
IBuffer plainBuffer = CryptographicBuffer.CreateFromByteArray(fileBytes);
// Derive key material for password size 32 bytes for AES256 algorithm
KeyDerivationAlgorithmProvider keyDerivationProvider = Windows.Security.Cryptography.Core.KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
// using salt and 1000 iterations
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
// create a key based on original key and derivation parmaters
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
CryptographicKey derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
// derive buffer to be used for encryption salt from derived password key
IBuffer saltMaterial = CryptographicEngine.DeriveKeyMaterial(derivedPwKey, pbkdf2Parms, 16);
// display the buffers – because KeyDerivationProvider always gets cleared after each use, they are very similar unforunately
string keyMaterialString = CryptographicBuffer.EncodeToBase64String(keyMaterial);
string saltMaterialString = CryptographicBuffer.EncodeToBase64String(saltMaterial);
SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
// create symmetric key from derived password key
CryptographicKey symmKey = symProvider.CreateSymmetricKey(keyMaterial);
// encrypt data buffer using symmetric key and derived salt material
IBuffer resultBuffer = CryptographicEngine.Encrypt(symmKey, plainBuffer, saltMaterial);
byte[] result;
CryptographicBuffer.CopyToByteArray(resultBuffer, out result);
return(result);
}
/// <summary>
/// Дешифрования текст
/// </summary>
/// <param name="SourceText">Исходный (шифрованный) текст</param>
/// <param name="InputKey">Ключ шифрования</param>
/// <param name="AlgorytmName">Имя алгоритма дешифрования</param>
///
/// <returns>Расшифрованный (открытый) текст</returns>
public string DecrypMode(string SourceText, string InputKey, string AlgorytmName, string IV, string KeySize)
{
SymmetricKeyAlgorithmProvider Algorithm = SymmetricKeyAlgorithmProvider.OpenAlgorithm(AlgorytmName);
IBuffer KeyBuffer = CryptographicBuffer.ConvertStringToBinary(InputKey, BinaryStringEncoding.Utf16LE);
IBuffer saltBuffer = CryptographicBuffer.ConvertStringToBinary("ll234hl@kljh5:Annc!6002mz", BinaryStringEncoding.Utf16LE);
//CryptoKey = Algorithm.CreateSymmetricKey(keymaterial);
KeyDerivationAlgorithmProvider keyDerivationProvider = KeyDerivationAlgorithmProvider.OpenAlgorithm(KeyDerivationAlgorithmNames.Pbkdf2Sha512);
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 10000);
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(KeyBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, Convert.ToUInt32(KeySize) / 8);
// string test= CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf16LE, keyMaterial);
CryptoKey = Algorithm.CreateSymmetricKey(keyMaterial);
if (AlgorytmName.Contains("CBC"))
{
IVBuffer = CryptographicBuffer.ConvertStringToBinary(IV, BinaryStringEncoding.Utf16LE);
}
// Set the data to encrypt.
SourceTextBuffer = CryptographicBuffer.DecodeFromBase64String(SourceText);
// Decrypt
DecryptBuffer = Windows.Security.Cryptography.Core.CryptographicEngine.Decrypt(CryptoKey, SourceTextBuffer, IVBuffer);
DecryptTextOutput = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf16LE, DecryptBuffer);//Надо думать над реализацией Base64
return(DecryptTextOutput);
}
public static string Decrypt(string encryptedData, string pw, string iv)
{
try
{
IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(pw, BinaryStringEncoding.Utf8);
IBuffer ivBuffer = CryptographicBuffer.ConvertStringToBinary(iv, BinaryStringEncoding.Utf16LE);
IBuffer cipherBuffer = CryptographicBuffer.DecodeFromBase64String(encryptedData);
// Derive key material for password size 32 bytes for AES256 algorithm
KeyDerivationAlgorithmProvider keyDerivationProvider = KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
// using IV and 1000 iterations
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(ivBuffer, 1000);
// create a key based on original key and derivation parmaters
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
CryptographicKey derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
// derive buffer to be used for encryption iv from derived password key
IBuffer ivMaterial = CryptographicEngine.DeriveKeyMaterial(derivedPwKey, pbkdf2Parms, 16);
SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
// create symmetric key from derived password material
CryptographicKey symmKey = symProvider.CreateSymmetricKey(keyMaterial);
// decrypt data buffer using symmetric key and derived IV material
IBuffer resultBuffer = CryptographicEngine.Decrypt(symmKey, cipherBuffer, ivMaterial);
string result = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf16LE, resultBuffer);
return(result);
}
catch (System.Exception)
{
System.Diagnostics.Debug.WriteLine("Failed to decrypt file. Throwing exception up the chain.");
throw;
}
}
private static CryptographicKey CreateDerivedKey(IBuffer bufferedKeyMaterial)
{
var provider = KeyDerivationAlgorithmProvider.OpenAlgorithm(_keyDerivationAlgorithmName);
return(provider.CreateKey(bufferedKeyMaterial));
}
} // VerifySignature()
/// <summary>
/// Generates the key exchange key and the public part of the ephemeral key
/// using specified encoding parameters in the KDF (ECC only).
/// </summary>
/// <param name="encodingParms"></param>
/// <param name="decryptKeyNameAlg"></param>
/// <param name="ephemPub"></param>
/// <returns>key exchange key blob</returns>
public byte[] EcdhGetKeyExchangeKey(byte[] encodingParms, TpmAlgId decryptKeyNameAlg, out EccPoint ephemPub)
{
var eccParms = (EccParms)PublicParms.parameters;
int keyBits = RawEccKey.GetKeyLength(eccParms.curveID);
byte[] keyExchangeKey = null;
ephemPub = new EccPoint();
// Make a new ephemeral key
var prov = AsymmetricKeyAlgorithmProvider.OpenAlgorithm(RawEccKey.GetEccAlg(PublicParms));
var ephKey = prov.CreateKeyPair((uint)keyBits);
IBuffer ephPubBuf = ephKey.ExportPublicKey(CryptographicPublicKeyBlobType.BCryptEccFullPublicKey);
byte[] ephPub;
CryptographicBuffer.CopyToByteArray(ephPubBuf, out ephPub);
IBuffer otherPubBuf = Key.ExportPublicKey(CryptographicPublicKeyBlobType.BCryptEccFullPublicKey);
byte[] otherPub;
CryptographicBuffer.CopyToByteArray(otherPubBuf, out otherPub);
byte[] herPubX, herPubY;
RawEccKey.KeyInfoFromPublicBlob(otherPub, out herPubX, out herPubY);
byte[] myPubX, myPubY;
RawEccKey.KeyInfoFromPublicBlob(ephPub, out myPubX, out myPubY);
byte[] otherInfo = Globs.Concatenate(new[] { encodingParms, myPubX, herPubX });
// The TPM uses the following number of bytes from the KDF
int bytesNeeded = CryptoLib.DigestSize(decryptKeyNameAlg);
keyExchangeKey = new byte[bytesNeeded];
for (int pos = 0, count = 1, bytesToCopy = 0;
pos < bytesNeeded;
++count, pos += bytesToCopy)
{
byte[] secretPrepend = Marshaller.GetTpmRepresentation((UInt32)count);
string algName;
KeyDerivationParameters deriveParams;
switch (decryptKeyNameAlg)
{
case TpmAlgId.Kdf1Sp800108:
algName = KeyDerivationAlgorithmNames.Sp800108CtrHmacSha256;
deriveParams = KeyDerivationParameters.BuildForSP800108(CryptographicBuffer.CreateFromByteArray(secretPrepend), CryptographicBuffer.CreateFromByteArray(otherInfo));
break;
case TpmAlgId.Kdf1Sp80056a:
algName = KeyDerivationAlgorithmNames.Sp80056aConcatSha256;
deriveParams = KeyDerivationParameters.BuildForSP80056a(CryptographicBuffer.ConvertStringToBinary(algName, BinaryStringEncoding.Utf8),
CryptographicBuffer.ConvertStringToBinary("TPM", BinaryStringEncoding.Utf8),
CryptographicBuffer.CreateFromByteArray(secretPrepend),
CryptographicBuffer.ConvertStringToBinary("", BinaryStringEncoding.Utf8),
CryptographicBuffer.CreateFromByteArray(otherInfo));
break;
case TpmAlgId.Kdf2:
algName = KeyDerivationAlgorithmNames.Pbkdf2Sha256;
deriveParams = KeyDerivationParameters.BuildForPbkdf2(CryptographicBuffer.CreateFromByteArray(secretPrepend), 1000);
break;
default:
Globs.Throw <ArgumentException>("wrong KDF name");
return(null);
}
KeyDerivationAlgorithmProvider deriveProv = KeyDerivationAlgorithmProvider.OpenAlgorithm(algName);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(Key, deriveParams, (uint)keyBits);
byte[] fragment;
CryptographicBuffer.CopyToByteArray(keyMaterial, out fragment);
bytesToCopy = Math.Min(bytesNeeded - pos, fragment.Length);
Array.Copy(fragment, 0, keyExchangeKey, pos, bytesToCopy);
}
ephemPub = new EccPoint(myPubX, myPubY);
return(keyExchangeKey);
}
public static byte[] CipherEncryption(
string plainText,
string password,
bool lightFlag)
{
int hashIterCnt = HASH_ITER_COUNT;
if (lightFlag)
{
hashIterCnt = HASH_ITER_COUNT_LIGHT;
}
uint pbkdf2IterCnt = PBKDF2_ITER_COUNT;
if (lightFlag)
{
pbkdf2IterCnt = PBKDF2_ITER_COUNT_LIGHT;
}
// Convert to password string to UTF-8 encoded binary data.
IBuffer utf8Password = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8);
// Generate hash value of password string.
IBuffer salt1 = CryptographicBuffer.GenerateRandom(32);
CryptographicHash hashObj =
HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Sha512).CreateHash();
hashObj.Append(salt1);
hashObj.Append(utf8Password);
IBuffer buffHash1 = hashObj.GetValueAndReset();
for (int i = 0; i < hashIterCnt; i++)
{
hashObj.Append(buffHash1);
buffHash1 = hashObj.GetValueAndReset();
}
// Generate one-time password
SymmetricKeyAlgorithmProvider objAlg = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesCbcPkcs7);
IBuffer oneTimePass = CryptographicBuffer.GenerateRandom(64);
// encrypt one-time password by specified password string
IBuffer salt2 = CryptographicBuffer.GenerateRandom(32);
CryptographicKey derviedKey =
objAlg.CreateSymmetricKey(
CryptographicEngine.DeriveKeyMaterial(
KeyDerivationAlgorithmProvider.OpenAlgorithm(
KeyDerivationAlgorithmNames.Pbkdf2Sha256
).CreateKey(utf8Password),
KeyDerivationParameters.BuildForPbkdf2(salt2, pbkdf2IterCnt),
32
)
);
IBuffer iv2 = CryptographicBuffer.GenerateRandom(objAlg.BlockLength);
IBuffer encryptOneTimePass = CryptographicEngine.Encrypt(derviedKey, oneTimePass, iv2);
// Encrypt the data
IBuffer iv3 = CryptographicBuffer.GenerateRandom(objAlg.BlockLength);
IBuffer encryptData = null;
uint encDataLen = 0;
if (!String.IsNullOrEmpty(plainText))
{
IBuffer dataBuffer = CryptographicBuffer.ConvertStringToBinary(plainText, BinaryStringEncoding.Utf8);
encryptData = CryptographicEngine.Encrypt(objAlg.CreateSymmetricKey(oneTimePass), dataBuffer, iv3);
encDataLen = encryptData.Length;
}
// Append all of data
byte[] retval =
new byte[
146 +
(int)objAlg.BlockLength +
(int)objAlg.BlockLength +
encryptOneTimePass.Length +
encDataLen
];
int pos = 0;
if (lightFlag)
{
Random r = new Random();
for (int i = pos; i < pos + 8; i++)
{
retval[i] = (byte)r.Next(0, 255);
}
}
else
{
Array.Copy(Encoding.GetEncoding("ASCII").GetBytes("GomaShio"), 0, retval, pos, 8);
}
pos += 8;
Array.Copy(new byte[2] {
0, 0
}, 0, retval, pos, 2);
pos += 2;
Array.Copy(salt1.ToArray(), 0, retval, pos, 32);
pos += 32;
Array.Copy(buffHash1.ToArray(), 0, retval, pos, 64);
pos += 64;
Array.Copy(salt2.ToArray(), 0, retval, pos, 32);
pos += 32;
Array.Copy(iv2.ToArray(), 0, retval, pos, objAlg.BlockLength);
pos += (int)objAlg.BlockLength;
Array.Copy(BitConverter.GetBytes(encryptOneTimePass.Length), 0, retval, pos, 4);
pos += 4;
Array.Copy(encryptOneTimePass.ToArray(), 0, retval, pos, encryptOneTimePass.Length);
pos += (int)encryptOneTimePass.Length;
Array.Copy(iv3.ToArray(), 0, retval, pos, objAlg.BlockLength);
pos += (int)objAlg.BlockLength;
Array.Copy(BitConverter.GetBytes(encDataLen), 0, retval, pos, 4);
pos += 4;
if (null != encryptData)
{
Array.Copy(encryptData.ToArray(), 0, retval, pos, encryptData.Length);
}
return(retval);
}
public static bool CipherDecryption(
byte[] encData,
string password,
out string plainText,
out bool passwordError,
bool lightFlag)
{
int hashIterCnt = HASH_ITER_COUNT;
if (lightFlag)
{
hashIterCnt = HASH_ITER_COUNT_LIGHT;
}
uint pbkdf2IterCnt = PBKDF2_ITER_COUNT;
if (lightFlag)
{
pbkdf2IterCnt = PBKDF2_ITER_COUNT_LIGHT;
}
plainText = "";
passwordError = false;
CryptographicHash hashObj =
HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Sha512).CreateHash();
SymmetricKeyAlgorithmProvider objAlg =
SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.AesCbcPkcs7);
if (encData.Length < 146 + (objAlg.BlockLength * 2))
{
return(false);
}
byte[] MagicBytes = new byte[8];
byte[] Version = new byte[2];
byte[] solt1 = new byte[32];
byte[] hash = new byte[64];
byte[] solt2 = new byte[32];
byte[] iv2 = new byte[objAlg.BlockLength];
byte[] iv3 = new byte[objAlg.BlockLength];
// Split encripted data
int pos = 0;
Array.Copy(encData, pos, MagicBytes, 0, 8);
pos += 8;
Array.Copy(encData, pos, Version, 0, 2);
pos += 2;
Array.Copy(encData, pos, solt1, 0, 32);
pos += 32;
Array.Copy(encData, pos, hash, 0, 64);
pos += 64;
Array.Copy(encData, pos, solt2, 0, 32);
pos += 32;
Array.Copy(encData, pos, iv2, 0, objAlg.BlockLength);
pos += (int)objAlg.BlockLength;
int oneTimePassLength = BitConverter.ToInt32(encData, pos);
pos += 4;
if (encData.Length < pos + oneTimePassLength)
{
return(false);
}
byte[] oneTimePass = new byte[oneTimePassLength];
Array.Copy(encData, pos, oneTimePass, 0, oneTimePassLength);
pos += oneTimePassLength;
if (encData.Length < pos + objAlg.BlockLength)
{
return(false);
}
Array.Copy(encData, pos, iv3, 0, objAlg.BlockLength);
pos += (int)objAlg.BlockLength;
if (encData.Length < pos + 4)
{
return(false);
}
int encDataSubLength = BitConverter.ToInt32(encData, pos);
pos += 4;
if (encData.Length < pos + encDataSubLength)
{
return(false);
}
byte[] encDataSub = new byte[encDataSubLength];
if (encDataSubLength > 0)
{
Array.Copy(encData, pos, encDataSub, 0, encDataSubLength);
}
// Check magic bytes and version.
if (!lightFlag)
{
if (!Enumerable.SequenceEqual(MagicBytes, Encoding.GetEncoding("ASCII").GetBytes("GomaShio")))
{
return(false);
}
}
if (!Enumerable.SequenceEqual(Version, new byte[2] {
0, 0
}))
{
return(false);
}
// Check password
IBuffer utf8Password = CryptographicBuffer.ConvertStringToBinary(password, BinaryStringEncoding.Utf8);
IBuffer salt1 = solt1.AsBuffer();
hashObj.Append(salt1);
hashObj.Append(utf8Password);
IBuffer buffHash1 = hashObj.GetValueAndReset();
for (int i = 0; i < hashIterCnt; i++)
{
hashObj.Append(buffHash1);
buffHash1 = hashObj.GetValueAndReset();
}
if (!Enumerable.SequenceEqual(hash, buffHash1.ToArray()))
{
passwordError = true;
return(false);
}
// Decrypt one-time password by specified password string
CryptographicKey derviedKey =
objAlg.CreateSymmetricKey(
CryptographicEngine.DeriveKeyMaterial(
KeyDerivationAlgorithmProvider.OpenAlgorithm(
KeyDerivationAlgorithmNames.Pbkdf2Sha256
).CreateKey(utf8Password),
KeyDerivationParameters.BuildForPbkdf2(solt2.AsBuffer(), pbkdf2IterCnt),
32
)
);
IBuffer plainOneTimePass = CryptographicEngine.Decrypt(derviedKey, oneTimePass.AsBuffer(), iv2.AsBuffer());
// Decrypt the data
if (encDataSubLength > 0)
{
IBuffer decriptIBuffer =
CryptographicEngine.Decrypt(
objAlg.CreateSymmetricKey(plainOneTimePass),
encDataSub.AsBuffer(),
iv3.AsBuffer()
);
plainText = CryptographicBuffer.ConvertBinaryToString(BinaryStringEncoding.Utf8, decriptIBuffer);
}
else
{
plainText = "";
}
return(true);
}
/// <inheritdoc />
public override void ForwardProcessDataStream(System.IO.Stream inStream, System.IO.Stream outStream, Dictionary <string, string> options, out long writtenBytes)
{
if (options == null)
{
throw new ArgumentNullException("options");
}
else if (!options.ContainsKey(PasswordOption))
{
throw new ArgumentException("Options must contain encryption key", "options");
}
if (outStream == null)
{
throw new ArgumentNullException("outStream");
}
#if NETFX_CORE
inStream.Seek(0, 0);
outStream.Seek(0, 0);
IBuffer pwBuffer = CryptographicBuffer.ConvertStringToBinary(options[PasswordOption], BinaryStringEncoding.Utf8);
IBuffer saltBuffer = CryptographicBuffer.CreateFromByteArray(SALT);
// Derive key material for password size 32 bytes for AES256 algorithm
KeyDerivationAlgorithmProvider keyDerivationProvider = Windows.Security.Cryptography.Core.KeyDerivationAlgorithmProvider.OpenAlgorithm("PBKDF2_SHA1");
// using salt and 1000 iterations
KeyDerivationParameters pbkdf2Parms = KeyDerivationParameters.BuildForPbkdf2(saltBuffer, 1000);
// create a key based on original key and derivation parmaters
CryptographicKey keyOriginal = keyDerivationProvider.CreateKey(pwBuffer);
IBuffer keyMaterial = CryptographicEngine.DeriveKeyMaterial(keyOriginal, pbkdf2Parms, 32);
CryptographicKey derivedPwKey = keyDerivationProvider.CreateKey(pwBuffer);
// derive buffer to be used for encryption salt from derived password key
IBuffer saltMaterial = CryptographicEngine.DeriveKeyMaterial(derivedPwKey, pbkdf2Parms, 16);
// display the buffers - because KeyDerivationProvider always gets cleared after each use, they are very similar unforunately
string keyMaterialString = CryptographicBuffer.EncodeToBase64String(keyMaterial);
string saltMaterialString = CryptographicBuffer.EncodeToBase64String(saltMaterial);
SymmetricKeyAlgorithmProvider symProvider = SymmetricKeyAlgorithmProvider.OpenAlgorithm("AES_CBC_PKCS7");
// create symmetric key from derived password key
CryptographicKey symmKey = symProvider.CreateSymmetricKey(keyMaterial);
using (MemoryStream ms = new MemoryStream())
{
inStream.CopyTo(ms);
// encrypt data buffer using symmetric key and derived salt material
IBuffer resultBuffer = CryptographicEngine.Encrypt(symmKey, WindowsRuntimeBufferExtensions.GetWindowsRuntimeBuffer(ms), saltMaterial);
resultBuffer.AsStream().CopyTo(outStream);
writtenBytes = outStream.Position;
}
#else
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(options[PasswordOption], SALT);
var key = pdb.GetBytes(32);
pdb.Reset();
var iv = pdb.GetBytes(16);
using (var transform = encrypter.CreateEncryptor(key, iv))
{
using (MemoryStream internalStream = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(internalStream, transform, CryptoStreamMode.Write))
{
StreamTools.Write(inStream, csEncrypt);
inStream.Flush();
csEncrypt.FlushFinalBlock();
internalStream.Seek(0, 0);
StreamTools.Write(internalStream, outStream);
writtenBytes = outStream.Position;
}
}
}
#endif
}
