public void DetachedBoxTest()
{
var alice = PublicKeyBox.GenerateKeyPair();
var bob = PublicKeyBox.GenerateKeyPair();
var nonce = PublicKeyBox.GenerateNonce();
String message = "Hello, World!";
byte[] byteMessage = System.Text.Encoding.UTF8.GetBytes(message);
var e1 = PublicKeyBox.CreateDetached(message, nonce, bob.Secret, alice.Public);
var e2 = PublicKeyBox.CreateDetached(message, nonce, bob.Secret, alice.Public);
Assert.AreEqual(Convert.ToBase64String(e1.Cipher), Convert.ToBase64String(e2.Cipher));
Assert.AreEqual(Convert.ToBase64String(e1.Mac), Convert.ToBase64String(e2.Mac));
var d1 = PublicKeyBox.OpenDetached(e1, nonce, alice.Secret, bob.Public);
var d2 = PublicKeyBox.OpenDetached(e2, nonce, alice.Secret, bob.Public);
Assert.AreEqual(message, System.Text.Encoding.UTF8.GetString(d1));
Assert.AreEqual(message, System.Text.Encoding.UTF8.GetString(d2));
d1 = PublicKeyBox.OpenDetached(e1.Cipher, e1.Mac, nonce, alice.Secret, bob.Public);
d2 = PublicKeyBox.OpenDetached(e2.Cipher, e2.Mac, nonce, alice.Secret, bob.Public);
Assert.AreEqual(message, System.Text.Encoding.UTF8.GetString(d1));
Assert.AreEqual(message, System.Text.Encoding.UTF8.GetString(d2));
}
public void preKeyGeneration()
{
// Generate 16 prekeys
for (int i = 0; i < 16; i++)
{
preKeys.Add(PublicKeyBox.GenerateSeededKeyPair(PublicKeyBox.GenerateNonce()));
}
}
public static void InitSession(InfoCliente infoCliente, UsuarioEntity usuario, TipoAplicacion idAplicacion = TipoAplicacion.ORDENES)
{
MAEUserSession userSession = new MAEUserSession();
var configuracionSeguridad = CachingManager.Instance.GetConfiguracionSeguridad();
userSession.IdPersona = (int)usuario.IdPersona;
userSession.IdUsuario = usuario.IdUsuario;
userSession.Ip = infoCliente.Ip;
userSession.Dispositivo = infoCliente.Dispositivo;
userSession.FechaInicio = DateTime.Now;
userSession.FechaFinalizacion = MAEDateTimeTools.DateTimeAdd(DateTime.Now, configuracionSeguridad.TimeOutInicialSesion, "s");
userSession.IdAplicacion = (byte)idAplicacion;
userSession.UltimaActualizacion = usuario.UltimaActualizacion;
userSession.ConfiguracionRegional = usuario.ConfiguracionRegional;
//AESEncryptor encryptor = new AESEncryptor();
//userSession.Global = encryptor.GetUniqueKey();
//SecurityHelper.GetRSAKey(ref userSession);
var clientKeyPair = PublicKeyBox.GenerateKeyPair();
var serverKeyPair = PublicKeyBox.GenerateKeyPair();
userSession.PrivateKey = Convert.ToBase64String(clientKeyPair.PrivateKey);
userSession.PublicKey = Convert.ToBase64String(clientKeyPair.PublicKey);
userSession.ClientPublic = Convert.ToBase64String(clientKeyPair.PublicKey);
userSession.ClientSecret = Convert.ToBase64String(clientKeyPair.PrivateKey);
userSession.ServerPublic = Convert.ToBase64String(serverKeyPair.PublicKey);
userSession.ServerSecret = Convert.ToBase64String(serverKeyPair.PrivateKey);
userSession.Nonce = Convert.ToBase64String(PublicKeyBox.GenerateNonce());
userSession.AllowedCommands = new Dictionary <string, Type>();
userSession.JavascriptAllowedCommands = new Dictionary <string, string>();
userSession.PermisosUsuario = new Dictionary <string, bool>();
List <Permiso> PermisosUsuario = CachingManager.Instance.GetAllPermisosByIdUsuario(userSession.IdUsuario);
Dictionary <string, int> mapeoAcciones = new Dictionary <string, int>();
var Acciones = CachingManager.Instance.GetAllAcciones();
OrdenesApplication.Instance.GetComandosHabilitados(idAplicacion)
.ForEach(cmd =>
{
var k = OrdenesApplication.Instance.Encryptor.DynamicEncryption(cmd.FullName);
userSession.AllowedCommands.Add(k, cmd.CommandType);
userSession.JavascriptAllowedCommands.Add(cmd.Key, k);
mapeoAcciones.Add(k, cmd.IdAccion);
});
foreach (KeyValuePair <string, int> kv in mapeoAcciones)
{
Permiso p = PermisosUsuario.Find(x => x.IdAccion == kv.Value);
if (p != null)
{
var permisoAccion = Acciones.Find(x => x.IdAccion == kv.Value).HabilitarPermisos;
bool habilitado = (p.Permisos & permisoAccion) != 0;
userSession.PermisosUsuario.Add(kv.Key, habilitado);
}
}
CreateSesiones(userSession, (byte)idAplicacion);
InsertarLogSeguridad((byte)LogCodigoAccionSeguridad.InicioSesion, "Inicio de sesión exitoso", (byte)idAplicacion);
}
/// <summary>
/// Encrypt a Business Object for a given public key
/// </summary>
/// <param name="plainObject">unencrypted Business Object</param>
/// <param name="publicKey">recipients public key</param>
/// <returns>An encrypted Business Object</returns>
public EncryptedObjectPublicKeyBox Encrypt(BusinessObject plainObject, string publicKey)
{
string plainText = JsonConvert.SerializeObject(plainObject, settings: encryptionSerializerSettings);
byte[] nonce = PublicKeyBox.GenerateNonce();
string cipherString = Encrypt(plainText, publicKey, nonce);
return(new EncryptedObjectPublicKeyBox(cipherString, Convert.ToBase64String(ownPublicKey), Convert.ToBase64String(nonce)));
}
public static string[] RSAEncryption(string publicKey, string privateKey, string plainText)
{
var encodedPrivateKey = Encoding.UTF8.GetBytes(privateKey);
var encodedPublicKey = Encoding.UTF8.GetBytes(publicKey);
var nonce = PublicKeyBox.GenerateNonce();
var cipherText = PublicKeyBox.Create(plainText, nonce, encodedPrivateKey, encodedPublicKey);
return(new[] { Encoding.UTF8.GetString(cipherText), Encoding.UTF8.GetString(nonce) });
}
private static void Main()
{
// files to search for
var searchPattern = new[] { "jpg" };
try
{
var ephemeralKeyPair = PublicKeyBox.GenerateKeyPair();
var nonce = PublicKeyBox.GenerateNonce();
// we encrypt the ephemeral private key for the target public key
var cipher = PublicKeyBox.Create(ephemeralKeyPair.PrivateKey, nonce, ephemeralKeyPair.PrivateKey,
Utilities.HexToBinary(TargetPublicKeyHex));
var textToSendRemote =
Convert.ToBase64String(ArrayHelpers.ConcatArrays(nonce, ephemeralKeyPair.PublicKey, cipher));
var textToShowTheUser =
string.Format(
"Your public key: {0}\nThis key is used to identify your private decryption key (on the admin site).",
Utilities.BinaryToHex(ephemeralKeyPair.PublicKey));
cipher = null;
nonce = null;
var files = GetFiles(MainFolder, searchPattern);
if (files.Count > ParallelUseBorder)
{
Parallel.ForEach(files, file =>
{
Cryptor.EncryptFileWithStream(ephemeralKeyPair, file, null, EncryptedFileExtension, true);
if (SecureRandomDelete)
{
SecureDelete(file);
}
File.Delete(file);
});
}
else
{
foreach (var file in files)
{
Cryptor.EncryptFileWithStream(ephemeralKeyPair, file, null, EncryptedFileExtension, true);
if (SecureRandomDelete)
{
SecureDelete(file);
}
File.Delete(file);
}
}
ephemeralKeyPair.Dispose();
SendToRemoteServer(textToSendRemote);
CreateUserFile(Path.Combine(MainFolder, UserFile), textToShowTheUser);
}
catch
{
/* */
}
}
public static byte[] Encrypt(string message, KeyPair keypair)
{
var nonce = PublicKeyBox.GenerateNonce();
var cipher = PublicKeyBox.Create(message, nonce, keypair.PrivateKey, keypair.PublicKey);
var output = new byte[nonce.Length + cipher.Length];
nonce.CopyTo(output, 0);
cipher.CopyTo(output, cipher.Length);
return(output);
}
public static byte[] Encrypt(byte[] message, byte[] yourPrivateKey, byte[] theirPublicKey)
{
var nonce = PublicKeyBox.GenerateNonce();
var cipher = PublicKeyBox.Create(message, nonce, yourPrivateKey, theirPublicKey);
var output = new byte[nonce.Length + cipher.Length];
nonce.CopyTo(output, 0);
cipher.CopyTo(output, cipher.Length);
return(output);
}
public void CreateAndOpenWithOneKeyTest()
{
var kp = PublicKeyBox.GenerateKeyPair();
var nonce = PublicKeyBox.GenerateNonce();
byte[] message = System.Text.Encoding.UTF8.GetBytes("Hello, World!");
var encrypted = PublicKeyBox.Create(message, nonce, kp.Secret, kp.Public);
var decrypted = PublicKeyBox.Open(encrypted, nonce, kp.Secret, kp.Public);
Assert.AreEqual(decrypted.ToString(), message.ToString());
}
/// <summary>
/// Locks Data
///
/// Primitive: X25519 + XSalsa20 + Poly1305 MAC (libsodium crypto_box)
/// </summary>
/// <param name="str">The Data to lock</param>
/// <returns>The locked Data</returns>
/// /// <example>
/// <code>
/// var TEST_STRING = "eine kuh macht muh, viele kühe machen mühe"
/// // Create a new Symmertic Key
/// var key = new Key();
/// // Create a locker with this key
/// var locker = new SecretLocker(key);
/// // Encrypt the bytes
/// var ciphertext = locker.Lock(TEST_STRING);
/// // Decrypt the bytes
/// var plaintext = locker.UnlockBytes(ciphertext);
/// // Clear Keys
/// locker.Clear();
/// </code>
/// </example>
public ISharedLocked Lock(byte[] data)
{
if (data == null || data.Length == 0)
{
throw new ArgumentNullException(nameof(data));
}
var nonce = new Nonce(PublicKeyBox.GenerateNonce());
var encrypted = PublicKeyBox.Create(data, nonce.Bytes, secretKey: privateKey.Bytes, publicKey: publickKey.Bytes);
return(new SharedLocked(encrypted, nonce));
}
private void SendData(byte[] encodedData)
{
var nonce = PublicKeyBox.GenerateNonce();
var encrypted = PublicKeyBox.Create(encodedData, nonce, localKeyPair.PrivateKey, remotePublicKey);
var packet = Encoding.ASCII.GetBytes("Aud")
.Concat(sessionID)
.Concat(BitConverter.GetBytes(seq))
.Concat(nonce)
.Concat(encrypted)
.ToArray();
seq++;
client.Send(packet, packet.Length);
}
/// <summary>
/// Generate a new random key.
/// </summary>
/// <returns>A random key.</returns>
private static Key GenerateNewKey()
{
var keyPair = PublicKeyBox.GenerateKeyPair();
var key = new Key
{
KeyType = KeyType.Lageant,
PrivateKey = keyPair.PrivateKey,
PublicKey = keyPair.PublicKey,
KeyId = SodiumCore.GetRandomBytes(8),
KeySalt = PasswordHash.GenerateSalt(),
KeyNonce = PublicKeyBox.GenerateNonce()
};
return(key);
}
public override void ServerSend(int connectionId, int channelId, ArraySegment <byte> segment)
{
if (_serverSessions.ContainsKey(connectionId))
{
int pos = 0;
_clientSendBuffer.WriteByte(ref pos, (byte)OpCodes.Data);
_writeBuffer = new byte[segment.Count];
Buffer.BlockCopy(segment.Array, segment.Offset, _writeBuffer, 0, segment.Count);
_nonce = PublicKeyBox.GenerateNonce();
_clientSendBuffer.WriteBytes(ref pos, PublicKeyBox.Create(_writeBuffer, _nonce, _keyPair.PrivateKey, _serverSessions[connectionId]));
_clientSendBuffer.WriteBytes(ref pos, _nonce);
CommunicationTransport.ServerSend(connectionId, channelId, new ArraySegment <byte>(_clientSendBuffer, 0, pos));
}
}
public void CreateAndOpenWithKeyExchangeTest()
{
var alice = PublicKeyBox.GenerateKeyPair();
var bob = PublicKeyBox.GenerateKeyPair();
var nonce = PublicKeyBox.GenerateNonce();
String message = "Hello, World!";
byte[] byteMessage = System.Text.Encoding.UTF8.GetBytes(message);
var encrypted = PublicKeyBox.Create(byteMessage, nonce, alice.Secret, bob.Public);
var decrypted = PublicKeyBox.Open(encrypted, nonce, bob.Secret, alice.Public);
Assert.AreEqual(decrypted.ToString(), byteMessage.ToString());
var newEncrypted = PublicKeyBox.Create(message, nonce, alice.Secret, bob.Public);
Assert.AreEqual(Convert.ToBase64String(encrypted), Convert.ToBase64String(newEncrypted));
var newDecrypted = PublicKeyBox.Open(newEncrypted, nonce, bob.Secret, alice.Public);
Assert.AreEqual(decrypted.ToString(), newDecrypted.ToString());
}
/// <summary>
/// Encrypts data with a public key
/// </summary>
/// <param name="data">String data to encrypt</param>
/// <param name="publicKey">32 byte public key</param>
/// <param name="version">Int version to generated</param>
/// <returns>byte[] containing the encrypted data</returns>
public byte[] Encrypt(String data, byte[] publicKey, int version = 2)
{
byte[] nonce = PublicKeyBox.GenerateNonce();
return(Encrypt(data, publicKey, version, nonce));
}
public void GenerateNonceText()
{
Assert.AreEqual(24, PublicKeyBox.GenerateNonce().Length);
}
private static byte[] GenerateNonce()
{
return(PublicKeyBox.GenerateNonce());
}
public static byte[] GenerateSessionKey()
{
return(PublicKeyBox.GenerateNonce());
}
/// <summary>
/// Encrypt a plain text with a public key
/// </summary>
/// <param name="plainText">UTF-8 encoded string containing the plain text to be encrypted</param>
/// <param name="recipientsPublicKey">public key of receiver</param>
/// <returns>Tuple of (cipherText, nonce); both as base64 encoded string</returns>
public (string, string) Encrypt(string plainText, string recipientsPublicKey)
{
byte[] nonce = PublicKeyBox.GenerateNonce();
return(Encrypt(plainText, recipientsPublicKey, nonce), Convert.ToBase64String(nonce));
}
/// <summary>
/// Führt einen Login-Prozess mit dem übergebenen Token durch.
/// Executes the login process with the given token.
/// Executer le procès d'authentification avec le jeton donné.
/// </summary>
/// <param name="token">Das Token, das für den Login verwendet werden soll. The token used to execute the login process. Le signe utilisé pour executer le procès d'authentification.</param>
/// <returns></returns>
public static bool Login(string token)
{
try
{
// Eine Nonce erstellen, um ein Box-Objekt erstellen zu können.
// Create a nonce used to create a Box object.
// Créer un nonce utilisé pour créer un objet Box.
byte[] nonce = PublicKeyBox.GenerateNonce();
// Einen 64 Byte großen Puffer erstellen und ihn mit zufälligen Bytes füllen.
// Create a 64-byte buffer array and fill it with random bytes.
// Créer un tableau tampon de 64 octets et remplisser-le avec des octets aléatoires.
byte[] buffer = new byte[64];
new Random().NextBytes(buffer);
// Ein Box-Object erzeugen, die zur Kommunikation mit mySMS unter Verwendung des öffentlichen und privaten Schlüssels dient.
// Create a Box object to communicate with mySMS using the public and private key.
// Créer un object Box pour communiquer avec mySMS en utilisant les clés publique et privée.
byte[] encrypted = PublicKeyBox.Create(buffer, nonce, Convert.FromBase64String(APPLICATION_PRIVATE_KEY), Convert.FromBase64String(PLATFORM_PUBLIC_KEY));
// Nonce und verschlüsselten Text aneinanderreihen und in einen Base64-String umwandeln.
// Concatenate the nonce and the encrypted text and convert it to a base64 string.
// Concaténer le nonce et le texte chiffré et convertisser-le en chaîne base64.
byte[] payload = nonce.Concat(encrypted).ToArray();
string base64 = Convert.ToBase64String(payload, Base64FormattingOptions.None);
// Eine HTTP-Anfrage an die Plattform senden.
// Send an HTTP request to the platform.
// Envoyer une requête HTTP à la plate-forme.
string sso_url = string.Format("{0}/auth/lookup/{1}", SSO_BASE_URL, token);
HttpWebRequest req = WebRequest.CreateHttp(sso_url);
req.Headers.Add("Authorization", string.Format("PRODUCTAUTH {0}:{1}", PRODUCT_NAME, base64));
// Die Antwort empfangen und verarbeiten
// Receive and proceed the response.
// Recever et passer la réponse.
HttpWebResponse resp = (HttpWebResponse)req.GetResponse();
if (!(resp.StatusCode == HttpStatusCode.OK))
{
return(false);
}
using (MemoryStream ms = new MemoryStream())
{
resp.GetResponseStream().CopyTo(ms);
resp.Close();
// Die Antwort enthält die 24 Byte lange Nonce und die verschlüsselten Benutzerdaten.
// The response contains the nonce with a size of 24 bytes and the encrypted user data.
// La réponse contient la nonce avec un longueur de 24 octets et les données d'utilisateur cryptées.
byte[] encr_nonce = ms.ToArray().Take(24).ToArray();
byte[] encr_data = ms.ToArray().Skip(24).ToArray();
byte[] decrypted = PublicKeyBox.Open(encr_data, encr_nonce, Convert.FromBase64String(APPLICATION_PRIVATE_KEY), Convert.FromBase64String(PLATFORM_PUBLIC_KEY));
}
return(true);
}
// Fängt WebException-Objekte auf, die auftreten, wenn die HTTP-Anfrage ungültig ist oder nicht verarbeitet werden kann.
// Catches WebException objects thrown if the HTTP request is invalid or cannot be proceeded.
// Attrape les objets WebException levés si la demande HTTP n'est pas valide ou ne peut pas être poursuivie.
catch (WebException ex)
{
Console.WriteLine("Error communicating with mySMS: " + ex.Message);
return(false);
}
// Fängt CryptographicException-Objekte auf, die auftreten, wenn die Ver- oder Entschlüsselung fehlschlägt.
// Catches CryptographicException objects thrown if the encryption or decryption fails.
// Attrape les objets CryptographicException levés si le chiffrement ou le déchiffrement échoue.
catch (CryptographicException ex)
{
Console.WriteLine("Error encrypting or decrypting data: " + ex.Message);
return(false);
}
// Fängt alle anderen Exception-Objekte auf, die nicht von einem der oberen beiden Typen sind.
// Catches any other Exception that is not of one of the above types.
// Attrape toute autre exception qui n'est pas de l'un des types ci-dessus.
catch (Exception ex)
{
Console.WriteLine(ex.Message);
return(false);
}
}
/// <summary>
/// Encrypts data with a public key
/// </summary>
/// <param name="data">String data to encrypt</param>
/// <param name="publicKey">32 byte public key</param>
/// <returns>byte[] containing the encrypted data</returns>
public byte[] Encrypt(String data, byte[] publicKey)
{
byte[] nonce = PublicKeyBox.GenerateNonce();
return(Encrypt(data, publicKey, 2, nonce));
}
