public ActionResult Read(int messageId, string passphrase, string hash)
{
var model = new SelfDestructingMessageModel();
try
{
var message = selfDestructingMessageRepository.GetMessage(messageId, passphrase);
string originalHash = SymmetricCryptoProvider.GetSecureHashForString(message.Message);
if (hash != originalHash)
{
model.MessageText = "Error: hash of retrieved message does not match the original message hash." + Environment.NewLine +
"The message may have been tampered with!";
model.InvalidMessageId = true;
return(View("Read", model));
}
// File Attachments
if (message.HasAttachment)
{
Message attachment = new Message {
EncryptionKey = passphrase, MessageId = message.MessageId
};
StoreEncryptedFileInTemporaryMemory(attachment);
model.HasAttachment = true;
model.TemporaryDownloadId = attachment.TemporaryDownloadId;
//model.AttachmentName = message.AttachmentName;
}
else
{
model.HasAttachment = false;
}
model.MessageText = message.Message;
}
catch (Exception ex)
{
model.InvalidMessageId = true;
model.MessageText = ex.Message;
}
return(View("Read", model));
}
public ActionResult Send(SelfDestructingMessageModel message)
{
// verify email
if (!Domain.Validation.IsValidEmail(message.Email))
{
throw new ArgumentException("email", "invalid email format");
}
string passphrase = PronounceablePasswordGenerator.Generate(32);
passphrase = HttpUtility.UrlEncode(passphrase);
int messageId = selfDestructingMessageRepository.StoreMessage(new SelfDestructingMessage()
{
Message = message.MessageText
},
passphrase,
message.AttachmentName,
message.Attachment);
string hash = SymmetricCryptoProvider.GetSecureHashForString(message.MessageText);
const string notification = @"
Hello,
You have received a self-destructing message. This message will be decrypted and erased when you open the link below.
You can read it at
https://{0}:{1}/selfdestruct/read/?messageId={2}&passphrase={3}&hash={4}
CryptAByte.com is not responsible for the contents of messages. For more information, please visit https://CryptAByte.com/SelfDestruct
";
MailMessage mailMessage = new MailMessage {
From = new MailAddress("*****@*****.**")
};
mailMessage.To.Add(new MailAddress(message.Email));
mailMessage.Subject = "New self-destructing message @ CryptAByte";
if (Request == null)
{
string messageText = string.Format(notification, "cryptabyte.com", 443, messageId, passphrase, hash);
Debug.WriteLine(messageText);
mailMessage.Body = messageText;
}
else
{
mailMessage.Body = string.Format(notification, Request.Url.Host, Request.Url.Port, messageId, passphrase, hash);;
}
SmtpClient client = new SmtpClient();
client.Send(mailMessage);
return(Content("Message sent"));
}
