public string Protect(string data) { if (string.IsNullOrEmpty(data)) { return(string.Empty); } ProtectorAlgorithmHelper.GetAlgorithms( _defaultAlgorithm, out var encryptingAlgorithm, out var signingAlgorithm, out var keyDerivationIterationCount); var blob = new CryptoBlob { KeyId = _keyRing.CurrentKeyId, SymmetricAlgorithmId = (int)_defaultAlgorithm, InitializationVector = encryptingAlgorithm.IV }; var masterKey = GetKey(blob.KeyId); var encryptionKey = GenerateEncryptionKey(masterKey, encryptingAlgorithm.KeySize, keyDerivationIterationCount); encryptingAlgorithm.Key = encryptionKey; var encryptedPayload = EncryptData(data, encryptingAlgorithm); blob.Payload = encryptedPayload; blob.Signature = GetPayloadSignature( encryptedPayload: encryptedPayload, iv: encryptingAlgorithm.IV, masterKey: masterKey, symmetricAlgorithmKeySize: encryptingAlgorithm.KeySize, hashAlgorithm: signingAlgorithm, keyDerivationIterationCount: keyDerivationIterationCount); encryptingAlgorithm.Clear(); signingAlgorithm.Clear(); encryptingAlgorithm.Dispose(); signingAlgorithm.Dispose(); return(blob.ToBase64()); }
public string Unprotect(string data) { if (string.IsNullOrEmpty(data)) { return(string.Empty); } var blob = new CryptoBlob(data); ProtectorAlgorithmHelper.GetAlgorithms( (ProtectorAlgorithm)blob.SymmetricAlgorithmId, out var encryptingAlgorithm, out var signingAlgorithm, out int keyDerivationIterationCount); var masterKey = GetKey(blob.KeyId); var decryptionKey = GenerateEncryptionKey(masterKey, encryptingAlgorithm.KeySize, keyDerivationIterationCount); encryptingAlgorithm.Key = decryptionKey; encryptingAlgorithm.IV = blob.InitializationVector; var signature = GetPayloadSignature(blob.Payload, blob.InitializationVector, masterKey, encryptingAlgorithm.KeySize, signingAlgorithm, keyDerivationIterationCount); if (!ByteArraysEqual(signature, blob.Signature)) { throw new CryptographicException(@"Invalid Signature."); } var decryptedData = DecryptData(blob.Payload, encryptingAlgorithm); encryptingAlgorithm.Clear(); encryptingAlgorithm.Dispose(); return(Encoding.UTF8.GetString(decryptedData)); }