/// <summary>
/// Serializes and seals <paramref name="data"/>.
/// </summary>
/// <param name="data">The object to seal.</param>
/// <param name="password">The password to use in key generation.</param>
/// <param name="options"></param>
/// <returns>A string containing the sealed data.</returns>
public string Seal(object data, PasswordObject password, IronEncrypterInitializationOptions options = null)
{
if (options == null)
{
options = _options;
}
var now = DateTime.Now.Subtract(new DateTime(1970, 1, 1)).TotalMilliseconds +
(options.LocaltimeOffsetMsec ?? 0);
var dataString = JsonConvert.SerializeObject(data);
var normalizedPassword = Util.NormalizePassword(password);
var passwordId = normalizedPassword.Id ?? "";
var encryptionData = Encrypt(normalizedPassword.Encryption, options.Encryption, dataString);
var base64EncryptedData = Util.ToSafeBase64(encryptionData.Data);
var base64Iv = Util.ToSafeBase64(encryptionData.Key.Iv);
var expiration = (options.Ttl > 0 ? (now + options.Ttl).ToString(CultureInfo.InvariantCulture) : "");
var macBaseString = MacPrefix + "*" + passwordId + "*" +
encryptionData.Key.Salt +
"*" + base64Iv + "*" + base64EncryptedData + "*" + expiration;
var hmac = HmacWithPassword(normalizedPassword.Integrity, options.Integrity, macBaseString);
var sealedData = macBaseString + "*" + hmac.Salt + "*" +
hmac.Digest;
return(sealedData);
}
/// <summary>
/// Unseals and deserializes an object of type <typeparamref name="T"/> from the provided <paramref name="sealedData"/>.
/// </summary>
/// <typeparam name="T">The type of the object sealed within <paramref name="sealedData"/>.</typeparam>
/// <param name="sealedData">The sealed object.</param>
/// <param name="password">The password used in key generation.</param>
/// <param name="options"></param>
/// <returns>An unsealed and deserialized object of type <typeparamref name="T"/></returns>
public T Unseal <T>(string sealedData, string password, IronEncrypterInitializationOptions options = null)
{
var passwordObject = new PasswordObject
{
Secret = password
};
return(Unseal <T>(sealedData, passwordObject, options));
}
/// <summary>
/// Serializes and seals <paramref name="data"/>.
/// </summary>
/// <param name="data">The object to seal.</param>
/// <param name="password">The password to use in key generation.</param>
/// <param name="options"></param>
/// <returns>A string containing the sealed data.</returns>
public string Seal(object data, string password, IronEncrypterInitializationOptions options = null)
{
var passwordObject = new PasswordObject
{
Secret = password
};
return(Seal(data, passwordObject, options));
}
/// <summary>
/// Unseals and deserializes an object of type <typeparamref name="T"/> from the provided <paramref name="sealedData"/>.
/// </summary>
/// <typeparam name="T">The type of the object sealed within <paramref name="sealedData"/>.</typeparam>
/// <param name="sealedData">The sealed object.</param>
/// <param name="password">The password used in key generation.</param>
/// <param name="options"></param>
/// <returns>An unsealed and deserialized object of type <typeparamref name="T"/></returns>
public T Unseal <T>(string sealedData, PasswordObject password, IronEncrypterInitializationOptions options = null)
{
if (options == null)
{
options = _options;
}
var now = DateTime.Now.Subtract(new DateTime(1970, 1, 1)).TotalMilliseconds +
(options.LocaltimeOffsetMsec ?? 0);
var parts = sealedData.Split('*');
var macPrefix = parts[0];
var passwordId = parts[1];
var encryptionSalt = parts[2];
var encryptionIv = parts[3];
var encryptedB64 = parts[4];
var expiration = parts[5];
var hmacSalt = parts[6];
var hmac = parts[7];
var macBaseString = macPrefix + '*' + passwordId + '*' + encryptionSalt + '*' + encryptionIv + '*' +
encryptedB64 + '*' + expiration;
if (macPrefix != MacPrefix)
{
throw new Exception("Wrong mac prefix");
}
if (!String.IsNullOrEmpty(expiration))
{
var exp = int.Parse(expiration);
if (exp <= (now - (options.TimestampSkewSec * 1000)))
{
throw new Exception("Expired Seal");
}
}
var normalizedPassword = Util.NormalizePassword(password);
var macOptions = options.Integrity;
macOptions.Salt = hmacSalt;
var mac = HmacWithPassword(normalizedPassword.Integrity, macOptions, macBaseString);
if (!Util.FixedTimeComparison(mac.Digest, hmac))
{
throw new Exception("Bad hmac value");
}
var encrypted = Util.FromSafeBase64(encryptedB64);
var decryptionAlgorithm = options.Encryption;
decryptionAlgorithm.Salt = encryptionSalt;
decryptionAlgorithm.Iv = Util.FromSafeBase64(encryptionIv);
var decrypted = Decrypt(normalizedPassword.Encryption, decryptionAlgorithm, encrypted);
var obj = JsonConvert.DeserializeObject <T>(decrypted);
return(obj);
}
public IronEncryption(IronEncrypterInitializationOptions options)
{
_options = options;
}
public IronEncryption()
{
_options = Defaults;
}