public static byte[] ComputeAdditionalData(long fileLength) { long chunkCount = Utilities.RoundUp(fileLength, Constants.FileChunkSize); byte[] ciphertextLength = BitConverter.GetBytes(chunkCount * Constants.TotalChunkLength); return(Utilities.ConcatArrays(Constants.KryptorMagicBytes, Constants.EncryptionVersion, ciphertextLength)); }
public static byte[] KeyEncryptionKey(byte[] sharedSecret, byte[] ephemeralSharedSecret, byte[] salt) { byte[] inputKeyingMaterial = Utilities.ConcatArrays(sharedSecret, ephemeralSharedSecret); byte[] keyEncryptionKey = Blake2.KeyDerivation(inputKeyingMaterial, salt, Constants.EncryptionKeyLength); Utilities.ZeroArray(ephemeralSharedSecret); Utilities.ZeroArray(inputKeyingMaterial); return(keyEncryptionKey); }
public static (string publicKey, string privateKey) GenerateSigningKeyPair() { char[] password = PasswordPrompt.EnterNewPassword(); byte[] passwordBytes = Password.Hash(password); using var keyPair = PublicKeyAuth.GenerateKeyPair(); byte[] publicKey = Utilities.ConcatArrays(Constants.Ed25519KeyHeader, keyPair.PublicKey); byte[] encryptedPrivateKey = PrivateKey.Encrypt(passwordBytes, keyPair.PrivateKey, Constants.Ed25519KeyHeader); return(ConvertKeys(publicKey, encryptedPrivateKey)); }
public static void SignFile(string filePath, string comment, bool preHashed, byte[] privateKey) { byte[] preHashedHeader = BitConverter.GetBytes(preHashed); byte[] fileSignature = ComputeFileSignature(filePath, preHashed, privateKey); byte[] commentBytes = Encoding.UTF8.GetBytes(comment); // Sign the entire signature file byte[] signatureFileBytes = Utilities.ConcatArrays(Constants.SignatureMagicBytes, Constants.SignatureVersion, preHashedHeader, fileSignature, commentBytes); byte[] globalSignature = ComputeGlobalSignature(signatureFileBytes, privateKey); CreateSignatureFile(filePath, preHashedHeader, fileSignature, commentBytes, globalSignature); }
public static byte[] GetAdditionalData(string inputFilePath) { byte[] magicBytes = FileHeaders.ReadMagicBytes(inputFilePath); byte[] formatVersion = FileHeaders.ReadFileFormatVersion(inputFilePath); FileHeaders.ValidateFormatVersion(inputFilePath, formatVersion, Constants.EncryptionVersion); long fileLength = FileHandling.GetFileLength(inputFilePath); int headersLength = FileHeaders.GetHeadersLength(); byte[] ciphertextLength = BitConverter.GetBytes(fileLength - headersLength); return(Utilities.ConcatArrays(magicBytes, formatVersion, ciphertextLength)); }
public static byte[] Encrypt(byte[] passwordBytes, byte[] privateKey, byte[] keyAlgorithm) { byte[] salt = Generate.Salt(); byte[] key = Argon2.DeriveKey(passwordBytes, salt); Utilities.ZeroArray(passwordBytes); byte[] nonce = Generate.Nonce(); byte[] additionalData = Utilities.ConcatArrays(keyAlgorithm, Constants.PrivateKeyVersion); byte[] keyCommitmentBlock = ChunkHandling.GetKeyCommitmentBlock(); privateKey = Utilities.ConcatArrays(keyCommitmentBlock, privateKey); byte[] encryptedPrivateKey = SecretAeadXChaCha20Poly1305.Encrypt(privateKey, nonce, key, additionalData); Utilities.ZeroArray(privateKey); Utilities.ZeroArray(key); return(Utilities.ConcatArrays(additionalData, salt, nonce, encryptedPrivateKey)); }
private static byte[] Decrypt(byte[] passwordBytes, byte[] privateKey) { byte[] keyAlgorithm = GetKeyAlgorithm(privateKey); byte[] keyVersion = GetKeyVersion(privateKey); byte[] salt = GetSalt(privateKey); byte[] nonce = GetNonce(privateKey); byte[] additionalData = Utilities.ConcatArrays(keyAlgorithm, keyVersion); byte[] encryptedPrivateKey = GetEncryptedPrivateKey(privateKey); byte[] key = Argon2.DeriveKey(passwordBytes, salt); Utilities.ZeroArray(passwordBytes); byte[] decryptedPrivateKey = SecretAeadXChaCha20Poly1305.Decrypt(encryptedPrivateKey, nonce, key, additionalData); Utilities.ZeroArray(key); ChunkHandling.ValidateKeyCommitmentBlock(decryptedPrivateKey); return(ChunkHandling.RemoveKeyCommitmentBlock(decryptedPrivateKey)); }
public static bool VerifySignature(string signatureFilePath, string filePath, byte[] publicKey) { using var signatureFile = new FileStream(signatureFilePath, FileMode.Open, FileAccess.Read, FileShare.Read, Constants.FileStreamBufferSize, FileOptions.RandomAccess); // Verify the global signature byte[] magicBytes = GetMagicBytes(signatureFile); byte[] formatVersion = GetFormatVersion(signatureFile); FileHeaders.ValidateFormatVersion(signatureFilePath, formatVersion, Constants.SignatureVersion); byte[] preHashedHeader = GetPreHashedHeader(signatureFile); byte[] fileSignature = GetFileSignature(signatureFile); _commentBytes = GetCommentBytes(signatureFile); byte[] signatureFileBytes = Utilities.ConcatArrays(magicBytes, formatVersion, preHashedHeader, fileSignature, _commentBytes); bool validGlobalSignature = VerifyGlobalSignature(signatureFile, signatureFileBytes, publicKey); if (!validGlobalSignature) { return(false); } // Verify the file signature bool preHashed = BitConverter.ToBoolean(preHashedHeader); byte[] fileBytes = GetFileBytes(filePath, preHashed); return(PublicKeyAuth.VerifyDetached(fileSignature, fileBytes, publicKey)); }
public static byte[] GetEd25519PublicKey(byte[] privateKey) { byte[] publicKey = PublicKeyAuth.ExtractEd25519PublicKeyFromEd25519SecretKey(privateKey); return(Utilities.ConcatArrays(Constants.Ed25519KeyHeader, publicKey)); }
public static byte[] GetCurve25519PublicKey(byte[] privateKey) { byte[] publicKey = ScalarMult.Base(privateKey); return(Utilities.ConcatArrays(Constants.Curve25519KeyHeader, publicKey)); }
public static byte[] PrependKeyCommitmentBlock(byte[] plaintextChunk) { return(Utilities.ConcatArrays(_keyCommitmentBlock, plaintextChunk)); }