private static string Cipher(bool encrypt, byte[] key, byte[] data)
{
PaddedBufferedBlockCipher cipher = new PaddedBufferedBlockCipher(cipherEngine, padding);
cipher.Init(encrypt, new KeyParameter(key));
int size = cipher.GetOutputSize(data.Length);
byte[] result = new byte[size];
int position = cipher.ProcessBytes(data, 0, data.Length, result, 0);
cipher.DoFinal(result, position);
return encrypt ? BitConverter.ToString(result).Replace("-", String.Empty).ToLower() : encoding.GetString(result);
}
/// <summary>
/// Decrypt a hex-coded string using our MD5 or PBKDF2 generated key
/// </summary>
/// <param name="data">data string to be decrypted</param>
/// <param name="key">decryption key</param>
/// <param name="PBKDF2">flag to indicate we are using PBKDF2 to generate derived key</param>
/// <returns>hex coded decrypted string</returns>
public static string Decrypt(string data, string password, bool PBKDF2)
{
byte[] key;
byte[] saltBytes = Authenticator.StringToByteArray(data.Substring(0, SALT_LENGTH * 2));
if (PBKDF2 == true)
{
// extract the salt from the data
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
// build our PBKDF2 key
#if NETCF
PBKDF2 kg = new PBKDF2(passwordBytes, saltbytes, 2000);
#else
Rfc2898DeriveBytes kg = new Rfc2898DeriveBytes(passwordBytes, saltBytes, PBKDF2_ITERATIONS);
#endif
key = kg.GetBytes(PBKDF2_KEYSIZE);
}
else
{
// extract the salt from the data
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
key = new byte[saltBytes.Length + passwordBytes.Length];
Array.Copy(saltBytes, key, saltBytes.Length);
Array.Copy(passwordBytes, 0, key, saltBytes.Length, passwordBytes.Length);
// build out combined key
SHA256Managed md5 =new SHA256Managed();
key = md5.ComputeHash(key);
}
// extract the actual data to be decrypted
byte[] inBytes = Authenticator.StringToByteArray(data.Substring(SALT_LENGTH * 2));
// get cipher
BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine(), new ISO10126d2Padding());
cipher.Init(false, new KeyParameter(key));
// decrypt the data
int osize = cipher.GetOutputSize(inBytes.Length);
byte[] outBytes = new byte[osize];
try
{
int olen = cipher.ProcessBytes(inBytes, 0, inBytes.Length, outBytes, 0);
olen += cipher.DoFinal(outBytes, olen);
if (olen < osize)
{
byte[] t = new byte[olen];
Array.Copy(outBytes, 0, t, 0, olen);
outBytes = t;
}
}
catch (Exception)
{
// an exception is due to bad password
throw new BadPasswordException();
}
// return encoded string
return Authenticator.ByteArrayToString(outBytes);
}
/// <summary>
/// Encrypt a string with a given key
/// </summary>
/// <param name="plain">data to encrypt - hex representation of byte array</param>
/// <param name="key">key to use to encrypt</param>
/// <returns>hex coded encrypted string</returns>
public static string Encrypt(string plain, string password)
{
byte[] inBytes = Authenticator.StringToByteArray(plain);
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
// build a new salt
RNGCryptoServiceProvider rg = new RNGCryptoServiceProvider();
byte[] saltbytes = new byte[SALT_LENGTH];
rg.GetBytes(saltbytes);
string salt = Authenticator.ByteArrayToString(saltbytes);
// build our PBKDF2 key
#if NETCF
PBKDF2 kg = new PBKDF2(passwordBytes, saltbytes, PBKDF2_ITERATIONS);
#else
Rfc2898DeriveBytes kg = new Rfc2898DeriveBytes(passwordBytes, saltbytes, PBKDF2_ITERATIONS);
#endif
byte[] key = kg.GetBytes(PBKDF2_KEYSIZE);
// get our cipher
BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine(), new ISO10126d2Padding());
cipher.Init(true, new KeyParameter(key));
// encrypt data
int osize = cipher.GetOutputSize(inBytes.Length);
byte[] outBytes = new byte[osize];
int olen = cipher.ProcessBytes(inBytes, 0, inBytes.Length, outBytes, 0);
olen += cipher.DoFinal(outBytes, olen);
if (olen < osize)
{
byte[] t = new byte[olen];
Array.Copy(outBytes, 0, t, 0, olen);
outBytes = t;
}
// return encoded byte->hex string
return salt + Authenticator.ByteArrayToString(outBytes);
}
/// <summary>
/// Decrypt a hex-encoded string with a byte array key
/// </summary>
/// <param name="data">hex-encoded string</param>
/// <param name="key">key for decryption</param>
/// <returns>hex-encoded plain text</returns>
public static string Decrypt(string data, byte[] key)
{
// the actual data to be decrypted
byte[] inBytes = Authenticator.StringToByteArray(data);
// get cipher
BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine(), new ISO10126d2Padding());
cipher.Init(false, new KeyParameter(key));
// decrypt the data
int osize = cipher.GetOutputSize(inBytes.Length);
byte[] outBytes = new byte[osize];
try
{
int olen = cipher.ProcessBytes(inBytes, 0, inBytes.Length, outBytes, 0);
olen += cipher.DoFinal(outBytes, olen);
if (olen < osize)
{
byte[] t = new byte[olen];
Array.Copy(outBytes, 0, t, 0, olen);
outBytes = t;
}
}
catch (Exception)
{
// an exception is due to bad password
throw new BadPasswordException();
}
// return encoded string
return Authenticator.ByteArrayToString(outBytes);
}
/// <summary>
/// Encrypt a string with a byte array key
/// </summary>
/// <param name="plain">data to encrypt - hex representation of byte array</param>
/// <param name="passwordBytes">key to use to encrypt</param>
/// <returns>hex coded encrypted string</returns>
public static string Encrypt(string plain, byte[] key)
{
byte[] inBytes = Authenticator.StringToByteArray(plain);
// get our cipher
BufferedBlockCipher cipher = new PaddedBufferedBlockCipher(new BlowfishEngine(), new ISO10126d2Padding());
cipher.Init(true, new KeyParameter(key));
// encrypt data
int osize = cipher.GetOutputSize(inBytes.Length);
byte[] outBytes = new byte[osize];
int olen = cipher.ProcessBytes(inBytes, 0, inBytes.Length, outBytes, 0);
olen += cipher.DoFinal(outBytes, olen);
if (olen < osize)
{
byte[] t = new byte[olen];
Array.Copy(outBytes, 0, t, 0, olen);
outBytes = t;
}
// return encoded byte->hex string
return Authenticator.ByteArrayToString(outBytes);
}
/// <summary>
/// The encrypt.
/// </summary>
/// <param name="data">
/// The data.
/// </param>
/// <param name="key">
/// The key.
/// </param>
/// <returns>
/// The <see cref="string"/>.
/// </returns>
private string Encrypt(string data, SecretKey key)
{
byte[] bytes = Encoding.UTF8.GetBytes(data);
// Setup the DESede cipher engine, create a PaddedBufferedBlockCipher in CBC mode.
byte[] keyBytes = key.GetBytes();
var cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new DesEdeEngine()));
// initialise the cipher with the key bytes, for encryption
cipher.Init(true, new KeyParameter(keyBytes));
int inBlockSize = bytes.Length;
int outBlockSize = cipher.GetOutputSize(inBlockSize);
var inblock = bytes;
var outblock = new byte[outBlockSize];
cipher.ProcessBytes(inblock, 0, inBlockSize, outblock, 0);
cipher.DoFinal(outblock, 0);
return Convert.ToBase64String(outblock);
}
/// <summary>
/// The decrypt.
/// </summary>
/// <param name="encrypted">
/// The encrypted.
/// </param>
/// <param name="key">
/// The key.
/// </param>
/// <returns>
/// The <see cref="string"/>.
/// </returns>
private string Decrypt(string encrypted, SecretKey key)
{
byte[] bytes = Convert.FromBase64String(encrypted);
byte[] keyBytes = key.GetBytes();
// initialise the cipher for decryption
var cipher = new PaddedBufferedBlockCipher(new CbcBlockCipher(new DesEdeEngine()));
cipher.Init(false, new KeyParameter(keyBytes));
int inBlockSize = bytes.Length;
int outBlockSize = cipher.GetOutputSize(inBlockSize);
var inblock = bytes;
var outblock = new byte[outBlockSize];
cipher.ProcessBytes(inblock, 0, inBlockSize, outblock, 0);
cipher.DoFinal(outblock, 0);
var clear = this.ToUTF8String(outblock);
return clear;
}
