public static XmlDocument Decode(XmlDocument encryptedDocument, string password)
{
XmlElement encryptedElement = encryptedDocument.GetElementsByTagName("EncryptedData")[0] as XmlElement;
if (encryptedElement == null)
{
throw new ArgumentException("encryptedDocument does not have required EncryptedData section");
}
EncryptedData edElement = new EncryptedData();
edElement.LoadXml(encryptedElement);
EncryptedXml exml = new EncryptedXml();
var encoder = SymmetricEncoder.Create(makeKey(password));
using (var Key = encoder.NativeAlgorithm())
{
if (Key is Rijndael || Key is Aes)
{
Key.BlockSize = 128;
if (Key.IV.Length > 16) //to be compatible with FIPS-197 standard
{
byte[] newIv = new byte[16];
Buffer.BlockCopy(Key.IV, 0, newIv, 0, 16);
Key.IV = newIv;
}
}
byte[] rgbOutput = exml.DecryptData(edElement, Key);
exml.ReplaceData(encryptedElement, rgbOutput);
}
return encryptedDocument;
}
public static XmlDocument Encode(XmlElement plainTextNode, string password)
{
XmlDocument Doc = plainTextNode.OwnerDocument;
var key = makeKey(password);
var encoder = SymmetricEncoder.Create(key);
using (SymmetricAlgorithm Key = encoder.NativeAlgorithm())
{
if (Key is Rijndael || Key is Aes)
{
Key.BlockSize = 128;
if (Key.IV.Length > 16) //to be compatible with FIPS-197 standard
{
byte[] newIv = new byte[16];
Buffer.BlockCopy(Key.IV, 0, newIv, 0, 16);
Key.IV = newIv;
}
}
XmlElement elementToEncrypt = plainTextNode;
EncryptedXml eXml = new EncryptedXml();
byte[] encryptedElement = eXml.EncryptData(elementToEncrypt, Key, false);
EncryptedData edElement = new EncryptedData();
edElement.Type = EncryptedXml.XmlEncElementUrl;
string encryptionMethod = null;
if (Key is TripleDES)
{
encryptionMethod = EncryptedXml.XmlEncTripleDESUrl;
}
else if (Key is DES)
{
encryptionMethod = EncryptedXml.XmlEncDESUrl;
}
if (Key is Rijndael)
{
switch (Key.KeySize)
{
case 128:
encryptionMethod = EncryptedXml.XmlEncAES128Url;
break;
case 192:
encryptionMethod = EncryptedXml.XmlEncAES192Url;
break;
case 256:
encryptionMethod = EncryptedXml.XmlEncAES256Url;
break;
}
}
else
{
throw new CryptographicException("The specified algorithm is not supported for XML Encryption.");
}
edElement.EncryptionMethod = new EncryptionMethod(encryptionMethod);
edElement.CipherData.CipherValue = encryptedElement;
EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
} //using Key
return Doc;
}
private static CryptoKey makeKey(string password)
{
byte[] passwordBytes = Encoding.Unicode.GetBytes(password);
using (Rfc2898DeriveBytes byteFactory = new Rfc2898DeriveBytes(passwordBytes, _internalSalt, 10))
{
byte[] encryptionKey = byteFactory.GetBytes(Simple.KEYSIZEBYTES);
byte[] iv = byteFactory.GetBytes(Simple.IVSIZEBYTES);
return SymmetricEncoder.CreateKey(_defaultEncryptionMode, encryptionKey, iv);
}
}
/// <summary>
/// Decrypt a series of encrypted bytes that have been previously encrypted with one of Encode methods
/// </summary>
/// <param name="encryptedBytes">Non-null encrypted list of bytes</param>
/// <param name="password">Plain text password that was used to encrypt this bytes</param>
/// <returns>Decrypted bytes. Does not modify <paramref name="encryptedBytes"/>.</returns>
public static byte[] Decode(byte[] encryptedBytes, string password)
{
var key = makeKey(password);
try
{
return SymmetricEncoder.Create(key).Decode(encryptedBytes);
}
catch (CryptographicException ex)
{
throw new InvalidOperationException("Encryption error occured. This is often because decode password is not the same as the one used to encode the data, data is not encrypted, or data encrypted with a different algorithm. See inner exception for exception from .Net", ex);
}
}
/// <summary>
/// Encrypt series of bytes with a given password. (Internally uses RijindaelManaged encryptor)
/// </summary>
/// <param name="plainBytes">Non-null list of bytes to encrypt</param>
/// <param name="password">Password to use when encrypting this set of bytes</param>
/// <returns>Encrypted set of bytes. Does not modify <paramref name="plainBytes"/></returns>
public static byte[] Encode(byte[] plainBytes, string password)
{
var key = makeKey(password);
return SymmetricEncoder.Create(key).Encode(plainBytes);
}
