public byte[] DecryptData(EncryptedPacket encryptedPacket, RSAWithRSAParameterKey rsaParams,
DigitalSignature digitalSignature)
{
var decryptedSessionKey = rsaParams.DecryptData(encryptedPacket.EncryptedSessionKey);
using (var hmac = new HMACSHA256(decryptedSessionKey))
{
var hmacToCheck = hmac.ComputeHash(Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv));
if (!Compare(encryptedPacket.Hmac, hmacToCheck))
{
throw new CryptographicException(
"HMAC for decryption does not match encrypted packet.");
}
}
if (!digitalSignature.VerifySignature(encryptedPacket.Hmac,
encryptedPacket.Signature))
{
throw new CryptographicException(
"Digital Signature can not be verified.");
}
var decryptedData = _aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey,
encryptedPacket.Iv);
return(decryptedData);
}
public byte[] DecryptData(EncryptedPacket encryptedPacket, RSAWithRSAParameterKey rsaParams,
DigitalSignature digitalSignature)
{
var decryptedSessionKey = rsaParams.DecryptData(encryptedPacket.EncryptedSessionKey);
if (!digitalSignature.VerifySignature(encryptedPacket.Hmac,
encryptedPacket.Signature))
{
throw new CryptographicException(
"Digital Signature can not be verified.");
}
var decryptedData = _aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey,
encryptedPacket.Iv, encryptedPacket.Tag, null);
return(decryptedData);
}