public static byte[] Decrypt(byte[] encryptionPayload, SecureString passPhrase)
{
var passwordBytes = passPhrase.ToByteArray();
var output = Decrypt(encryptionPayload, passwordBytes);
passwordBytes.ClearByteArray();
return output;
}
public void SecureStringExtensions_ToByteArray_EmptyInput()
{
SecureString input = new SecureString();
byte[] output = input.ToByteArray();
byte[] expected = new byte[0];
CollectionAssert.AreEqual(expected, output);
}
public static string Decrypt(string encryptedString, SecureString passPhrase, bool useBase36)
{
var passwordBytes = passPhrase.ToByteArray();
var output = Decrypt(encryptedString, passwordBytes, useBase36);
passwordBytes.ClearByteArray();
return output;
}
public static string Encrypt(SecureString input)
{
Validator.AssertNotNull(input, "input");
if(input.Length == 0)
{
return String.Empty;
}
byte[] bytes = input.ToByteArray();
try
{
// Encrypt
var aes = new AesCryptoServiceProvider();
// Set nulled IV
aes.IV = new byte[aes.IV.Length];
aes.Key = AesKey;
ICryptoTransform aesEncryptor = aes.CreateEncryptor();
// Decrypt
byte[] encryptedBytes = aesEncryptor.TransformFinalBlock(bytes, 0, bytes.Length);
// Convert to Base64
string base64 = Convert.ToBase64String(encryptedBytes);
// Remove Base64 padding
string result = RemoveBase64Padding(base64);
return result;
}
finally
{
bytes.ZeroFill();
}
}
private static byte[] Encrypt_Private_v1(byte[] unencryptedBytes, SecureString passPhrase, int iterations)
{
var passPhraseAsBytes = passPhrase.ToByteArray();
var payload = Encrypt_Private_v1(unencryptedBytes, passPhraseAsBytes, iterations);
passPhraseAsBytes.ClearByteArray(); // modify the byte array
return payload;
}
private static string Encrypt_Private_v1(string plainText, SecureString passPhrase, int iterations, bool useBase36)
{
// in version 1, we use UTF8 for our plain text value to bytes
byte[] unencryptedBytes = Encoding.UTF8.GetBytes(plainText);
var passPhraseAsBytes = passPhrase.ToByteArray();
var payload = Encrypt_Private_v1(unencryptedBytes, passPhraseAsBytes, iterations);
passPhraseAsBytes.ClearByteArray(); // modify the byte array
string cipherText;
if (useBase36)
{
cipherText = Base36.ByteArrayToBase36String(payload);
cipherText = cipherText.ToLower();
}
else
{
cipherText = Convert.ToBase64String(payload);
}
// Return encrypted string witht the leading 8 characters as the salt
return cipherText;
}
//[Obsolete]
//public static string EncryptToBase64String(SecureString passwordToProtect, string keyId, RSACryptoServiceProvider publicKey)
//{
// return EncryptToBase64String(passwordToProtect, keyId, publicKey, null, null);
//}
///// <summary>
///// This may be used to secure a password for symmetric encryption.
///// </summary>
///// <param name="passwordToProtect"></param>
///// <param name="publicKey"></param>
///// <returns></returns>
//[Obsolete("Use the IPublicKey infrastructure")]
//public static string EncryptToBase64String(SecureString passwordToProtect, string key1Id, RSACryptoServiceProvider publicKey1, string key2Id, RSACryptoServiceProvider publicKey2)
//{
// // Use a 4-byte array to fill it with random bytes and convert it then
// // to an integer value.
// byte[] plainBytes;
// //byte[] encryptedBytes = null;
// plainBytes = passwordToProtect.ToByteArray();
// var asymEnc = new AsymmetricEncryptor(AsymmetricStrategyOption.Aes256_1000);
// var asymObj = asymEnc.EncryptObject(plainBytes, key1Id, publicKey1, key2Id, publicKey2);
// var json = Serializer.SerializeToJson(asymObj);
// var bytes = Encoding.UTF8.GetBytes(json);
// return Convert.ToBase64String(bytes);
//}
/// <summary>
/// This may be used to secure a password for symmetric encryption.
/// </summary>
/// <param name="passwordToProtect"></param>
/// <param name="publicKey"></param>
/// <returns></returns>
public static async Task<string> EncryptToBase64StringAsync(SecureString passwordToProtect, IPublicKey publicKey1, IPublicKey publicKey2)
{
// Use a 4-byte array to fill it with random bytes and convert it then
// to an integer value.
byte[] plainBytes;
//byte[] encryptedBytes = null;
plainBytes = passwordToProtect.ToByteArray();
var asymEnc = new AsymmetricEncryptor(AsymmetricStrategyOption.Aes256_1000);
var asymObj = await asymEnc.EncryptObject_PrivateAsync(plainBytes, publicKey1, publicKey2);
var json = Serializer.SerializeToJson(asymObj);
var bytes = Encoding.UTF8.GetBytes(json);
return Convert.ToBase64String(bytes);
}