/// <summary> /// 异步加密算法 /// of specific security profile in the configuration file /// </summary> /// <param name="data">数据</param> /// <param name="profile">配置名</param> /// <param name="key">output parameter for generated secret key</param> /// <param name="iv">output parameter for generated iv</param> /// <param name="signature">out parameters for the digital signature</param> /// <returns>stream data</returns> public static Stream Encrypt(Stream data, string profile, out byte[] key, out byte[] iv, out byte[] signature) { var helper = new EncryptionConfigHelper(); var cm = helper[profile]; if (cm.SymmetricAlgorithm) { throw new Exception("This method id not intended for symmetric encryption"); } //retireve the sneder and receiver's certification information for encryption var senderCert = cm.ExtentProperty["SenderCertificate"]; string sendCertStore = null; string sendCertStoreName = null; string password = null; var receiverCert = cm.ExtentProperty["ReceiverCertificate"]; string receiverCertStore = null; string receiverCertStoreName = null; var fromFile = cm.ExtentProperty["CertificateFile"] == "true"; if (!fromFile) { if (cm.ExtentProperty.ContainsKey("SenderCertificateStore")) { sendCertStore = cm.ExtentProperty["SenderCertificateStore"]; } if (cm.ExtentProperty.ContainsKey("SenderCertificateStoreName")) { sendCertStoreName = cm.ExtentProperty["SenderCertificateStoreName"]; } if (cm.ExtentProperty.ContainsKey("ReceiverCertificateStore")) { receiverCertStore = cm.ExtentProperty["ReceiverCertificateStore"]; } if (cm.ExtentProperty.ContainsKey("ReceiverCertificateStoreName")) { receiverCertStoreName = cm.ExtentProperty["ReceiverCertificateStoreName"]; } } else { password = cm.ExtentProperty["SenderCertificatePassword"]; } //obtain the X509 certificate object for the sender and receiver var senderCertificate = fromFile ? Certificate.LoadCertificateByFile(senderCert, password) : Certificate.SearchCertificateBySubjectName(senderCert, sendCertStore, sendCertStoreName); var receiverCertificate = fromFile ? Certificate.LoadCertificateByFile(receiverCert, null) : Certificate.SearchCertificateBySubjectName(receiverCert, receiverCertStore, receiverCertStoreName); var symmProvider = cm.AlgorithmProvider.CreateInstance <SymmetricAlgorithm>(); ICryptoTransform encryptor = symmProvider.CreateEncryptor(); var encStream = new CryptoStream(data, encryptor, CryptoStreamMode.Read); var encrypted = new MemoryStream(); var buffer = new byte[1024]; int count; while ((count = encStream.Read(buffer, 0, 1024)) > 0) { encrypted.Write(buffer, 0, count); } //encrypt the screte key, iv key using receiver's public key //that are used to decrypt the data var provider = (RSACryptoServiceProvider)receiverCertificate.PublicKey.Key; key = provider.Encrypt(symmProvider.Key, false); iv = provider.Encrypt(symmProvider.IV, false); //sign the data with sender's private key var provider2 = (RSACryptoServiceProvider)senderCertificate.PrivateKey; signature = provider2.SignData(encrypted.ToArray(), new SHA1CryptoServiceProvider()); encrypted.Position = 0; return(encrypted); }
/// <summary> /// decrypt the stream data asymmetrically using the security profile /// information stored in the configuration file /// </summary> /// <param name="data">encrypted stream data</param> /// <param name="profile">security profile name</param> /// <param name="key">generated key</param> /// <param name="iv">generated iv</param> /// <param name="signature">generated signature</param> /// <returns>decrypted stream</returns> public static Stream Decrypt(Stream data, string profile, byte[] key, byte[] iv, byte[] signature) { var helper = new EncryptionConfigHelper(); var cm = helper[profile]; if (cm.SymmetricAlgorithm) { throw new Exception("This method id not intended for symmetric encryption"); } //retireve the sneder and receiver's certification information for encryption var senderCert = cm.ExtentProperty["SenderCertificate"]; string sendCertStore = null; string sendCertStoreName = null; string password = null; var receiverCert = cm.ExtentProperty["ReceiverCertificate"]; string receiverCertStore = null; string receiverCertStoreName = null; var fromFile = cm.ExtentProperty["CertificateFile"] == "true"; if (!fromFile) { if (cm.ExtentProperty.ContainsKey("SenderCertificateStore")) { sendCertStore = cm.ExtentProperty["SenderCertificateStore"]; } if (cm.ExtentProperty.ContainsKey("SenderCertificateStoreName")) { sendCertStoreName = cm.ExtentProperty["SenderCertificateStoreName"]; } if (cm.ExtentProperty.ContainsKey("ReceiverCertificateStore")) { receiverCertStore = cm.ExtentProperty["ReceiverCertificateStore"]; } if (cm.ExtentProperty.ContainsKey("ReceiverCertificateStoreName")) { receiverCertStoreName = cm.ExtentProperty["ReceiverCertificateStoreName"]; } } else { password = cm.ExtentProperty["SenderCertificatePassword"]; } //obtain the X509 certificate object for the sender and receiver var senderCertificate = fromFile ? Certificate.LoadCertificateByFile(senderCert, password) : Certificate.SearchCertificateBySubjectName(senderCert, sendCertStore, sendCertStoreName); var receiverCertificate = fromFile ? Certificate.LoadCertificateByFile(receiverCert, null) : Certificate.SearchCertificateBySubjectName(receiverCert, receiverCertStore, receiverCertStoreName); string senderPrivateKey = senderCertificate.GetKeyAlgorithmParametersString(); string receiverPublicKey = receiverCertificate.GetPublicKeyString(); if (string.IsNullOrEmpty(senderPrivateKey) || string.IsNullOrEmpty(receiverPublicKey)) { throw new Exception("用于签名的私有Key或公有Key为空。"); } //import the public key information to verify the data var provider = (RSACryptoServiceProvider)receiverCertificate.PublicKey.Key; var ms = new MemoryStream(); var buffer = new Byte[1024]; int count; while ((count = data.Read(buffer, 0, buffer.Length)) > 0) { ms.Write(buffer, 0, count); } var encryptedData = ms.ToArray(); //data.Position = 0 ; //data.Read(encryptedData,0,encryptedData.Length); //verify if the data has been tempered with var v = provider.VerifyData(encryptedData, new SHA1CryptoServiceProvider(), signature); if (v == false) { throw new CryptographicException(); } //import the private key information to decrypt data var provider2 = (RSACryptoServiceProvider)senderCertificate.PrivateKey; //decrypt the secret key and iv var decryptedkey = provider2.Decrypt(key, false); var decryptediv = provider2.Decrypt(iv, false); var symmProvider = SymmetricAlgorithm.Create(cm.AlgorithmProvider); symmProvider.Key = decryptedkey; symmProvider.IV = decryptediv; var decryptor = symmProvider.CreateDecryptor(); ms.Position = 0; //decrypt the stream var decStream = new CryptoStream(ms, decryptor, CryptoStreamMode.Read); var decrypted = new MemoryStream(); while ((count = decStream.Read(buffer, 0, buffer.Length)) != 0) { decrypted.Write(buffer, 0, count); } decrypted.Position = 0; return(decrypted); }
/// <summary> /// 同步加密算法 /// </summary> /// <param name="data">string data</param> /// <param name="profile">security profile name</param> /// <returns>encrypted string</returns> public static string Encrypt(string data, string profile) { var cm = new EncryptionConfigHelper()[profile]; return(Encrypt(data, cm)); }
/// <summary> /// decrypt the stream data symmetrically using the security profile /// information stored in the configuration file /// </summary> /// <param name="data">stream data</param> /// <param name="profile">security profile name</param> /// <returns>decrypted stream</returns> public static Stream Decrypt(Stream data, string profile) { var cm = new EncryptionConfigHelper()[profile]; return(Decrypt(data, cm)); }