/// <summary> /// Decode the password. /// </summary> /// <param name="password">The password to decode.</param> /// <param name="passwordFormat">The password format type to decode with.</param> /// <param name="originalPassword">The original password (used when format is Hashed).</param> /// <param name="hashcodeType">The the hash code type (used when format is Hashed).</param> /// <returns>The decoded password (if format is Hashed and the hash has been verified to be /// the same then the original password is returned; else the password is returned).</returns> public string Decode(string password, Cryptography.PasswordFormat passwordFormat, string originalPassword = "", Nequeo.Cryptography.HashcodeType hashcodeType = Cryptography.HashcodeType.SHA512) { // If authorised. if (IsAuthorised()) { // Select the format. switch (passwordFormat) { case Cryptography.PasswordFormat.Encrypted: // Convert the HEX string to bytes. byte[] bytes = Nequeo.Conversion.Context.HexStringToByteArray(password); // Decrypt the data byte[] decryptedData = new Nequeo.Cryptography.AdvancedAES().DecryptFromMemory(bytes, KeyContainer._passwordKey); return(Encoding.Default.GetString(decryptedData).Replace("\0", "")); case Cryptography.PasswordFormat.Hashed: // Get the salt. string saltBase = password.Substring(0, KeyContainer._saltLength * 2); byte[] saltBaseBytes = Nequeo.Conversion.Context.HexStringToByteArray(saltBase); string salt = Encoding.Default.GetString(saltBaseBytes); // Return the salt for the hash. string hash = Nequeo.Cryptography.Hashcode.GetHashcode(originalPassword + _authorisationKey + salt, hashcodeType); // Get the hex salt. byte[] saltBase64 = Encoding.Default.GetBytes(salt); string hashed = Nequeo.Conversion.Context.ByteArrayToHexString(saltBase64) + hash; // If the hash is the password. if (hashed.Equals(password)) { return(originalPassword); } else { return(password); } case Cryptography.PasswordFormat.Clear: default: return(password); } } else { if (passwordFormat == Cryptography.PasswordFormat.Clear) { return(password); } else { throw new Exception("Authorisation Failed."); } } }
/// <summary> /// Encode the password. /// </summary> /// <param name="password">The password to encode.</param> /// <param name="passwordFormat">The password format type to encode with.</param> /// <param name="hashcodeType">The hash code type (used when format is Hashed).</param> /// <returns>The encode password (includes at the start of the password the encoded salt).</returns> public string Encode(string password, Cryptography.PasswordFormat passwordFormat, Nequeo.Cryptography.HashcodeType hashcodeType = Cryptography.HashcodeType.SHA512) { // If authorised. if (IsAuthorised()) { // Select the format. switch (passwordFormat) { case Cryptography.PasswordFormat.Encrypted: // Encrypt the data. byte[] data = Encoding.Default.GetBytes(password); byte[] encryptedData = new Nequeo.Cryptography.AdvancedAES().EncryptToMemory(data, KeyContainer._passwordKey); return(Nequeo.Conversion.Context.ByteArrayToHexString(encryptedData)); case Cryptography.PasswordFormat.Hashed: // Encode the password to a hash. string salt = Nequeo.Cryptography.Hashcode.GenerateSalt(KeyContainer._saltLength, KeyContainer._saltLength); byte[] saltBase = Encoding.Default.GetBytes(salt); // Password - based Key Derivation Functions. Rfc2898DeriveBytes rfcDerive = new Rfc2898DeriveBytes(password, saltBase, KeyContainer._numberOfIterations); string derivedPassword = Encoding.Default.GetString(rfcDerive.GetBytes(KeyContainer._saltLength * 2)); // Get the hex salt. string hash = Nequeo.Cryptography.Hashcode.GetHashcode(derivedPassword + _authorisationKey + salt, hashcodeType); _encodedSalt = Nequeo.Conversion.Context.ByteArrayToHexString(saltBase); return(_encodedSalt + hash); case Cryptography.PasswordFormat.Clear: default: return(password); } } else { if (passwordFormat == Cryptography.PasswordFormat.Clear) { return(password); } else { throw new Exception("Authorisation Failed."); } } }