public static byte[] GetPlaintextMasterKey(this DBUser user, string password) { var pw_key = user.DeriveKeyFromPassword(password); var aes = new AesManaged(); // Create a decrytor to perform the stream transform. ICryptoTransform decryptor = aes.CreateDecryptor(pw_key, user.MasterKeySalt.ToByteArray()); // Create the streams used for decryption. string plaintext; using (MemoryStream msDecrypt = new MemoryStream(user.EncryptedMasterKey.ToByteArray())) { using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) { using (StreamReader srDecrypt = new StreamReader(csDecrypt)) { // Read the decrypted bytes from the decrypting stream // and place them in a string. plaintext = srDecrypt.ReadToEnd(); } } } return(plaintext.ToByteArray()); }
public static void CreateCryptoFields(this DBUser db_user, string password) { if (string.IsNullOrEmpty(password)) { throw new ArgumentNullException("password"); } var rng = new RNGCryptoServiceProvider(); var salt = rng.Create256BitLowerCaseHexKey(); db_user.PasswordSalt = salt.Substring(0, 32); db_user.MasterKeySalt = salt.Substring(32, 32); db_user.UpdatePassword(password); // generate master key - always fix and will sustain password changes string master_key = rng.Create256BitLowerCaseHexKey(); var pw_key = db_user.DeriveKeyFromPassword(password); // now encrypt the cleartext masterkey with the password-derived key using (var aes = new AesManaged()) { ICryptoTransform encryptor = aes.CreateEncryptor(pw_key, db_user.MasterKeySalt.ToByteArray()); // Create the streams used for encryption. using (MemoryStream msEncrypt = new MemoryStream()) { using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)) { using (StreamWriter swEncrypt = new StreamWriter(csEncrypt)) { //Write all data to the stream. swEncrypt.Write(master_key); } var encrypted = msEncrypt.ToArray(); db_user.EncryptedMasterKey = encrypted.ToHexString(); } } } }