private static void TestHybridWithIntegrityAndSignatures() { const string original = "Very secret and important information that must not fall in the hands of the enemy."; var rsaParams = new RSAWithRSAParameterKey(); rsaParams.AssignNewKey(); var fullHybridEncryption = new FullHybridEncryption(); var digitalSignature = new DigitalSignatureFuncs(); digitalSignature.AssignNewKey(); try { var encryptedBlock = fullHybridEncryption.EncryptData(Encoding.UTF8.GetBytes(original), rsaParams, digitalSignature); var decryptedBlock = fullHybridEncryption.DecryptData(encryptedBlock, rsaParams, digitalSignature); Console.WriteLine($"Original Message: {original}"); Console.WriteLine($"Encrypted Block Data: {Convert.ToBase64String(encryptedBlock.EncryptedData)}"); Console.WriteLine($"Decrypted Block: {Convert.ToBase64String(decryptedBlock)}"); Console.WriteLine($"Decrypted Message: {Encoding.UTF8.GetString(decryptedBlock)}"); } catch (CryptographicException ex) { Console.WriteLine($"Cryptographic Exception occured: {ex.Message}"); } }
private static void TestDigitalSignature() { var document = Encoding.UTF8.GetBytes("Document to Sign"); byte[] hashedDocument; using (var sha256 = SHA256.Create()) { hashedDocument = sha256.ComputeHash(document); } var digitalSignature = new DigitalSignatureFuncs(); digitalSignature.AssignNewKey(); var signature = digitalSignature.SignData(hashedDocument); var verified = digitalSignature.VerifySignature(hashedDocument, signature); Console.WriteLine($"Original Text: {Encoding.Default.GetString(document)}"); Console.WriteLine($"Digital Signature: {Convert.ToBase64String(signature)}"); Console.WriteLine(verified ? "The digital signature has been verified." : "The digital signature has NOT been verified."); }
public byte[] DecryptData(EncryptedPacket encryptedPacket, RSAWithRSAParameterKey rsaParams, DigitalSignatureFuncs digitalSignature) { // Decrypt AES Key with RSA var decryptedSessionKey = rsaParams.DecryptData(encryptedPacket.EncryptedSessionKey); // Integrity + Signature Check var hmacToCheck = HMac.ComputeHMACSha256(encryptedPacket.EncryptedData, decryptedSessionKey); if (!Compare(encryptedPacket.HMAC, hmacToCheck)) { throw new CryptographicException("HMAC for decryption does not match encrypted package HMAC code received. This means the message has been tampered with."); } if (!digitalSignature.VerifySignature(encryptedPacket.HMAC, encryptedPacket.Signature)) { throw new CryptographicException("Digital Signature of document cannot be verified."); } // Decrypt our data with AES using the decryptedSessionKey return(_aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey, encryptedPacket.IV)); }
public EncryptedPacket EncryptData(byte[] original, RSAWithRSAParameterKey rsaParams, DigitalSignatureFuncs digitalSignature) { // Generate our session key var sessionKey = _aes.GenerateRandomNumber(32); // Create the encrypted packet and generate the IV var encryptedPacket = new EncryptedPacket { IV = _aes.GenerateRandomNumber(16) }; // Encrypt our data with AES encryptedPacket.EncryptedData = _aes.Encrypt(original, sessionKey, encryptedPacket.IV); // Encrypt the session key with RSA encryptedPacket.EncryptedSessionKey = rsaParams.EncryptData(sessionKey); // Calculate a HMAC encryptedPacket.HMAC = HMac.ComputeHMACSha256(encryptedPacket.EncryptedData, sessionKey); // Generate digital signature of packet to send encryptedPacket.Signature = digitalSignature.SignData(encryptedPacket.HMAC); return(encryptedPacket); }