private static void TestHybridWithIntegrityAndSignatures()
{
const string original = "Very secret and important information that must not fall in the hands of the enemy.";
var rsaParams = new RSAWithRSAParameterKey();
rsaParams.AssignNewKey();
var fullHybridEncryption = new FullHybridEncryption();
var digitalSignature = new DigitalSignatureFuncs();
digitalSignature.AssignNewKey();
try
{
var encryptedBlock = fullHybridEncryption.EncryptData(Encoding.UTF8.GetBytes(original), rsaParams, digitalSignature);
var decryptedBlock = fullHybridEncryption.DecryptData(encryptedBlock, rsaParams, digitalSignature);
Console.WriteLine($"Original Message: {original}");
Console.WriteLine($"Encrypted Block Data: {Convert.ToBase64String(encryptedBlock.EncryptedData)}");
Console.WriteLine($"Decrypted Block: {Convert.ToBase64String(decryptedBlock)}");
Console.WriteLine($"Decrypted Message: {Encoding.UTF8.GetString(decryptedBlock)}");
}
catch (CryptographicException ex)
{
Console.WriteLine($"Cryptographic Exception occured: {ex.Message}");
}
}
private static void TestDigitalSignature()
{
var document = Encoding.UTF8.GetBytes("Document to Sign");
byte[] hashedDocument;
using (var sha256 = SHA256.Create())
{
hashedDocument = sha256.ComputeHash(document);
}
var digitalSignature = new DigitalSignatureFuncs();
digitalSignature.AssignNewKey();
var signature = digitalSignature.SignData(hashedDocument);
var verified = digitalSignature.VerifySignature(hashedDocument, signature);
Console.WriteLine($"Original Text: {Encoding.Default.GetString(document)}");
Console.WriteLine($"Digital Signature: {Convert.ToBase64String(signature)}");
Console.WriteLine(verified ? "The digital signature has been verified." : "The digital signature has NOT been verified.");
}
public byte[] DecryptData(EncryptedPacket encryptedPacket, RSAWithRSAParameterKey rsaParams, DigitalSignatureFuncs digitalSignature)
{
// Decrypt AES Key with RSA
var decryptedSessionKey = rsaParams.DecryptData(encryptedPacket.EncryptedSessionKey);
// Integrity + Signature Check
var hmacToCheck = HMac.ComputeHMACSha256(encryptedPacket.EncryptedData, decryptedSessionKey);
if (!Compare(encryptedPacket.HMAC, hmacToCheck))
{
throw new CryptographicException("HMAC for decryption does not match encrypted package HMAC code received. This means the message has been tampered with.");
}
if (!digitalSignature.VerifySignature(encryptedPacket.HMAC, encryptedPacket.Signature))
{
throw new CryptographicException("Digital Signature of document cannot be verified.");
}
// Decrypt our data with AES using the decryptedSessionKey
return(_aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey, encryptedPacket.IV));
}
public EncryptedPacket EncryptData(byte[] original, RSAWithRSAParameterKey rsaParams, DigitalSignatureFuncs digitalSignature)
{
// Generate our session key
var sessionKey = _aes.GenerateRandomNumber(32);
// Create the encrypted packet and generate the IV
var encryptedPacket = new EncryptedPacket
{
IV = _aes.GenerateRandomNumber(16)
};
// Encrypt our data with AES
encryptedPacket.EncryptedData = _aes.Encrypt(original, sessionKey, encryptedPacket.IV);
// Encrypt the session key with RSA
encryptedPacket.EncryptedSessionKey = rsaParams.EncryptData(sessionKey);
// Calculate a HMAC
encryptedPacket.HMAC = HMac.ComputeHMACSha256(encryptedPacket.EncryptedData, sessionKey);
// Generate digital signature of packet to send
encryptedPacket.Signature = digitalSignature.SignData(encryptedPacket.HMAC);
return(encryptedPacket);
}
