private byte[] ProtectPassword(UserEntity usr, string password) { return(ProtectedData.Protect(Encoding.UTF8.GetBytes(password), Encoding.UTF8.GetBytes(usr.Username), DataProtectionScope.LocalMachine)); }
internal static string Protect(string str) { var entropy = Encoding.ASCII.GetBytes(Environment.MachineName); return(Convert.ToBase64String(ProtectedData.Protect(Encoding.ASCII.GetBytes(str), entropy, DataProtectionScope.CurrentUser))); }
/// <summary> /// Encrypts the symmetric key. /// </summary> /// <remarks> /// The method is called by the GoF template-methods. /// </remarks> /// <returns>System.Byte[].</returns> protected override byte[] EncryptSymmetricKey() => ProtectedData.Protect(Symmetric.Key, null, DataProtectionScope.LocalMachine);
public string EncryptString(string serverName, string accountName, string password) { return(Convert.ToBase64String(ProtectedData.Protect(Encoding.UTF8.GetBytes(password ?? string.Empty), saltBytes, DataProtectionScope.CurrentUser))); }
public virtual byte[] Protect(byte[] userData) { return(ProtectedData.Protect(userData, null, DataProtectionScope.LocalMachine)); }
public string Encrypt(string unencrypted) { byte[] tmp = ProtectedData.Protect(encoder.GetBytes(unencrypted), entropy, DataProtectionScope.LocalMachine); return(Convert.ToBase64String(Encrypt(tmp))); }
public void SetPassword(string password) { Password = Convert.ToBase64String(ProtectedData.Protect(Encoding.UTF8.GetBytes(password), null, DataProtectionScope.CurrentUser)); }
protected internal override byte [] EncodeSecurityState(byte [] data) { return(ProtectedData.Protect(data, entropy, DataProtectionScope.CurrentUser)); }
public static string EncryptString(string clearText) { byte[] decryptedTextBytes = ASCIIEncoding.ASCII.GetBytes(clearText); byte[] encryptedTextBytes = ProtectedData.Protect(decryptedTextBytes, entropicData, DataProtectionScope.CurrentUser); return(Convert.ToBase64String(encryptedTextBytes)); }
public static string SymEncryptLocalPC(string data) { byte[] bytes = Encoding.UTF8.GetBytes(data); bytes = ProtectedData.Protect(bytes, aditionalEntropy, DataProtectionScope.LocalMachine); return(Convert.ToBase64String(bytes)); }
private string EncryptToken(AuthTokenResponse token, byte[] salt) => Convert.ToBase64String( ProtectedData.Protect( JsonSerializer.SerializeToUtf8Bytes(token), salt, DataProtectionScope.CurrentUser));
internal static string Protect(string value) { byte[] rawData = Encoding.UTF8.GetBytes(value); byte[] encData = ProtectedData.Protect(rawData, EntropyBytes, DataProtectionScope.CurrentUser); return(Convert.ToBase64String(encData)); }
public byte[] Protect(byte[] unprotectedData) { return(ProtectedData.Protect(unprotectedData, null, DataProtectionScope.CurrentUser)); }
public IBuildServerCredentials GetBuildServerCredentials(IBuildServerAdapter buildServerAdapter, bool useStoredCredentialsIfExisting) { lock (_buildServerCredentialsLock) { IBuildServerCredentials buildServerCredentials = new BuildServerCredentials { UseGuestAccess = true }; var foundInConfig = false; const string CredentialsConfigName = "Credentials"; const string UseGuestAccessKey = "UseGuestAccess"; const string UsernameKey = "Username"; const string PasswordKey = "Password"; using (var stream = GetBuildServerOptionsIsolatedStorageStream(buildServerAdapter, FileAccess.Read, FileShare.Read)) { if (stream.Position < stream.Length) { var protectedData = new byte[stream.Length]; stream.Read(protectedData, 0, (int)stream.Length); try { byte[] unprotectedData = ProtectedData.Unprotect(protectedData, null, DataProtectionScope.CurrentUser); using (var memoryStream = new MemoryStream(unprotectedData)) { var credentialsConfig = new ConfigFile("", false); using (var textReader = new StreamReader(memoryStream, Encoding.UTF8)) { credentialsConfig.LoadFromString(textReader.ReadToEnd()); } var section = credentialsConfig.FindConfigSection(CredentialsConfigName); if (section != null) { buildServerCredentials.UseGuestAccess = section.GetValueAsBool(UseGuestAccessKey, true); buildServerCredentials.Username = section.GetValue(UsernameKey); buildServerCredentials.Password = section.GetValue(PasswordKey); foundInConfig = true; if (useStoredCredentialsIfExisting) { return(buildServerCredentials); } } } } catch (CryptographicException) { // As per MSDN, the ProtectedData.Unprotect method is per user, // it will throw the CryptographicException if the current user // is not the one who protected the data. // Set this variable to false so the user can reset the credentials. useStoredCredentialsIfExisting = false; } } } if (!useStoredCredentialsIfExisting || !foundInConfig) { buildServerCredentials = ThreadHelper.JoinableTaskFactory.Run(() => ShowBuildServerCredentialsFormAsync(buildServerAdapter.UniqueKey, buildServerCredentials)); if (buildServerCredentials != null) { var credentialsConfig = new ConfigFile("", true); var section = credentialsConfig.FindOrCreateConfigSection(CredentialsConfigName); section.SetValueAsBool(UseGuestAccessKey, buildServerCredentials.UseGuestAccess); section.SetValue(UsernameKey, buildServerCredentials.Username); section.SetValue(PasswordKey, buildServerCredentials.Password); using (var stream = GetBuildServerOptionsIsolatedStorageStream(buildServerAdapter, FileAccess.Write, FileShare.None)) { using (var memoryStream = new MemoryStream()) { using (var textWriter = new StreamWriter(memoryStream, Encoding.UTF8)) { textWriter.Write(credentialsConfig.GetAsString()); } var protectedData = ProtectedData.Protect(memoryStream.ToArray(), null, DataProtectionScope.CurrentUser); stream.Write(protectedData, 0, protectedData.Length); } } return(buildServerCredentials); } } return(null); } }
public static string GetSqlConnectionString(string stampName, bool forceValidate = false, bool forceRenew = false) { string connStr = null; if (!forceRenew && SqlConnectionStrings.TryGetValue(stampName, out connStr)) { return(connStr); } var file = string.Format(@"{0}\{1}.ro-sql.txt", CacheDirectory.Value, stampName); if (!forceRenew && File.Exists(file)) { try { var encrypted = Convert.FromBase64String(File.ReadAllText(file)); connStr = Encoding.UTF8.GetString(ProtectedData.Unprotect(encrypted, null, DataProtectionScope.CurrentUser)); if (!forceValidate || ValidateSqlConnectionString(stampName, connStr)) { SqlConnectionStrings[stampName] = connStr; return(connStr); } } catch (Exception) { } } var db = "hosting"; if (stampName.StartsWith("gm-")) { db = "geomaster"; } else if (stampName.StartsWith("gr-")) { db = "georegionservice"; } try { var privateDefinition = string.Format(@"\\AntaresDeployment\PublicLockbox\{0}\developer.definitions", stampName); if (File.Exists(privateDefinition)) { connStr = ReadFromPrivateDefinition(privateDefinition); } else { //connStr = AntaresDiagnosticsCommon.Value.GetHostingDBConnectionStringForStamp(stampName, db); connStr = GetConnectionStringAsync(db, stampName).Result; } if (ValidateSqlConnectionString(stampName, connStr)) { var encrypted = ProtectedData.Protect(Encoding.UTF8.GetBytes(connStr), null, DataProtectionScope.CurrentUser); File.WriteAllText(file, Convert.ToBase64String(encrypted)); SqlConnectionStrings[stampName] = connStr; return(connStr); } } catch (Exception ex) { Console.WriteLine(); Console.WriteLine("R/O SqlConnection {0} failed with {1}", stampName, ex.Message); Console.WriteLine(); if (forceRenew) { throw; } } return(null); }
public static string Protect(string data) { byte[] bytes = Encoding.UTF8.GetBytes(data); byte[] encrypted = ProtectedData.Protect(bytes, null, DataProtectionScope.LocalMachine); return(Convert.ToBase64String(encrypted)); }
/// <summary> /// Protects the specified user data. /// </summary> /// <param name="userData">The user data.</param> /// <param name="entropy">The entropy.</param> /// <returns>The protected user data.</returns> public byte[] Protect(byte[] userData, byte[] entropy) { return(ProtectedData.Protect(userData, entropy, DataProtectionScope.CurrentUser)); }
protected KeyVaultFile(T obj) { CreatedBy = $"{Environment.UserDomainName}\\{Environment.UserName}"; CreationTime = DateTimeOffset.UtcNow; Data = ProtectedData.Protect(Encoding.UTF8.GetBytes(JsonConvert.SerializeObject(obj, Formatting.Indented)), null, DataProtectionScope.CurrentUser); }
private static byte[] EncryptWithDpapi(string value) => ProtectedData.Protect(Encoding.UTF8.GetBytes(value), OptionalEntropy, DataProtectionScope.CurrentUser);
public string Encrypt(byte[] valueToEncrypt) => ProtectedData.Protect(valueToEncrypt, null, DataProtectionScope).ToBase64String();
private static void Main(string[] args) { const string dataToProtect = "This is a bunch of super secret content!"; var dataToProtectAsArray = Encoding.Unicode.GetBytes(dataToProtect); #region File.Encrypt var fileName = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.MyDocuments), "MyDataFile.txt"); // Encrypt a file in the file system File.WriteAllText(fileName, dataToProtect); // now we can encrypt it - only we can access it now File.Encrypt(fileName); #endregion #region Windows Data Protection // Windows Data Protection (we can also protect for the LocalMachine too) // note, the null can be replaced with a byte[] for additional entropy var wdpEncryptedData = ProtectedData.Protect(dataToProtectAsArray, null, DataProtectionScope.CurrentUser); var wdpUnEncryptedData = ProtectedData.Unprotect(wdpEncryptedData, null, DataProtectionScope.CurrentUser); var wdpUnencryptedString = Encoding.Unicode.GetString(wdpUnEncryptedData); Debug.Assert(dataToProtect.Equals(wdpUnencryptedString)); #endregion #region Hashing // hashing - one-way encryption // this represents a hashed password stored in a database var storedPasswordHash = new byte[] { 148, 152, 235, 251, 242, 51, 18, 100, 176, 51, 147, 249, 128, 175, 164, 106, 204, 48, 47, 154, 75, 82, 83, 170, 111, 8, 107, 51, 13, 83, 2, 252 }; var password = Encoding.Unicode.GetBytes("P4ssw0rd!"); var passwordHash = SHA256.Create().ComputeHash(password); // nice convenience method - can also supply a custom comparator if (passwordHash.SequenceEqual(storedPasswordHash)) { Console.WriteLine("Passwords match!"); } #endregion #region Symmetric // symmetric encryption // Uses Rijndael as an algorithm // two classes Rijndael and Aes - use Aes (more secure) // array of 16 random bytes // must be used for decryption // should be secret var key = new byte[] { 12, 2, 56, 117, 12, 67, 33, 23, 12, 2, 56, 117, 12, 67, 33, 23 }; // another list of 16 bytes - can be shared publically, should be changed for each message exchange var initializationVector = new byte[] { 37, 99, 102, 23, 12, 22, 156, 204, 11, 12, 23, 44, 55, 1, 157, 233 }; byte[] symEncryptedData; // save for reuse var algorithm = Aes.Create(); // encrypt using (var encryptor = algorithm.CreateEncryptor(key, initializationVector)) using (var memoryStream = new MemoryStream()) using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write)) { cryptoStream.Write(dataToProtectAsArray, 0, dataToProtectAsArray.Length); cryptoStream.FlushFinalBlock(); symEncryptedData = memoryStream.ToArray(); } // decrypt byte[] symUnencryptedData; using (var decryptor = algorithm.CreateDecryptor(key, initializationVector)) using (var memoryStream = new MemoryStream()) using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Write)) { cryptoStream.Write(symEncryptedData, 0, symEncryptedData.Length); cryptoStream.FlushFinalBlock(); symUnencryptedData = memoryStream.ToArray(); } algorithm.Dispose(); if (dataToProtectAsArray.SequenceEqual(symUnencryptedData)) { Console.WriteLine("Symmetric encrypted values match!"); } #endregion #region Asymmetric byte[] signature; byte[] publicAndPrivateKey; byte[] publicKeyOnly; var hashImplementation = SHA1.Create(); // create a signature, create our public and private keys - we could save these out as XML, etc. using (var rsaProvider = new RSACryptoServiceProvider()) { signature = rsaProvider.SignData(dataToProtectAsArray, hashImplementation); publicAndPrivateKey = rsaProvider.ExportCspBlob(true); publicKeyOnly = rsaProvider.ExportCspBlob(false); } // create a new RSA using (var rsaProvider = new RSACryptoServiceProvider()) { // import our public key rsaProvider.ImportCspBlob(publicKeyOnly); // has it been tampered with? if (!rsaProvider.VerifyData(dataToProtectAsArray, hashImplementation, signature)) { Console.WriteLine("Data has been tampered with"); } // now let's tamper with our data dataToProtectAsArray[5] = 255; if (!rsaProvider.VerifyData(dataToProtectAsArray, hashImplementation, signature)) { Console.WriteLine("Data has been tampered with"); } } hashImplementation.Dispose(); #endregion }
public static string ProtectLocalPassword(string str) { byte[] entropy = Encoding.ASCII.GetBytes(Assembly.GetExecutingAssembly().FullName); byte[] data = Encoding.ASCII.GetBytes(str); return(Convert.ToBase64String(ProtectedData.Protect(data, entropy, DataProtectionScope.CurrentUser))); }
public void AfterAccessNotification(TokenCacheNotificationArgs args) { // if the access operation resulted in a cache update if (args.TokenCache.HasStateChanged) { lock (FileLock) { var fileTask = storageService.UploadBlobAsync(configuration["TokenCacheBlobName"], ProtectedData.Protect(args.TokenCache.Serialize(), null, DataProtectionScope.CurrentUser)); Task.WaitAll(fileTask); // once the write operationtakes place restore the HasStateChanged bit to filse args.TokenCache.HasStateChanged = false; } } }
public byte[] Serialize(IDictionary <string, object> sessionState) { var unprotectedBytes = _innerSessionStateSerializer.Serialize(sessionState); return(ProtectedData.Protect(unprotectedBytes, _additionalEntropy, DataProtectionScope.CurrentUser)); }
private static byte[] EncryptPassword(string password) { byte[] protectedData = ProtectedData.Protect(Encoding.UTF8.GetBytes(password), null, DataProtectionScope.CurrentUser); return(protectedData); }
public void LoginIfNeeded() { if (!App.Current.Settings.Contains("auth")) { App.Current.RootFrame.Dispatcher.BeginInvoke( () => App.Current.RootFrame.Navigate(new Uri("/Pages/Login.xaml", UriKind.Relative)) ); return; } if (gtalk.LoggedIn) { return; } Connected = false; if (settings.Contains("token") && settings.Contains("rootUrl")) { var tokenBytes = ProtectedData.Unprotect(settings["token"] as byte[], null); App.Current.GtalkClient.SetToken(Encoding.UTF8.GetString(tokenBytes, 0, tokenBytes.Length)); App.Current.GtalkClient.RootUrl = settings["rootUrl"] as string; TokenUpdated(); } else { var authBytes = ProtectedData.Unprotect(settings["auth"] as byte[], null); App.Current.GtalkClient.Login( settings["username"] as string, Encoding.UTF8.GetString(authBytes, 0, authBytes.Length), token => { settings["token"] = ProtectedData.Protect(Encoding.UTF8.GetBytes(token), null); settings["rootUrl"] = App.Current.GtalkClient.RootUrl; TokenUpdated(); }, error => { if (error.Equals("")) { if (ConnectFailed != null) { ConnectFailed( AppResources.Error_ConnectionErrorMessage, AppResources.Error_ConnectionErrorTitle ); } } else if (error.StartsWith("401")) { // stale auth token. get a new one and we should be all happy again. settings.Remove("auth"); App.Current.RootFrame.Dispatcher.BeginInvoke( () => { MessageBox.Show( AppResources.Error_AuthErrorMessage, AppResources.Error_AuthErrorTitle, MessageBoxButton.OK ); App.Current.RootFrame.Navigate(new Uri("/Pages/Login.xaml", UriKind.Relative)); }); } else { if (ConnectFailed != null) { ConnectFailed(error, "Login"); } } } ); } }
private void btn_save_Click(object sender, EventArgs e) { RegistryKey reg = null; try { reg = Registry.CurrentUser.OpenSubKey(@"SOFTWARE\VKFlasterBot", true); } catch { try { reg = Registry.CurrentUser.OpenSubKey(@"SOFTWARE", true).CreateSubKey("VKFlasterBot", RegistryKeyPermissionCheck.ReadWriteSubTree); } catch { } } if (reg != null) { try { // Основные настройки... int var_check1 = check1.Checked ? 1 : 0; int var_check2 = check2.Checked ? 1 : 0; // Доп. настройки... int var_imlike = form2.imlike.Checked ? 1 : 0; int var_video = form2.check2.Checked ? 1 : 0; int var_commentGroup = form2.checkBox1.Checked ? 1 : 0; // Комментарии... string comments = ""; if (Comments.comments.Items.Count > 0) { for (int i = 0; i < Comments.comments.Items.Count; i++) { comments += Comments.comments.Items[i].Text + "<attachment/>" + Comments.comments.Items[i].SubItems[2].Text + "<nextline/>"; } } else { comments = "<null/>"; } // Группы... string groups = ""; if (Groups.groups.Items.Count > 0) { for (int i = 0; i < Groups.groups.Items.Count; i++) { groups += Groups.groups.Items[i].Text + "<group_id/>" + Groups.groups.Items[i].SubItems[1].Text + "<nextline/>"; } } else { groups = "<null/>"; } // Страницы... string profiles = ""; if (Profiles.profiles.Items.Count > 0) { for (int i = 0; i < Profiles.profiles.Items.Count; i++) { profiles += Profiles.profiles.Items[i].Text + "<user_id/>" + Profiles.profiles.Items[i].SubItems[1].Text + "<nextline/>"; } } else { profiles = "<null/>"; } string[] settings = new string[] { var_check1.ToString(), var_check2.ToString(), var_imlike.ToString(), var_video.ToString(), var_commentGroup.ToString(), comments.Trim(), groups.Trim(), profiles.Trim(), form2.group_id.Text.ToLower().Trim() }; reg.SetValue("Settings", ProtectedData.Protect(Encoding.UTF8.GetBytes(string.Join("<#TAG>", settings)), null, DataProtectionScope.CurrentUser), RegistryValueKind.Binary); reg.Close(); } catch { } } Close(); }
// Building ciphertext by 3DES. private byte[] ciphertext(string plaintext, string key) { byte[] plainByte = Encoding.UTF8.GetBytes(plaintext); byte[] entropy = Encoding.UTF8.GetBytes(key); return(ProtectedData.Protect(plainByte, entropy, DataProtectionScope.CurrentUser)); }
public async Task CertificateAndMasterKeyExecTest() { string script; IDictionary <string, string> customSettings = new ConcurrentDictionary <string, string>(); var keyPath = Path.Combine(Path.GetTempPath(), Guid.NewGuid().ToString()); var buffer = new byte[256 / 8]; using (var cryptoRandom = new RNGCryptoServiceProvider()) { cryptoRandom.GetBytes(buffer); } File.WriteAllBytes(keyPath, buffer); var certificates = GenerateAndSaveSelfSignedCertificate(); if (PlatformDetails.RunningOnPosix) { var scriptPath = Path.Combine(Path.GetTempPath(), Path.ChangeExtension(Guid.NewGuid().ToString(), ".sh")); var keyArgs = CommandLineArgumentEscaper.EscapeAndConcatenate(new List <string> { scriptPath, keyPath }); var certArgs = CommandLineArgumentEscaper.EscapeAndConcatenate(new List <string> { scriptPath, certificates.ServerCertificatePath }); customSettings[RavenConfiguration.GetKey(x => x.Security.MasterKeyExec)] = "bash"; customSettings[RavenConfiguration.GetKey(x => x.Security.MasterKeyExecArguments)] = $"{keyArgs}"; customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateLoadExec)] = "bash"; customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateLoadExecArguments)] = $"{certArgs}"; customSettings[RavenConfiguration.GetKey(x => x.Core.ServerUrls)] = "https://" + Environment.MachineName + ":0"; script = "#!/bin/bash\ncat \"$1\""; File.WriteAllText(scriptPath, script); Process.Start("chmod", $"700 {scriptPath}"); } else { var scriptPath = Path.Combine(Path.GetTempPath(), Path.ChangeExtension(Guid.NewGuid().ToString(), ".ps1")); var keyArgs = CommandLineArgumentEscaper.EscapeAndConcatenate(new List <string> { "-NoProfile", scriptPath, keyPath }); var certArgs = CommandLineArgumentEscaper.EscapeAndConcatenate(new List <string> { "-NoProfile", scriptPath, certificates.ServerCertificatePath }); customSettings[RavenConfiguration.GetKey(x => x.Security.MasterKeyExec)] = "powershell"; customSettings[RavenConfiguration.GetKey(x => x.Security.MasterKeyExecArguments)] = $"{keyArgs}"; customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateLoadExec)] = "powershell"; customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateRenewExec)] = "powershell"; customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateChangeExec)] = "powershell"; customSettings[RavenConfiguration.GetKey(x => x.Security.CertificateLoadExecArguments)] = $"{certArgs}"; customSettings[RavenConfiguration.GetKey(x => x.Core.ServerUrls)] = "https://" + Environment.MachineName + ":0"; script = @"param([string]$userArg) try { $bytes = Get-Content -path $userArg -encoding Byte $stdout = [System.Console]::OpenStandardOutput() $stdout.Write($bytes, 0, $bytes.Length) } catch { Write-Error $_.Exception exit 1 } exit 0"; File.WriteAllText(scriptPath, script); } UseNewLocalServer(customSettings: customSettings, runInMemory: false); // The master key loading is lazy, let's put a database secret key to invoke it. var dbName = GetDatabaseName(); var databaseKey = new byte[32]; using (var rand = RandomNumberGenerator.Create()) { rand.GetBytes(databaseKey); } var base64Key = Convert.ToBase64String(databaseKey); // sometimes when using `dotnet xunit` we get platform not supported from ProtectedData try { #pragma warning disable CA1416 // Validate platform compatibility ProtectedData.Protect(Encoding.UTF8.GetBytes("Is supported?"), null, DataProtectionScope.CurrentUser); #pragma warning restore CA1416 // Validate platform compatibility } catch (PlatformNotSupportedException) { return; } await Server.ServerStore.EnsureNotPassiveAsync(); Server.ServerStore.PutSecretKey(base64Key, dbName, true); X509Certificate2 serverCertificate; try { serverCertificate = new X509Certificate2(certificates.ServerCertificatePath, (string)null, X509KeyStorageFlags.Exportable | X509KeyStorageFlags.MachineKeySet); } catch (CryptographicException e) { throw new CryptographicException($"Failed to load the test certificate from {certificates}.", e); } using (var store = GetDocumentStore(new Options { AdminCertificate = serverCertificate, ClientCertificate = serverCertificate, ModifyDatabaseName = s => dbName, ModifyDatabaseRecord = record => record.Encrypted = true, Path = NewDataPath() })) { } var secrets = Server.ServerStore.Secrets; var serverMasterKey = (Lazy <byte[]>) typeof(SecretProtection).GetField("_serverMasterKey", BindingFlags.NonPublic | BindingFlags.Instance).GetValue(secrets); Assert.True(serverMasterKey.Value.SequenceEqual(buffer)); Assert.True(Server.Certificate.Certificate.Equals(serverCertificate)); }
public static string Crypt(string text) { return(Convert.ToBase64String( ProtectedData.Protect( Encoding.Unicode.GetBytes(text), null, DataProtectionScope.CurrentUser))); }