public EncryptedPacket EncryptData(byte[] original, RSAWithRSAParameterKey rsaParams) { var sessionKey = _aes.GenerateRandomNumber(32); var encryptedPacket = new EncryptedPacket { Iv = _aes.GenerateRandomNumber(16) }; // Encrypt data with AES and AES Key with RSA encryptedPacket.EncryptedData = _aes.Encrypt(original, sessionKey, encryptedPacket.Iv); encryptedPacket.EncryptedSessionKey = rsaParams.EncryptData(sessionKey); using (var hmac = new HMACSHA256(sessionKey)) { encryptedPacket.Hmac = hmac.ComputeHash(Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv)); } return(encryptedPacket); }
public byte[] DecryptData(EncryptedPacket encryptedPacket, RSAWithRSAParameterKey rsaParams) { // Decrypt AES Key with RSA and then decrypt data with AES. var decryptedSessionKey = rsaParams.DecryptData(encryptedPacket.EncryptedSessionKey); using (var hmac = new HMACSHA256(decryptedSessionKey)) { var hmacToCheck = hmac.ComputeHash(Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv)); if (!Compare(encryptedPacket.Hmac, hmacToCheck)) { throw new CryptographicException("HMAC for decryption does not match encrypted packet."); } } var decryptedData = _aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey, encryptedPacket.Iv); return(decryptedData); }