public static async Task KeyVault() { IKeyVault vault = new KeyVault(); const string MY_KEY_NAME = "StephenHauntsKey"; string keyId = await vault.CreateKeyAsync(MY_KEY_NAME); byte[] localKey = Random.GenerateRandomNumber(32); // Encrypt our local key with Key Vault and Store it in the database byte[] encryptedKey = await vault.EncryptAsync(keyId, localKey); // Get our encrypted key from the database and decrypt it with the Key Vault. byte[] decryptedKey = await vault.DecryptAsync(keyId, encryptedKey); // Hash our password with a PBKDF2 string password = "******"; byte[] salt = Random.GenerateRandomNumber(32); byte[] hashedPassword = PBKDF2.HashPassword(Encoding.ASCII.GetBytes(password), salt, 20000); // Now do a HMAC of the password using the key that was decrypted from the Key Vault byte[] protectedPassword = Hmac.ComputeHmacsha256(hashedPassword, decryptedKey); Console.WriteLine("Hashed Password : "******"Protected Hashed Password : "******"Key Deleted : " + keyId); }
public static async Task KeyVault() { IKeyVault vault = new KeyVault(); const string MY_KEY_NAME = "StephenHauntsKey"; const string ITERATIONS_VALUE = "PBKDF2Iterations"; var keyId = await vault.CreateKeyAsync(MY_KEY_NAME); // Encrypt our salt with Key Vault and Store it in the database var salt = SecureRandom.GenerateRandomNumber(32); var encryptedSalt = await vault.EncryptAsync(keyId, salt); var iterationsId = await vault.SetSecretAsync(ITERATIONS_VALUE, "20000"); // Get our encrypted salt from the database and decrypt it with the Key Vault. var decryptedSalt = await vault.DecryptAsync(keyId, encryptedSalt); var iterations = int.Parse(await vault.GetSecretAsync(ITERATIONS_VALUE)); // Hash our password with a PBKDF2 var password = "******"; var hashedPassword = PBKDF2.HashPassword(Encoding.UTF8.GetBytes(password), decryptedSalt, iterations); Console.WriteLine("Hashed Password : "******"Key Deleted : " + keyId); }