static public string AESEncryptString(string salt, int iterations, int seed, string plainText, string password = null, bool embedPassword = true) { byte[] encryptedBytes = null; byte[] bytesToBeEncrypted = plainText.ToByteArray(); byte[] saltBytes = salt.ToByteArray(); byte[] passwordBytes = password.FromBase64(); string encryptedAESPassword; if (embedPassword) { encryptedAESPassword = CryptoHelper.RSAEncrypt(passwordBytes); } else { encryptedAESPassword = "******"; } string signature = CryptoHelper.GetSignature(plainText); passwordBytes = Hash512Iterate(passwordBytes, iterations); saltBytes = Hash512Iterate(saltBytes, iterations); using (MemoryStream ms = new MemoryStream()) { using RijndaelManaged AES = new RijndaelManaged { KeySize = 256, BlockSize = 128, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7 }; using var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, seed, HashAlgorithmName.SHA512); AES.Key = key.GetBytes(AES.KeySize / 8); AES.IV = key.GetBytes(AES.BlockSize / 8); using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write)) { cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length); cs.Close(); } encryptedBytes = ms.ToArray(); } string encrypted = "$CryptoApp$" + Compress.Zip(encryptedBytes.ToBase64() + "#" + encryptedAESPassword + "#" + signature); return(encrypted); }
static public string AESDecryptString(string salt, int iterations, int seed, string encryptedText, string password = null) { if (!encryptedText.Contains("$CryptoApp$")) { return(encryptedText); } string[] encryptedArray = encryptedText.Split("$CryptoApp$"); string encryptedBlob = Compress.Unzip(encryptedArray[1]); encryptedArray = encryptedBlob.Split("#"); if (encryptedArray.Length < 3) { return(null); } string encryptedData = encryptedArray[0]; if (password == null) { password = CryptoHelper.RSADecrypt(encryptedArray[1], true); } string signature = encryptedArray[2]; byte[] bytesToBeDecrypted = encryptedData.FromBase64(); byte[] passwordBytes = password.FromBase64(); byte[] saltBytes = salt.ToByteArray(); if (password == "XXX") { throw new Exception("Password not supplied"); } if (signature == null) { throw new Exception("Signature is empty"); } if (password == null) { throw new Exception("AES Password is null"); } passwordBytes = Hash512Iterate(passwordBytes, iterations); saltBytes = Hash512Iterate(saltBytes, iterations); string decrypted; using (MemoryStream ms = new MemoryStream(bytesToBeDecrypted)) { using RijndaelManaged AES = new RijndaelManaged { KeySize = 256, BlockSize = 128, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7 }; using var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, seed, HashAlgorithmName.SHA512); AES.Key = key.GetBytes(AES.KeySize / 8); AES.IV = key.GetBytes(AES.BlockSize / 8); using CryptoStream cryptoStream = new CryptoStream(ms, AES.CreateDecryptor(), CryptoStreamMode.Read); using StreamReader srDecrypt = new StreamReader(cryptoStream); decrypted = srDecrypt.ReadToEnd(); } bool isgood = CryptoHelper.VerifySignature(decrypted, signature); if (!isgood) { throw new Exception("Signature is bad"); } return(decrypted); }