static public string AESEncryptString(string salt, int iterations, int seed, string plainText, string password = null, bool embedPassword = true)
{
byte[] encryptedBytes = null;
byte[] bytesToBeEncrypted = plainText.ToByteArray();
byte[] saltBytes = salt.ToByteArray();
byte[] passwordBytes = password.FromBase64();
string encryptedAESPassword;
if (embedPassword)
{
encryptedAESPassword = CryptoHelper.RSAEncrypt(passwordBytes);
}
else
{
encryptedAESPassword = "******";
}
string signature = CryptoHelper.GetSignature(plainText);
passwordBytes = Hash512Iterate(passwordBytes, iterations);
saltBytes = Hash512Iterate(saltBytes, iterations);
using (MemoryStream ms = new MemoryStream())
{
using RijndaelManaged AES = new RijndaelManaged
{
KeySize = 256,
BlockSize = 128,
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7
};
using var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, seed, HashAlgorithmName.SHA512);
AES.Key = key.GetBytes(AES.KeySize / 8);
AES.IV = key.GetBytes(AES.BlockSize / 8);
using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
cs.Close();
}
encryptedBytes = ms.ToArray();
}
string encrypted = "$CryptoApp$" + Compress.Zip(encryptedBytes.ToBase64() + "#" + encryptedAESPassword + "#" + signature);
return(encrypted);
}
static public string AESDecryptString(string salt, int iterations, int seed, string encryptedText, string password = null)
{
if (!encryptedText.Contains("$CryptoApp$"))
{
return(encryptedText);
}
string[] encryptedArray = encryptedText.Split("$CryptoApp$");
string encryptedBlob = Compress.Unzip(encryptedArray[1]);
encryptedArray = encryptedBlob.Split("#");
if (encryptedArray.Length < 3)
{
return(null);
}
string encryptedData = encryptedArray[0];
if (password == null)
{
password = CryptoHelper.RSADecrypt(encryptedArray[1], true);
}
string signature = encryptedArray[2];
byte[] bytesToBeDecrypted = encryptedData.FromBase64();
byte[] passwordBytes = password.FromBase64();
byte[] saltBytes = salt.ToByteArray();
if (password == "XXX")
{
throw new Exception("Password not supplied");
}
if (signature == null)
{
throw new Exception("Signature is empty");
}
if (password == null)
{
throw new Exception("AES Password is null");
}
passwordBytes = Hash512Iterate(passwordBytes, iterations);
saltBytes = Hash512Iterate(saltBytes, iterations);
string decrypted;
using (MemoryStream ms = new MemoryStream(bytesToBeDecrypted))
{
using RijndaelManaged AES = new RijndaelManaged
{
KeySize = 256,
BlockSize = 128,
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7
};
using var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, seed, HashAlgorithmName.SHA512);
AES.Key = key.GetBytes(AES.KeySize / 8);
AES.IV = key.GetBytes(AES.BlockSize / 8);
using CryptoStream cryptoStream = new CryptoStream(ms, AES.CreateDecryptor(), CryptoStreamMode.Read);
using StreamReader srDecrypt = new StreamReader(cryptoStream);
decrypted = srDecrypt.ReadToEnd();
}
bool isgood = CryptoHelper.VerifySignature(decrypted, signature);
if (!isgood)
{
throw new Exception("Signature is bad");
}
return(decrypted);
}
