public string Unseal(string sealedString, string password, IronConfig config) { var macBase = MacBase.FromSealedString(sealedString); if (!string.IsNullOrEmpty(macBase.Expiration)) { CheckExpirationDate(macBase.Expiration, config); } var normalizedPassword = NormalizePassword(password); var decryptOptions = config.EncryptionConfig; decryptOptions.Salt = macBase.HmacSalt; var mac = HmacWithPassword(normalizedPassword.Integrity, decryptOptions, macBase.ToShortString()); if (mac.Digest != macBase.Hmac) { throw new IronUnsealErrorException("Bad HMAC value"); } var encryptedUnBase64 = Util.Base64UrlDecode(macBase.EncryptedB64); decryptOptions.Iv = Util.Base64UrlDecode(macBase.EncryptionIv); decryptOptions.Salt = macBase.EncryptionSalt; var decrypted = Decrypt(normalizedPassword.Encryption, decryptOptions, encryptedUnBase64); return(decrypted.DecryptedResult); }
internal static MacBase FromParameters(string passwordid, string encryptionsalt, string iv, string encryptedB64String, string expiration) { var macBase = new MacBase(); macBase._passwordId = passwordid; macBase.EncryptionSalt = encryptionsalt; macBase.EncryptionIv = iv; macBase.EncryptedB64 = encryptedB64String; macBase.Expiration = expiration; return(macBase); }
public string Seal(string stringToSeal, string password, IronConfig options) { var date = DateTime.Now.AddMilliseconds(options.LocalTimeOffsetMsec); var normalizedPassword = NormalizePassword(password); var encrypted = Encrypt(password, options.EncryptionConfig, stringToSeal); var encryptedB64 = Util.Base64UrlEncode(encrypted.EncryptedResult); var iv = Util.Base64UrlEncode(encrypted.Key.Iv); var expiration = DateTime.Now.AddMilliseconds(options.Ttl); var hmacBase = MacBase.FromParameters("", encrypted.Key.Salt, iv, encryptedB64, ""); var hmac = HmacWithPassword(password, options.IntegrityConfig, hmacBase.ToShortString()); hmacBase.SetHmacSalt(hmac.Salt, hmac.Digest); return(hmacBase.ToString()); }
internal static MacBase FromSealedString(string sealedString) { var mac = new MacBase(); var parts = sealedString.Split('*'); if (parts.Length != 8) { throw new IronUnsealErrorException("Sealed string must be 8 parts"); } mac._macPrefix = parts[0]; mac._passwordId = parts[1]; mac.EncryptionSalt = parts[2]; mac.EncryptionIv = parts[3]; mac.EncryptedB64 = parts[4]; mac.Expiration = parts[5]; mac.HmacSalt = parts[6]; mac.Hmac = parts[7]; if (mac._macPrefix != MacPrefix) { throw new IronUnsealErrorException("Mac prefix is wrong"); } return(mac); }