/// <summary> /// Encrypt a file /// </summary> /// <param name="inputStream">File to read data from</param> /// <param name="publicKey"></param> /// <returns>EncryptedPacket with all info for receiver to decrypt</returns> public static EncryptedPacket EncryptFile(Stream inputStream, RSAParameters publicKey) { MemoryStream outputStream = new MemoryStream(); byte[] aesKey = Random.GetNumbers(32); byte[] iv = Random.GetNumbers(16); EncryptedPacket encryptedPacket = new EncryptedPacket { DataType = DataType.File, EncryptedSessionKey = AsymmetricEncryption.Encrypt(aesKey, publicKey), Iv = iv }; try { // create streamers using (HashStreamer hashStreamer = new HashStreamer(aesKey)) using (SymmetricStreamer symmetricStreamer = new SymmetricStreamer(aesKey, iv)) { // create streams var hmacStream = hashStreamer.HmacShaStream(outputStream, aesKey, CryptoStreamMode.Write); var encryptedStream = symmetricStreamer.EncryptStream(hmacStream, CryptoStreamMode.Write); // read all data inputStream.CopyTo(encryptedStream); // get hash encryptedPacket.Hmac = hashStreamer.Hash; // create signature encryptedPacket.Signature = AsymmetricEncryption.Sign(encryptedPacket.Hmac); // close file streams inputStream.Close(); } } catch (CryptographicException e) { throw new CryptoException("Error while encrypting stream", e); } // read encrypted data from memory stream encryptedPacket.EncryptedData = outputStream.ToArray(); return(encryptedPacket); }
/// <summary> /// Decrypt an encrypted packet of data /// </summary> /// <param name="encryptedPacket">Packet containing data</param> /// <param name="publicKey">Public RSA key of sender</param> /// <param name="skipSignature"></param> /// <exception cref="CryptoException"></exception> /// <returns>Decrypted data of packet</returns> public static byte[] Decrypt(EncryptedPacket encryptedPacket, RSAParameters publicKey, bool skipSignature = false) { // decrypt AES session key with private RSA key byte[] sessionKey; try { sessionKey = AsymmetricEncryption.Decrypt(encryptedPacket.EncryptedSessionKey); } catch (CryptographicException e) { throw new CryptoException("Error while decryption AES session key", e); } // rehash data with session key byte[] hashedData; try { hashedData = Hashing.HmacSha(encryptedPacket.EncryptedData, sessionKey); } catch (CryptographicException e) { throw new CryptoException("Error while hashing data", e); } // check hash bool checkedHash = Hashing.CompareHashes(hashedData, encryptedPacket.Hmac); if (!checkedHash) { throw new CryptoException("Hash validation failed, data may have been modified!"); } // check signature if required if (!skipSignature) { bool checkedSignature; try { checkedSignature = AsymmetricEncryption.CheckSignature(encryptedPacket.Signature, publicKey, encryptedPacket.Hmac); } catch (CryptographicException e) { throw new CryptoException("Error while checking signature", e); } if (!checkedSignature) { throw new CryptoException("Signature check failed, packet may have come from a different sender."); } } // decrypt data with AES key and IV try { return(SymmetricEncryption.Decrypt(encryptedPacket.EncryptedData, sessionKey, encryptedPacket.Iv)); } catch (CryptographicException e) { throw new CryptoException("Error while decrypting data", e); } }
/// <summary> /// Encrypt data /// </summary> /// <param name="type">Type of data</param> /// <param name="data">Data to be encrypted</param> /// <param name="publicKey">Public key of receiver</param> /// <exception cref="CryptoException"></exception> /// <returns>EncryptedPacket with all info for receiver to decrypt</returns> public static EncryptedPacket Encrypt(DataType type, byte[] data, RSAParameters publicKey) { // create AES session key byte[] sessionKey = Random.GetNumbers(32); // create AES IV byte[] iv = Random.GetNumbers(16); // encrypt AES session key with RSA byte[] encryptedSessionKey; try { encryptedSessionKey = AsymmetricEncryption.Encrypt(sessionKey, publicKey); } catch (CryptographicException e) { throw new CryptoException("Error while encrypting AES session key", e); } // encrypt data with AES byte[] encryptedData; try { encryptedData = SymmetricEncryption.Encrypt(data, sessionKey, iv); } catch (NullReferenceException) { throw new CryptoException("Data was null"); } catch (CryptographicException e) { throw new CryptoException("Error while encrypting data", e); } // generate hash of encrypted data with session key byte[] hash; try { hash = Hashing.HmacSha(encryptedData, sessionKey); } catch (CryptographicException e) { throw new CryptoException("Error while hashing data", e); } // generate signature using hash byte[] signature; try { signature = AsymmetricEncryption.Sign(hash); } catch (CryptographicException e) { throw new CryptoException("Error while creating signature", e); } // put all info into new EncryptedPacket var encryptedPacket = new EncryptedPacket { DataType = type, EncryptedSessionKey = encryptedSessionKey, Iv = iv, Hmac = hash, Signature = signature, EncryptedData = encryptedData }; return(encryptedPacket); }