/// <summary>
/// This is an example of what a sender would do to securely transmit data
/// using a hybrid encryption solution, (combining symmetric (AES) encryption
/// with asymmetric encryption (RSA)).
/// </summary>
/// <param name="data">Data to be encrypted</param>
/// <param name="publicKey">The public key, used to encrypt the session key used to encrypt the data.</param>
/// <returns>Encrypted Packet of data that can be securely transferred</returns>
public EncryptedPacket EncryptData(byte[] data, RSAWithRSAParameterKey publicKey, DigitalSignature digitalSignature)
{
var encryptedPacket = new EncryptedPacket();
// Generate our unique 256 bits session key
var sessionKey = _aes.GenerateRandomNumbers(32);
// Generate the 128 bit Initialization Vector
encryptedPacket.Iv = _aes.GenerateRandomNumbers(16);
// Encrypt data using AES (symmetric encryption) session key and IV
encryptedPacket.EncryptedData = _aes.Encrypt(data, sessionKey, encryptedPacket.Iv);
// Encrypt the session key with the public RSA key
encryptedPacket.EncryptedSessionKey = publicKey.EncryptData(sessionKey);
// Generate a HMAC using the unique session key
using (var hmac = new HMACSHA256(sessionKey))
{
encryptedPacket.Hmac = hmac.ComputeHash(encryptedPacket.EncryptedData);
}
// Use our private RSA key to sign the HASH value we are sending
encryptedPacket.Signature = digitalSignature.SignData(encryptedPacket.Hmac);
return(encryptedPacket);
}
public byte[] DecryptData(EncryptedPacket encryptedPacket, RSAWithRSAParameterKey privateKey, DigitalSignature digitalSignature)
{
// Decrypt the unique 256 bits AES session key
var sessionKey = privateKey.DecryptData(encryptedPacket.EncryptedSessionKey);
// Validate the encrypted data is accurate
using (var hmac = new HMACSHA256(sessionKey))
{
var hmacToCheck = hmac.ComputeHash(encryptedPacket.EncryptedData);
if (!CompareBytes(encryptedPacket.Hmac, hmacToCheck))
{
throw new CryptographicException("HMAC invalid, data is corrupted.");
}
if (!digitalSignature.VerifySignature(encryptedPacket.Hmac, encryptedPacket.Signature))
{
throw new CryptographicException("Digital Signature can not be validated.");
}
}
// Decrypt the data
var data = _aes.Decrypt(encryptedPacket.EncryptedData, sessionKey, encryptedPacket.Iv);
return(data);
}
static void Main(string[] args)
{
const string originalData =
"So, what if, instead of thinking about solving your whole life, you just think about " +
"adding additional good things. One at a time. Just let your pile of good things grow!";
var rsaParams = new RSAWithRSAParameterKey();
rsaParams.AssignNewKey();
var digitalSignature = new DigitalSignature();
digitalSignature.AssignNewKey();
var hybrid = new HybridEncryption();
try
{
Console.WriteLine("Hybrid Encryption using in Memory keys");
Console.WriteLine("--------------------------------------");
Console.WriteLine("");
Console.WriteLine($" original data : {originalData}");
var encryptedPacket = hybrid.EncryptData(Encoding.UTF8.GetBytes(originalData), rsaParams, digitalSignature);
var decryptedData = hybrid.DecryptData(encryptedPacket, rsaParams, digitalSignature);
Console.WriteLine("");
Console.WriteLine($" decrypted data : {Encoding.Default.GetString(decryptedData)}");
}
catch (Exception e)
{
Console.WriteLine(e.Message);
}
Console.WriteLine("");
}