public byte[] DecryptData(EncryptedPacket encryptedPacket, NewRSA rsaParams, NewDigitalSignature digitalSignature) { var decryptedSessionKey = rsaParams.Decrypt(encryptedPacket.EncryptedSessionKey); byte[] newHMAC = ComputeHMACSha256( Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv), decryptedSessionKey); if (!Compare(encryptedPacket.SignatureHMAC, newHMAC)) { throw new CryptographicException( "HMAC for decryption does not match encrypted packet."); } if (!digitalSignature.VerifySignature( encryptedPacket.Signature, encryptedPacket.SignatureHMAC)) { throw new CryptographicException( "Digital Signature can not be verified."); } var decryptedData = _aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey, encryptedPacket.Iv, encryptedPacket.Tag, null); return(decryptedData); }
public EncryptedPacket EncryptData(byte[] original, NewRSA rsaParams, NewDigitalSignature digitalSignature) { // Create AES session key. var sessionKey = _aes.GenerateRandomNumber(32); var encryptedPacket = new EncryptedPacket { Iv = _aes.GenerateRandomNumber(12) }; // Encrypt data with AES-GCM (byte[] ciphereText, byte[] tag)encrypted = _aes.Encrypt(original, sessionKey, encryptedPacket.Iv, null); encryptedPacket.EncryptedData = encrypted.ciphereText; encryptedPacket.Tag = encrypted.tag; encryptedPacket.EncryptedSessionKey = rsaParams.Encrypt(sessionKey); encryptedPacket.SignatureHMAC = ComputeHMACSha256( Combine(encryptedPacket.EncryptedData, encryptedPacket.Iv), sessionKey); encryptedPacket.Signature = digitalSignature.SignData(encryptedPacket.SignatureHMAC); return(encryptedPacket); }