private byte[] GetEncryptedKey(ProtectedKey keyToBeArchived, string passphrase, byte[] salt)
{
byte[] decryptedKey = keyToBeArchived.DecryptedKey;
byte[] result;
try
{
result = this.EncryptKeyForArchival(decryptedKey, passphrase, salt);
}
finally
{
Utility.ZeroOutBytes(decryptedKey);
}
return(result);
}
/// <summary>
/// Reads an encrypted key from an input file. This method is not intended to allow keys to be transferred
/// from another machine.
/// </summary>
/// <param name="protectedKeyFileName">Input file from which DPAPI-protected key is to be read.</param>
/// <param name="dpapiProtectionScope"><see cref="T:System.Security.Cryptography.DataProtectionScope" /> used to protect the key on disk. </param>
/// <returns>Key read from stream, encapsulated in a <see cref="T:Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ProtectedKey"></see>.</returns>
public static ProtectedKey Read(string protectedKeyFileName, DataProtectionScope dpapiProtectionScope)
{
string fullPath = Path.GetFullPath(protectedKeyFileName);
if (KeyManager.cache[fullPath] != null)
{
return(KeyManager.cache[fullPath]);
}
ProtectedKey result;
using (FileStream fileStream = new FileStream(protectedKeyFileName, FileMode.Open, FileAccess.Read, FileShare.Read))
{
ProtectedKey protectedKey = KeyManager.Read(fileStream, dpapiProtectionScope);
KeyManager.cache[fullPath] = protectedKey;
result = protectedKey;
}
return(result);
}
/// <summary>
/// Archives a cryptographic key to a <see cref="T:System.IO.Stream" />. This method is intended for use in
/// transferring a key between machines.
/// </summary>
/// <param name="outputStream"><see cref="T:System.IO.Stream" /> to which key is to be archived.</param>
/// <param name="keyToArchive">Key to be archived.</param>
/// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param>
public static void ArchiveKey(Stream outputStream, ProtectedKey keyToArchive, string passphrase)
{
IKeyWriter keyWriter = new KeyReaderWriter();
keyWriter.Archive(outputStream, keyToArchive, passphrase);
}
/// <summary>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </summary>
/// <param name="outputStream"><see cref="T:System.IO.Stream" /> to which DPAPI-protected key is to be written.</param>
/// <param name="key">Encrypted key to be written to stream.</param>
public static void Write(Stream outputStream, ProtectedKey key)
{
IKeyWriter keyWriter = new KeyReaderWriter();
keyWriter.Write(outputStream, key);
}
/// <overloads>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </overloads>
/// <summary>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </summary>
/// <param name="outputStream"><see cref="T:System.IO.Stream" /> to which DPAPI-protected key is to be written.</param>
/// <param name="encryptedKey">Encrypted key to be written to stream.</param>
/// <param name="dpapiProtectionScope"><see cref="T:System.Security.Cryptography.DataProtectionScope" /> used to protect the key on disk. </param>
public static void Write(Stream outputStream, byte[] encryptedKey, DataProtectionScope dpapiProtectionScope)
{
ProtectedKey key = ProtectedKey.CreateFromEncryptedKey(encryptedKey, dpapiProtectionScope);
KeyManager.Write(outputStream, key);
}
/// <summary>
/// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
/// moved from machine to machine.
/// </summary>
/// <param name="outputStream"><see cref="T:System.IO.Stream" /> to which DPAPI-protected key is to be written.</param>
/// <param name="key">Encrypted key to be written to stream.</param>
public void Write(Stream outputStream, ProtectedKey key)
{
this.WriteVersionNumber(outputStream, 4321);
this.WriteEncryptedKey(outputStream, key);
}
/// <summary>
/// Reads a DPAPI-protected key from the given <see cref="T:System.IO.Stream" />.
/// </summary>
/// <param name="protectedKeyStream"><see cref="T:System.IO.Stream" /> containing the DPAPI-protected key.</param>
/// <param name="protectionScope"><see cref="T:System.Security.Cryptography.DataProtectionScope"></see> used to decrypt the key read from the stream.</param>
/// <returns>Key read from stream, encapsulated in a <see cref="T:Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.ProtectedKey"></see>.</returns>
public ProtectedKey Read(Stream protectedKeyStream, DataProtectionScope protectionScope)
{
this.ValidateKeyVersion(protectedKeyStream);
return(ProtectedKey.CreateFromEncryptedKey(this.ReadEncryptedKey(protectedKeyStream), protectionScope));
}
private void WriteEncryptedKey(Stream outputStream, ProtectedKey key)
{
outputStream.Write(key.EncryptedKey, 0, key.EncryptedKey.Length);
}