public void CryptoStream_should_show_unencrypted_length_properly(int expectedSizeInBytes) { var data = new byte[expectedSizeInBytes]; new Random().NextBytes(data); const string encryptionKey = "Byax1jveejqio9Urcdjw8431iQYKkPg6Ig4OxHdxSAU="; var encryptionKeyBytes = Convert.FromBase64String(encryptionKey); var encryptionSettings = new EncryptionSettings(encryptionKeyBytes, typeof(RijndaelManaged), true, 128); var filename = Guid.NewGuid() + ".txt"; try { using (var stream = new FileStream(filename, FileMode.CreateNew)) using (var cryptoStream = new SeekableCryptoStream(encryptionSettings, encryptionKey, stream)) { cryptoStream.Write(data, 0, data.Length); cryptoStream.Flush(); } using (var stream = new FileStream(filename, FileMode.Open)) using (var cryptoStream = new SeekableCryptoStream(encryptionSettings, encryptionKey, stream)) { Assert.Equal(data.Length, cryptoStream.Length); } } finally { File.Delete(filename); } }
public BlockReaderWriter(EncryptionSettings encryptionSettings, string key, Stream stream, int defaultBlockSize) { if (encryptionSettings == null) throw new ArgumentNullException("encryptionSettings"); if (key == null) throw new ArgumentNullException("key"); if (stream == null) throw new ArgumentNullException("stream"); if (!stream.CanRead) throw new ArgumentException("The Underlying stream for a BlockReaderWriter must always be either read-only or read-write. Write only streams are not supported."); if (!stream.CanSeek) throw new ArgumentException("The Underlying stream for a BlockReaderWriter must be seekable."); isReadonly = !stream.CanWrite; this.settings = encryptionSettings; this.key = key; this.stream = stream; this.header = ReadOrWriteEmptyHeader(defaultBlockSize); this.footer = ReadOrWriteFooter(); totalUnencryptedSize = 0; }
public override void Initialize(DocumentDatabase database) { settings = EncryptionSettingsManager.GetEncryptionSettingsForDatabase(database); EncryptionSettingsManager.VerifyEncryptionKey(database, settings); }
public SeekableCryptoStream(EncryptionSettings encryptionSettings, string key, Stream stream) { if (!stream.CanRead) throw new ArgumentException("The Underlying stream for a SeekableCryptoStream must always be either read-only or read-write. Write only streams are not supported."); if (!stream.CanSeek) throw new ArgumentException("The Underlying stream for a SeekableCryptoStream must be seekable."); isReadonly = !stream.CanWrite; underlyingStream = new BlockReaderWriter(encryptionSettings, key, stream, Constants.DefaultIndexFileBlockSize); currentBlockSize = underlyingStream.Header.DecryptedBlockSize; }
/// <summary> /// Uses an encrypted document to verify that the encryption key is correct and decodes it to the right value. /// </summary> public static void VerifyEncryptionKey(RavenFileSystem fileSystem, EncryptionSettings settings) { RavenJObject config = null; try { fileSystem.Storage.Batch(accessor => { try { config = accessor.GetConfig(Constants.InResourceKeyVerificationDocumentName); } catch (FileNotFoundException) { } }); } catch (CryptographicException e) { throw new ConfigurationErrorsException("The file system is encrypted with a different key and/or algorithm than the ones " + "currently in the configuration file.", e); } if (config != null) { if (!RavenJTokenEqualityComparer.Default.Equals(config, Constants.InResourceKeyVerificationDocumentContents)) throw new ConfigurationErrorsException("The file system is encrypted with a different key and/or algorithm than the ones is currently configured"); } else { // This is the first time the file system is loaded. if (EncryptedFileExist(fileSystem)) throw new InvalidOperationException("The file system already has existing files, you cannot start using encryption now."); var clonedDoc = (RavenJObject)Constants.InResourceKeyVerificationDocumentContents.CreateSnapshot(); fileSystem.Storage.Batch(accessor => accessor.SetConfig(Constants.InResourceKeyVerificationDocumentName, clonedDoc)); } }
/// <summary> /// Uses an encrypted document to verify that the encryption key is correct and decodes it to the right value. /// </summary> public static void VerifyEncryptionKey(DocumentDatabase database, EncryptionSettings settings) { JsonDocument doc; try { doc = database.Documents.Get(Constants.InResourceKeyVerificationDocumentName, null); } catch (Exception e) { if (e is CryptographicException) { throw new ConfigurationErrorsException("The database is encrypted with a different key and/or algorithm than the ones " + "currently in the configuration file.", e); } if (settings.Codec.UsingSha1) throw; log.Debug("Couldn't decrypt the database using MD5. Trying with SHA1."); settings.Codec.UseSha1(); VerifyEncryptionKey(database, settings); return; } if (doc != null) { if (!RavenJTokenEqualityComparer.Default.Equals(doc.DataAsJson, Constants.InResourceKeyVerificationDocumentContents)) throw new ConfigurationErrorsException("The database is encrypted with a different key and/or algorithm than the ones " + "currently in the configuration file."); } else { // This is the first time the database is loaded. if (EncryptedDocumentsExist(database)) throw new InvalidOperationException("The database already has existing documents, you cannot start using encryption now."); var clonedDoc = (RavenJObject)Constants.InResourceKeyVerificationDocumentContents.CreateSnapshot(); database.Documents.Put(Constants.InResourceKeyVerificationDocumentName, null, clonedDoc, new RavenJObject(), null); } }
/// <summary> /// Uses an encrypted document to verify that the encryption key is correct and decodes it to the right value. /// </summary> public static void VerifyEncryptionKey(DocumentDatabase database, EncryptionSettings settings) { JsonDocument doc; try { doc = database.Documents.Get(Constants.InDatabaseKeyVerificationDocumentName, null); } catch (CryptographicException e) { throw new ConfigurationErrorsException("The database is encrypted with a different key and/or algorithm than the ones " + "currently in the configuration file.", e); } if (doc != null) { var ravenJTokenEqualityComparer = new RavenJTokenEqualityComparer(); if (!ravenJTokenEqualityComparer.Equals(doc.DataAsJson,Constants.InDatabaseKeyVerificationDocumentContents)) throw new ConfigurationErrorsException("The database is encrypted with a different key and/or algorithm than the ones " + "currently in the configuration file."); } else { // This is the first time the database is loaded. if (EncryptedDocumentsExist(database)) throw new InvalidOperationException("The database already has existing documents, you cannot start using encryption now."); var clonedDoc = (RavenJObject)Constants.InDatabaseKeyVerificationDocumentContents.CreateSnapshot(); database.Documents.Put(Constants.InDatabaseKeyVerificationDocumentName, null, clonedDoc, new RavenJObject(), null); } }
public override void Initialize() { settings = EncryptionSettingsManager.GetEncryptionSettingsForDatabase(Database); }
public override void Initialize() { settings = EncryptionSettingsManager.GetEncryptionSettingsForResource(FileSystem); }
public override void Initialize(DocumentDatabase database) { settings = EncryptionSettingsManager.GetEncryptionSettingsForResource(database); }
public Codec(EncryptionSettings settings) { this.EncryptionSettings = settings; }
public Codec(EncryptionSettings settings) { encryptionSettings = settings; UsingSha1 = false; }
public void SetSettings(EncryptionSettings newSettings) { settings = newSettings; }