/// ----------------------------------------------------------------------------------------
/// <summary>
/// Encrypt preferences using a password
/// </summary>
/// ----------------------------------------------------------------------------------------
// Encrypt preferences using a password
public static byte[] EncryptDataUsingPassword(byte[] data, string password, bool passwordIsHash, SEBSettings.sebConfigPurposes configPurpose)
{
string prefixString;
// Check if .seb file should start exam or configure client
if (configPurpose == SEBSettings.sebConfigPurposes.sebConfigPurposeStartingExam)
{
// prefix string for starting exam: normal password will be prompted
prefixString = PASSWORD_MODE;
}
else
{
// prefix string for configuring client: configuring password will either be hashed admin pw on client
// or if no admin pw on client set: empty pw
prefixString = PASSWORD_CONFIGURING_CLIENT_MODE;
if (!String.IsNullOrEmpty(password) && !passwordIsHash)
{
//empty password means no admin pw on clients and should not be hashed
//or we got already a hashed admin pw as settings pw, then we don't hash again
password = SEBProtectionController.ComputePasswordHash(password);
}
}
byte[] encryptedData = SEBProtectionController.EncryptDataWithPassword(data, password);
// Create byte array large enough to hold prefix and data
byte[] encryptedSebData = new byte[encryptedData.Length + PREFIX_LENGTH];
Buffer.BlockCopy(Encoding.UTF8.GetBytes(prefixString), 0, encryptedSebData, 0, PREFIX_LENGTH);
Buffer.BlockCopy(encryptedData, 0, encryptedSebData, PREFIX_LENGTH, encryptedData.Length);
return(encryptedSebData);
}
/// ----------------------------------------------------------------------------------------
/// <summary>
/// Encrypt preferences using a certificate
/// </summary>
/// ----------------------------------------------------------------------------------------
public static byte[] EncryptDataUsingIdentity(byte[] data, X509Certificate2 certificateRef, bool useAsymmetricOnlyEncryption)
{
// Get public key hash from selected identity's certificate
string prefixString;
byte[] publicKeyHash = SEBProtectionController.GetPublicKeyHashFromCertificate(certificateRef);
byte[] encryptedData;
byte[] encryptedKeyLengthBytes = new byte[0];
byte[] encryptedKey = new byte[0];
byte[] encryptedSEBConfigData;
if (!useAsymmetricOnlyEncryption)
{
prefixString = PUBLIC_SYMMETRIC_KEY_MODE;
// For new asymmetric/symmetric encryption create a random symmetric key
byte[] symmetricKey = AESThenHMAC.NewKey();
string symmetricKeyString = Convert.ToBase64String(symmetricKey);
// Encrypt the symmetric key using the identity certificate
encryptedKey = SEBProtectionController.EncryptDataWithCertificate(symmetricKey, certificateRef);
// Get length of the encrypted key
encryptedKeyLengthBytes = BitConverter.GetBytes(encryptedKey.Length);
//encrypt data using symmetric key
encryptedData = SEBProtectionController.EncryptDataWithPassword(data, symmetricKeyString);
}
else
{
prefixString = PUBLIC_KEY_HASH_MODE;
//encrypt data using public key
encryptedData = SEBProtectionController.EncryptDataWithCertificate(data, certificateRef);
}
// Create byte array large enough to hold prefix, public key hash, length of and encrypted symmetric key plus encrypted data
encryptedSEBConfigData = new byte[PREFIX_LENGTH + publicKeyHash.Length + encryptedKeyLengthBytes.Length + encryptedKey.Length + encryptedData.Length];
int destinationOffset = 0;
// Copy prefix indicating data has been encrypted with a public key identified by hash into out data
Buffer.BlockCopy(Encoding.UTF8.GetBytes(prefixString), 0, encryptedSEBConfigData, destinationOffset, PREFIX_LENGTH);
destinationOffset += PREFIX_LENGTH;
// Copy public key hash to out data
Buffer.BlockCopy(publicKeyHash, 0, encryptedSEBConfigData, destinationOffset, publicKeyHash.Length);
destinationOffset += publicKeyHash.Length;
// Copy length of encrypted symmetric key to out data
Buffer.BlockCopy(encryptedKeyLengthBytes, 0, encryptedSEBConfigData, destinationOffset, encryptedKeyLengthBytes.Length);
destinationOffset += encryptedKeyLengthBytes.Length;
// Copy encrypted symmetric key to out data
Buffer.BlockCopy(encryptedKey, 0, encryptedSEBConfigData, destinationOffset, encryptedKey.Length);
destinationOffset += encryptedKey.Length;
// Copy encrypted data to out data
Buffer.BlockCopy(encryptedData, 0, encryptedSEBConfigData, destinationOffset, encryptedData.Length);
return(encryptedSEBConfigData);
}