GenerateIV() 공개 메소드

public GenerateIV ( ) : void
리턴 void
예제 #1
0
파일: AES.cs 프로젝트: rass89rus/QuasarRAT
        public static byte[] Encrypt(byte[] input)
        {
            if (_key == null || _key.Length == 0) throw new Exception("Key can not be empty.");
            if (input == null || input.Length == 0) throw new ArgumentException("Input can not be empty.");

            byte[] data = input, encdata = new byte[0];

            try
            {
                using (var ms = new MemoryStream())
                {
                    using (var rd = new AesManaged { Key = _key })
                    {
                        rd.GenerateIV();

                        using (var cs = new CryptoStream(ms, rd.CreateEncryptor(), CryptoStreamMode.Write))
                        {
                            ms.Write(rd.IV, 0, rd.IV.Length); // write first 16 bytes IV, followed by encrypted message
                            cs.Write(data, 0, data.Length);
                        }
                    }

                    encdata = ms.ToArray();
                }
            }
            catch
            {
            }
            return encdata;
        }
예제 #2
0
        /// <summary>
        /// <see cref="IAesManagedWrapper.Encrypt"/>
        /// </summary>
        public byte[] Encrypt(byte[] bytesToBeEncrypted, byte[] aesKey, out byte[] aesIv)
        {
            byte[] encryptedBytes;

            using (var ms = new MemoryStream())
            {
                using (var aes = new AesManaged())
                {
                    SetStandardConfiguration(aes);

                    aes.Key = aesKey;

                    aes.GenerateIV();
                    aesIv = aes.IV;

                    using (var cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
                    {
                        cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
                        cs.Close();
                    }

                    encryptedBytes = ms.ToArray();
                }
            }

            return encryptedBytes;
        }
        /// <summary>
        /// Creates a symmetric key.  See this link for more information behind the numbers
        /// http://blogs.msdn.com/b/shawnfa/archive/2006/10/09/the-differences-between-rijndael-and-aes.aspx
        /// </summary>
        /// <returns></returns>
        private SymmetricKey CreateNewAESSymmetricKeyset()
        {
            if (cert == null)
            {
                throw new InvalidOperationException("Unable to create new AES keyset; Certificate not loaded.");
            }

            byte[] symmKey, iv;

            using (AesManaged aes = new AesManaged())
            {
                aes.GenerateIV();
                aes.GenerateKey();

                symmKey = aes.Key;
                iv = aes.IV;

                aes.Clear();
            }

            // Encrypt the Symmetric Key for storage
            byte[] encryptedKey = EncryptRSA(symmKey, cert);

            SymmetricKey symmKeySet = new SymmetricKey() {
                iv = iv,
                Key = encryptedKey,
                CertificateThumbprint = cert.Thumbprint
            };

            return symmKeySet;
        }
예제 #4
0
        public EncryptedMessage Encrypt(byte[] input)
        {
            var em = new EncryptedMessage();
            using (var aes = new AesManaged())
            {
                aes.KeySize = 256;

                aes.GenerateIV();
                aes.GenerateKey();

                em.IV = aes.IV;
                em.Key = aes.Key;
                em.EncryptionType = MessageEncryptionType.Aes;

                using (var encryptor = aes.CreateEncryptor())
                {
                    using (var msOutput = new MemoryStream())
                    {
                        using (var cryptoStream = new CryptoStream(msOutput, encryptor, CryptoStreamMode.Write)) {
                            using (var msInput = new MemoryStream(input)) {
                                msInput.CopyTo(cryptoStream);
                            }
                        }
                        em.CipherBytes = msOutput.ToArray();
                    }
                }

                return em;
            }
        }
예제 #5
0
 /// <summary>
 /// Generates a new random Initialization vector. 
 /// This can be used for the encryption of keys in the HOTP/TOTP classes
 /// </summary>
 /// <returns>returns a new Initialization vector</returns>
 public static byte[] GenerateNewAesIv()
 {
     using (AesManaged aesAlg = new AesManaged())
     {
         aesAlg.GenerateIV();
         return aesAlg.IV;
     }
 }
예제 #6
0
        public static byte[] GenerateIV()
        {
            var aes = new System.Security.Cryptography.AesManaged();

            aes.KeySize = 256;
            aes.GenerateIV();
            return(aes.IV);
        }
예제 #7
0
 public AESEncryption()
 {
     Algorithm = new AesManaged();
     Algorithm.KeySize = 256;
     Algorithm.Mode = CipherMode.CBC;
     Algorithm.GenerateIV();
     Algorithm.GenerateKey();
     Algorithm.Padding = PaddingMode.PKCS7;
 }
        private void GenerateEncryptionParameters(X509Certificate2 certificate)
        {
            var aesManaged = new AesManaged();
            aesManaged.GenerateIV();
            aesManaged.GenerateKey();

            string ivToStoreInConfig = Convert.ToBase64String(aesManaged.IV);
            string encryptionKeyAsString = Convert.ToBase64String(aesManaged.Key);
            string keyToStoreInConfig = RsaEncrypt(certificate, encryptionKeyAsString);

            ConfigurationManager.AppSettings["EncryptionIV"] = ivToStoreInConfig;
            ConfigurationManager.AppSettings["EncryptionKey"] = keyToStoreInConfig;
        }
예제 #9
0
        public SymmetricKey CreateNewAesSymmetricKeyset()
        {
            var aes = new AesManaged();
            aes.GenerateIV();
            aes.GenerateKey();

            var symmKeySet = new SymmetricKey()
            {
                Iv = RsaEncryptBytes(aes.IV),
                Key = RsaEncryptBytes(aes.Key)
            };

            return symmKeySet;
        }
예제 #10
0
 static TokenCrypt()
 {
     try
     {
         CryptKey = JsonHelper.ParseJson<AesKey>(File.ReadAllText(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, KeyFile)).Trim());
     }
     catch(FileNotFoundException)
     {
         using(var aes = new AesManaged())
         {
             aes.GenerateKey();
             aes.GenerateIV();
             CryptKey = new AesKey { Key = aes.Key, IV = aes.IV };
             File.WriteAllText(Path.Combine(AppDomain.CurrentDomain.BaseDirectory, KeyFile), CryptKey.ToJsonString());
         }
     }
 }
예제 #11
0
 public static byte[] EncryptString(string text, string secret, string salt)
 {
     byte[] buffer;
     using (Aes aes = new AesManaged())
     {
         aes.Key = new Rfc2898DeriveBytes(secret, Encoding.UTF8.GetBytes(salt)).GetBytes(0x10);
         aes.GenerateIV();
         using (MemoryStream stream = new MemoryStream())
         {
             stream.Write(BitConverter.GetBytes(aes.IV.Length), 0, 4);
             stream.Write(aes.IV, 0, aes.IV.Length);
             using (CryptoStream stream2 = new CryptoStream(stream, aes.CreateEncryptor(), CryptoStreamMode.Write))
             {
                 stream2.Write(Encoding.UTF8.GetBytes(text), 0, text.Length);
                 stream2.FlushFinalBlock();
                 buffer = stream.ToArray();
             }
         }
     }
     return buffer;
 }
예제 #12
0
        public AESCipher()
        {
            this.utf8Encoding = new System.Text.UTF8Encoding();
            this.aes = new AesManaged();
            this.aes.Mode = CipherMode.CBC;
            this.aes.Padding = PaddingMode.PKCS7;
            this.aes.KeySize = 128;
            this.aes.BlockSize = 128;

            aes.GenerateKey();
            aes.GenerateIV();

            if (File.Exists(@"C:\Users\Chris\Documents\Cambridge\Part II Project\Code\Encryption Example\EncryptionExample\AESkey.xml") == true)
                File.Delete(@"C:\Users\Chris\Documents\Cambridge\Part II Project\Code\Encryption Example\EncryptionExample\AESkey.xml");

            //provide AES encryption key params
            FileStream fs = new FileStream(@"C:\Users\Chris\Documents\Cambridge\Part II Project\Code\Encryption Example\EncryptionExample\AESkey.xml", FileMode.CreateNew, FileAccess.ReadWrite);
            StreamWriter sw = new StreamWriter(fs);
            string aesKeyXML = byte2Hex(aes.Key);
            sw.Write("<AESkey>"+ aesKeyXML + "</AESkey>");
            sw.Close();
            fs.Close();
        }
예제 #13
0
        /**
         * Encrypts a specified string using AES encryption and returns
         * the encrypted string and key used.
         */
        public static string[] Encrypt(string str)
        {
            byte[] bytes = Encoding.UTF8.GetBytes(str);

            var manager = new AesManaged
            {
                KeySize = 256,
                Padding = PaddingMode.PKCS7
            };

            manager.GenerateKey();
            manager.GenerateIV();

            ICryptoTransform c = manager.CreateEncryptor();

            bytes = c.TransformFinalBlock(bytes, 0, bytes.Length);

            string hash = BitConverter.ToString(manager.IV).Replace("-", "");
            hash += BitConverter.ToString(bytes).Replace("-", "");
            string key = BitConverter.ToString(manager.Key).Replace("-", "");

            return new[] {hash, key};
        }
예제 #14
0
파일: AES.cs 프로젝트: darthrado/LoLoLoL
        public static byte[] EncryptStringToByte(string sourceText,ref byte[] key,ref byte[] IV)
        {
            if (sourceText == null || sourceText == "")
            {
                return null;
            }

            byte[] result;
            AesManaged aesAlg = new AesManaged();

            if (key == null || key.Length <= 0 || IV == null || IV.Length <= 0)
            {
                aesAlg.GenerateKey();
                aesAlg.GenerateIV();

                key = aesAlg.Key;
                IV = aesAlg.IV;
            }
            else
            {
                aesAlg.Key = key;
                aesAlg.IV = IV;
            }

            ICryptoTransform encryptor = aesAlg.CreateEncryptor();

            MemoryStream msEncrypt = new MemoryStream();
            CryptoStream csEncrypt = new CryptoStream(msEncrypt,encryptor, CryptoStreamMode.Write);
            StreamWriter swEncrypt = new StreamWriter(csEncrypt);

            swEncrypt.Write(sourceText);
            swEncrypt.Close();
            csEncrypt.Close();
            result = msEncrypt.ToArray();

            return result;
        }
예제 #15
0
        public void RsaHelperBytesShouldSucceed()
        {
            var directory = TestContext.DeploymentDirectory;
            var helper = new RsaHelper(Path.Combine(directory, "TestCertificate.pfx"), CertificatePassword);

            var aes = new AesManaged();
            aes.GenerateIV();
            aes.GenerateKey();

            var originalKey = aes.Key;
            var originalIv = aes.IV;

            var encryptedKeyBytes = helper.RsaEncryptBytes(aes.Key);
            var encryptedIvBytes = helper.RsaEncryptBytes(aes.IV);

            encryptedIvBytes.Should().NotBeNull("IV failed to encrypt");
            encryptedKeyBytes.Should().NotBeNull("Key failed to encrypt");

            var decryptedKeyBytes = helper.RsaDecryptToBytes(encryptedKeyBytes);
            var decryptedIvBytes = helper.RsaDecryptToBytes(encryptedIvBytes);

            originalKey.ShouldBeEquivalentTo(decryptedKeyBytes);
            originalIv.ShouldBeEquivalentTo(decryptedIvBytes);
        }
예제 #16
0
        public SecurityHelper()
        {
            rijAlg = new AesManaged();
            rijAlg.GenerateIV();
            IV = rijAlg.IV;
            KEY = Convert.FromBase64String(EncodeTo64(key));
            rijAlg.Key = KEY;

            //try
            //{

            //    string original = "Here is some data to encrypt!";

            //    // Create a new instance of the AesManaged
            //    // class.  This generates a new key and initialization
            //    // vector (IV).
            //    using (AesManaged myAes = new AesManaged())
            //    {
            //        myAes.Key = Convert.FromBase64String(EncodeTo64(key));
            //        // Encrypt the string to an array of bytes.
            //        byte[] encrypted = EncryptStringToBytes_Aes(original, myAes.Key, myAes.IV);

            //        // Decrypt the bytes to a string.
            //        string roundtrip = DecryptStringFromBytes_Aes(encrypted, myAes.Key, myAes.IV);

            //        //Display the original data and the decrypted data.
            //        Debug.WriteLine("Original:   {0}", original);
            //        Debug.WriteLine("Round Trip: {0}", roundtrip);
            //    }

            //}
            //catch (Exception e)
            //{
            //    Debug.WriteLine("Error: {0}", e.Message);
            //}
        }
        public EncryptResponse Encrypt(string password, Guid id)
        {
            // Key = Hashed (setting Guid + Salt)
            using (var sha256 = SHA256.Create())
            {
                var enc = new UTF8Encoding();
                var keyBytes = sha256.ComputeHash(enc.GetBytes(id + EncryptionSalt));

                // Encrypt password
                using (var aes = new AesManaged())
                {
                    aes.GenerateIV();
                    aes.Key = keyBytes;
                    var encryptor = aes.CreateEncryptor();

                    using (var msEncrypt = new MemoryStream())
                    {
                        using (
                            var csEncrypt = new CryptoStream(msEncrypt, encryptor,
                                CryptoStreamMode.Write))
                        {
                            using (var swEncrypt = new StreamWriter(csEncrypt))
                            {
                                swEncrypt.Write(password);
                            }
                            var encryptedPassword = Convert.ToBase64String(msEncrypt.ToArray());
                            if (encryptedPassword.IsNullOrWhiteSpace())
                            {
                                throw new NullReferenceException("Password encryption failed!");
                            }
                            return new EncryptResponse(encryptedPassword, Convert.ToBase64String(aes.IV));
                        }
                    }
                }
            }
        }
예제 #18
0
		public static string EncryptAssymetric(Tuple<byte[], byte[]> parameters, string data)
		{
			var bytes = Encoding.UTF8.GetBytes(data);
			var results = new List<byte>();

			using (var aesKeyGen = new AesManaged
			{
				KeySize = 256,
			})
			{
				aesKeyGen.GenerateKey();
				aesKeyGen.GenerateIV();

				results.AddRange(AddEncryptedKeyAndIv(parameters, aesKeyGen));

				using (var encryptor = aesKeyGen.CreateEncryptor())
				{
					var encryptedBytes = encryptor.TransformEntireBlock(bytes);
					results.AddRange(encryptedBytes);
				}
			}
			return BytesToString(results.ToArray());

		}
예제 #19
0
 /// <summary>
 /// Generates a random initialization vector (IV) to use for the symmetric algorithm.
 /// </summary>
 /// <returns>The initialization vector (IV) to use for the symmetric algorithm.</returns>
 public static byte[] GenerateIV()
 {
     byte[] iv;
     using (var aes = new AesManaged())
     {
         aes.GenerateIV();
         iv = aes.IV;
     }
     return iv;
 }
예제 #20
0
 public static Byte[] GenFreshAESIV()
 {
     AesManaged aes = new AesManaged();
     aes.GenerateIV();
     return aes.IV;
 }
예제 #21
0
        /// <summary>
        /// Simple Encryption(AES) then Authentication (HMAC) for a UTF8 Message.
        /// </summary>
        /// <param name="secretMessage">The secret message.</param>
        /// <param name="cryptKey">The crypt key.</param>
        /// <param name="authKey">The auth key.</param>
        /// <param name="nonSecretPayload">(Optional) Non-Secret Payload.</param>
        /// <returns>
        /// Encrypted Message
        /// </returns>
        /// <remarks>
        /// Adds overhead of (Optional-Payload + BlockSize(16) + Message-Padded-To-Blocksize +  HMac-Tag(32)) * 1.33 Base64
        /// </remarks>
        public static byte[] SimpleEncrypt(byte[] secretMessage, byte[] cryptKey, byte[] authKey, byte[] nonSecretPayload = null)
        {
            //User Error Checks
            if (cryptKey == null || cryptKey.Length != KeyBitSize / 8)
                throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "cryptKey");

            if (authKey == null || authKey.Length != KeyBitSize / 8)
                throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "authKey");

            if (secretMessage == null || secretMessage.Length < 1)
                throw new ArgumentException("Secret Message Required!", "secretMessage");

            //non-secret payload optional
            nonSecretPayload = nonSecretPayload ?? new byte[] { };

            byte[] cipherText;
            byte[] iv;

            using (var aes = new AesManaged
            {
                KeySize = KeyBitSize,
                BlockSize = BlockBitSize,
                Mode = CipherMode.CBC,
                Padding = PaddingMode.PKCS7
            })
            {

                //Use random IV
                aes.GenerateIV();
                iv = aes.IV;

                using (var encrypter = aes.CreateEncryptor(cryptKey, iv))
                using (var cipherStream = new MemoryStream())
                {
                    using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
                    using (var binaryWriter = new BinaryWriter(cryptoStream))
                    {
                        //Encrypt Data
                        binaryWriter.Write(secretMessage);
                    }

                    cipherText = cipherStream.ToArray();
                }

            }

            //Assemble encrypted message and add authentication
            using (var hmac = new HMACSHA256(authKey))
            using (var encryptedStream = new MemoryStream())
            {
                using (var binaryWriter = new BinaryWriter(encryptedStream))
                {
                    //Prepend non-secret payload if any
                    binaryWriter.Write(nonSecretPayload);
                    //Prepend IV
                    binaryWriter.Write(iv);
                    //Write Ciphertext
                    binaryWriter.Write(cipherText);
                    binaryWriter.Flush();

                    //Authenticate all data
                    var tag = hmac.ComputeHash(encryptedStream.ToArray());
                    //Postpend tag
                    binaryWriter.Write(tag);
                }
                return encryptedStream.ToArray();
            }

        }
예제 #22
0
        private string Encrypt(string secretMessage, byte[] cryptKey, byte[] authKey, byte[] nonSecretPayload)
        {
            nonSecretPayload = nonSecretPayload ?? new byte[] { };
            byte[] cipherText;
            byte[] iv;

            using (var aes = new AesManaged
                             {
                                 KeySize = KEY_BIT_SIZE,
                                 BlockSize = BLOCK_BIT_SIZE,
                                 Mode = CipherMode.CBC,
                                 Padding = PaddingMode.PKCS7
                             })
            {
                aes.GenerateIV();
                iv = aes.IV;
                using (var encryptor = aes.CreateEncryptor(cryptKey, iv))
                {
                    using (var cipherStream = new MemoryStream())
                    {
                        using (var cryptoStream = new CryptoStream(cipherStream, encryptor, CryptoStreamMode.Write))
                        {
                            using (var binaryWriter = new BinaryWriter(cryptoStream))
                            {
                                binaryWriter.Write(Encoding.UTF8.GetBytes(secretMessage));
                            }
                        }
                        cipherText = cipherStream.ToArray();
                    }
                }
            }

            using (var hmac = new HMACSHA256(authKey))
            {
                using (var encryptedStream = new MemoryStream())
                {
                    using (var binaryWriter = new BinaryWriter(encryptedStream))
                    {
                        binaryWriter.Write(nonSecretPayload);
                        binaryWriter.Write(iv);
                        binaryWriter.Write(cipherText);
                        binaryWriter.Flush();

                        var tag = hmac.ComputeHash(encryptedStream.ToArray());
                        binaryWriter.Write(tag);
                    }
                    return Convert.ToBase64String(encryptedStream.ToArray());
                }
            }
        }
예제 #23
0
파일: Settings.cs 프로젝트: JackJCSN/APMS
 internal static void GenerateKey(this Settings s, ref AesManaged AES)
 {
     AES.GenerateIV();
     AES.GenerateKey();
     s.Key = AES.Key;
     s.IV = AES.IV;
     s.IsFirst = false;
 }
예제 #24
0
        /// <summary>
        /// 出力ストリームとパスワードを指定して、 <see cref="Encrypt.Encryptor"/> クラスの新しいインスタンスを初期化します。
        /// </summary>
        /// <param name="outputStream">暗号化されたデータを出力するストリーム。</param>
        /// <param name="password">パスワード。</param>
        /// <remarks>
        /// <para>
        /// AESアルゴリズムを使用した暗号化を行うストリームを作成します。
        /// 暗号化ストリームを作成した時に使用したソルトとIVを、出力ストリームの先頭に出力します。
        /// </para>
        /// <para>
        /// パスワードが<see cref="Encrypt.EncryptSettings.KeySize"/> より短いと鍵空間が小さくなるため、
        /// 指定されたパスワードをベースに擬似乱数を生成して鍵として使用します。
        /// </para>
        /// </remarks>
        public Encryptor(Stream outputStream, string password)
        {
            if (outputStream == null)
            {
                throw new ArgumentNullException("outputStream");
            }
            if (string.IsNullOrEmpty(password))
            {
                throw new ArgumentNullException("password");
            }

            OutputStream = outputStream;

            using (var aes = new AesManaged())
            {
                var settings = EncryptSettings.Instance;
                aes.BlockSize = settings.BlockSize;
                aes.KeySize = settings.KeySize;
                aes.Mode = settings.Mode;
                aes.Padding = settings.Padding;

                // 指定されたパスワードをベースに擬似乱数を生成
                var derivedBytes = new Rfc2898DeriveBytes(password, settings.SaltSize / 8);
                var salt = derivedBytes.Salt;

                aes.Key = derivedBytes.GetBytes(aes.KeySize / 8);   // aes.KeySize は必ず8の倍数
                aes.GenerateIV();

                ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
                CryptoStream = new CryptoStream(OutputStream, encryptor, CryptoStreamMode.Write);

                // saltとIVをファイル先頭に暗号化しないで保存する
                OutputStream.Write(salt, 0, salt.Length);
                OutputStream.Write(aes.IV, 0, aes.IV.Length);

                DeflateStream = new DeflateStream(CryptoStream, CompressionMode.Compress);
            }
        }
예제 #25
0
        private void HandleEncryptedDeviceRequest(HttpContext context)
        {
            var request = context.Request;
            var response = context.Response;
            var authorization = request.Headers["Authorization"];
            var authTokens = authorization.Split(':');
            IContainerOwner owner = null;
            if (request.Path.StartsWith("/auth/grp/"))
            {
                string groupID = GetGroupID(context.Request.Path);
                owner = new VirtualOwner("grp", groupID);
            }
            else
                throw new NotSupportedException("Account device requests not yet supported");
            string ivStr = authTokens[1];
            string trustID = authTokens[2];
            string contentName = authTokens[3];
            DeviceMembership deviceMembership = DeviceMembership.RetrieveFromOwnerContent(owner, trustID);
            if(deviceMembership == null)
                throw new InvalidDataException("Device membership not found");
            if(deviceMembership.IsValidatedAndActive == false)
                throw new SecurityException("Device membership not valid and active");
            InformationContext.Current.Owner = owner;
            InformationContext.Current.ExecutingForDevice = deviceMembership;
            if (request.RequestType == "GET")
            {
                string contentPath = request.Path.Substring(AuthGroupPrefixLen + GuidIDLen + 1);
                if(contentPath.Contains("TheBall.CORE"))
                    throw new SecurityException("Invalid request location");
                var blob = StorageSupport.GetOwnerBlobReference(owner, contentPath);

                AesManaged aes = new AesManaged();
                aes.KeySize = SymmetricSupport.AES_KEYSIZE;
                aes.BlockSize = SymmetricSupport.AES_BLOCKSIZE;
                aes.GenerateIV();
                aes.Key = deviceMembership.ActiveSymmetricAESKey;
                aes.Padding = SymmetricSupport.PADDING_MODE;
                aes.Mode = SymmetricSupport.AES_MODE;
                aes.FeedbackSize = SymmetricSupport.AES_FEEDBACK_SIZE;
                var ivBase64 = Convert.ToBase64String(aes.IV);
                response.Headers.Add("IV", ivBase64);
                var responseStream = response.OutputStream;
                var encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
                var cryptoStream = new CryptoStream(responseStream, encryptor, CryptoStreamMode.Write);
                blob.DownloadToStream(cryptoStream);
                cryptoStream.Close();
            } else if (request.RequestType == "POST")
            {
                if (contentName.StartsWith(DeviceSupport.OperationPrefixStr))
                {
                    string operationName = contentName.Substring(DeviceSupport.OperationPrefixStr.Length);
                    var reqStream = request.GetBufferedInputStream();
                    AesManaged decAES = new AesManaged
                        {
                            KeySize = SymmetricSupport.AES_KEYSIZE,
                            BlockSize = SymmetricSupport.AES_BLOCKSIZE,
                            IV = Convert.FromBase64String(ivStr),
                            Key = deviceMembership.ActiveSymmetricAESKey,
                            Padding = SymmetricSupport.PADDING_MODE,
                            Mode = SymmetricSupport.AES_MODE,
                            FeedbackSize = SymmetricSupport.AES_FEEDBACK_SIZE
                        };
                    var reqDecryptor = decAES.CreateDecryptor(decAES.Key, decAES.IV);

                    AesManaged encAES = new AesManaged
                        {
                            KeySize = SymmetricSupport.AES_KEYSIZE,
                            BlockSize = SymmetricSupport.AES_BLOCKSIZE,
                            Key = deviceMembership.ActiveSymmetricAESKey,
                            Padding = SymmetricSupport.PADDING_MODE,
                            Mode = SymmetricSupport.AES_MODE,
                            FeedbackSize = SymmetricSupport.AES_FEEDBACK_SIZE
                        };
                    encAES.GenerateIV();
                    var respivBase64 = Convert.ToBase64String(encAES.IV);
                    response.Headers.Add("IV", respivBase64);
                    var responseStream = response.OutputStream;
                    var respEncryptor = encAES.CreateEncryptor(encAES.Key, encAES.IV);

                    using (CryptoStream reqDecryptStream = new CryptoStream(reqStream, reqDecryptor, CryptoStreamMode.Read),
                            respEncryptedStream = new CryptoStream(responseStream, respEncryptor, CryptoStreamMode.Write))
                    {
                        OperationSupport.ExecuteOperation(operationName,
                            new Tuple<string, object>("InputStream", reqDecryptStream),
                            new Tuple<string, object>("OutputStream", respEncryptedStream));
                    }
                }
                else
                {
                    string contentRoot = deviceMembership.RelativeLocation + "_Input";
                    string blobName = contentRoot + "/" + contentName;
                    var blob = StorageSupport.GetOwnerBlobReference(owner, blobName);
                    if (blob.Name != blobName)
                        throw new InvalidDataException("Invalid content name");
                    var reqStream = request.GetBufferedInputStream();
                    AesManaged aes = new AesManaged();
                    aes.KeySize = SymmetricSupport.AES_KEYSIZE;
                    aes.BlockSize = SymmetricSupport.AES_BLOCKSIZE;
                    aes.IV = Convert.FromBase64String(ivStr);
                    aes.Key = deviceMembership.ActiveSymmetricAESKey;
                    aes.Padding = SymmetricSupport.PADDING_MODE;
                    aes.Mode = SymmetricSupport.AES_MODE;
                    aes.FeedbackSize = SymmetricSupport.AES_FEEDBACK_SIZE;
                    var decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
                    CryptoStream cryptoStream = new CryptoStream(reqStream, decryptor, CryptoStreamMode.Read);
                    blob.UploadFromStream(cryptoStream);
                }
                response.StatusCode = 200;
                response.End();
            }
            else
                throw new NotSupportedException("Device request type not supported: " + request.RequestType);
        }
        private void EncryptToFile(string data, string filepath)
        {
            // Gets the bytes from the string.
            byte[] binData = Encoding.UTF8.GetBytes(data);

            // AES encryption of the source file.
            byte[] aesKey, aesIv;
            byte[] aesEncData;
            using (AesManaged aes = new AesManaged())
            {
                // Generates a random AES key and IV.
                aes.GenerateKey();
                aes.GenerateIV();
                aesKey = aes.Key;
                aesIv = aes.IV;

                // Encrypts the data.
                ICryptoTransform ct = aes.CreateEncryptor();
                using (MemoryStream ms = new MemoryStream())
                {
                    using (CryptoStream cs = new CryptoStream(ms, ct, CryptoStreamMode.Write))
                    {
                        using (BinaryWriter bw = new BinaryWriter(cs))
                        {
                            bw.Write(binData);
                        }
                    }
                    aesEncData = ms.ToArray();
                }
            }

            // Loads the RSA public key.
            RSAParameters rsaPublicKey = LoadRSAPublicKey();

            // RSA encryption of the AES key+iv.
            byte[] rsaEncAesKey, rsaEncAesIv;
            using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider())
            {
                // Imports the key.
                rsa.ImportParameters(rsaPublicKey);

                // Performs encryption.
                rsaEncAesKey = rsa.Encrypt(aesKey, false);
                rsaEncAesIv = rsa.Encrypt(aesIv, false);
            }

            // Writes the encrypted data.
            using (IsolatedStorageFile isf = IsolatedStorageFile.GetUserStoreForApplication())
            {
                using (IsolatedStorageFileStream fs = isf.OpenFile(filepath, FileMode.Create))
                {
                    using (BinaryWriter bw = new BinaryWriter(fs))
                    {
                        // Key length + data.
                        bw.Write(rsaEncAesKey.Length);
                        bw.Write(rsaEncAesKey);

                        // IV length + data.
                        bw.Write(rsaEncAesIv.Length);
                        bw.Write(rsaEncAesIv);

                        // AES encrypted length + data
                        bw.Write(aesEncData.Length);
                        bw.Write(aesEncData);
                    }
                }
            }
        }
예제 #27
0
 public AesCipher()
 {
     _aes = new AesManaged {KeySize = KeySize};
     _aes.GenerateIV();
     _aes.GenerateKey();
 }
예제 #28
0
 static void Main(string[] args)
 {
     try
     {
         string original = "aaaaaaaaaaaaaaa";
         char result;
         using (AesManaged myAes = new AesManaged())
         {
             myAes.KeySize = 256;
             myAes.BlockSize = 128;
             myAes.GenerateIV();
             myAes.GenerateKey();
             //myAes.Key = GetBytes("chave"); // transformar em bytes
             //myAes.IV = GetBytes("Sal"); // transformar em bytes
             byte[] encrypted = EncryptedStringToBytes_Aes(original, myAes.Key, myAes.IV);
             string criptb64 = System.Convert.ToBase64String(encrypted, 0, encrypted.Length);
             string cript = GetString(encrypted);
             string roundtrip = DecryptStringFromBytes_Aes(encrypted, myAes.Key, myAes.IV);
             Console.WriteLine($"1 Original: {original} tamanho: {original.Length}");
             Console.WriteLine($"2 encryped: {cript} tamanho: {cript.Length}");
             foreach(byte number in encrypted)
             {
                 result = Convert.ToChar(number);
                 Console.WriteLine($"number: {number} convert: {result}");
             }
             Console.WriteLine($"3 cript64: {criptb64} tamanho: {criptb64.Length}");
             Console.WriteLine($"4 roundtrip: {roundtrip} tamanho: {roundtrip.Length}");
         }
     }
     catch (Exception e)
     {
         Console.WriteLine($"Erro: {e.Message}");
     }
     Console.ReadKey();
 }
예제 #29
0
                /// <summary>
                /// Simple Encryption(AES) then Authentication (HMAC) for a UTF8 Message.
                /// </summary>
                /// <param name="secretMessage">The secret message.</param>
                /// <param name="cryptKey">The crypt key.</param>
                /// <param name="authKey">The auth key.</param>
                /// <param name="nonSecretPayload">(Optional) Non-Secret Payload.</param>
                /// <returns>Encrypted Message</returns>
                /// <remarks>
                /// Adds overhead of (Optional-Payload + BlockSize(16) + Message-Padded-To-Blocksize +  HMac-Tag(32)) * 1.33 Base64
                /// </remarks>
                private static string SimpleEncrypt(string secretMessage, byte[] cryptKey, byte[] authKey, byte[] nonSecretPayload = null)
                {
                    Debug.Assert(cryptKey != null);
                    Debug.Assert(cryptKey.Length == KeyBitSize / 8);
                    Debug.Assert(authKey != null);
                    Debug.Assert(authKey.Length == KeyBitSize / 8);
                    Debug.Assert(secretMessage != null);
                    Debug.Assert(secretMessage.Length > 0);

                    //non-secret payload optional
                    nonSecretPayload = nonSecretPayload ?? new byte[] {};

                    byte[] cipherText;
                    byte[] iv;

                    using (var aes = new AesManaged {
                                                        KeySize = KeyBitSize,
                                                        BlockSize = BlockBitSize,
                                                        Mode = CipherMode.CBC,
                                                        Padding = PaddingMode.PKCS7
                                                    }
                        )
                    {
                        //Use random IV
                        aes.GenerateIV();
                        iv = aes.IV;

                        using (var encrypter = aes.CreateEncryptor(cryptKey, iv))
                        using (var cipherStream = new MemoryStream())
                        {
                            using (var tCryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
                            using (var tBinaryWriter = new BinaryWriter(tCryptoStream))
                            {
                                //Encrypt Data
                                tBinaryWriter.Write(Encoding.UTF8.GetBytes(secretMessage));
                            }

                            cipherText = cipherStream.ToArray();
                        }
                    }

                    //Assemble encrypted message and add authentication
                    using (var hmac = new HMACSHA256(authKey))
                    using (var encryptedStream = new MemoryStream())
                    {
                        using (var binaryWriter = new BinaryWriter(encryptedStream))
                        {
                            //Prepend non-secret payload if any
                            binaryWriter.Write(nonSecretPayload);
                            //Prepend IV
                            binaryWriter.Write(iv);
                            //Write Ciphertext
                            binaryWriter.Write(cipherText);
                            binaryWriter.Flush();

                            //Authenticate all data
                            var tag = hmac.ComputeHash(encryptedStream.ToArray());
                            //Postpend tag
                            binaryWriter.Write(tag);
                        }
                        return Convert.ToBase64String(encryptedStream.ToArray());
                    }
                }
예제 #30
0
        public static string CreateEncryptedJweToken(JsonObject jwtPayload, RSAParameters publicKey)
        {
            //From: http://self-issued.info/docs/draft-ietf-jose-json-web-encryption-09.html#RSACBCExample
            var jweHeader = new JsonObject
            {
                { "alg", "RSA-OAEP" },
                { "enc", "A128CBC-HS256" },
                { "kid", Convert.ToBase64String(publicKey.Modulus).Substring(0,3) },
            };

            var jweHeaderBase64Url = jweHeader.ToJson().ToUtf8Bytes().ToBase64UrlSafe();

            var authKey = new byte[128 / 8];
            var cryptKey = new byte[128 / 8];
            var cryptAuthKeys256 = AesUtils.CreateKey();

            Buffer.BlockCopy(cryptAuthKeys256, 0, authKey, 0, authKey.Length);
            Buffer.BlockCopy(cryptAuthKeys256, authKey.Length, cryptKey, 0, cryptKey.Length);

            using (var aes = new AesManaged
            {
                KeySize = 128,
                BlockSize = 128,
                Mode = CipherMode.CBC,
                Padding = PaddingMode.PKCS7
            })
            {
                aes.GenerateIV();
                var iv = aes.IV;
                aes.Key = cryptKey;

                var jweEncKey = RsaUtils.Encrypt(cryptAuthKeys256, publicKey, UseRsaKeyLength);
                var jweEncKeyBase64Url = jweEncKey.ToBase64UrlSafe();
                var ivBase64Url = iv.ToBase64UrlSafe();

                var aad = jweHeaderBase64Url + "." + jweEncKeyBase64Url;
                var aadBytes = aad.ToUtf8Bytes();
                var payloadBytes = jwtPayload.ToJson().ToUtf8Bytes();

                byte[] cipherText, tag;
                using (var encrypter = aes.CreateEncryptor(cryptKey, iv))
                using (var cipherStream = new MemoryStream())
                {
                    using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
                    using (var writer = new BinaryWriter(cryptoStream))
                    {
                        writer.Write(payloadBytes);
                    }

                    cipherText = cipherStream.ToArray();
                }

                using (var hmac = new HMACSHA256(authKey))
                using (var encryptedStream = new MemoryStream())
                {
                    using (var writer = new BinaryWriter(encryptedStream))
                    {
                        writer.Write(aadBytes);
                        writer.Write(iv);
                        writer.Write(cipherText);
                        writer.Flush();

                        tag = hmac.ComputeHash(encryptedStream.ToArray());
                    }
                }

                var cipherTextBase64Url = cipherText.ToBase64UrlSafe();
                var tagBase64Url = tag.ToBase64UrlSafe();

                var jweToken = jweHeaderBase64Url + "."
                    + jweEncKeyBase64Url + "." 
                    + ivBase64Url + "."
                    + cipherTextBase64Url + "."
                    + tagBase64Url;

                return jweToken;
            }
        }
예제 #31
0
        /// <summary>
        /// Creates or updates cipher keys.
        /// </summary>
        internal void UpdateKeyIVs()
        {
            using (AesManaged symmetricAlgorithm = new AesManaged())
            {
                symmetricAlgorithm.KeySize = 256;
                symmetricAlgorithm.GenerateKey();
                symmetricAlgorithm.GenerateIV();

                if ((object)m_keyIVs == null)
                {
                    // Initialize new key set
                    m_keyIVs = new byte[2][][];
                    m_keyIVs[EvenKey] = new byte[2][];
                    m_keyIVs[OddKey] = new byte[2][];

                    m_keyIVs[EvenKey][KeyIndex] = symmetricAlgorithm.Key;
                    m_keyIVs[EvenKey][IVIndex] = symmetricAlgorithm.IV;

                    symmetricAlgorithm.GenerateKey();
                    symmetricAlgorithm.GenerateIV();

                    m_keyIVs[OddKey][KeyIndex] = symmetricAlgorithm.Key;
                    m_keyIVs[OddKey][IVIndex] = symmetricAlgorithm.IV;

                    m_cipherIndex = EvenKey;
                }
                else
                {
                    // Generate a new key set for current cipher index
                    m_keyIVs[m_cipherIndex][KeyIndex] = symmetricAlgorithm.Key;
                    m_keyIVs[m_cipherIndex][IVIndex] = symmetricAlgorithm.IV;

                    // Set run-time to the other key set
                    m_cipherIndex ^= 1;
                }
            }

            m_lastCipherKeyUpdateTime = DateTime.UtcNow.Ticks;
        }