public async Task <string> GetPasswordAsync(string dpapiFilePath, System.Security.Cryptography.DataProtectionScope scope, Config.KeyVaultSecret secretsTuple) { if (secretsTuple == null) { if (string.IsNullOrWhiteSpace(dpapiFilePath)) { return(null); } if (!File.Exists(dpapiFilePath)) { throw new BadConfigException("Protected file missing", dpapiFilePath); } return(DPAPIHelper.ReadDataFromFile(dpapiFilePath, scope)); } if (string.IsNullOrWhiteSpace(secretsTuple.ApplicationIdEnvironmentVariableName)) { throw new BadConfigException("Application ID", "Empty Application ID variable name"); } if (string.IsNullOrWhiteSpace(secretsTuple.ApplicationSecretEnvironmentVariableName)) { throw new BadConfigException("Application Secret", "Empty Application Secret variable name"); } clientId = GetRequiredEnvironmentVariable(secretsTuple.ApplicationIdEnvironmentVariableName); clientSecret = GetRequiredEnvironmentVariable(secretsTuple.ApplicationSecretEnvironmentVariableName); var kv = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetToken)); var result = await kv.GetSecretAsync(secretsTuple.KeyVaultPath); return(result.Value); }
public string GetPassword(string dpapiFilePath, System.Security.Cryptography.DataProtectionScope scope, Config.KeyVaultSecret secretsTuple) { var task = GetPasswordAsync(dpapiFilePath, scope, secretsTuple); task.Wait(); if (task.IsFaulted) { throw task.Exception; } return(task.Result); }
public static string Encryption_AES() { string StringToEncrypt = RandomString(16); // Registry... string keyName = @"HKEY_CURRENT_USER"; string subKey = @"AESEncrytion"; string valueName = "AESKeyData"; string valueName2 = "AppPassword"; System.Security.Cryptography.DataProtectionScope dpScope = DataProtectionScope.CurrentUser; string key; int keysize = 128; // Create Encryption Key. key = TTC1.GenerateKey(keysize); // For additional security Pin the key. GCHandle gch = GCHandle.Alloc(key, GCHandleType.Pinned); // Store key into registry, using DPAPI. TTC1.StoreKey(keyName, subKey, valueName, key, dpScope); // Encrypt the string. string EncryptedHexString = TTC1.Encrypt(StringToEncrypt, key, keysize); TTC1.StoreKey(keyName, subKey, valueName2, EncryptedHexString, dpScope); // Decrypt the string. string DecryptedHexString = TTC1.Decrypt(EncryptedHexString, TTC1.ReadKey(keyName, subKey, valueName), keysize); //Console.WriteLine("{0}", DecryptedHexString); return(DecryptedHexString); }
public static void StoreKey(string keyName, string subKey, string valueName, string key, System.Security.Cryptography.DataProtectionScope dpScope) { // Turn string key into byte array. byte[] keyAsBytes = UnicodeEncoding.ASCII.GetBytes(key); // Store key to protected byte array. byte[] encryptedKeyPair = ProtectedData.Protect(keyAsBytes, null, dpScope); // Create a security context. string user = Environment.UserDomainName + "\\" + Environment.UserName; RegistrySecurity security = new RegistrySecurity(); RegistryAccessRule rule = new RegistryAccessRule(user , RegistryRights.FullControl , InheritanceFlags.ContainerInherit , PropagationFlags.None , AccessControlType.Allow); // Add rule to RegistrySecurity. security.AddAccessRule(rule); // Create registry key and apply security context Registry.CurrentUser.CreateSubKey(subKey, RegistryKeyPermissionCheck.ReadWriteSubTree, security); // Write the encrypted connection string into the registry Registry.SetValue(keyName + @"\" + subKey, valueName, encryptedKeyPair); }