public TrackedKeyring(Keyring keyring, KeyVaultClient client, string vault, string keyringName) { Keyring = keyring; Client = client; Vault = vault; KeyringName = keyringName; }
/* Scenario: * Health Information System application with 3 roles and 2 users. * * Roles (Business Cases): * - "Doctor Only" -> Only Dr. Linda McDonald can see this information * - "Restricted" -> Only the doctor and nurse(s) can see this information * - "Office" -> Office staff can see this information * * It is assumed that patient names are not sensitive information. */ protected override void OnStartup(StartupEventArgs e) { base.OnStartup(e); if (e.Args.Any() && e.Args[0] == "/generate") { var sensitiveKey = new AntiPrintScreenKey(EncryptionKey.KeyAppliesTo.Both, AesEncryptionKey.Create(TripleDesEncryptionKey.Create())); var somewhatSensitiveKey = TripleDesEncryptionKey.Create(); var nonSensitiveKey = TripleDesEncryptionKey.Create(); var keyring = new Keyring(); keyring.Add("Doctor Only", sensitiveKey); keyring.Add("Restricted", somewhatSensitiveKey); keyring.Add("Office", nonSensitiveKey); // John's Keyring using (var johnFs = new FileStream("jthomas.keyring", FileMode.Create)) { keyring.ExportToStream(johnFs, "Restricted", "Office"); } // Linda's Keyring using (var lindaFs = new FileStream("lmcdonald.keyring", FileMode.Create)) { keyring.ExportToStream(lindaFs); } } else { new RecordList().ShowDialog(); } this.Shutdown(); }
public static void Test_Manual_Decryption_Rsa_To_AeadAes256CbcHmacSha512() { // Arrange var keyring = new Keyring(new IKey[] { new Key("publickey", Encoding.UTF8.GetBytes("!mysecretkey#9^5usdk39d&dlf)03sL")), new Key("hmacKey", Encoding.UTF8.GetBytes("mysecret")), new Key("upgrade-key", FakeKeyGenerator.GetKey(64)) }); var legacyJson = "{\"__crypt_bar\":{\"alg\":\"AES-256-CBC-HMAC-SHA256\",\"kid\":\"publickey\",\"ciphertext\":\"zOcxunCOdTSMxic4xz/F2w==\",\"sig\":\"7VYNnEBxuC8IvBu0egS3AM922NqWE6Mfy08KEghJ62Q=\",\"iv\":\"03AUmzwQqnbs/JhkWGrIkw==\"},\"foo\":2}"; var provider = new AeadAes256CbcHmacSha512Provider(new AeadAes256CbcHmacSha512Cipher(), keyring); var cryptoManager = DefaultCryptoManager.Builder() .LegacyAesDecrypters(keyring, "hmacKey") .DefaultEncrypter(provider.Encrypter("upgrade-key")) .Decrypter(provider.Decrypter()) .Build(); var jsonObject = JObject.Parse(legacyJson); jsonObject.DecryptLegacyAes256 <string>(cryptoManager, "hmacKey", "__crypt_bar"); Assert.Equal("bar", jsonObject.SelectToken("bar").Value <string>()); Assert.Equal(2, jsonObject.SelectToken("foo").Value <int>()); jsonObject.EncryptField(cryptoManager, "bar"); Assert.NotNull(jsonObject.SelectToken("encrypted$bar.ciphertext").Value <string>()); }
internal EncryptedType(Type type, EncryptionProxyConfiguration configuration = null) { if (Generator == null) { Generator = new ProxyGenerator(); } OriginalType = type; Configuration = configuration ?? new EncryptionProxyConfiguration(); MixinType = DataStorageMixinFactory.Generate(OriginalType).GetType(); Properties = new Dictionary <string, EncryptedProperty>(); PendingGenerations.Add(type); var generatedSample = GenerateInstance(type); PendingGenerations.Remove(type); var eligibleProperties = DataStorageMixinFactory.GetEncryptionEligibleProperties(generatedSample.GetType()); foreach (var eligibleProperty in eligibleProperties) { Properties.Add(eligibleProperty.Name, new EncryptedProperty(eligibleProperty)); } ProxyType = generatedSample.GetType(); Keyring = new Keyring(); }
public ProfiledTestRun(Func <TObject, TSerialized> profiledSerializationFunction, Func <TSerialized, TObject> profiledDeserializationFunction, Keyring keyring) { ProfiledSerializationFunction = profiledSerializationFunction; ProfiledDeserializationFunction = profiledDeserializationFunction; GeneratedKeyring = keyring; }
private static async Task <Keyring> GenerateKeyring(KeyVaultClient client, string vault, string prefix) { var secrets = await client.GetSecretsAsync(vault); var allSecrets = new List <SecretItem>(secrets.Value); while (secrets.NextLink != null) { secrets = await client.GetSecretsNextAsync(secrets.NextLink); allSecrets.AddRange(secrets.Value); } var keyring = new Keyring(); foreach (var secret in allSecrets.Where(s => s.Identifier.Name.StartsWith(prefix))) { var secretItem = await client.GetSecretAsync(secret.Id); var bytes = System.Convert.FromBase64String(secretItem.Value); keyring.ImportFromStream(new MemoryStream(bytes)); } return(keyring); }
private void ImportFromFile(string file) { using (var fs = new FileStream(file, FileMode.Open)) { var keyring = new Keyring(); keyring.ImportFromStream(fs); Keyring.GlobalKeyring.Import(keyring); } }
/// <summary> /// Retrieve an effective keyring for a given object in read-only mode; this returns a combination of the global, type, and instance keyrings. /// </summary> /// <typeparam name="T">Type of encrypted object</typeparam> /// <param name="objectInstance">Instance of an encrypted object</param> /// <returns>Effective keyring</returns> public static Keyring GetReadOnlyUnifiedKeyring <T>(this T objectInstance) where T : class { var keyring = new Keyring(); keyring.Import(Keyring.GlobalKeyring); keyring.Import(objectInstance.GetTypeKeyring()); keyring.Import(objectInstance.GetLocalKeyring()); keyring.ReadOnly = true; return(keyring); }
/// <summary>Initializes a new <see cref="KeyServerSearchForm"/> with the <see cref="PGPSystem"/> that will be used /// to search for keys. Keys selected by the user will be added to the given keyring. /// </summary> public KeyServerSearchForm(PGPSystem pgp, Keyring importKeyring) { InitializeComponent(); keyservers.Items.Clear(); keyservers.Items.AddRange(PGPUI.GetDefaultKeyServers()); keyservers.SelectedIndex = 0; this.pgp = pgp; this.keyring = importKeyring; }
public async Task Test_Upgrade() { var clusterOptions = new ConfigurationBuilder() .AddJsonFile("config.json") .Build() .GetSection("couchbase") .Get <ClusterOptions>(); var cluster = await Cluster.ConnectAsync(clusterOptions); var bucket = await cluster.BucketAsync("default"); var collection = bucket.DefaultCollection(); var keyring = new Keyring(new IKey[] { new Key("publickey", Encoding.UTF8.GetBytes("!mysecretkey#9^5usdk39d&dlf)03sL")), new Key("hmacKey", Encoding.UTF8.GetBytes("mysecret")), new Key("upgrade-key", FakeKeyGenerator.GetKey(64)) }); var legacyJson = "{\"__crypt_bar\":{\"alg\":\"AES-256-CBC-HMAC-SHA256\",\"kid\":\"publickey\",\"ciphertext\":\"zOcxunCOdTSMxic4xz/F2w==\",\"sig\":\"7VYNnEBxuC8IvBu0egS3AM922NqWE6Mfy08KEghJ62Q=\",\"iv\":\"03AUmzwQqnbs/JhkWGrIkw==\"},\"foo\":2}"; var provider = new AeadAes256CbcHmacSha512Provider(new AeadAes256CbcHmacSha512Cipher(), keyring); var cryptoManager = DefaultCryptoManager.Builder() .LegacyAesDecrypters(keyring, "hmacKey") .DefaultEncrypter(provider.Encrypter("upgrade-key")) .Decrypter(provider.Decrypter()) .Build(); var encryptedTranscoder = new EncryptedFieldTranscoder(cryptoManager); var jsonObj = JsonConvert.DeserializeObject <JObject>(legacyJson); var id = Guid.NewGuid().ToString(); try { await collection.InsertAsync(id, jsonObj, options => options.Expiry(TimeSpan.FromSeconds(10000))) .ConfigureAwait(false); var result = await collection.GetAsync(id, options => options.Transcoder(encryptedTranscoder)) .ConfigureAwait(false); var val = result.ContentAs <UpgradePoco>(); Assert.NotNull(val); } finally { await collection.RemoveAsync(id).ConfigureAwait(false); } }
public void TestInitialize() { var generatedKeyring = new Keyring(); generatedKeyring.Add("AES", AesEncryptionKey.Create()); generatedKeyring.Add("DES", TripleDesEncryptionKey.Create()); generatedKeyring.Add("AES-DES", AesEncryptionKey.Create(TripleDesEncryptionKey.Create())); BaseTestObject = new TestableDataContract(); BaseTestObject.Populate(); GeneratedTestObject = new TestableDataContract().AsEncrypted(generatedKeyring); GeneratedTestObject.Populate(); }
/// <summary> /// Re-link proxy bindings to the given object /// </summary> /// <typeparam name="T">Type of object being linked</typeparam> /// <param name="inputObject">Object to link proxies into</param> /// <param name="keyring">Local keyring to use in resulting linked object</param> /// <param name="configuration">Local configuration to use in resulting linked object</param> public static void Relink <T>(this T inputObject, Keyring keyring = null, EncryptionProxyConfiguration configuration = null) where T : class { if (EncryptedType.PendingGenerations.Contains(typeof(T))) { // Ignore any recursive generation from constructors return; } if (keyring == null) { keyring = new Keyring(); } AttemptRelink(inputObject, keyring, configuration); }
public RepositoryDialog(Workspace workspace) : base((workspace == null)? "Add Repository" : "Edit Repository") { Table table = new Table(3, 2, false); table.RowSpacing = ((uint)(6)); table.ColumnSpacing = ((uint)(6)); table.BorderWidth = ((uint)(12)); name = AddLabeledEntry(table, "_Name:", 1, 2); server = AddLabeledEntry(table, "_Server:", 2, 3); table.Attach(new Gtk.HSeparator(), 0, 2, 3, 4); username = AddLabeledEntry(table, "_Username:"******"_Password:"******"OK", ResponseType.Ok) as Button; AddCloseButton("Cancel"); DefaultResponse = ResponseType.Ok; if (workspace != null) { name.Text = workspace.Name; Uri uri = workspace.VersionControlServer.TeamFoundationServer.Uri; server.Text = uri.Host.ToString(); string creds = Keyring.GetCredentials(uri.ToString()); int comma = creds.IndexOf(","); if (comma != -1) { username.Text = creds.Substring(0, comma); password.Text = creds.Substring(comma + 1); } else { username.Text = creds; } } else { name.Text = "CodePlex"; server.Text = "https://tfs01.codeplex.com"; username.Text = "snd\\"; } ShowAll(); }
public string?GetPassword(string accountName) { try { return(Keyring.GetPassword(PACKAGE, SERVICE, accountName)); } catch (KeyringException ex) { if (ex.Type == ErrorType.NotFound) { return(null); } throw; } }
public void Test_Upgrade_From_Rsa_To_AeadAes256CbcHmacSha512() { var keyring = new Keyring(new IKey[] { new Key("MyKeyName", GetKey("./Docs/rsa-private.xml")), new Key("upgrade-key", FakeKeyGenerator.GetKey(64)) }); var provider = new AeadAes256CbcHmacSha512Provider( new AeadAes256CbcHmacSha512Cipher(), keyring); var cryptoManager = DefaultCryptoManager.Builder() .DefaultEncrypter(provider.Encrypter("upgrade-key")) .LegacyRsaDecrypter(keyring, "MyKeyName") .Build(); var jsonObject = JObject.Parse(File.ReadAllText("./Docs/poco-rsa.json")); jsonObject.DecryptLegacyRsa <string>(cryptoManager, "__crypt_bar"); jsonObject.DecryptLegacyRsa <int>(cryptoManager, "__crypt_foo"); jsonObject.DecryptLegacyRsa <PocoMoco>(cryptoManager, "__crypt_childObject"); jsonObject.DecryptLegacyRsa <List <int> >(cryptoManager, "__crypt_baz"); jsonObject.DecryptLegacyRsa <string[]>(cryptoManager, "__crypt_faz"); Assert.Equal("Bar", jsonObject.SelectToken("bar").Value <string>()); Assert.Equal(90, jsonObject.SelectToken("foo").Value <int>()); Assert.Equal("Bar2", jsonObject.SelectToken("childObject.Bar").Value <string>()); Assert.Equal(new List <int> { 3, 4 }, jsonObject.SelectToken("baz").Values <int>()); Assert.Equal(new[] { "ted", "alice", "bill" }, jsonObject.SelectToken("faz").Values <string>()); jsonObject.EncryptField(cryptoManager, "bar"); jsonObject.EncryptField(cryptoManager, "foo"); jsonObject.EncryptField(cryptoManager, "childObject"); jsonObject.EncryptField(cryptoManager, "baz"); jsonObject.EncryptField(cryptoManager, "faz"); Assert.NotEqual("Bar", jsonObject.SelectToken("encrypted$bar.ciphertext").Value <string>()); Assert.NotNull(jsonObject.SelectToken("encrypted$foo.ciphertext").Value <string>()); Assert.NotEqual("Bar2", jsonObject.SelectToken("encrypted$bar.ciphertext").Value <string>()); Assert.NotNull(jsonObject.SelectToken("encrypted$baz.ciphertext").Value <string>()); Assert.NotNull(jsonObject.SelectToken("encrypted$faz.ciphertext").Value <string>()); }
private string GetLogin() { if (!String.IsNullOrEmpty(Options.Login)) { return(Options.Login); } // check the keyring string login = Keyring.GetCredentials(ServerUrl); if (!String.IsNullOrEmpty(login)) { return(login); } // finally prompt return(PromptForLogin(ServerUrl)); }
/// <summary> /// Return a copy of the given object with proxy bindings (this could either be a relink or a creation operation) /// </summary> /// <param name="inputObject">Object being linked or wrapped in an encryption proxy</param> /// <param name="keyring">Local keyring to use in resulting linked object</param> /// <param name="configuration">Local configuration to use in resulting linked object</param> /// <returns>Object of same type as input, with proxy bindings</returns> public static object AsEncrypted(this object inputObject, Keyring keyring = null, EncryptionProxyConfiguration configuration = null) { if (keyring == null) { keyring = new Keyring(); } if (!AttemptRelink(inputObject, keyring, configuration)) { var trackedInstance = EncryptedInstanceFactory.GenerateTrackedInstance(inputObject.GetType(), configuration); trackedInstance.GetLocalKeyring().Import(keyring); CopyObjectProperties(inputObject, trackedInstance); return(trackedInstance); } else { return(inputObject); } }
public void DecryptTest() { var keyRing = new Keyring(new IKey[] { new Key("test-key", GetKey("./Docs/rsa-private.xml")) }); var rsaDecrypter = new LegacyRsaDecrypter(keyRing, new LegacyRsaCipher()); var encrypted = new EncryptionResult { Alg = "RSA-2048-OAEP-SHA1", Ciphertext = cipherText, Kid = "test-key" }; var decryptedBytes = rsaDecrypter.Decrypt(encrypted); var actual = Encoding.UTF8.GetString(decryptedBytes); Assert.Equal(plainText, actual); }
private static bool AttemptRelink(object inputObject, Keyring keyring, EncryptionProxyConfiguration configuration) { // Is the object already linked? if (HasValidEncryptionExtensions(inputObject)) { EncryptedInstanceFactory.AttachInterceptor(inputObject, configuration); inputObject.GetLocalKeyring().Import(keyring); return(true); } // Does this object already have the bits we can attach to? if (HasUnlinkedEncryptionExtensions(inputObject)) { EncryptedInstanceFactory.AttachToExistingObject(inputObject, configuration); inputObject.GetLocalKeyring().Import(keyring); return(true); } return(false); }
public void Test_Upgrade_With_Attributes() { // Arrange var keyring = new Keyring(new IKey[] { new Key("publickey", Encoding.UTF8.GetBytes("!mysecretkey#9^5usdk39d&dlf)03sL")), new Key("hmacKey", Encoding.UTF8.GetBytes("mysecret")), new Key("upgrade-key", FakeKeyGenerator.GetKey(64)) }); var legacyJson = "{\"__crypt_bar\":{\"alg\":\"AES-256-CBC-HMAC-SHA256\",\"kid\":\"publickey\",\"ciphertext\":\"zOcxunCOdTSMxic4xz/F2w==\",\"sig\":\"7VYNnEBxuC8IvBu0egS3AM922NqWE6Mfy08KEghJ62Q=\",\"iv\":\"03AUmzwQqnbs/JhkWGrIkw==\"},\"foo\":2}"; var provider = new AeadAes256CbcHmacSha512Provider(new AeadAes256CbcHmacSha512Cipher(), keyring); var cryptoManager = DefaultCryptoManager.Builder() .LegacyAesDecrypters(keyring, "hmacKey") .DefaultEncrypter(provider.Encrypter("upgrade-key")) .Decrypter(provider.Decrypter()) .Build(); //We will need separate settings for deserialize and serialize so that the prefix is correctly applied var deserializerSettings = new JsonSerializerSettings { ContractResolver = new LegacyEncryptedFieldContractResolver(cryptoManager, "__crypt_") }; var serializerSettings = new JsonSerializerSettings { ContractResolver = new EncryptedFieldContractResolver(cryptoManager)//uses the default "new" prefix for 2.0 "encrypted$" }; // Act var decryptedPoco = JsonConvert.DeserializeObject <Poco>(legacyJson, deserializerSettings); var encryptedJson = JsonConvert.SerializeObject(decryptedPoco, serializerSettings); // Assert Assert.Equal("bar", decryptedPoco.Bar); Assert.Contains("upgrade-key", encryptedJson); Assert.Contains("AEAD_AES_256_CBC_HMAC_SHA512", encryptedJson); Assert.Contains("encrypted$", encryptedJson); }
private string GetLogin(string url) { if (!String.IsNullOrEmpty(Options.Login)) { return(Options.Login); } // check the keyring string login = Keyring.GetCredentials(url); if (!String.IsNullOrEmpty(login)) { return(login); } // finally prompt if permitted if (Options.NoPrompt) { return(String.Empty); } return(PromptForLogin(url)); }
public bool SetDummyAndCheck() { /* * We need to set a dummy entry here to ensure that libsecret unlocks the keyring. * This is a problem with libsecret: http://crbug.com/660005 */ try { const string DUMMY_SVC = "XIVLauncher Safe Storage Control"; const string DUMMY_NAME = "XIVLauncher"; const string DUMMY_PW = "Honi soit qui mal y pense"; Keyring.SetPassword(PACKAGE, DUMMY_SVC, DUMMY_NAME, DUMMY_PW); var saved = Keyring.GetPassword(PACKAGE, DUMMY_SVC, DUMMY_NAME); return(saved == DUMMY_PW); } catch (Exception ex) { Log.Error(ex, "Could not init the keychain"); } return(false); }
// ICredentialsProvider method public ICredentials GetCredentials(Uri uri, ICredentials failedCredentials) { NetworkCredential creds = credentialCache.GetCredential(uri, "NTLM"); if (creds != null) { return(creds); } string url = uri.ToString(); string login = GetLogin(url); if (String.IsNullOrEmpty(login)) { return(null); } creds = new TFCredential(login); if (!(String.IsNullOrEmpty(creds.UserName)) && String.IsNullOrEmpty(creds.Password) && !Options.NoPrompt) { Console.Write("Password: "******"Credentials.Save"); if (saveSetting && !String.IsNullOrEmpty(Options.Login)) { Keyring.SetCredentials(url, creds.Domain, creds.UserName, creds.Password); } credentialCache.Add(uri, "NTLM", creds); return(creds); }
public void DeletePassword(string accountName) { Keyring.DeletePassword(PACKAGE, SERVICE, accountName); }
public void SavePassword(string accountName, string password) { Keyring.SetPassword(PACKAGE, SERVICE, accountName, password); }
/// <summary>Initializes a new <see cref="GenerateKeyForm"/> with the <see cref="PGPSystem"/> that will be used to /// generate the keys. The keys will be created in the given keyring, or the default keyring if it is null. /// </summary> public GenerateKeyForm(PGPSystem pgp, Keyring keyring) : this() { Initialize(pgp, keyring); }
/// <summary>Initializes the form with the <see cref="PGPSystem"/> that will be used to generate the keys. The keys /// will be created in the given keyring, or the default keyring if it is null. /// </summary> public void Initialize(PGPSystem pgp, Keyring keyring) { if(pgp == null) throw new ArgumentNullException(); this.pgp = pgp; this.keyring = keyring; UpdatePasswordStrength(); KeyCapabilities signOnly = KeyCapabilities.Sign; KeyCapabilities encryptOnly = KeyCapabilities.Encrypt; KeyCapabilities signAndEncrypt = signOnly | encryptOnly; bool supportsDSA = false, supportsELG = false, supportsRSA = false; foreach(string type in pgp.GetSupportedKeyTypes()) { if(!supportsDSA && string.Equals(type, KeyType.DSA, StringComparison.OrdinalIgnoreCase)) { supportsDSA = true; } else if(!supportsELG && string.Equals(type, KeyType.ElGamal, StringComparison.OrdinalIgnoreCase)) { supportsELG = true; } else if(!supportsRSA && string.Equals(type, KeyType.RSA, StringComparison.OrdinalIgnoreCase)) { supportsRSA = true; } } keyType.Items.Clear(); keyType.Items.Add(new KeyTypeItem(KeyType.Default, signOnly | KeyCapabilities.Certify, "Default (signing only)")); if(supportsDSA) { keyType.Items.Add(new KeyTypeItem(KeyType.DSA, signOnly | KeyCapabilities.Certify, "DSA (signing only)")); } if(supportsRSA) { keyType.Items.Add(new KeyTypeItem(KeyType.RSA, signOnly | KeyCapabilities.Certify, "RSA (signing only)")); keyType.Items.Add(new KeyTypeItem(KeyType.RSA, signAndEncrypt | KeyCapabilities.Certify, "RSA (sign and encrypt)")); } keyType.SelectedIndex = 0; subkeyType.Items.Clear(); subkeyType.Items.Add(new KeyTypeItem(KeyType.None, 0, "None")); subkeyType.Items.Add(new KeyTypeItem(KeyType.Default, encryptOnly, "Default (encryption only)")); if(supportsELG) subkeyType.Items.Add(new KeyTypeItem(KeyType.ElGamal, encryptOnly, "El Gamal (encryption only)")); if(supportsRSA) subkeyType.Items.Add(new KeyTypeItem(KeyType.RSA, encryptOnly, "RSA (encryption only)")); if(supportsDSA) subkeyType.Items.Add(new KeyTypeItem(KeyType.DSA, signOnly, "DSA (signing only)")); if(supportsRSA) { subkeyType.Items.Add(new KeyTypeItem(KeyType.RSA, signOnly, "RSA (signing only)")); subkeyType.Items.Add(new KeyTypeItem(KeyType.RSA, signAndEncrypt, "RSA (sign and encrypt)")); } subkeyType.SelectedIndex = 1; // OpenPGP currently supports a maximum expiration date of February 25, 2174. we'll use the 24th to avoid // local <-> UTC conversion problems keyExpiration.MinDate = subkeyExpiration.MinDate = DateTime.Now.Date.AddDays(1); keyExpiration.MaxDate = subkeyExpiration.MaxDate = new DateTime(2174, 2, 24, 0, 0, 0, DateTimeKind.Local); subkeyExpiration.Value = DateTime.UtcNow.Date.AddYears(5); // by default, the subkey expires in 5 years }
/// <summary>Initializes this form with the given <see cref="PGPSystem"/> and keyring.</summary> public void Initialize(PGPSystem pgp, Keyring keyring) { if(pgp == null) throw new ArgumentNullException(); recipients.ShowKeyring(pgp, keyring); }
/// <summary>Initializes a new <see cref="RecipientSearchForm"/> with the given <see cref="PGPSystem"/> and keyring.</summary> public RecipientSearchForm(PGPSystem pgp, Keyring keyring) : this() { Initialize(pgp, keyring); }
/// <summary>Displays the recipients in the given keyring.</summary> public void ShowKeyring(PGPSystem pgp, Keyring keyring) { if(pgp == null) throw new ArgumentNullException(); ShowKeys(pgp.GetKeys(keyring, ListOptions.RetrieveSecretKeys | ListOptions.IgnoreUnusableKeys)); }