/// <summary>
/// Encrypt a file
/// </summary>
/// <param name="inputStream">File to read data from</param>
/// <param name="publicKey"></param>
/// <returns>EncryptedPacket with all info for receiver to decrypt</returns>
public static EncryptedPacket EncryptFile(Stream inputStream, RSAParameters publicKey)
{
MemoryStream outputStream = new MemoryStream();
byte[] aesKey = Random.GetNumbers(32);
byte[] iv = Random.GetNumbers(16);
EncryptedPacket encryptedPacket = new EncryptedPacket
{
DataType = DataType.File,
EncryptedSessionKey = AsymmetricEncryption.Encrypt(aesKey, publicKey),
Iv = iv
};
try
{
// create streamers
using (HashStreamer hashStreamer = new HashStreamer(aesKey))
using (SymmetricStreamer symmetricStreamer = new SymmetricStreamer(aesKey, iv))
{
// create streams
var hmacStream = hashStreamer.HmacShaStream(outputStream, aesKey, CryptoStreamMode.Write);
var encryptedStream = symmetricStreamer.EncryptStream(hmacStream, CryptoStreamMode.Write);
// read all data
inputStream.CopyTo(encryptedStream);
// get hash
encryptedPacket.Hmac = hashStreamer.Hash;
// create signature
encryptedPacket.Signature = AsymmetricEncryption.Sign(encryptedPacket.Hmac);
// close file streams
inputStream.Close();
}
}
catch (CryptographicException e)
{
throw new CryptoException("Error while encrypting stream", e);
}
// read encrypted data from memory stream
encryptedPacket.EncryptedData = outputStream.ToArray();
return(encryptedPacket);
}
/// <summary>
/// Decrypt an encrypted packet of data
/// </summary>
/// <param name="encryptedPacket">Packet containing data</param>
/// <param name="publicKey">Public RSA key of sender</param>
/// <param name="skipSignature"></param>
/// <exception cref="CryptoException"></exception>
/// <returns>Decrypted data of packet</returns>
public static byte[] Decrypt(EncryptedPacket encryptedPacket, RSAParameters publicKey, bool skipSignature = false)
{
// decrypt AES session key with private RSA key
byte[] sessionKey;
try
{
sessionKey = AsymmetricEncryption.Decrypt(encryptedPacket.EncryptedSessionKey);
}
catch (CryptographicException e)
{
throw new CryptoException("Error while decryption AES session key", e);
}
// rehash data with session key
byte[] hashedData;
try
{
hashedData = Hashing.HmacSha(encryptedPacket.EncryptedData, sessionKey);
}
catch (CryptographicException e)
{
throw new CryptoException("Error while hashing data", e);
}
// check hash
bool checkedHash = Hashing.CompareHashes(hashedData, encryptedPacket.Hmac);
if (!checkedHash)
{
throw new CryptoException("Hash validation failed, data may have been modified!");
}
// check signature if required
if (!skipSignature)
{
bool checkedSignature;
try
{
checkedSignature = AsymmetricEncryption.CheckSignature(encryptedPacket.Signature, publicKey, encryptedPacket.Hmac);
}
catch (CryptographicException e)
{
throw new CryptoException("Error while checking signature", e);
}
if (!checkedSignature)
{
throw new CryptoException("Signature check failed, packet may have come from a different sender.");
}
}
// decrypt data with AES key and IV
try
{
return(SymmetricEncryption.Decrypt(encryptedPacket.EncryptedData, sessionKey, encryptedPacket.Iv));
}
catch (CryptographicException e)
{
throw new CryptoException("Error while decrypting data", e);
}
}
/// <summary>
/// Encrypt data
/// </summary>
/// <param name="type">Type of data</param>
/// <param name="data">Data to be encrypted</param>
/// <param name="publicKey">Public key of receiver</param>
/// <exception cref="CryptoException"></exception>
/// <returns>EncryptedPacket with all info for receiver to decrypt</returns>
public static EncryptedPacket Encrypt(DataType type, byte[] data, RSAParameters publicKey)
{
// create AES session key
byte[] sessionKey = Random.GetNumbers(32);
// create AES IV
byte[] iv = Random.GetNumbers(16);
// encrypt AES session key with RSA
byte[] encryptedSessionKey;
try
{
encryptedSessionKey = AsymmetricEncryption.Encrypt(sessionKey, publicKey);
}
catch (CryptographicException e)
{
throw new CryptoException("Error while encrypting AES session key", e);
}
// encrypt data with AES
byte[] encryptedData;
try
{
encryptedData = SymmetricEncryption.Encrypt(data, sessionKey, iv);
}
catch (NullReferenceException)
{
throw new CryptoException("Data was null");
}
catch (CryptographicException e)
{
throw new CryptoException("Error while encrypting data", e);
}
// generate hash of encrypted data with session key
byte[] hash;
try
{
hash = Hashing.HmacSha(encryptedData, sessionKey);
}
catch (CryptographicException e)
{
throw new CryptoException("Error while hashing data", e);
}
// generate signature using hash
byte[] signature;
try
{
signature = AsymmetricEncryption.Sign(hash);
}
catch (CryptographicException e)
{
throw new CryptoException("Error while creating signature", e);
}
// put all info into new EncryptedPacket
var encryptedPacket = new EncryptedPacket
{
DataType = type,
EncryptedSessionKey = encryptedSessionKey,
Iv = iv,
Hmac = hash,
Signature = signature,
EncryptedData = encryptedData
};
return(encryptedPacket);
}
