private static string GetPassword(IConfigSection host) { var password = host.Get("password", false); if (string.IsNullOrEmpty(password)) { return(password); } using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("he1sQWc8SSPpkdIA"))) { if (password.StartsWith("enc:")) { password = password.Substring(4); var data = Convert.FromBase64String(password); return(Encoding.UTF8.GetString(cipher.Decrypt(data))); } else { var data = cipher.Encrypt(Encoding.UTF8.GetBytes(password)); host.Set("password", "enc:" + Convert.ToBase64String(data)); host.Config.Save(); return(password); } } }
public void AesCipherTest() { using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit"))) { var content = "password"; var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content)); var password = Encoding.UTF8.GetString(cipher.Decrypt(passwordEnc)); Assert.AreEqual(content, password); } }
private void ProcessStreamControl(EncryptedStreamControl sc) { switch (sc) { case EncryptedStreamControl.EncryptRSA: { if (!CipherLib.ContainsKey("rsa-private")) { throw new SecureChannelException("RSA certificate is required."); } ReadCipher = CipherLib["rsa-private"].Clone(); break; } case EncryptedStreamControl.EncryptXOR: { var passwLen = ReadUInt16(); if (passwLen != 0) { var passw = ReadData(passwLen); CipherLib["xor"] = new XorCipher(passw); } ReadStream.Cipher = CipherLib["xor"].Clone(); break; } case EncryptedStreamControl.EncryptAES: { var passwLen = ReadUInt16(); if (passwLen != 0) { var passw = ReadData(passwLen); CipherLib["aes"] = new Aes256Cipher(passw); } ReadCipher = CipherLib["aes"].Clone(); break; } default: throw new StreamControlException("Unknown StreamControl command"); } }
public void CipherRefTest() { var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit")); var content = "password"; var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content)); var cipher2 = cipher.Clone(); cipher.Dispose(); Assert.Catch <ObjectDisposedException>(() => cipher.Decrypt(passwordEnc)); var password = Encoding.UTF8.GetString(cipher2.Decrypt(passwordEnc)); Assert.AreEqual(content, password); cipher2.Dispose(); Assert.Catch <ObjectDisposedException>(() => cipher2.Decrypt(passwordEnc)); }
public void Encrypt(bool reset = false) { if (reset) { WriteStream.Cipher = new XorCipher(); WriteCipher = null; } if (CipherLib.ContainsKey("rsa-public")) { WriteUInt16((ushort)EncryptedStreamControl.EncryptRSA); WriteCipher = CipherLib["rsa-public"].Clone(); } byte[] salt = Random.Get(32); WriteUInt16((ushort)EncryptedStreamControl.EncryptAES); WriteUInt16((ushort)salt.Length); WriteData(salt); CipherLib["aes"] = new Aes256Cipher(salt); WriteCipher = CipherLib["aes"].Clone(); if (!CipherLib.ContainsKey("xor")) { byte[] passw = Random.Get(2048 / 8); WriteUInt16((ushort)EncryptedStreamControl.EncryptXOR); WriteUInt16((ushort)passw.Length); WriteData(passw); CipherLib["xor"] = new XorCipher(passw); } else { WriteUInt16((ushort)EncryptedStreamControl.EncryptXOR); WriteUInt16((ushort)0); } WriteStream.Cipher = CipherLib["xor"].Clone(); }
private byte[] Create(KeyProviderQueryContext ctx) { var vaultConf = new SafeVaultConf(ctx.DatabaseIOInfo); var vaultConnectionForm = new VaultConnectionConfigForm(); vaultConnectionForm.InitEx(vaultConf); if (UIUtil.ShowDialogAndDestroy(vaultConnectionForm) != DialogResult.OK) { return(null); } VaultKeyCreateForm createForm = new VaultKeyCreateForm(); createForm.InitEx(vaultConf, ctx); if (UIUtil.ShowDialogAndDestroy(createForm) != DialogResult.OK) { return(null); } vaultConf.Type = PROVIDER_TYPE; vaultConf.Version = PROVIDER_VERSION; var masterKey = Encoding.UTF8.GetBytes(vaultConf.DatabaseKeyA); var keyLen = (masterKey.Length > 254) ? masterKey.Length : 254; var keyA = new byte[keyLen + 2]; Array.Copy(BitConverter.GetBytes((ushort)masterKey.Length), keyA, 2); Array.Copy(masterKey, 0, keyA, 2, masterKey.Length); var keyB = Random.Get(keyA.Length); for (int i = 0; i < keyB.Length; i++) { keyA[i] ^= keyB[i]; } var salt = Random.Get(64); using (var aes = new Aes256Cipher()) { aes.SetPassPhrase(salt); keyA = aes.Encrypt(keyA); keyB = aes.Encrypt(keyB); } using (var rsa = RsaCipher.LoadFromX509Store(vaultConf.ClientCertificateName)) { salt = rsa.Encrypt(salt); } vaultConf.Salt = Convert.ToBase64String(salt); vaultConf.DatabaseKeyA = Convert.ToBase64String(keyA); vaultConf.VaultKeyname = Guid.NewGuid().ToString(); var databaseKeyB = Convert.ToBase64String(keyB); VaultKeyPromptForm promptForm = new VaultKeyPromptForm(); promptForm.InitEx("Enter SafeVault Password", "Save KeyB to SafeVault", (oneTimePassword) => { string status = ""; var query = new SafeVaultWebClient(vaultConf); try { status = Async.Invoke(() => query.SetDbxKey(vaultConf.VaultKeyname, databaseKeyB, oneTimePassword)); if (status == "OK") { return(true); } MessageService.ShowWarning( query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "", status); } catch (CryptographicException ex) { MessageService.ShowWarning( query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "", ex.Message); } return(false); }); if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK) { return(null); } try { vaultConf.Save(); } catch (Exception e) { MessageService.ShowWarning(e.Message); return(null); } return(masterKey); }
private byte[] OpenInternal(KeyProviderQueryContext ctx) { SafeVaultConf conf = new SafeVaultConf(ctx.DatabaseIOInfo); var required = new[] { conf.ClientCertificateName, conf.ServerUrl, conf.ServerCertificateName, conf.Salt, conf.Username, conf.VaultKeyname, conf.DatabaseKeyA }; if (required.Any(string.IsNullOrEmpty)) { throw new ConfigurationException("SafeVault not configured."); } byte[] salt = Convert.FromBase64String(conf.Salt); using (var rsa = RsaCipher.LoadFromX509Store(conf.ClientCertificateName)) { salt = rsa.Decrypt(salt); } string sKeyB = string.Empty; VaultKeyPromptForm promptForm = new VaultKeyPromptForm(); promptForm.InitEx("Enter SafeVault Password", "Open Database", (oneTimePassword) => { var query = new SafeVaultWebClient(conf); try { sKeyB = query.GetDbxKey(conf.VaultKeyname, oneTimePassword); return(true); } catch (SafeVaultException ex) { MessageService.ShowWarning( query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "", ex.Message ); } return(false); }); if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK) { return(null); } byte[] keyA = Convert.FromBase64String(conf.DatabaseKeyA); byte[] keyB = Convert.FromBase64String(sKeyB); using (var aes = new Aes256Cipher()) { aes.SetPassPhrase(salt); keyA = aes.Decrypt(keyA); keyB = aes.Decrypt(keyB); } if (keyA.Length != keyB.Length) { throw new SafevaultKeyProviderException("Incompatible KEYA and KEYB"); } for (int i = 0; i < keyB.Length; i++) { keyA[i] ^= keyB[i]; } int keyL = BitConverter.ToUInt16(keyA, 0); if (keyL > keyA.Length) { throw new SafevaultKeyProviderException("Invalid KEYB"); } byte[] masterKey = new byte[keyL]; Array.Copy(keyA, 2, masterKey, 0, masterKey.Length); return(masterKey); }