private static string GetPassword(IConfigSection host) { var password = host.Get("password", false); if (string.IsNullOrEmpty(password)) { return(password); } using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("he1sQWc8SSPpkdIA"))) { if (password.StartsWith("enc:")) { password = password.Substring(4); var data = Convert.FromBase64String(password); return(Encoding.UTF8.GetString(cipher.Decrypt(data))); } else { var data = cipher.Encrypt(Encoding.UTF8.GetBytes(password)); host.Set("password", "enc:" + Convert.ToBase64String(data)); host.Config.Save(); return(password); } } }
public void AesCipherTest() { using (var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit"))) { var content = "password"; var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content)); var password = Encoding.UTF8.GetString(cipher.Decrypt(passwordEnc)); Assert.AreEqual(content, password); } }
public void CipherRefTest() { var cipher = new Aes256Cipher(Encoding.UTF8.GetBytes("changeit")); var content = "password"; var passwordEnc = cipher.Encrypt(Encoding.UTF8.GetBytes(content)); var cipher2 = cipher.Clone(); cipher.Dispose(); Assert.Catch <ObjectDisposedException>(() => cipher.Decrypt(passwordEnc)); var password = Encoding.UTF8.GetString(cipher2.Decrypt(passwordEnc)); Assert.AreEqual(content, password); cipher2.Dispose(); Assert.Catch <ObjectDisposedException>(() => cipher2.Decrypt(passwordEnc)); }
private byte[] Create(KeyProviderQueryContext ctx) { var vaultConf = new SafeVaultConf(ctx.DatabaseIOInfo); var vaultConnectionForm = new VaultConnectionConfigForm(); vaultConnectionForm.InitEx(vaultConf); if (UIUtil.ShowDialogAndDestroy(vaultConnectionForm) != DialogResult.OK) { return(null); } VaultKeyCreateForm createForm = new VaultKeyCreateForm(); createForm.InitEx(vaultConf, ctx); if (UIUtil.ShowDialogAndDestroy(createForm) != DialogResult.OK) { return(null); } vaultConf.Type = PROVIDER_TYPE; vaultConf.Version = PROVIDER_VERSION; var masterKey = Encoding.UTF8.GetBytes(vaultConf.DatabaseKeyA); var keyLen = (masterKey.Length > 254) ? masterKey.Length : 254; var keyA = new byte[keyLen + 2]; Array.Copy(BitConverter.GetBytes((ushort)masterKey.Length), keyA, 2); Array.Copy(masterKey, 0, keyA, 2, masterKey.Length); var keyB = Random.Get(keyA.Length); for (int i = 0; i < keyB.Length; i++) { keyA[i] ^= keyB[i]; } var salt = Random.Get(64); using (var aes = new Aes256Cipher()) { aes.SetPassPhrase(salt); keyA = aes.Encrypt(keyA); keyB = aes.Encrypt(keyB); } using (var rsa = RsaCipher.LoadFromX509Store(vaultConf.ClientCertificateName)) { salt = rsa.Encrypt(salt); } vaultConf.Salt = Convert.ToBase64String(salt); vaultConf.DatabaseKeyA = Convert.ToBase64String(keyA); vaultConf.VaultKeyname = Guid.NewGuid().ToString(); var databaseKeyB = Convert.ToBase64String(keyB); VaultKeyPromptForm promptForm = new VaultKeyPromptForm(); promptForm.InitEx("Enter SafeVault Password", "Save KeyB to SafeVault", (oneTimePassword) => { string status = ""; var query = new SafeVaultWebClient(vaultConf); try { status = Async.Invoke(() => query.SetDbxKey(vaultConf.VaultKeyname, databaseKeyB, oneTimePassword)); if (status == "OK") { return(true); } MessageService.ShowWarning( query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "", status); } catch (CryptographicException ex) { MessageService.ShowWarning( query.Utc != null ? "DateTime: " + DateTime.Parse(query.Utc).ToLocalTime() : "", ex.Message); } return(false); }); if (UIUtil.ShowDialogAndDestroy(promptForm) != DialogResult.OK) { return(null); } try { vaultConf.Save(); } catch (Exception e) { MessageService.ShowWarning(e.Message); return(null); } return(masterKey); }