private bool ValidateIncomingVariables(HttpRequest request) { bool isGenuine = false; // Step 1 -Read the follwoing from the hidden values //1 -Request Encrypted Session Key //2- Request Encrypted Data //3- Request IV //4- Request Encrypted Data`s Hash var requestEncryptedSessionKeyBytes = Convert.FromBase64String(Request.Form["hdEncryptedSessionKey"]); var requestEncryptedDataBytes = Convert.FromBase64String(Request.Form["hdEncryptedData"]); var requestIvBytes = Convert.FromBase64String(Request.Form["hdIv"]); var requestHashedDataBytes = Convert.FromBase64String(Request.Form["hdHashedData"]); // Step 2 -Decrypt the request session key using the receiver's private key. var rsa = new RSAEncryption(); var requestDecryptedSessionKey = rsa.Decrypt(Server.MapPath("~/Keys/privatekey.xml"), requestEncryptedSessionKeyBytes); // Step 3-Building the string from the incoming request's actual data var actualData = Utils.BuildString( Request.Form["ModifiedFirstVariable"], Request.Form["ModifiedSecondVariable"], Request.Form["ModifiedThirdVariable"], Request.Form["ModifiedForthVariable"], Request.Form["ModifiedFifthVariable"], Request.Form["ModifiedSixthVariable"], Request.Form["ModifiedSeventhVariable"], Request.Form["ModifiedEighthVariable"]); // Step 4-Encrypt the incoming request's actual data using the decrypted session key and the iv. AESEncryption aes = new AESEncryption(); var actualEncryptedData = aes.Enrypt(Encoding.UTF8.GetBytes(actualData), requestDecryptedSessionKey, requestIvBytes); var actualDataHash = HashGenerator.ComputeHmacSha256((actualEncryptedData), requestDecryptedSessionKey); // Step 5-Compare the actual hash with received hash(from request) var isActualDataHashMatch = Compare(requestHashedDataBytes, actualDataHash); // Step 6-Calculate the hash for the encrypted data var requestEncryptedDataHash = HashGenerator.ComputeHmacSha256((requestEncryptedDataBytes), requestDecryptedSessionKey); var isRequestEncryptedDataHashMatch = Compare(actualDataHash, requestEncryptedDataHash); if (isActualDataHashMatch && isRequestEncryptedDataHashMatch) { //Step 7 -Decrypt the data using the decrypted session key and the iv. - out of scope //var decryptedDataBytes = aes.Decrypt(encryptedDataBytes, decryptedSessionKey, ivBytes); //var plainData =Encoding.Default.GetString(decryptedDataBytes); isGenuine = true; } return(isGenuine); }
protected void Page_Load(object sender, EventArgs e) { Random rRandom; rRandom = new Random(); // populate the variables m_szFirstVariable = PopulateVariable(FirstVariableLabel, ModifiedFirstVariable, rRandom); m_szSecondVariable = PopulateVariable(SecondVariableLabel, ModifiedSecondVariable, rRandom); m_szThirdVariable = PopulateVariable(ThirdVariableLabel, ModifiedThirdVariable, rRandom); m_szForthVariable = PopulateVariable(ForthVariableLabel, ModifiedForthVariable, rRandom); m_szFifthVariable = PopulateVariable(FifthVariableLabel, ModifiedFifthVariable, rRandom); m_szSixthVariable = PopulateVariable(SixthVariableLabel, ModifiedSixthVariable, rRandom); m_szSeventhVariable = PopulateVariable(SeventhVariableLabel, ModifiedSeventhVariable, rRandom); m_szEighthVariable = PopulateVariable(EighthVariableLabel, ModifiedEighthVariable, rRandom); //-----------------------------------------------------------------------------------------------------------+ //Prep code was used to create the public and the private keys | //var rsa = new RSAEncryption(); | //rsa.AssignNewKey(Server.MapPath("~/Keys/publickey.xml"), Server.MapPath("~/Keys/privatekey.xml")); | //-----------------------------------------------------------------------------------------------------------+ // Step 1 -Create 32 byte session key var sessionKey = KeyGenerator.GenerateKey(); // Step 2 -Create 16 byte Initialisation Vector var iv = KeyGenerator.GenerateKey(16); // Step 3 -Encrypt the data using the session key and the IV. var data = Utils.BuildString(m_szFirstVariable, m_szSecondVariable, m_szThirdVariable, m_szForthVariable, m_szFifthVariable, m_szSixthVariable, m_szSeventhVariable, m_szEighthVariable); AESEncryption aes = new AESEncryption(); var encryptedData = aes.Enrypt(Encoding.UTF8.GetBytes(data), sessionKey, iv); // Step 4 -Hash the encrypted data using the session key byte[] hashedData = HashGenerator.ComputeHmacSha256(encryptedData, sessionKey); // Step 5 -Encrypt the session Key using the receiver's public key(created and stored safely before, in real life scenario will two different servers). RSAEncryption rsa = new RSAEncryption(); var encryptedSessionKey = rsa.Encrypt(Server.MapPath("~/Keys/publickey.xml"), sessionKey); // Step 6 -Setting the values that will be stored in the hidden values. hdEncryptedSessionKey.Value = Convert.ToBase64String(encryptedSessionKey); hdEncryptedData.Value = Convert.ToBase64String(encryptedData); hdIv.Value = Convert.ToBase64String(iv); // IV Doesn't need to be encrypted. hdHashedData.Value = Convert.ToBase64String(hashedData); }