public void KeyChain_Basic()
{
string privateKey1 = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey1 = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey1);
string privateKey2 = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey2 = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey2);
KeyChain keyChain = new KeyChain();
ExtendedAssert.Throws <CryptographicException>(
() =>
{
keyChain.GetPrivateKey(publicKey1);
});
keyChain.Add(privateKey1);
keyChain.Add(privateKey2);
Assert.AreEqual(privateKey1, keyChain.GetPrivateKey(publicKey1));
Assert.AreEqual(privateKey2, keyChain.GetPrivateKey(publicKey2));
}
public void KeyChain_Encrypt()
{
string privateKey1 = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey1 = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey1);
string privateKey2 = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey2 = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey2);
KeyChain keyChain = new KeyChain();
SymmetricKey key = Crypto.GenerateSymmetricKey();
byte[] encrypted;
keyChain.Add(privateKey1);
keyChain.Add(privateKey2);
encrypted = keyChain.Encrypt(key);
keyChain = new KeyChain(key, encrypted);
Assert.AreEqual(2, keyChain.Count);
Assert.AreEqual(privateKey1, keyChain.GetPrivateKey(publicKey1));
Assert.AreEqual(privateKey2, keyChain.GetPrivateKey(publicKey2));
}
private static int EncryptKeyChain(string[] args)
{
CommandLine cmdLine = new CommandLine(args, false);
string inPath = cmdLine.GetOption("in", null);
string outPath = cmdLine.GetOption("out", null);
string key = cmdLine.GetOption("key", null);
KeyChain keyChain = new KeyChain();
if (inPath == null)
{
Program.Error("[-in:<path>] command line option is required.");
return(1);
}
if (outPath == null)
{
Program.Error("[-out:<path>] command line option is required.");
return(1);
}
if (key == null)
{
Program.Error("[-key:<symkey>] command line option is required.");
return(1);
}
using (var input = new StreamReader(inPath))
{
for (var line = input.ReadLine(); line != null; line = input.ReadLine())
{
var trimmed = line.Trim();
if (trimmed.Length == 0 || trimmed.StartsWith("//") || trimmed.StartsWith("--"))
{
continue;
}
keyChain.Add(trimmed);
}
}
using (var output = new FileStream(outPath, FileMode.Create, FileAccess.ReadWrite))
{
var encrypted = keyChain.Encrypt(new SymmetricKey(key));
output.Write(encrypted, 0, encrypted.Length);
}
return(0);
}
public void SecureFile_File_KeyChain()
{
string encryptName = Path.GetTempFileName();
string privateKey = AsymmetricCrypto.CreatePrivateKey(CryptoAlgorithm.RSA, 1024);
string publicKey = AsymmetricCrypto.GetPublicKey(CryptoAlgorithm.RSA, privateKey);
EnhancedMemoryStream original = new EnhancedMemoryStream();
SecureFile secure = null;
try
{
for (int i = 0; i < 100; i++)
{
original.WriteByte((byte)i);
}
// Verify that SecureFile can find the correct private key in the key chain.
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
Assert.IsTrue(secure.SavePublicKey);
Assert.AreEqual(publicKey, secure.PublicKey);
original.Position = 0;
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
var keyChain = new KeyChain();
var decrypted = new EnhancedMemoryStream();
keyChain.Add(privateKey);
secure = new SecureFile(encryptName, keyChain);
secure.DecryptTo(decrypted);
secure.Close();
secure = null;
CollectionAssert.AreEqual(original.ToArray(), decrypted.ToArray());
// Verify that SecureFile throws a CryptographicException if the
// key is not present in the chain.
keyChain.Clear();
try
{
secure = new SecureFile(encryptName, keyChain);
secure.DecryptTo(decrypted);
Assert.Fail("Expecting a CryptographicException");
}
catch (CryptographicException)
{
// Expecting this
}
finally
{
if (secure != null)
{
secure.Close();
secure = null;
}
}
// Verify that SecureFile throws a CryptographicException if the
// public key was not saved to the file.
keyChain.Add(privateKey);
secure = new SecureFile(original, SecureFileMode.Encrypt, publicKey);
secure.SavePublicKey = false;
original.Position = 0;
secure.EncryptTo(encryptName, CryptoAlgorithm.AES, 256);
secure.Close();
secure = null;
try
{
secure = new SecureFile(encryptName, keyChain);
secure.DecryptTo(decrypted);
Assert.Fail("Expecting a CryptographicException");
}
catch (CryptographicException)
{
// Expecting this
}
finally
{
if (secure != null)
{
secure.Close();
secure = null;
}
}
}
finally
{
System.IO.File.Delete(encryptName);
}
}
private static int DecryptSecureFile(string[] args)
{
CommandLine cmdLine = new CommandLine(args, false);
string inPath = cmdLine.GetOption("in", null);
string outPath = cmdLine.GetOption("out", null);
string keyChainOption = cmdLine.GetOption("keychain", null);
KeyChain keyChain = null;
if (inPath == null)
{
Program.Error("[-in:<path>] command line option is required.");
return(1);
}
if (outPath == null)
{
Program.Error("[-out:<path>] command line option is required.");
return(1);
}
if (keyChainOption != null)
{
string keyPath;
int pos;
SymmetricKey symkey;
pos = keyChainOption.IndexOf(';');
if (pos != -1)
{
// Keychain file is encrypted.
keyPath = keyChainOption.Substring(0, pos);
symkey = new SymmetricKey(keyChainOption.Substring(pos + 1));
keyChain = new KeyChain(symkey, File.ReadAllBytes(keyPath));
}
else
{
// Keychain file is not encrypted.
keyChain = new KeyChain();
using (var input = new StreamReader(keyChainOption))
{
for (var line = input.ReadLine(); line != null; line = input.ReadLine())
{
var trimmed = line.Trim();
if (trimmed.Length == 0 || trimmed.StartsWith("//") || trimmed.StartsWith("--"))
{
continue;
}
keyChain.Add(trimmed);
}
}
}
if (keyChain.Count == 0)
{
Program.Error("The keychain is empty.");
return(1);
}
}
else
{
keyChain = new KeyChain();
}
var keys = cmdLine.GetOptionValues("key");
foreach (var key in keys)
{
keyChain.Add(key);
}
if (keyChain.Count == 0)
{
Program.Error("A private RSA key must be specified using a [-key] or [-keychain] option.");
return(1);
}
using (var secureFile = new SecureFile(inPath, keyChain))
{
secureFile.DecryptTo(outPath);
}
return(0);
}
