} // End Sub GetIV
//public static void SetKey(ref string strInputKey)
//{
// strKey = strInputKey;
//} // End Sub SetKey
//public static void SetIV(ref string strInputIV)
//{
// strIV = strInputIV;
//} // End Sub SetIV
public static string GenerateKey()
{
System.Security.Cryptography.RijndaelManaged objRijndael = new System.Security.Cryptography.RijndaelManaged();
objRijndael.GenerateKey();
objRijndael.GenerateIV();
byte[] bIV = objRijndael.IV;
byte[] bKey = objRijndael.Key;
objRijndael.Clear();
return("IV: " + ByteArrayToHexString(bIV) + Environment.NewLine + "Key: " + ByteArrayToHexString(bKey));
} // End Function GenerateKey
public string Encrypt(List <byte> payload)
{
using (var aes = new System.Security.Cryptography.RijndaelManaged())
{
var result = new List <byte>();
aes.Mode = System.Security.Cryptography.CipherMode.CBC;
aes.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
aes.GenerateIV();
aes.Key = _key.ToArray();
var enc = aes.CreateEncryptor();
result.AddRange(aes.IV);
result.AddRange(enc.TransformFinalBlock(payload.ToArray(), 0, payload.Count));
return(System.Convert.ToBase64String(result.ToArray()));
}
}
public static String GetCypherKey()
{
System.Security.Cryptography.RijndaelManaged aesEncryption = new System.Security.Cryptography.RijndaelManaged();
aesEncryption.KeySize = 256;
aesEncryption.BlockSize = 128;
aesEncryption.Mode = System.Security.Cryptography.CipherMode.CBC;
aesEncryption.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
aesEncryption.GenerateIV();
Byte[] iv = aesEncryption.IV;
aesEncryption.GenerateKey();
Byte[] k = aesEncryption.Key;
Byte[] key = new Byte[16 + 32];
Array.Copy(iv, 0, key, 0, 16);
Array.Copy(k, 0, key, 16, 32);
return(Convert.ToBase64String(key));
}
public string Encrypt(List <byte> payload)
{
using (var aes = new System.Security.Cryptography.RijndaelManaged())
{
var result = new List <byte>();
aes.Mode = System.Security.Cryptography.CipherMode.CBC;
aes.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
aes.GenerateIV();
var key = _key.ToArray();
System.Security.Cryptography.ProtectedMemory.Unprotect(key, System.Security.Cryptography.MemoryProtectionScope.SameProcess);
aes.Key = key;
var enc = aes.CreateEncryptor();
result.AddRange(aes.IV);
result.AddRange(enc.TransformFinalBlock(payload.ToArray(), 0, payload.Count));
Array.Clear(key, 0, key.Length);
return(System.Convert.ToBase64String(result.ToArray()));
}
}
public static string GenerateKey()
{
System.Security.Cryptography.RijndaelManaged objRijndael = new System.Security.Cryptography.RijndaelManaged();
objRijndael.GenerateKey();
objRijndael.GenerateIV();
byte[] bIV = objRijndael.IV;
byte[] bKey = objRijndael.Key;
objRijndael.Clear();
return "IV: " + ByteArrayToHexString(bIV) + System.Environment.NewLine + "Key: " + ByteArrayToHexString(bKey);
}
bool ProcessEncryptionPwd()
{
System.Security.Cryptography.Rfc2898DeriveBytes pbkdf2 = null;
if (tbEncryptionPwd.Text == "[UNCHANGED]") // Password hasn't changed from when the package was loaded
return true;
if (string.IsNullOrEmpty(tbEncryptionPwd.Text))
return true; // Nothing to do really
if (!string.IsNullOrEmpty(virtPackage.GetProperty("EncryptionPwdKey")) &&
!string.IsNullOrEmpty(virtPackage.GetProperty("EncryptionPwdHash")) &&
!string.IsNullOrEmpty(virtPackage.GetProperty("EncryptionPwdSalt")) &&
!string.IsNullOrEmpty(virtPackage.GetProperty("EncryptionPwdIV")))
{
// EncryptionPwd* properties are already set. Only need to re-generate them if password has changed (different from EncryptionPwdHash)
string pwdSaltStr = virtPackage.GetProperty("EncryptionPwdSalt");
var pwdSalt = Utils.HexUndump(pwdSaltStr);
// Check if password is unchanged
// PBKDF2 first time on entered password
pbkdf2 = new System.Security.Cryptography.Rfc2898DeriveBytes(tbEncryptionPwd.Text, pwdSalt, Pbkdf2Iterations);
var enteredPwdHash = pbkdf2.GetBytes(KeySizeBytes);
// PBKDF2 second time on entered password
pbkdf2 = new System.Security.Cryptography.Rfc2898DeriveBytes(enteredPwdHash, pwdSalt, Pbkdf2Iterations);
enteredPwdHash = pbkdf2.GetBytes(KeySizeBytes);
var savedPwdHash = Utils.HexUndump(virtPackage.GetProperty("EncryptionPwdHash"));
bool equals = true;
for (int i = 0; i < enteredPwdHash.Length; i++)
{
if (enteredPwdHash[i] != savedPwdHash[i])
equals = false;
}
if (equals)
return true; // Password hasn't changed
}
bool Ret = true;
var rngCsp = new System.Security.Cryptography.RNGCryptoServiceProvider();
// Steps for password-based key:
// 1. Generate a long key (this is just a randomly generated amount of bytes in hex, you can use 128 bytes).
// Use this key to encrypt your file with AES (meaning you use it as a password)
byte[] randomKey = new byte[KeySizeBytes]; // Our AES algorithm uses a 128-bit key (16 bytes)
rngCsp.GetBytes(randomKey); // <-- The key with which files will be encrypted / decrypted
// 2. Encrypt the key itself with AES using your password (which is a bit shorter but easier to remember.
// Now AES requires this again to be either 128, 192 or 256 bits of length so you need to make your
// password of that length. Hence you can just use PBKDF2 (or scrypt or bcrypt) to create a fixed key
// length from your password. DO NOT STORE THIS.
byte[] salt = new byte[SaltSize];
rngCsp.GetBytes(salt);
// Transform user password into a key that we can encrypt randomKey with
pbkdf2 = new System.Security.Cryptography.Rfc2898DeriveBytes(Encoding.ASCII.GetBytes(tbEncryptionPwd.Text), salt, Pbkdf2Iterations);
var keyEncryptionKey = pbkdf2.GetBytes(KeySizeBytes); // tbEncryptionPwd.Text -> Key. This key will be used for encrypting randomKey.
var keyEncryptor = new System.Security.Cryptography.RijndaelManaged();
keyEncryptor.BlockSize = 128;
keyEncryptor.Mode = System.Security.Cryptography.CipherMode.CFB;
keyEncryptor.Padding = System.Security.Cryptography.PaddingMode.None;
keyEncryptor.Key = keyEncryptionKey;
keyEncryptor.GenerateIV();
var encryptor = keyEncryptor.CreateEncryptor(keyEncryptor.Key, keyEncryptor.IV);
var msEncrypt = new MemoryStream();
using (var csEncrypt = new System.Security.Cryptography.CryptoStream(msEncrypt, encryptor, System.Security.Cryptography.CryptoStreamMode.Write))
{
using (var swEncrypt = new BinaryWriter(csEncrypt))
{
byte[] toWrite = randomKey;//Encoding.ASCII.GetBytes("1234567890123456");
swEncrypt.Write(toWrite);
}
}
var encryptedKey = msEncrypt.ToArray(); // <-- randomKey encrypted with AES, whose key = PBKDF2(tbEncryptionPwd.Text)
// 3. Keep a hash of your hashed password using PBKDF2 (or bcrypt or scrypt). This will allow you to check
// if the password is correct before trying to decrypt your encrypted key:
// hash(hash(password)) --> can be stored
// hash(password) --> should not be stored
pbkdf2 = new System.Security.Cryptography.Rfc2898DeriveBytes(keyEncryptionKey, salt, Pbkdf2Iterations); // Iterations slow down hashing (which helps against brute-force)
var keyEncryptionKeyHashed = pbkdf2.GetBytes(KeySizeBytes); // Second PBKDF2 hash
// Store
Ret &= virtPackage.SetProperty("EncryptionPwdKey", Utils.HexDump(encryptedKey)); // Encryption key, in encrypted form
Ret &= virtPackage.SetProperty("EncryptionPwdHash", Utils.HexDump(keyEncryptionKeyHashed)); // Password hash, for user password validation
Ret &= virtPackage.SetProperty("EncryptionPwdSalt", Utils.HexDump(salt)); // Salt used for both PBKDF2 password hashes (first and second)
Ret &= virtPackage.SetProperty("EncryptionPwdIV", Utils.HexDump(keyEncryptor.IV)); // IV used for encrypting the key with AES
return Ret;
}
//[MenuItem("Hugula AES/GenerateIV", false, 13)]
public static void GenerateIV()
{
using (System.Security.Cryptography.RijndaelManaged myRijndael = new System.Security.Cryptography.RijndaelManaged())
{
myRijndael.GenerateIV();
byte[] IV = myRijndael.IV;
KeyVData KeyScri = ScriptableObject.CreateInstance<KeyVData>();
KeyScri.IV = IV;
AssetDatabase.CreateAsset(KeyScri, Path.Combine(ConfigPath, "K81.asset"));
Debug.Log("IV Generate " + IV.Length);
}
}
