public static bool TryDecryptArchiveKey(
this UserKeyAuthorization authorization,
UserKey userKey,
SecuritySettings securitySettings,
out ArchiveKey archiveKey)
{
ArgCheck.NotNull(authorization, nameof(authorization));
ArgCheck.NotNull(userKey, nameof(userKey));
ArgCheck.IsValid(securitySettings, nameof(securitySettings));
archiveKey = null;
if (!CryptoHelpers.SecureEquals(userKey.KeyId, authorization.KeyId))
{
return(false);
}
try
{
// The SecureArchive file format requires that the friendly name and keyId be
// checked for tampering when using authenticated cyphers.
var additionalData = Encoding.UTF8.GetBytes(authorization.FriendlyName + authorization.KeyId);
var cryptoStrategy = CryptoHelpers.GetCryptoStrategy(securitySettings.EncryptionAlgo);
var decryptedArchiveKey = userKey.Decrypt(cryptoStrategy, authorization.EncryptedArchiveKey, additionalData);
if (!decryptedArchiveKey.IsEmpty)
{
archiveKey = new ArchiveKey(decryptedArchiveKey.ToArray());
}
}
catch
{
return(false);
}
return(archiveKey != null);
}
