public async Task SetSeedWords(string password, string seedWords)
{
var iKey = await GetOrGenerateIntermediateKey(password);
var encSeedWords = AesThenHmac.Encrypt(seedWords, iKey);
await _hsm.SetAsync(EncSeedWordsLoc, encSeedWords);
}
public void CanDecryptCiphertextFromPython()
{
// generated with python
string password = "******";
string b64CipherText = "Gup4moWGF4RRcyPUErUuctQE2MlgH7hHIiy0+gxNT3Mc+Ktax/t25W47Lk4jOJt0QT8W2LhkwH8qg28qZ2bM0XozLEIPZe/mi9BuryrMJX8=";
var plaintext = Cryptor.DecryptWithPassword(b64CipherText, password);
Assert.True(plaintext == "poops");
}
public async Task <string> GetSeedWords(string password)
{
var iKey = await GetIntermediateKey(password);
var encSeedWords = await _hsm.GetAsync(EncSeedWordsLoc);
var seedWords = AesThenHmac.Decrypt(encSeedWords, iKey);
return(seedWords);
}
public async Task <byte[]> GetIntermediateKey(string password)
{
if (_uiConfig.HasIntermediateKey)
{
// throws if it fails
string encIKeyString = await _hsm.GetAsync(I_KEY_LOC);
byte[] encIKey = Convert.FromBase64String(encIKeyString);
byte[] iKey = AesThenHmac.DecryptWithPassword(encIKey, password);
return(iKey);
}
return(null);
}
// Use an intermediate key. This way main password can be changed
// out for a global pin in multi-wallet. Store it with biometrics
// for access without a static password.
public async Task <byte[]> GetOrGenerateIntermediateKey(string password)
{
byte[] iKey = await GetIntermediateKey(password);
if (iKey is null)
{
// default one at cryptographically-secure pseudo-random
iKey = AesThenHmac.NewKey();
}
// store it encrypted under the password
byte[] encIKey = AesThenHmac.EncryptWithPassword(iKey, password);
string encIKeyString = Convert.ToBase64String(encIKey);
await _hsm.SetAsync(I_KEY_LOC, encIKeyString);
_uiConfig.HasIntermediateKey = true;
_uiConfig.ToFile();
return(iKey);
}