public static byte[] EncryptKey(byte[] key, byte[] password)
{
//append a magic key to the key so we know if it was decrypted sucessfully
byte[] concatenatedKey = (new byte[] { 39, 39, 39 }).Concat(key).ToArray();
//create the cipher and parameter for the generator
PaddedBufferedBlockCipher pbbc = new PaddedBufferedBlockCipher(new AesEngine());
KeyParameter aesKey = new KeyParameter(password);
pbbc.Init(true, aesKey);
//create the output buffer
byte[] encryptedKey = new byte[pbbc.GetOutputSize(concatenatedKey.Length)];
//do the encryption
int bytesWritten = pbbc.ProcessBytes(concatenatedKey, 0, concatenatedKey.Length, encryptedKey, 0);
pbbc.DoFinal(encryptedKey, bytesWritten);
//erase the unencrypted data
Eraser.SecureErase(key);
Eraser.SecureErase(password);
Eraser.SecureErase(concatenatedKey);
return(encryptedKey);
}
public static string HashStringStr(string str)
{
byte[] raw = HashString(str);
string ret = Hex.ToHexString(raw);
Eraser.SecureErase(raw);
return(ret);
}
public static byte[] HashString(string str)
{
byte[] bytes = Encoding.UTF8.GetBytes(str);
Sha256Digest digest = new Sha256Digest();
digest.BlockUpdate(bytes, 0, bytes.Length);
byte[] hashedBytes = new byte[digest.GetDigestSize()];
digest.DoFinal(hashedBytes, 0);
Eraser.SecureErase(bytes);
return(hashedBytes);
}
public static byte[] DecryptKey(byte[] encKey, byte[] password)
{
//create the cipher and parameter for setting up the generator
PaddedBufferedBlockCipher pbbc = new PaddedBufferedBlockCipher(new AesEngine());
KeyParameter aesKey = new KeyParameter(password);
pbbc.Init(false, aesKey);
//create the output buffer
byte[] decryptedKey = new byte[pbbc.GetOutputSize(encKey.Length)];
//do the decryption
int bytesWritten = pbbc.ProcessBytes(encKey, decryptedKey, 0);
try
{
bytesWritten += pbbc.DoFinal(decryptedKey, bytesWritten);
}
catch (Exception e)
{ //any exception that occurs here means that the password was entered incorrectly
if (e != null)
{
return(null);
}
}
//resize the array to fit the actual size of the decrypted data
byte[] resizedArray = new byte[bytesWritten];
Array.Copy(decryptedKey, resizedArray, bytesWritten);
Eraser.SecureErase(decryptedKey); //done with this, so free it
//check for the magic key - if not present then the password was incorrect
if (resizedArray[0] != 39 || resizedArray[1] != 39 || resizedArray[2] != 39)
{
return(null);
}
//strip out the magic key
byte[] finalKeyReversed = new byte[bytesWritten - 3];
Array.Copy(resizedArray.Reverse().ToArray(), finalKeyReversed, bytesWritten - 3);
Eraser.SecureErase(resizedArray); //done with this, so free it
byte[] finalKey = new byte[bytesWritten - 3];
Array.Copy(finalKeyReversed.Reverse().ToArray(), finalKey, bytesWritten - 3);
Eraser.SecureErase(finalKeyReversed); //done with this, so free it
return(finalKey);
}
public static byte[] AsymmetricDecrypt(byte[] data, ref AsymmetricCipherKeyPair keypair)
{
//create the key agreement
ECDHBasicAgreement ag = new ECDHBasicAgreement();
ag.Init(keypair.Private);
//calculate the shared secret key
BigInteger a = ag.CalculateAgreement(keypair.Public);
byte[] secret = a.ToByteArray();
//derive the symmetric encryption key
ECDHKekGenerator topkek = new ECDHKekGenerator(DigestUtilities.GetDigest("SHA256"));
topkek.Init(new DHKdfParameters(NistObjectIdentifiers.Aes, secret.Length, secret));
byte[] symKey = new byte[DigestUtilities.GetDigest("SHA256").GetDigestSize()];
topkek.GenerateBytes(symKey, 0, symKey.Length);
//decrypt the data
KeyParameter parm = ParameterUtilities.CreateKeyParameter("DES", symKey);
IBufferedCipher cipher = CipherUtilities.GetCipher("DES/ECB/ISO7816_4PADDING");
cipher.Init(false, parm);
byte[] ret = null;
try
{
ret = cipher.DoFinal(data);
}
catch (Exception e)
{
if (e != null)
{
return(null);
}
}
//erase the keys
Eraser.SecureErase(secret);
Eraser.SecureErase(symKey);
return(ret);
}