Пример #1
0
 /// <summary>
 /// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in 
 /// transferring a key between machines.
 /// </summary>
 /// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param>
 /// <param name="keyToArchive">Key to be archived.</param>
 /// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param>
 public static void ArchiveKey(Stream outputStream,
                               ProtectedKey keyToArchive,
                               string passphrase)
 {
     IKeyWriter writer = new KeyReaderWriter();
     writer.Archive(outputStream, keyToArchive, passphrase);
 }
Пример #2
0
        internal KeyedHashAlgorithmProvider(Type algorithmType, bool saltEnabled, ProtectedKey protectedKey)
            : base(algorithmType, saltEnabled)
        {
            if(protectedKey == null) throw new ArgumentNullException("key");
            if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType");

            this.key = protectedKey;
        }
		/// <summary>
		/// <para>Initalize a new instance of the <see cref="SymmetricCryptographer"/> class with an algorithm type and a key.</para>
		/// </summary>
		/// <param name="algorithmType"><para>The qualified assembly name of a <see cref="SymmetricAlgorithm"/>.</para></param>
		/// <param name="key"><para>The key for the algorithm.</para></param>
		public SymmetricCryptographer(Type algorithmType, ProtectedKey key)
		{
			if (algorithmType == null) throw new ArgumentNullException("algorithmType");
			if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType");
			if (key == null) throw new ArgumentNullException("key");

			this.key = key;
			this.algorithm = GetSymmetricAlgorithm(algorithmType);
		}
        /// <summary>
        /// Initialize a new instance of the <see cref="ExportKeyUI"/> class.
        /// </summary>
        public ExportKeyUI(ProtectedKey key)
        {
            this.key = key;
            InitializeComponent();

            btnCancel.Text = KeyManagerResources.ExportKeyUICancelButton;
            btnOk.Text = KeyManagerResources.ExportKeyUIOkButton;
            Text = KeyManagerResources.ExportKeyDialogTitle;
        }
Пример #5
0
        /// <summary>
        /// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in 
        /// transferring a key between machines.
        /// </summary>
        /// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param>
        /// <param name="keyToBeArchived">Key to be archived.</param>
        /// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param>
        public void Archive(Stream outputStream, ProtectedKey keyToBeArchived, string passphrase)
        {
            byte[] versionNumberBytes = BitConverter.GetBytes(versionNumber);
            byte[] salt = GenerateSalt();
            byte[] encryptedKey = GetEncryptedKey(keyToBeArchived, passphrase, salt);

            outputStream.Write(versionNumberBytes, 0, versionNumberBytes.Length);
            outputStream.Write(salt, 0, salt.Length);
            outputStream.Write(encryptedKey, 0, encryptedKey.Length);
        }
Пример #6
0
        internal SymmetricAlgorithmProvider(Type algorithmType, ProtectedKey key)
        {
            if (algorithmType == null) throw new ArgumentNullException("algorithmType");
            if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType");

            this.algorithmType = algorithmType;

            this.key = key;

            this.instrumentationProvider = new SymmetricAlgorithmInstrumentationProvider();
        }
        internal KeyedHashAlgorithmProvider(Type algorithmType, bool saltEnabled, ProtectedKey protectedKey)
            : base(algorithmType, saltEnabled)
        {
            if (protectedKey == null)
            {
                throw new ArgumentNullException("key");
            }
            if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType))
            {
                throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType");
            }

            this.key = protectedKey;
        }
Пример #8
0
        /// <summary>
        /// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in
        /// transferring a key between machines.
        /// </summary>
        /// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param>
        /// <param name="keyToBeArchived">Key to be archived.</param>
        /// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param>
        public void Archive(Stream outputStream, ProtectedKey keyToBeArchived, string passphrase)
        {
            if (outputStream == null)
            {
                throw new ArgumentNullException("outputStream");
            }

            byte[] versionNumberBytes = BitConverter.GetBytes(versionNumber);
            byte[] salt         = GenerateSalt();
            byte[] encryptedKey = GetEncryptedKey(keyToBeArchived, passphrase, salt);

            outputStream.Write(versionNumberBytes, 0, versionNumberBytes.Length);
            outputStream.Write(salt, 0, salt.Length);
            outputStream.Write(encryptedKey, 0, encryptedKey.Length);
        }
 private ProtectedKey GenerateKey(SymmetricAlgorithm algorithm, DataProtectionScope dataProtectionScope)
 {
     byte[] generatedKey = GenerateUnprotectedKey(algorithm);
     try
     {
         return(ProtectedKey.CreateFromPlaintextKey(generatedKey, dataProtectionScope));
     }
     finally
     {
         if (generatedKey != null)
         {
             CryptographyUtility.ZeroOutBytes(generatedKey);
         }
     }
 }
        internal SymmetricAlgorithmProvider(Type algorithmType, ProtectedKey key)
        {
            if (algorithmType == null)
            {
                throw new ArgumentNullException("algorithmType");
            }
            if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType))
            {
                throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType");
            }

            this.algorithmType = algorithmType;

            this.key = key;

            this.instrumentationProvider = new SymmetricAlgorithmInstrumentationProvider();
        }
Пример #11
0
        /// <summary>
        /// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use.
        /// </summary>
        /// <param name="algorithmType">
        /// The <see cref="KeyedHashAlgorithm"/> to use.
        /// </param>
        /// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param>
        /// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param>
        /// <param name="instrumentationProvider">The <see cref="IHashAlgorithmInstrumentationProvider"/> to use.</param>
        public KeyedHashAlgorithmProvider(Type algorithmType,
                                          bool saltEnabled,
                                          ProtectedKey protectedKey,
                                          IHashAlgorithmInstrumentationProvider instrumentationProvider)
            : base(algorithmType, saltEnabled, instrumentationProvider)
        {
            if (protectedKey == null)
            {
                throw new ArgumentNullException("protectedKey");
            }
            if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType))
            {
                throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType");
            }

            key = protectedKey;
        }
        /// <summary>
        /// Reads an encrypted key from an input file. This method is not intended to allow keys to be transferred
        /// from another machine.
        /// </summary>
        /// <param name="protectedKeyFileName">Input file from which DPAPI-protected key is to be read.</param>
        /// <param name="dpapiProtectionScope"><see cref="DataProtectionScope"/> used to protect the key on disk. </param>
        /// <returns>Key read from stream, encapsulated in a <see cref="ProtectedKey"></see>.</returns>
        public static ProtectedKey Read(string protectedKeyFileName, DataProtectionScope dpapiProtectionScope)
        {
            string completeFileName = Path.GetFullPath(protectedKeyFileName);

            if (cache[completeFileName] != null)
            {
                return(cache[completeFileName]);
            }

            using (FileStream stream = new FileStream(protectedKeyFileName, FileMode.Open, FileAccess.Read, FileShare.Read))
            {
                ProtectedKey protectedKey = Read(stream, dpapiProtectionScope);
                cache[completeFileName] = protectedKey;

                return(protectedKey);
            }
        }
Пример #13
0
        /// <summary>
        /// <para>Initalize a new instance of the <see cref="SymmetricCryptographer"/> class with an algorithm type and a key.</para>
        /// </summary>
        /// <param name="algorithmType"><para>The qualified assembly name of a <see cref="SymmetricAlgorithm"/>.</para></param>
        /// <param name="key"><para>The key for the algorithm.</para></param>
        public SymmetricCryptographer(Type algorithmType, ProtectedKey key)
        {
            if (algorithmType == null)
            {
                throw new ArgumentNullException("algorithmType");
            }
            if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType))
            {
                throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType");
            }
            if (key == null)
            {
                throw new ArgumentNullException("key");
            }

            this.key       = key;
            this.algorithm = GetSymmetricAlgorithm(algorithmType);
        }
Пример #14
0
 /// <summary>
 /// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use.
 /// </summary>
 /// <param name="algorithmType">
 /// The <see cref="KeyedHashAlgorithm"/> to use.
 /// </param>
 /// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param>
 /// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param>
 public KeyedHashAlgorithmProvider(Type algorithmType,
                                   bool saltEnabled,
                                   ProtectedKey protectedKey)
     : this(algorithmType, saltEnabled, protectedKey, new NullHashAlgorithmInstrumentationProvider())
 {
 }
Пример #15
0
 /// <summary>
 /// <para>Initialize a new instance of the <see cref="HashCryptographer"/> with an algorithm type and key.</para>
 /// </summary>
 /// <param name="algorithmType">A fully qualifed type name derived from <see cref="HashAlgorithm"/>.</param>
 /// <param name="protectedKey"><para>The key for a <see cref="KeyedHashAlgorithm"/>.</para></param>
 /// <remarks>
 /// While this overload will work with a specified <see cref="HashAlgorithm"/>, the protectedKey
 /// is only relevant when initializing with a specified <see cref="KeyedHashAlgorithm"/>.
 /// </remarks>
 public HashCryptographer(Type algorithmType, ProtectedKey protectedKey)
     : this(algorithmType)
 {
     this.key = protectedKey;
 }
		public void CreateKey()
		{
			key = KeyManager.GenerateKeyedHashKey(typeof(HMACSHA1), DataProtectionScope.CurrentUser);
		}
 /// <summary>
 /// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use.
 /// </summary>
 /// <param name="algorithmType">
 /// The <see cref="KeyedHashAlgorithm"/> to use.
 /// </param>
 /// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param>
 /// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param>
 public KeyedHashAlgorithmProvider(Type algorithmType,
                                   bool saltEnabled,
                                   ProtectedKey protectedKey)
     : this(algorithmType, saltEnabled, protectedKey, new NullHashAlgorithmInstrumentationProvider())
 {
 }
Пример #18
0
 /// <summary>
 /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
 /// moved from machine to machine.
 /// </summary>
 /// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
 /// <param name="key">Encrypted key to be written to stream.</param>
 public void Write(Stream outputStream, ProtectedKey key)
 {
     WriteVersionNumber(outputStream, versionNumber);
     WriteEncryptedKey(outputStream, key);
 }
Пример #19
0
 /// <summary>
 /// Reads a DPAPI-protected key from the given <see cref="Stream"/>.
 /// </summary>
 /// <param name="protectedKeyStream"><see cref="Stream"/> containing the DPAPI-protected key.</param>
 /// <param name="protectionScope"><see cref="DataProtectionScope"></see> used to decrypt the key read from the stream.</param>
 /// <returns>Key read from stream, encapsulated in a <see cref="ProtectedKey"></see>.</returns>
 public ProtectedKey Read(Stream protectedKeyStream, DataProtectionScope protectionScope)
 {
     ValidateKeyVersion(protectedKeyStream);
     return(ProtectedKey.CreateFromEncryptedKey(ReadEncryptedKey(protectedKeyStream), protectionScope));
 }
        /// <summary>
        /// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use.
        /// </summary>
        /// <param name="algorithmType">
        /// The <see cref="KeyedHashAlgorithm"/> to use.
        /// </param>
        /// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param>
        /// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param>
        /// <param name="instrumentationProvider">The <see cref="IHashAlgorithmInstrumentationProvider"/> to use.</param>
        public KeyedHashAlgorithmProvider(Type algorithmType,
                                          bool saltEnabled,
                                          ProtectedKey protectedKey,
                                          IHashAlgorithmInstrumentationProvider instrumentationProvider)
            : base(algorithmType, saltEnabled, instrumentationProvider)
        {
            if (protectedKey == null) 
                throw new ArgumentNullException("protectedKey");
            if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType)) 
                throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType");

            key = protectedKey;
        }
        /// <summary>
        /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
        /// moved from machine to machine.
        /// </summary>
        /// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
        /// <param name="key">Encrypted key to be written to stream.</param>
        public static void Write(Stream outputStream, ProtectedKey key)
        {
            IKeyWriter writer = new KeyReaderWriter();

            writer.Write(outputStream, key);
        }
        /// <summary>
        /// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in
        /// transferring a key between machines.
        /// </summary>
        /// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param>
        /// <param name="keyToArchive">Key to be archived.</param>
        /// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param>
        public static void ArchiveKey(Stream outputStream, ProtectedKey keyToArchive, string passphrase)
        {
            IKeyWriter writer = new KeyReaderWriter();

            writer.Archive(outputStream, keyToArchive, passphrase);
        }
Пример #23
0
 /// <summary>
 /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be 
 /// moved from machine to machine.
 /// </summary>
 /// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
 /// <param name="key">Encrypted key to be written to stream.</param>
 public static void Write(Stream outputStream,
                          ProtectedKey key)
 {
     IKeyWriter writer = new KeyReaderWriter();
     writer.Write(outputStream, key);
 }
Пример #24
0
 private byte[] GetEncryptedKey(ProtectedKey keyToBeArchived, string passphrase, byte[] salt)
 {
     byte[] decryptedKey = keyToBeArchived.DecryptedKey;
     try
     {
         return EncryptKeyForArchival(decryptedKey, passphrase, salt);
     }
     finally
     {
         CryptographyUtility.ZeroOutBytes(decryptedKey);
     }
 }
 /// <summary>
 /// Initializes a new instance of the <see cref="SymmetricAlgorithmProvider"/> class.
 /// </summary>
 /// <param name="algorithmType">The symmetric algorithm type.</param>
 /// <param name="key">The <see cref="ProtectedKey"/> for the provider.</param>
 public SymmetricAlgorithmProvider(Type algorithmType,
                                   ProtectedKey key)
     : this(algorithmType, key, new NullSymmetricAlgorithmInstrumentationProvider())
 {
 }
        /// <overloads>
        /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
        /// moved from machine to machine.
        /// </overloads>
        /// <summary>
        /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be
        /// moved from machine to machine.
        /// </summary>
        /// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
        /// <param name="encryptedKey">Encrypted key to be written to stream.</param>
        /// <param name="dpapiProtectionScope"><see cref="DataProtectionScope"/> used to protect the key on disk. </param>
        public static void Write(Stream outputStream, byte[] encryptedKey, DataProtectionScope dpapiProtectionScope)
        {
            ProtectedKey key = ProtectedKey.CreateFromEncryptedKey(encryptedKey, dpapiProtectionScope);

            Write(outputStream, key);
        }
Пример #27
0
 /// <summary>
 /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be 
 /// moved from machine to machine.
 /// </summary>
 /// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param>
 /// <param name="key">Encrypted key to be written to stream.</param>
 public void Write(Stream outputStream, ProtectedKey key)
 {
     WriteVersionNumber(outputStream, versionNumber);
     WriteEncryptedKey(outputStream, key);
 }
Пример #28
0
 private void WriteEncryptedKey(Stream outputStream, ProtectedKey key)
 {
     outputStream.Write(key.EncryptedKey, 0, key.EncryptedKey.Length);
 }
Пример #29
0
 private void WriteEncryptedKey(Stream outputStream, ProtectedKey key)
 {
     outputStream.Write(key.EncryptedKey, 0, key.EncryptedKey.Length);
 }
Пример #30
0
		/// <summary>
		/// <para>Initialize a new instance of the <see cref="HashCryptographer"/> with an algorithm type and key.</para>
		/// </summary>
		/// <param name="algorithmType">A fully qualifed type name derived from <see cref="HashAlgorithm"/>.</param>
		/// <param name="protectedKey"><para>The key for a <see cref="KeyedHashAlgorithm"/>.</para></param>
		/// <remarks>
		/// While this overload will work with a specified <see cref="HashAlgorithm"/>, the protectedKey 
		/// is only relevant when initializing with a specified <see cref="KeyedHashAlgorithm"/>.
		/// </remarks>
		public HashCryptographer(Type algorithmType, ProtectedKey protectedKey)
			: this(algorithmType)
		{
			this.key = protectedKey;
		}
 /// <summary>
 /// Initializes a new instance of the <see cref="SymmetricAlgorithmProvider"/> class.
 /// </summary>
 /// <param name="algorithmType">The symmetric algorithm type.</param>
 /// <param name="key">The <see cref="ProtectedKey"/> for the provider.</param>
 public SymmetricAlgorithmProvider(Type algorithmType,
                                   ProtectedKey key)
     :this(algorithmType, key, new NullSymmetricAlgorithmInstrumentationProvider())
 {
 }