private static void AeadExample()
{
// Plaintext to encrypt.
var plaintext = "I'm cooking MC's like a pound of bacon";
// Create a 32-byte key.
var key = Aead.GenerateKey256();
// Create a 16-byte nonce (optional).
var nonce = Aead.GenerateNonce(16);
// Create a new AEAD instance using the AES-CMAC-SIV
// algorithm. It implements the IDisposable interface,
// so it's best to create it inside using statement.
using (var aead = Aead.CreateAesCmacSiv(key))
{
// If the message is string, convert it to byte array first.
var bytes = Encoding.UTF8.GetBytes(plaintext);
// Encrypt the message.
var ciphertext = aead.Seal(bytes, nonce);
// To decrypt the message, call the Open method with the
// ciphertext and the same nonce that you generated previously.
bytes = aead.Open(ciphertext, nonce);
// If the message was originally string,
// convert if from byte array to string.
plaintext = Encoding.UTF8.GetString(bytes);
// Print the decrypted message to the standard output.
Console.WriteLine(plaintext);
}
}
private static Aead CreateAead(string algorithm, byte[] key)
{
switch (algorithm)
{
case "AES-SIV": return(Aead.CreateAesCmacSiv(key));
case "AES-PMAC-SIV": return(Aead.CreateAesPmacSiv(key));
default: throw new ArgumentException("Unknown algorithm.");
}
}
public V7CryptomatorHelper(string password, string vaultPath)
{
try
{
string masterKeyPath = PathJoin(vaultPath, "masterkey.cryptomator");
var jsonString = File.ReadAllText(masterKeyPath);
MasterKey mkey = JsonConvert.DeserializeObject <MasterKey>(jsonString);
if (mkey.Version != 7)
{
throw new ArgumentException("Only version 7 vaults are supported");
}
byte[] abPrimaryMasterKey = Convert.FromBase64String(mkey.PrimaryMasterKey);
byte[] abHmacMasterKey = Convert.FromBase64String(mkey.HmacMasterKey);
byte[] abScryptSalt = Convert.FromBase64String(mkey.ScryptSalt);
kek = SCrypt.ComputeDerivedKey(Encoding.ASCII.GetBytes(password), abScryptSalt, mkey.ScryptCostParam, mkey.ScryptBlockSize, 1, 1, 32);
masterKey = KeyWrapAlgorithm.UnwrapKey(kek, abPrimaryMasterKey);
macKey = KeyWrapAlgorithm.UnwrapKey(kek, abHmacMasterKey);
sivKey = macKey.Concat(masterKey).ToArray();
this.vaultPath = vaultPath;
siv = Aead.CreateAesCmacSiv(sivKey);
byte[] ciphertext = siv.Seal(new byte[0]);
byte[] hash = sha1.ComputeHash(ciphertext);
string fullDirName = Base32Encoding.ToString(hash);
physicalPathRoot = PathJoin(fullDirName.Substring(0, 2), fullDirName.Substring(2));
}
catch (System.IO.FileNotFoundException e)
{
throw new FileNotFoundException("Cannot open master key file (masterkey.cryptomator)", e);
}
catch (CryptographicException e)
{
throw new CryptographicException("Cannot open vault, possible password error", e);
}
}