public static byte[] Decrypt(byte[] encrypted, EncryptionType encType, string userPassword) { if (encType == EncryptionType.None) { return(encrypted); } // Decrypt second pass (AES/PBKDF2) byte[] secondPassDecrypt; if (encType.HasFlag(EncryptionType.Password)) { try { secondPassDecrypt = AESDecrypt(encrypted, userPassword); } catch (Exception) { return(null); } } else { secondPassDecrypt = encrypted; } // Decrypt first pass (Machine/User Lock) byte[] decrypted; if (encType.HasFlag(EncryptionType.LocalUser) || encType.HasFlag(EncryptionType.LocalMachine)) { try { decrypted = MachineDecrypt(secondPassDecrypt, encType); } catch (Exception) { return(null); } } else { decrypted = secondPassDecrypt; } // Verify token signature if (decrypted.Length != 30) { return(null); } byte[] token = new byte[20]; Array.Copy(decrypted, token, 20); byte[] signature = new byte[10]; Array.Copy(decrypted, 20, signature, 0, 10); byte[] expectedSignature = SignToken(token); if (expectedSignature.SequenceEqual(signature)) { return(token); } return(null); }
public static byte[] Decrypt(byte[] encrypted, EncryptionType encType, string userPassword) { if (encType == EncryptionType.None) return encrypted; // Decrypt second pass (AES/PBKDF2) byte[] secondPassDecrypt; if (encType.HasFlag(EncryptionType.Password)) { try { secondPassDecrypt = AESDecrypt(encrypted, userPassword); } catch (Exception) { return null; } } else { secondPassDecrypt = encrypted; } // Decrypt first pass (Machine/User Lock) byte[] decrypted; if (encType.HasFlag(EncryptionType.LocalUser) || encType.HasFlag(EncryptionType.LocalMachine)) { try { decrypted = MachineDecrypt(secondPassDecrypt, encType); } catch (Exception) { return null; } } else { decrypted = secondPassDecrypt; } // Verify token signature if (decrypted.Length != 30) return null; byte[] token = new byte[20]; Array.Copy(decrypted, token, 20); byte[] signature = new byte[10]; Array.Copy(decrypted, 20, signature, 0, 10); byte[] expectedSignature = SignToken(token); if (expectedSignature.SequenceEqual(signature)) return token; return null; }
public static byte[] Encrypt(byte[] token, EncryptionType encType, string userPassword) { if (encType == EncryptionType.None) { return(token); } // Sign Token (for verification at decryption time) byte[] signature = SignToken(token); byte[] plainText = new byte[30]; Array.Copy(token, plainText, 20); Array.Copy(signature, 0, plainText, 20, 10); // Encrypt first pass (Machine/User Lock) byte[] firstPassEncrypted; if (encType.HasFlag(EncryptionType.LocalUser) || encType.HasFlag(EncryptionType.LocalMachine)) { firstPassEncrypted = MachineEncrypt(plainText, encType); } else { firstPassEncrypted = plainText; } // Encrypt second pass (AES/PBKDF2) byte[] encrypted = null; if (encType.HasFlag(EncryptionType.Password)) { encrypted = AESEncrypt(firstPassEncrypted, userPassword); } else { return(firstPassEncrypted); } return(encrypted); }
private static byte[] MachineEncrypt(byte[] plainText, EncryptionType encType) { DataProtectionScope scope = (encType.HasFlag(EncryptionType.LocalUser)) ? DataProtectionScope.CurrentUser : DataProtectionScope.LocalMachine; return(ProtectedData.Protect(plainText, WINBMA_SECRET, scope)); }
private static byte[] MachineEncrypt(byte[] plainText, EncryptionType encType) { DataProtectionScope scope = (encType.HasFlag(EncryptionType.LocalUser)) ? DataProtectionScope.CurrentUser : DataProtectionScope.LocalMachine; return ProtectedData.Protect(plainText, WINBMA_SECRET, scope); }
public static byte[] Encrypt(byte[] token, EncryptionType encType, string userPassword) { if (encType == EncryptionType.None) return token; // Sign Token (for verification at decryption time) byte[] signature = SignToken(token); byte[] plainText = new byte[30]; Array.Copy(token, plainText, 20); Array.Copy(signature, 0, plainText, 20, 10); // Encrypt first pass (Machine/User Lock) byte[] firstPassEncrypted; if (encType.HasFlag(EncryptionType.LocalUser) || encType.HasFlag(EncryptionType.LocalMachine)) { firstPassEncrypted = MachineEncrypt(plainText, encType); } else { firstPassEncrypted = plainText; } // Encrypt second pass (AES/PBKDF2) byte[] encrypted = null; if (encType.HasFlag(EncryptionType.Password)) { encrypted = AESEncrypt(firstPassEncrypted, userPassword); } else { return firstPassEncrypted; } return encrypted; }