public Ciphertext Encrypt(string text, Secret secret = null) { var cleanTextBytes = _encoding.GetBytes(text); var salt = GenerateRandomBytes(SaltLength); var key = SecretKeyFactory.GetKey(salt, secret, _pbkdf2Iterations); var iv = GenerateRandomBytes(IvLength); var cipher = new GcmBlockCipher(new AesEngine()); var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null); cipher.Init(true, parameters); var cipherTextBytes = new byte[cipher.GetOutputSize(cleanTextBytes.Length)]; var len = cipher.ProcessBytes(cleanTextBytes, 0, cleanTextBytes.Length, cipherTextBytes, 0); cipher.DoFinal(cipherTextBytes, len); byte[] resultBytes; using (var combinedStream = new MemoryStream()) { using (var binaryWriter = new BinaryWriter(combinedStream)) { binaryWriter.Write(salt); binaryWriter.Write(iv); binaryWriter.Write(cipherTextBytes); } resultBytes = combinedStream.ToArray(); } SecretKeyFactory.ShuffleSecretKey(key); var cipheredText = Convert.ToBase64String(resultBytes); return(new Ciphertext(Name + ":" + cipheredText, secret.Version)); }
public override string Encrypt(byte[] textBytes, CustomEncryptionKey secretKey) { var secretBytes = secretKey?.GetSecretBytes(); try { return(SimpleFernet.Encrypt(secretBytes, textBytes)); } finally { SecretKeyFactory.ShuffleSecretKey(secretBytes); } }
protected static string DecodeBytes(byte[] decodedBytes, Secret secret, int pbkdf2Iterations, Encoding encoding) { #pragma warning disable CA1062 var invalidCipherLength = decodedBytes.Length < MetaInfoLength; #pragma warning restore CA1062 s_helper.Check <StorageCryptoException>(invalidCipherLength, Messages.AesGcmCipher.s_errWrongEncryptedText); s_helper.Check <StorageCryptoException>(secret == null, Messages.AesGcmCipher.s_errNoSecret); s_helper.Check <StorageCryptoException>(encoding == null, Messages.AesGcmCipher.s_errNoEncoding); var salt = Arrays.CopyOfRange(decodedBytes, 0, SaltLength); var iv = Arrays.CopyOfRange(decodedBytes, SaltLength, MetaInfoLength); var encrypted = Arrays.CopyOfRange(decodedBytes, MetaInfoLength, decodedBytes.Length); var key = SecretKeyFactory.GetKey(salt, secret, pbkdf2Iterations); try { var cipher = new GcmBlockCipher(new AesEngine()); var parameters = new AeadParameters(new KeyParameter(key), AuthTagLengthInBits, iv, null); cipher.Init(false, parameters); var decryptedText = new byte[cipher.GetOutputSize(encrypted.Length)]; var len = cipher.ProcessBytes(encrypted, 0, encrypted.Length, decryptedText, 0); cipher.DoFinal(decryptedText, len); #pragma warning disable CA1062 return(encoding.GetString(decryptedText)); #pragma warning restore CA1062 } catch (InvalidCipherTextException ex) { s_log.Error(ex, Messages.AesGcmCipher.s_errInvalidCipher); throw new StorageCryptoException(Messages.AesGcmCipher.s_errInvalidCipher, ex); } catch (System.Exception ex) { s_log.Error(ex, Messages.AesGcmCipher.s_errUnexpectedDuringDecryption); throw new StorageCryptoException(Messages.AesGcmCipher.s_errUnexpectedDuringDecryption, ex); } finally { SecretKeyFactory.ShuffleSecretKey(key); } }