public EncryptedPacket Encrypt(byte[] original, RsaWithRsaParameterKey rsaParams)
{
var sessionKey = AesEncryption.GenerateRandomNumber(32);
var encryptedPacket = new EncryptedPacket {
Iv = AesEncryption.GenerateRandomNumber(16)
};
encryptedPacket.EncryptedData = _aes.Encrypt(original, sessionKey, encryptedPacket.Iv);
encryptedPacket.EncryptedSessionKey = rsaParams.Encrypt(sessionKey);
using (var hmac = new HMACSHA256(sessionKey))
{
encryptedPacket.Hmac = hmac.ComputeHash(encryptedPacket.EncryptedData);
}
encryptedPacket.Signature = _digitalSignature.SignData(encryptedPacket.Hmac);
return(encryptedPacket);
}
public byte[] Decrypt(EncryptedPacket packet, RsaWithRsaParameterKey rsaParams)
{
var decriptedSessionKey = rsaParams.Decrypt(packet.EncryptedSessionKey);
using (var hmac = new HMACSHA256(decriptedSessionKey))
{
var hmacToCheck = hmac.ComputeHash(packet.EncryptedData);
if (!Compare(packet.Hmac, hmacToCheck))
{
throw new CryptographicException("HMAC for decription doesn't match");
}
if (!_digitalSignature.VerifySignature(packet.Hmac, packet.Signature))
{
throw new CryptographicException("Digital signature cannot be verified.");
}
}
return(_aes.Decrypt(packet.EncryptedData, decriptedSessionKey, packet.Iv));
}