public byte[] DecryptData(EncryptedPacket encryptedPacket, AsymmetricEncryptionHelper.RsaWithRsaParameterKey rsaParams, AsymmetricEncryptionHelper.RsaWithRsaParameterKey digitalSignature) { // Decrypt AES Key with RSA and then decrypt data with AES. var decryptedSessionKey = rsaParams.DecryptData(encryptedPacket.EncryptedSessionKey); using (var hmac = new HMACSHA256(decryptedSessionKey)) { var hmacToCheck = hmac.ComputeHash(encryptedPacket.EncryptedData); if (!Compare(encryptedPacket.Hmac, hmacToCheck)) { throw new CryptographicException("HMAC for decryption does not match encrypted packet."); } if (!digitalSignature.VerifySignature(encryptedPacket.Hmac, encryptedPacket.Signature)) { throw new CryptographicException( "Digital Signature can not be verified."); } } var decryptedData = SymmetricEncryptionHelper.AesEncryption.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey, encryptedPacket.Iv); return(decryptedData); }
public EncryptedPacket EncryptData(byte[] original, AsymmetricEncryptionHelper.RsaWithRsaParameterKey rsaParams, AsymmetricEncryptionHelper.RsaWithRsaParameterKey digitalSignature) { var sessionKey = SymmetricEncryptionHelper.AesEncryption.GenerateRandomNumber(32); var encryptedPacket = new EncryptedPacket { Iv = SymmetricEncryptionHelper.AesEncryption.GenerateRandomNumber(16) }; // Encrypt data with AES and AES Key with RSA encryptedPacket.EncryptedData = SymmetricEncryptionHelper.AesEncryption.Encrypt(original, sessionKey, encryptedPacket.Iv); encryptedPacket.EncryptedSessionKey = rsaParams.EncryptData(sessionKey); using (var hmac = new HMACSHA256(sessionKey)) { encryptedPacket.Hmac = hmac.ComputeHash(encryptedPacket.EncryptedData); } encryptedPacket.Signature = digitalSignature.CreateDigitalSignature(encryptedPacket.Hmac); return(encryptedPacket); }