/// <summary> /// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in /// transferring a key between machines. /// </summary> /// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param> /// <param name="keyToArchive">Key to be archived.</param> /// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param> public static void ArchiveKey(Stream outputStream, ProtectedKey keyToArchive, string passphrase) { IKeyWriter writer = new KeyReaderWriter(); writer.Archive(outputStream, keyToArchive, passphrase); }
internal KeyedHashAlgorithmProvider(Type algorithmType, bool saltEnabled, ProtectedKey protectedKey) : base(algorithmType, saltEnabled) { if(protectedKey == null) throw new ArgumentNullException("key"); if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType"); this.key = protectedKey; }
/// <summary> /// <para>Initalize a new instance of the <see cref="SymmetricCryptographer"/> class with an algorithm type and a key.</para> /// </summary> /// <param name="algorithmType"><para>The qualified assembly name of a <see cref="SymmetricAlgorithm"/>.</para></param> /// <param name="key"><para>The key for the algorithm.</para></param> public SymmetricCryptographer(Type algorithmType, ProtectedKey key) { if (algorithmType == null) throw new ArgumentNullException("algorithmType"); if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType"); if (key == null) throw new ArgumentNullException("key"); this.key = key; this.algorithm = GetSymmetricAlgorithm(algorithmType); }
/// <summary> /// Initialize a new instance of the <see cref="ExportKeyUI"/> class. /// </summary> public ExportKeyUI(ProtectedKey key) { this.key = key; InitializeComponent(); btnCancel.Text = KeyManagerResources.ExportKeyUICancelButton; btnOk.Text = KeyManagerResources.ExportKeyUIOkButton; Text = KeyManagerResources.ExportKeyDialogTitle; }
/// <summary> /// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in /// transferring a key between machines. /// </summary> /// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param> /// <param name="keyToBeArchived">Key to be archived.</param> /// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param> public void Archive(Stream outputStream, ProtectedKey keyToBeArchived, string passphrase) { byte[] versionNumberBytes = BitConverter.GetBytes(versionNumber); byte[] salt = GenerateSalt(); byte[] encryptedKey = GetEncryptedKey(keyToBeArchived, passphrase, salt); outputStream.Write(versionNumberBytes, 0, versionNumberBytes.Length); outputStream.Write(salt, 0, salt.Length); outputStream.Write(encryptedKey, 0, encryptedKey.Length); }
internal SymmetricAlgorithmProvider(Type algorithmType, ProtectedKey key) { if (algorithmType == null) throw new ArgumentNullException("algorithmType"); if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType"); this.algorithmType = algorithmType; this.key = key; this.instrumentationProvider = new SymmetricAlgorithmInstrumentationProvider(); }
internal KeyedHashAlgorithmProvider(Type algorithmType, bool saltEnabled, ProtectedKey protectedKey) : base(algorithmType, saltEnabled) { if (protectedKey == null) { throw new ArgumentNullException("key"); } if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType)) { throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType"); } this.key = protectedKey; }
/// <summary> /// Archives a cryptographic key to a <see cref="Stream"/>. This method is intended for use in /// transferring a key between machines. /// </summary> /// <param name="outputStream"><see cref="Stream"/> to which key is to be archived.</param> /// <param name="keyToBeArchived">Key to be archived.</param> /// <param name="passphrase">User-provided passphrase used to encrypt the key in the arhive.</param> public void Archive(Stream outputStream, ProtectedKey keyToBeArchived, string passphrase) { if (outputStream == null) { throw new ArgumentNullException("outputStream"); } byte[] versionNumberBytes = BitConverter.GetBytes(versionNumber); byte[] salt = GenerateSalt(); byte[] encryptedKey = GetEncryptedKey(keyToBeArchived, passphrase, salt); outputStream.Write(versionNumberBytes, 0, versionNumberBytes.Length); outputStream.Write(salt, 0, salt.Length); outputStream.Write(encryptedKey, 0, encryptedKey.Length); }
private ProtectedKey GenerateKey(SymmetricAlgorithm algorithm, DataProtectionScope dataProtectionScope) { byte[] generatedKey = GenerateUnprotectedKey(algorithm); try { return(ProtectedKey.CreateFromPlaintextKey(generatedKey, dataProtectionScope)); } finally { if (generatedKey != null) { CryptographyUtility.ZeroOutBytes(generatedKey); } } }
internal SymmetricAlgorithmProvider(Type algorithmType, ProtectedKey key) { if (algorithmType == null) { throw new ArgumentNullException("algorithmType"); } if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType)) { throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType"); } this.algorithmType = algorithmType; this.key = key; this.instrumentationProvider = new SymmetricAlgorithmInstrumentationProvider(); }
/// <summary> /// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use. /// </summary> /// <param name="algorithmType"> /// The <see cref="KeyedHashAlgorithm"/> to use. /// </param> /// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param> /// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param> /// <param name="instrumentationProvider">The <see cref="IHashAlgorithmInstrumentationProvider"/> to use.</param> public KeyedHashAlgorithmProvider(Type algorithmType, bool saltEnabled, ProtectedKey protectedKey, IHashAlgorithmInstrumentationProvider instrumentationProvider) : base(algorithmType, saltEnabled, instrumentationProvider) { if (protectedKey == null) { throw new ArgumentNullException("protectedKey"); } if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType)) { throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType"); } key = protectedKey; }
/// <summary> /// Reads an encrypted key from an input file. This method is not intended to allow keys to be transferred /// from another machine. /// </summary> /// <param name="protectedKeyFileName">Input file from which DPAPI-protected key is to be read.</param> /// <param name="dpapiProtectionScope"><see cref="DataProtectionScope"/> used to protect the key on disk. </param> /// <returns>Key read from stream, encapsulated in a <see cref="ProtectedKey"></see>.</returns> public static ProtectedKey Read(string protectedKeyFileName, DataProtectionScope dpapiProtectionScope) { string completeFileName = Path.GetFullPath(protectedKeyFileName); if (cache[completeFileName] != null) { return(cache[completeFileName]); } using (FileStream stream = new FileStream(protectedKeyFileName, FileMode.Open, FileAccess.Read, FileShare.Read)) { ProtectedKey protectedKey = Read(stream, dpapiProtectionScope); cache[completeFileName] = protectedKey; return(protectedKey); } }
/// <summary> /// <para>Initalize a new instance of the <see cref="SymmetricCryptographer"/> class with an algorithm type and a key.</para> /// </summary> /// <param name="algorithmType"><para>The qualified assembly name of a <see cref="SymmetricAlgorithm"/>.</para></param> /// <param name="key"><para>The key for the algorithm.</para></param> public SymmetricCryptographer(Type algorithmType, ProtectedKey key) { if (algorithmType == null) { throw new ArgumentNullException("algorithmType"); } if (!typeof(SymmetricAlgorithm).IsAssignableFrom(algorithmType)) { throw new ArgumentException(Resources.ExceptionCreatingSymmetricAlgorithmInstance, "algorithmType"); } if (key == null) { throw new ArgumentNullException("key"); } this.key = key; this.algorithm = GetSymmetricAlgorithm(algorithmType); }
/// <summary> /// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use. /// </summary> /// <param name="algorithmType"> /// The <see cref="KeyedHashAlgorithm"/> to use. /// </param> /// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param> /// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param> public KeyedHashAlgorithmProvider(Type algorithmType, bool saltEnabled, ProtectedKey protectedKey) : this(algorithmType, saltEnabled, protectedKey, new NullHashAlgorithmInstrumentationProvider()) { }
/// <summary> /// <para>Initialize a new instance of the <see cref="HashCryptographer"/> with an algorithm type and key.</para> /// </summary> /// <param name="algorithmType">A fully qualifed type name derived from <see cref="HashAlgorithm"/>.</param> /// <param name="protectedKey"><para>The key for a <see cref="KeyedHashAlgorithm"/>.</para></param> /// <remarks> /// While this overload will work with a specified <see cref="HashAlgorithm"/>, the protectedKey /// is only relevant when initializing with a specified <see cref="KeyedHashAlgorithm"/>. /// </remarks> public HashCryptographer(Type algorithmType, ProtectedKey protectedKey) : this(algorithmType) { this.key = protectedKey; }
public void CreateKey() { key = KeyManager.GenerateKeyedHashKey(typeof(HMACSHA1), DataProtectionScope.CurrentUser); }
/// <summary> /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be /// moved from machine to machine. /// </summary> /// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param> /// <param name="key">Encrypted key to be written to stream.</param> public void Write(Stream outputStream, ProtectedKey key) { WriteVersionNumber(outputStream, versionNumber); WriteEncryptedKey(outputStream, key); }
/// <summary> /// Reads a DPAPI-protected key from the given <see cref="Stream"/>. /// </summary> /// <param name="protectedKeyStream"><see cref="Stream"/> containing the DPAPI-protected key.</param> /// <param name="protectionScope"><see cref="DataProtectionScope"></see> used to decrypt the key read from the stream.</param> /// <returns>Key read from stream, encapsulated in a <see cref="ProtectedKey"></see>.</returns> public ProtectedKey Read(Stream protectedKeyStream, DataProtectionScope protectionScope) { ValidateKeyVersion(protectedKeyStream); return(ProtectedKey.CreateFromEncryptedKey(ReadEncryptedKey(protectedKeyStream), protectionScope)); }
/// <summary> /// Initialize a new instance of the <see cref="KeyedHashAlgorithmProvider"/> class with a <see cref="KeyedHashAlgorithm"/>, if salt is enabled, and the key to use. /// </summary> /// <param name="algorithmType"> /// The <see cref="KeyedHashAlgorithm"/> to use. /// </param> /// <param name="saltEnabled"><see langword="true"/> if salt should be used; otherwise, <see langword="false"/>.</param> /// <param name="protectedKey">The <see cref="ProtectedKey"/> for the provider.</param> /// <param name="instrumentationProvider">The <see cref="IHashAlgorithmInstrumentationProvider"/> to use.</param> public KeyedHashAlgorithmProvider(Type algorithmType, bool saltEnabled, ProtectedKey protectedKey, IHashAlgorithmInstrumentationProvider instrumentationProvider) : base(algorithmType, saltEnabled, instrumentationProvider) { if (protectedKey == null) throw new ArgumentNullException("protectedKey"); if (!typeof(KeyedHashAlgorithm).IsAssignableFrom(algorithmType)) throw new ArgumentException(Resources.ExceptionMustBeAKeyedHashAlgorithm, "algorithmType"); key = protectedKey; }
/// <summary> /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be /// moved from machine to machine. /// </summary> /// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param> /// <param name="key">Encrypted key to be written to stream.</param> public static void Write(Stream outputStream, ProtectedKey key) { IKeyWriter writer = new KeyReaderWriter(); writer.Write(outputStream, key); }
private byte[] GetEncryptedKey(ProtectedKey keyToBeArchived, string passphrase, byte[] salt) { byte[] decryptedKey = keyToBeArchived.DecryptedKey; try { return EncryptKeyForArchival(decryptedKey, passphrase, salt); } finally { CryptographyUtility.ZeroOutBytes(decryptedKey); } }
/// <summary> /// Initializes a new instance of the <see cref="SymmetricAlgorithmProvider"/> class. /// </summary> /// <param name="algorithmType">The symmetric algorithm type.</param> /// <param name="key">The <see cref="ProtectedKey"/> for the provider.</param> public SymmetricAlgorithmProvider(Type algorithmType, ProtectedKey key) : this(algorithmType, key, new NullSymmetricAlgorithmInstrumentationProvider()) { }
/// <overloads> /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be /// moved from machine to machine. /// </overloads> /// <summary> /// Writes an encrypted key to an output stream. This method is not intended to allow the keys to be /// moved from machine to machine. /// </summary> /// <param name="outputStream"><see cref="Stream"/> to which DPAPI-protected key is to be written.</param> /// <param name="encryptedKey">Encrypted key to be written to stream.</param> /// <param name="dpapiProtectionScope"><see cref="DataProtectionScope"/> used to protect the key on disk. </param> public static void Write(Stream outputStream, byte[] encryptedKey, DataProtectionScope dpapiProtectionScope) { ProtectedKey key = ProtectedKey.CreateFromEncryptedKey(encryptedKey, dpapiProtectionScope); Write(outputStream, key); }
private void WriteEncryptedKey(Stream outputStream, ProtectedKey key) { outputStream.Write(key.EncryptedKey, 0, key.EncryptedKey.Length); }
/// <summary> /// Initializes a new instance of the <see cref="SymmetricAlgorithmProvider"/> class. /// </summary> /// <param name="algorithmType">The symmetric algorithm type.</param> /// <param name="key">The <see cref="ProtectedKey"/> for the provider.</param> public SymmetricAlgorithmProvider(Type algorithmType, ProtectedKey key) :this(algorithmType, key, new NullSymmetricAlgorithmInstrumentationProvider()) { }