static int GenerateKeyPair(GenerateKeyOptions opts)
{
try
{
WriteMessageToConsole($"Generating Keys: Key Length = {opts.KeyLength}, Key Name = {opts.Name}, Output Path = {opts.OutputPath}", ConsoleColor.Green);
if (FolderExistsOrWasCreated(opts.OutputPath) == false)
{
WriteMessageToConsole("Output Path Invalid - Key Generation Aborted", ConsoleColor.Red);
return(1);
}
if (KeysExist(opts.Name, opts.OutputPath))
{
bool?overwrite = null;
do
{
WriteMessageToConsole("One or more keys of the same name already exist in the specified location, Overwrite? (Y/N)", ConsoleColor.Red);
var shouldOverwrite = Console.ReadLine();
switch (shouldOverwrite)
{
case "Y":
case "y":
overwrite = true;
break;
case "N":
case "n":
overwrite = false;
break;
}
} while (overwrite.HasValue == false);
if (overwrite.Value == false)
{
return(0);
}
}
var rsa = new RSAEncryption();
rsa.GenerateKeyPair(opts.KeyLength, opts.Name, opts.OutputPath);
WriteMessageToConsole($"Success: Key Pair generated in {opts.OutputPath}", ConsoleColor.Green);
}
catch (Exception ex)
{
WriteMessageToConsole($"Exception: {ex.Message}", ConsoleColor.Red);
return(1);
}
return(0);
}
private static DecryptedData Decrypt(EncryptedPacket encryptedPacket, int keyLength, string sendersPublicKeyPath, string recipientsPrivateKeyPath)
{
var encryptor = new RSAEncryption();
var digitalSigner = new DigitalSignature();
var hybrid = new HybridEncryption();
var decryptedData = hybrid.DecryptData(encryptedPacket, keyLength, encryptor, digitalSigner, recipientsPrivateKeyPath, sendersPublicKeyPath);
return(decryptedData);
}
private static EncryptedPacket Encrypt(byte[] dataToEncrypt, int keyLength, string recipientPublicKeyPath, string sendersPrivateKeyPath, string filename = "")
{
var encryptor = new RSAEncryption();
var digitalSigner = new DigitalSignature();
var hybrid = new HybridEncryption();
var encryptedPacket = hybrid.EncryptData(dataToEncrypt, keyLength, encryptor, digitalSigner, recipientPublicKeyPath, sendersPrivateKeyPath, filename);
return(encryptedPacket);
}
public EncryptedPacket EncryptData(byte[] original, int keyLength, RSAEncryption rsaParams, DigitalSignature digitalSignature, string pathToRecipientPublicKey, string pathToSenderPrivateKey, string filename)
{
var sessionKey = _aes.GenerateRandomNumber(32);
var encryptedPacket = new EncryptedPacket {
Iv = _aes.GenerateRandomNumber(16)
};
encryptedPacket.EncryptedData = _aes.Encrypt(original, sessionKey, encryptedPacket.Iv);
encryptedPacket.Filename = _aes.Encrypt(Encoding.ASCII.GetBytes(filename), sessionKey, encryptedPacket.Iv);
encryptedPacket.EncryptedSessionKey = rsaParams.EncryptData(sessionKey, keyLength, pathToRecipientPublicKey);
using (var hmac = new HMACSHA256(sessionKey))
{
encryptedPacket.Hmac = hmac.ComputeHash(encryptedPacket.EncryptedData);
}
encryptedPacket.Signature = digitalSignature.SignData(encryptedPacket.Hmac, keyLength, pathToSenderPrivateKey);
return(encryptedPacket);
}
public DecryptedData DecryptData(EncryptedPacket encryptedPacket, int keyLength, RSAEncryption rsaParams, DigitalSignature digitalSignature, string pathToRecipientPrivateKey, string pathToSenderPublicKey)
{
var decryptedSessionKey = rsaParams.DecryptData(encryptedPacket.EncryptedSessionKey, keyLength, pathToRecipientPrivateKey);
using (var hmac = new HMACSHA256(decryptedSessionKey))
{
var hmacToCheck = hmac.ComputeHash(encryptedPacket.EncryptedData);
if (!Compare(encryptedPacket.Hmac, hmacToCheck))
{
throw new CryptographicException("HMAC for decryption does not match encrypted packet.");
}
if (!digitalSignature.VerifySignature(encryptedPacket.Hmac, encryptedPacket.Signature, keyLength, pathToSenderPublicKey))
{
throw new CryptographicException("Digital Signature can not be verified.");
}
}
var decryptedData = _aes.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey, encryptedPacket.Iv);
// Need to account for encryptedPacket.Filename being null here - in case a user is decrypting a packet created with v1.0.0
var originalFilename = encryptedPacket.Filename != null?_aes.Decrypt(encryptedPacket.Filename, decryptedSessionKey, encryptedPacket.Iv)
: defaultFilename;
return(new DecryptedData {
FileContents = decryptedData, Filename = Encoding.ASCII.GetString(originalFilename), Version1Packet = encryptedPacket.Filename == null
});
}