/// <summary> /// Decrypts authenticated ciphertext using the Rijndael cipher in CBC mode with a password derived /// HMAC SHA-512 salt. /// </summary> /// <param name="etmCiphertext">The EtM ciphertext to decrypt.</param> /// <param name="password">The password to decrypt the EtM ciphertext with.</param> /// <param name="keySize">The size of the cipher key used to create the EtM ciphertext.</param> /// <returns>The plaintext.</returns> public static new string Decrypt(byte[] etmCiphertext, string password, KeySize keySize) { // Generate AE keys var keyRing = AeKeyRing.Generate(password); // Extract the ciphertext and MAC from the EtM ciphertext var mac = new byte[keyRing.MacKey.Length]; var ciphertext = new byte[etmCiphertext.Length - mac.Length]; using (var ms = new MemoryStream(etmCiphertext)) { // Extract the ciphertext ms.Read(ciphertext, 0, ciphertext.Length); // Extract the MAC ms.Read(mac, 0, mac.Length); } // Calculate the MAC from the ciphertext var newMac = CalculateMac(ciphertext, keyRing.MacKey); // Authenticate ciphertext if (!mac.SequenceEqual(newMac)) { throw new Exception("Authentication failed!"); } // Decrypt the ciphertext return(Rijndael.Decrypt(ciphertext, keyRing.CipherKey, keySize)); }
/// <summary> /// Encrypts plaintext using the Encrypt-then-MAC (EtM) mode via the Rijndael cipher in /// CBC mode with a password derived HMAC SHA-512 salt. /// </summary> /// <param name="plaintext">The plaintext to encrypt.</param> /// <param name="password">The password to encrypt the plaintext with.</param> /// <param name="iv">The initialization vector. Must be 128-bits.</param> /// <param name="keySize">The cipher key size. 256-bit is stronger, but slower.</param> /// <returns>The EtM ciphertext.</returns> public static new byte[] Encrypt(byte[] plaintext, string password, byte[] iv, KeySize keySize) { // Generate AE keys var keyRing = AeKeyRing.Generate(password); // Encrypt the plaintext var ciphertext = Rijndael.Encrypt(plaintext, keyRing.CipherKey, iv, keySize); // Calculate the MAC from the ciphertext var mac = CalculateMac(ciphertext, keyRing.MacKey); // Append the MAC to the ciphertext var etmCiphertext = new byte[ciphertext.Length + mac.Length]; Buffer.BlockCopy(ciphertext, 0, etmCiphertext, 0, ciphertext.Length); Buffer.BlockCopy(mac, 0, etmCiphertext, ciphertext.Length, mac.Length); // IV + Cipher + MAC return(etmCiphertext); }