public byte[] DecryptData(EncryptedPacket encryptedPacket, RSAParameters privateEncryptionKey, RSAParameters publicSigningKey) { var decryptedSessionKey = _rsaEncryption.DecryptData(encryptedPacket.EncryptedSessionKey, privateEncryptionKey); using (var hmac = new HMACSHA256(decryptedSessionKey)) { var hmacToCheck = hmac.ComputeHash(encryptedPacket.EncryptedData); if (!Compare(encryptedPacket.Hmac, hmacToCheck)) { throw new CryptographicException( "HMAC for decryption does not match encrypted packet."); } if (!_signature.VerifySignature(encryptedPacket.Hmac, encryptedPacket.Signature, publicSigningKey)) { throw new CryptographicException( "Digital Signature can not be verified."); } } return(_aesEncryption.Decrypt(encryptedPacket.EncryptedData, decryptedSessionKey, encryptedPacket.Iv)); }
public EncryptedPacket EncryptData(byte[] original, RSAParameters publicEncryptionKey, RSAParameters privateSigningKey) { var sessionKey = GenerateRandomNumber(32); var vector = GenerateRandomNumber(16); var encryptedPacket = new EncryptedPacket { Iv = vector, EncryptedData = _aesEncryption.Encrypt(original, sessionKey, vector), EncryptedSessionKey = _rsaEncryption.EncryptData(sessionKey, publicEncryptionKey) }; using (var hmac = new HMACSHA256(sessionKey)) { encryptedPacket.Hmac = hmac.ComputeHash(encryptedPacket.EncryptedData); } encryptedPacket.Signature = _signature.SignData(encryptedPacket.Hmac, privateSigningKey); return(encryptedPacket); }