public EncryptedPacket EncryptDataWithIntegrity(byte[] originalMessage, RsaWithRsaParameterKey rsaParams)
{
// Sender generates AES session key
byte[] sessionKey = _cryptographyExample.GenerateRandomNumber(32);
// Sender generates Initialization Vector
byte[] initializationVector = _cryptographyExample.GenerateRandomNumber(16);
// Sender stores that IV in the packet object
EncryptedPacket EP = new EncryptedPacket
{
IV = initializationVector
};
// Sender encrypts data using AES
EP.EncryptedData = _cryptographyExample.EncryptUsingAES(originalMessage, sessionKey, EP.IV);
//Sender encrypts the session key with RSA
EP.EncryptedSessionKey = rsaParams.EncryptData(sessionKey);
// create an HMAC using the session key and store an HMAC of the encrypted data in the packet
using (HMACSHA256 hmac = new HMACSHA256(sessionKey))
{
EP.Hmac = hmac.ComputeHash(EP.EncryptedData);
}
return(EP);
}
public byte[] DecryptDataWithSignature(EncryptedPacket EP, RsaWithRsaParameterKey rsaParams, DigitalSignatures DS)
{
// Receiver decrypts AES session key with RSA
byte[] decryptedSessionKey = rsaParams.DecryptData(EP.EncryptedSessionKey);
// Receiver compares
using (HMACSHA256 hmac = new HMACSHA256(decryptedSessionKey))
{
byte[] hmacToCheck = hmac.ComputeHash(EP.EncryptedData);
if (!CompareHashes(EP.Hmac, hmacToCheck))
{
throw new CryptographicException("HMAC for decryption does not match encrypted packet HMAC");
}
if (!DS.VerifySignature(EP.Hmac, EP.Signature))
{
throw new CryptographicException("Digital Signature cannot be verified");
}
}
// Receiver decrypts the data wuth AES using the decrypted session key
byte[] decryptedData = _cryptographyExample.DecryptUsingAES(EP.EncryptedData, decryptedSessionKey, EP.IV);
return(decryptedData);
}
public EncryptedPacket EncryptDataWithSignature(byte[] originalMessage, RsaWithRsaParameterKey rsaParams, DigitalSignatures DS)
{
// Sender generates AES session key
byte[] sessionKey = _cryptographyExample.GenerateRandomNumber(32);
// Sender generates Initialization Vector
byte[] initializationVector = _cryptographyExample.GenerateRandomNumber(16);
// Sender stores that IV in the packet object
EncryptedPacket EP = new EncryptedPacket
{
IV = initializationVector
};
// Sender encrypts data using AES
EP.EncryptedData = _cryptographyExample.EncryptUsingAES(originalMessage, sessionKey, EP.IV);
//Sender encrypts the session key with RSA
EP.EncryptedSessionKey = rsaParams.EncryptData(sessionKey);
// Sender generates hash mac using our session key
using (HMACSHA256 hmac = new HMACSHA256(sessionKey))
{
EP.Hmac = hmac.ComputeHash(EP.EncryptedData);
}
//Sender signs the message with a digital signature
EP.Signature = DS.SignData(EP.Hmac);
return(EP);
}
private static void RunHybridEncryption()
{
Console.WriteLine("Hybrid Encryption started");
Console.WriteLine();
Console.WriteLine(String.Format("Message before encryption: {0}", _hybridMessage));
// generate our private and public keys
RsaWithRsaParameterKey rsaParams = new RsaWithRsaParameterKey();
rsaParams.AssignNewKeys();
HybridEncryption HE = new HybridEncryption();
// encrypt the data
EncryptedPacket encryptedBlock = HE.EncryptData(Encoding.UTF8.GetBytes(_hybridMessage), rsaParams);
Console.WriteLine(String.Format("Message after encryption: {0}", Encoding.UTF8.GetString(encryptedBlock.EncryptedData)));
byte[] decryptedData = HE.DecryptData(encryptedBlock, rsaParams);
Console.WriteLine(String.Format("Message after decryption: {0}", Encoding.UTF8.GetString(decryptedData)));
Console.WriteLine();
Console.WriteLine("Hybrid Encryption ended");
}
private static void RunHybridEncryptionWithIntegrityCheck()
{
Console.WriteLine("Hybrid Encryption With Integrity Check started");
Console.WriteLine();
Console.WriteLine(String.Format("Message before encryption: {0}", _hybridMessage));
// generate our private and public keys
RsaWithRsaParameterKey rsaParams = new RsaWithRsaParameterKey();
rsaParams.AssignNewKeys();
try
{
HybridEncryption HE = new HybridEncryption();
// encrypt the data
EncryptedPacket encryptedBlock = HE.EncryptDataWithIntegrity(Encoding.UTF8.GetBytes(_hybridMessage), rsaParams);
Console.WriteLine(String.Format("Message after encryption: {0}", Encoding.UTF8.GetString(encryptedBlock.EncryptedData)));
// decrypt the data
// we can put a break point here, alter the encrypted data of the packet before we pass it into the DecryptDataWithIntegrity() method, which will
// then do the compare of the HMAC hashes, fail and get caught in this try/catch
byte[] decryptedData = HE.DecryptDataWithIntegrity(encryptedBlock, rsaParams);
Console.WriteLine(String.Format("Message after decryption: {0}", Encoding.UTF8.GetString(decryptedData)));
}
catch (CryptographicException CE)
{
Console.WriteLine("Hybrid Encryption With Integrity failed, Error: " + CE.Message);
}
Console.WriteLine();
Console.WriteLine("Hybrid Encryption With Integrity Check ended");
}
private static void RunHybridEncryptionWithDigitalSignature()
{
Console.WriteLine("Hybrid Encryption With Digital Signature started");
Console.WriteLine();
Console.WriteLine(String.Format("Message before encryption: {0}", _hybridWithSignatureMessage));
HybridEncryption HP = new HybridEncryption();
RsaWithRsaParameterKey rsaParams = new RsaWithRsaParameterKey();
rsaParams.AssignNewKeys();
DigitalSignatures DS = new DigitalSignatures();
DS.AssignNewKey();
try
{
EncryptedPacket encryptedBlock = HP.EncryptDataWithSignature(Encoding.UTF8.GetBytes(_hybridWithSignatureMessage), rsaParams, DS);
Console.WriteLine(String.Format("Message after encryption: {0}", Encoding.UTF8.GetString(encryptedBlock.EncryptedData)));
byte[] decryptedData = HP.DecryptDataWithSignature(encryptedBlock, rsaParams, DS);
Console.WriteLine(String.Format("Message after decryption: {0}", Encoding.UTF8.GetString(decryptedData)));
}
catch (CryptographicException CE)
{
Console.WriteLine(String.Format("Hybrid Encryption With Digital Signature failed, Error: {0}", CE.Message));
}
Console.WriteLine();
Console.WriteLine("Hybrid Encryption With Digital Signature ended");
}
public byte[] DecryptData(EncryptedPacket EP, RsaWithRsaParameterKey rsaParams)
{
// Receiver decrypts AES session key with RSA
byte[] decryptedSessionKey = rsaParams.DecryptData(EP.EncryptedSessionKey);
// Receiver decrypts the data wuth AES using the decrypted session key
byte[] decryptedData = _cryptographyExample.DecryptUsingAES(EP.EncryptedData, decryptedSessionKey, EP.IV);
return(decryptedData);
}
public EncryptedPacket EncryptData(byte[] originalMessage, RsaWithRsaParameterKey rsaParams)
{
// Sender generates AES session key
byte[] sessionKey = _cryptographyExample.GenerateRandomNumber(32);
// Sender generates Initialization Vector
byte[] initializationVector = _cryptographyExample.GenerateRandomNumber(16);
// Sender stores that IV in the packet object
EncryptedPacket EP = new EncryptedPacket
{
IV = initializationVector
};
// Sender encrypts data using AES
EP.EncryptedData = _cryptographyExample.EncryptUsingAES(originalMessage, sessionKey, EP.IV);
//Sender encrypts the session key with RSA
EP.EncryptedSessionKey = rsaParams.EncryptData(sessionKey);
return(EP);
}