private string GetEncryptedNoteKey(DBNote note) { // re-use the same key when saving a note string encrypted_per_note_key; var saved_note = db.FirstOrDefault<DBNote> (n => n.CompoundPrimaryKey == note.CompoundPrimaryKey); if (saved_note != null) { encrypted_per_note_key = saved_note.EncryptedKey; } else { // new note, generate a new key var rng = new RNGCryptoServiceProvider (); encrypted_per_note_key = rng.Create256BitLowerCaseHexKey ().EncryptWithKey (encryptionMasterKey, User.MasterKeySalt); } return encrypted_per_note_key; }
public static void CreateCryptoFields(this DBUser db_user, string password) { if (string.IsNullOrEmpty (password)) throw new ArgumentNullException ("password"); var rng = new RNGCryptoServiceProvider (); var salt = rng.Create256BitLowerCaseHexKey (); db_user.PasswordSalt = salt.Substring (0, 32); db_user.MasterKeySalt = salt.Substring (32, 32); db_user.UpdatePassword (password); // generate master key - always fix and will sustain password changes string master_key = rng.Create256BitLowerCaseHexKey (); var pw_key = db_user.DeriveKeyFromPassword (password); // now encrypt the cleartext masterkey with the password-derived key using (var aes = new AesManaged ()) { ICryptoTransform encryptor = aes.CreateEncryptor(pw_key, db_user.MasterKeySalt.ToByteArray ()); // Create the streams used for encryption. using (MemoryStream msEncrypt = new MemoryStream()) { using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)) { using (StreamWriter swEncrypt = new StreamWriter(csEncrypt)) { //Write all data to the stream. swEncrypt.Write(master_key); } var encrypted = msEncrypt.ToArray(); db_user.EncryptedMasterKey = encrypted.ToHexString (); } } } }
public object TokenExchangeAfterAuthentication(string username, string password, string token) { var response = new OAuthAuthenticateResponse (); var rng = new RNGCryptoServiceProvider (); // TODO surround with try/catch and present 403 or 400 if token is unknown/invalid var request_token = oauthHandler.RequestTokens.GetToken (token); // the verifier is important, it is proof that the user successfully authorized // the verifier is later tested by the OAuth10aInspector to macht request_token.Verifier = rng.Create256BitLowerCaseHexKey (); request_token.AccessDenied = false; var access_token = GenerateAccessToken (username, password); request_token.AccessToken = access_token; oauthHandler.RequestTokens.SaveToken (request_token); Logger.DebugFormat ("created an access token for user {0}: {1}", username, token); // redirect to the provded callback var redirect_url = request_token.CallbackUrl + "?oauth_verifier=" + request_token.Verifier + "&oauth_token=" + request_token.Token; response.RedirectUrl = redirect_url; // the browser/gateway page should take the RedirectUrl and access it // note that the redirect url points to a tomboy listener, or tomdroid listener (tomdroid://...) return response; }
private AccessToken GenerateAccessToken(string username, string password, DateTime? expiry = null) { if (!expiry.HasValue) expiry = DateTime.Now.AddYears (99); var rng = new RNGCryptoServiceProvider (); string access_token_secret = rng.Create256BitLowerCaseHexKey (); string token_key = rng.Create256BitLowerCaseHexKey (); // the token is the master key encrypted with the token key string access_token_token; using (var db = connFactory.OpenDbConnection ()) { DBUser user = db.First<DBUser> (u => u.Username == username); string master_key = user.GetPlaintextMasterKey (password).ToHexString (); access_token_token = master_key.EncryptWithKey (token_key, user.MasterKeySalt); } var access_token = new AccessToken () { ConsumerKey = "anyone", Realm = "Rainy", Token = access_token_token, TokenSecret = access_token_secret, UserName = username, ExpiryDate = expiry.Value }; access_token.SetTokenKey (token_key); return access_token; }
public IToken CreateRequestToken(IOAuthContext context) { if (context == null) throw new ArgumentNullException("context"); // for request tokens, 128 bit entropy should be enough var rng = new RNGCryptoServiceProvider (); var key = rng.Create256BitLowerCaseHexKey (); var token_rnd = key.Substring(0, 32); var token_secret = key.Substring(32, 32); var token = new RequestToken { ConsumerKey = context.ConsumerKey, Realm = context.Realm, Token = token_rnd, TokenSecret = token_secret, CallbackUrl = context.CallbackUrl }; _requestTokenRepository.SaveToken(token); return token; }