├── .DS_Store ├── Blobs ├── SecureLocal.ico ├── SecureLocal.png └── SecureLocalSmall.png ├── SecureLocalStorage ├── .DS_Store ├── ISecureLocalStorageConfig.cs ├── ISecureLocalStorage.cs ├── DefaultLocalStorageConfig.cs ├── SecureLocalStorage.csproj ├── CustomLocalStorageConfig.cs └── SecureLocalStorage.cs ├── Examples └── Simple.Example │ ├── UserExample.cs │ ├── Simple.Example.csproj │ └── Program.cs ├── Tests └── SecureLocalStorage.Test │ ├── SecureLocalStorage.Test.csproj │ └── UnitTest1.cs ├── SecureLocalStoragePublic.sln ├── .gitattributes ├── README.md └── .gitignore /.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bytehide/SecureLocalStorage/HEAD/.DS_Store -------------------------------------------------------------------------------- /Blobs/SecureLocal.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bytehide/SecureLocalStorage/HEAD/Blobs/SecureLocal.ico -------------------------------------------------------------------------------- /Blobs/SecureLocal.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bytehide/SecureLocalStorage/HEAD/Blobs/SecureLocal.png -------------------------------------------------------------------------------- /Blobs/SecureLocalSmall.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bytehide/SecureLocalStorage/HEAD/Blobs/SecureLocalSmall.png -------------------------------------------------------------------------------- /SecureLocalStorage/.DS_Store: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/bytehide/SecureLocalStorage/HEAD/SecureLocalStorage/.DS_Store -------------------------------------------------------------------------------- /Examples/Simple.Example/UserExample.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Text; 4 | 5 | namespace Simple.Example 6 | { 7 | public class UserExample 8 | { 9 | public string Name { get; set; } 10 | public bool Verified { get; set; } 11 | } 12 | } 13 | -------------------------------------------------------------------------------- /Examples/Simple.Example/Simple.Example.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | Exe 5 | netcoreapp3.1 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /SecureLocalStorage/ISecureLocalStorageConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.Text; 4 | 5 | namespace SecureLocalStorage 6 | { 7 | public interface ISecureLocalStorageConfig 8 | { 9 | string DefaultPath { get; } 10 | string ApplicationName { get; } 11 | string StoragePath { get; } 12 | Func BuildLocalSecureKey { get; set; } 13 | } 14 | } 15 | -------------------------------------------------------------------------------- /SecureLocalStorage/ISecureLocalStorage.cs: -------------------------------------------------------------------------------- 1 | using System.Collections.Generic; 2 | 3 | namespace SecureLocalStorage 4 | { 5 | internal interface ISecureLocalStorage 6 | { 7 | int Count { get; } 8 | void Clear(); 9 | bool Exists(); 10 | bool Exists(string key); 11 | string Get(string key); 12 | T Get(string key); 13 | IReadOnlyCollection Keys(); 14 | void Remove(string key); 15 | void Set(string key, T data); 16 | } 17 | } 18 | -------------------------------------------------------------------------------- /Tests/SecureLocalStorage.Test/SecureLocalStorage.Test.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netcoreapp3.1 5 | 6 | false 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | -------------------------------------------------------------------------------- /SecureLocalStorage/DefaultLocalStorageConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO; 3 | using System.Reflection; 4 | using System.Security.Cryptography; 5 | using DeviceId; 6 | 7 | namespace SecureLocalStorage 8 | { 9 | public class DefaultLocalStorageConfig : ISecureLocalStorageConfig 10 | { 11 | public string DefaultPath => Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData); 12 | 13 | public string ApplicationName 14 | { 15 | get 16 | { 17 | var myProduct = 18 | (AssemblyProductAttribute)Attribute.GetCustomAttribute(Assembly.GetExecutingAssembly(), 19 | typeof(AssemblyProductAttribute)); 20 | return myProduct.Product; 21 | } 22 | 23 | } 24 | 25 | public string StoragePath => Path.Combine(DefaultPath, ApplicationName); 26 | 27 | public Func BuildLocalSecureKey { get; set; } = () => new DeviceIdBuilder() 28 | .AddMachineName() 29 | .AddProcessorId() 30 | .AddMotherboardSerialNumber() 31 | .AddSystemDriveSerialNumber() 32 | .ToString(); 33 | } 34 | } 35 | -------------------------------------------------------------------------------- /SecureLocalStorage/SecureLocalStorage.csproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | netstandard2.0 5 | true 6 | jespanag 7 | ByteHide 8 | 2.0.0 9 | A simple and lightweight extension for .NET that allows you to safely store data locally. 10 | ByteHide 11 | ../Blobs/SecureLocal.ico 12 | https://github.com/dotnetsafer/SecureLocalStorage 13 | SecureLocalStorage 14 | ByteHide, dotnet, security, local storage, storage 15 | https://github.com/dotnetsafer/SecureLocalStorage 16 | 17 | 18 | 19 | 8.0 20 | 21 | 22 | 8.0 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | -------------------------------------------------------------------------------- /SecureLocalStorage/CustomLocalStorageConfig.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.IO; 3 | using DeviceId; 4 | 5 | namespace SecureLocalStorage 6 | { 7 | public class CustomLocalStorageConfig : ISecureLocalStorageConfig 8 | { 9 | public CustomLocalStorageConfig(string defaultPath, string applicationName) 10 | { 11 | DefaultPath = defaultPath ?? Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); 12 | ApplicationName = ApplicationName; 13 | StoragePath = Path.Combine(DefaultPath, applicationName); 14 | } 15 | 16 | public CustomLocalStorageConfig(string defaultPath, string applicationName, string key) 17 | { 18 | DefaultPath = defaultPath ?? Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData); 19 | ApplicationName = ApplicationName; 20 | StoragePath = Path.Combine(DefaultPath, applicationName); 21 | BuildLocalSecureKey = () => key; 22 | } 23 | 24 | public CustomLocalStorageConfig WithDefaultKeyBuilder() 25 | { 26 | BuildLocalSecureKey = () => new DeviceIdBuilder() 27 | .AddMachineName() 28 | .AddProcessorId() 29 | .AddMotherboardSerialNumber() 30 | .AddSystemDriveSerialNumber() 31 | .ToString(); 32 | 33 | return this; 34 | } 35 | 36 | public string DefaultPath { get; } 37 | public string ApplicationName { get; } 38 | public string StoragePath { get; } 39 | public Func BuildLocalSecureKey { get; set; } 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /Examples/Simple.Example/Program.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using SecureLocalStorage; 3 | 4 | namespace Simple.Example 5 | { 6 | class Program 7 | { 8 | static void Main(string[] args) 9 | { 10 | 11 | #region For default configuration 12 | 13 | ISecureLocalStorageConfig config = new DefaultLocalStorageConfig(); 14 | 15 | #endregion 16 | 17 | #region For custom configuration 18 | 19 | //Default key builder prevents switch data between different machines. 20 | 21 | /* 22 | * config = new CustomLocalStorageConfig(null, "DotnetsaferTesting").WithDefaultKeyBuilder(); 23 | * config = new CustomLocalStorageConfig(null, "DotnetsaferTesting", "test1234"); 24 | * config = new CustomLocalStorageConfig(@"current/default", "DotnetsaferTesting", "test1234"); 25 | * config.BuildLocalSecureKey = () => Guid.NewGuid().ToString(); 26 | */ 27 | 28 | #endregion 29 | 30 | //Instance secure local storage 31 | var storage = new SecureLocalStorage.SecureLocalStorage(config); 32 | 33 | #region Simple String Example 34 | 35 | storage.Set("Example", "Hello world."); 36 | 37 | var example = storage.Get("Example"); 38 | 39 | Console.WriteLine(example); 40 | 41 | storage.Remove("Example"); 42 | 43 | #endregion 44 | 45 | #region Custom Class Example 46 | 47 | var userExample = new UserExample {Name = "Juan",Verified = true}; 48 | 49 | storage.Set("User", userExample); 50 | 51 | if (storage.Exists("User")) 52 | { 53 | var user = storage.Get("User"); 54 | Console.WriteLine(user.Name); 55 | } 56 | else Console.WriteLine("User not exists on storage."); 57 | 58 | #endregion 59 | 60 | 61 | Console.ReadKey(); 62 | } 63 | } 64 | } 65 | -------------------------------------------------------------------------------- /Tests/SecureLocalStorage.Test/UnitTest1.cs: -------------------------------------------------------------------------------- 1 | using System.IO; 2 | using NUnit.Framework; 3 | 4 | namespace SecureLocalStorage.Test 5 | { 6 | public class Tests 7 | { 8 | internal SecureLocalStorage Storage { get; set; } 9 | 10 | [SetUp, Order(0)] 11 | public void Setup() 12 | { 13 | var config = new CustomLocalStorageConfig(Path.Combine(@"test","path"),"testing").WithDefaultKeyBuilder(); 14 | Storage = new SecureLocalStorage(config); 15 | Assert.NotNull(Storage); 16 | } 17 | 18 | [Test, Order(1)] 19 | public void CanSet() 20 | { 21 | Assert.DoesNotThrow(() => Storage.Set("test", "dotnetsafer")); 22 | Assert.IsTrue(Storage.Exists("test")); 23 | Assert.Pass(); 24 | } 25 | 26 | [Test, Order(2)] 27 | public void CanGet() 28 | { 29 | var get = Storage.Get("test"); 30 | Assert.AreEqual("dotnetsafer",get); 31 | Assert.Pass(); 32 | } 33 | 34 | [Test, Order(3)] 35 | public void CanDelete() 36 | { 37 | Assert.DoesNotThrow(() => Storage.Remove("test")); 38 | Assert.IsNull(Storage.Get("test")); 39 | Assert.Pass(); 40 | } 41 | 42 | [Test, Order(4)] 43 | public void CanClear() 44 | { 45 | Assert.DoesNotThrow(() => Storage.Clear()); 46 | Assert.Pass(); 47 | } 48 | 49 | [Test, Order(5)] 50 | public void IsEncrypted() 51 | { 52 | Storage.Set("test","Hello world"); 53 | var data = File.ReadAllText(Path.Combine(@"test", "path", "testing","default")); 54 | Assert.IsFalse(data.ToLower().Contains("hello")); 55 | Assert.Pass(); 56 | } 57 | 58 | [Test, Order(6)] 59 | public void IsEncryptedOnlyForCurrentMachine() 60 | { 61 | var config = new CustomLocalStorageConfig(Path.Combine(@"test", "path"), "testing", "test1234"); 62 | var storage = new SecureLocalStorage(config); 63 | 64 | Assert.IsNotNull(storage); 65 | 66 | //Assert.DoesNotThrow(()=>Storage.Set("encryption","isEncrypted")); 67 | 68 | //Assert.Throws(typeof(CryptographicException), () => storage.Get("encryption")); 69 | 70 | Assert.Pass(); 71 | } 72 | } 73 | } -------------------------------------------------------------------------------- /SecureLocalStoragePublic.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio Version 16 4 | VisualStudioVersion = 16.0.30804.86 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureLocalStorage", "SecureLocalStorage\SecureLocalStorage.csproj", "{0AEEFF12-EEE6-4AE8-A27F-99210C67F1C7}" 7 | EndProject 8 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Simple.Example", "Examples\Simple.Example\Simple.Example.csproj", "{797CB056-3A8E-4C2E-A5FC-C3B25BCB2546}" 9 | EndProject 10 | Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "SecureLocalStorage.Test", "Tests\SecureLocalStorage.Test\SecureLocalStorage.Test.csproj", "{24A4AC68-93C5-4C6D-93B7-0916213C63C3}" 11 | EndProject 12 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{8D0B257F-C102-4EB0-81D0-9ADB1DF6E650}" 13 | ProjectSection(SolutionItems) = preProject 14 | Blobs\SecureLocal.png = Blobs\SecureLocal.png 15 | Blobs\SecureLocalSmall.png = Blobs\SecureLocalSmall.png 16 | EndProjectSection 17 | EndProject 18 | Global 19 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 20 | Debug|Any CPU = Debug|Any CPU 21 | Release|Any CPU = Release|Any CPU 22 | EndGlobalSection 23 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 24 | {0AEEFF12-EEE6-4AE8-A27F-99210C67F1C7}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 25 | {0AEEFF12-EEE6-4AE8-A27F-99210C67F1C7}.Debug|Any CPU.Build.0 = Debug|Any CPU 26 | {0AEEFF12-EEE6-4AE8-A27F-99210C67F1C7}.Release|Any CPU.ActiveCfg = Release|Any CPU 27 | {0AEEFF12-EEE6-4AE8-A27F-99210C67F1C7}.Release|Any CPU.Build.0 = Release|Any CPU 28 | {797CB056-3A8E-4C2E-A5FC-C3B25BCB2546}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 29 | {797CB056-3A8E-4C2E-A5FC-C3B25BCB2546}.Debug|Any CPU.Build.0 = Debug|Any CPU 30 | {797CB056-3A8E-4C2E-A5FC-C3B25BCB2546}.Release|Any CPU.ActiveCfg = Release|Any CPU 31 | {797CB056-3A8E-4C2E-A5FC-C3B25BCB2546}.Release|Any CPU.Build.0 = Release|Any CPU 32 | {24A4AC68-93C5-4C6D-93B7-0916213C63C3}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 33 | {24A4AC68-93C5-4C6D-93B7-0916213C63C3}.Debug|Any CPU.Build.0 = Debug|Any CPU 34 | {24A4AC68-93C5-4C6D-93B7-0916213C63C3}.Release|Any CPU.ActiveCfg = Release|Any CPU 35 | {24A4AC68-93C5-4C6D-93B7-0916213C63C3}.Release|Any CPU.Build.0 = Release|Any CPU 36 | EndGlobalSection 37 | GlobalSection(SolutionProperties) = preSolution 38 | HideSolutionNode = FALSE 39 | EndGlobalSection 40 | GlobalSection(ExtensibilityGlobals) = postSolution 41 | SolutionGuid = {B762C66C-8F40-4AC4-963F-FB499EAED4DA} 42 | EndGlobalSection 43 | EndGlobal 44 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Set default behavior to automatically normalize line endings. 3 | ############################################################################### 4 | * text=auto 5 | 6 | ############################################################################### 7 | # Set default behavior for command prompt diff. 8 | # 9 | # This is need for earlier builds of msysgit that does not have it on by 10 | # default for csharp files. 11 | # Note: This is only used by command line 12 | ############################################################################### 13 | #*.cs diff=csharp 14 | 15 | ############################################################################### 16 | # Set the merge driver for project and solution files 17 | # 18 | # Merging from the command prompt will add diff markers to the files if there 19 | # are conflicts (Merging from VS is not affected by the settings below, in VS 20 | # the diff markers are never inserted). Diff markers may cause the following 21 | # file extensions to fail to load in VS. An alternative would be to treat 22 | # these files as binary and thus will always conflict and require user 23 | # intervention with every merge. To do so, just uncomment the entries below 24 | ############################################################################### 25 | #*.sln merge=binary 26 | #*.csproj merge=binary 27 | #*.vbproj merge=binary 28 | #*.vcxproj merge=binary 29 | #*.vcproj merge=binary 30 | #*.dbproj merge=binary 31 | #*.fsproj merge=binary 32 | #*.lsproj merge=binary 33 | #*.wixproj merge=binary 34 | #*.modelproj merge=binary 35 | #*.sqlproj merge=binary 36 | #*.wwaproj merge=binary 37 | 38 | ############################################################################### 39 | # behavior for image files 40 | # 41 | # image files are treated as binary by default. 42 | ############################################################################### 43 | #*.jpg binary 44 | #*.png binary 45 | #*.gif binary 46 | 47 | ############################################################################### 48 | # diff behavior for common document formats 49 | # 50 | # Convert binary document formats to text before diffing them. This feature 51 | # is only available from the command line. Turn it on by uncommenting the 52 | # entries below. 53 | ############################################################################### 54 | #*.doc diff=astextplain 55 | #*.DOC diff=astextplain 56 | #*.docx diff=astextplain 57 | #*.DOCX diff=astextplain 58 | #*.dot diff=astextplain 59 | #*.DOT diff=astextplain 60 | #*.pdf diff=astextplain 61 | #*.PDF diff=astextplain 62 | #*.rtf diff=astextplain 63 | #*.RTF diff=astextplain 64 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Secure Local Storage 2 | 3 | ![alt text](https://github.com/dotnetsafer/SecureLocalStorage/blob/master/Blobs/SecureLocalSmall.png?raw=true) 4 | 5 | Secure Local Storage is a simple package for .NET that allows you to safely store information locally, allowing you to select whether the information will only be decryptable on the computer where it was created, or if it can be shared between several computers. 6 | 7 | Mainly it offers you the option of storing information or sensitive settings and obtaining it from the same or another application. 8 | 9 | ## Installation 10 | 11 | Use the nuget package manager to install [SecureLocalStorage.](https://www.nuget.org/packages/SecureLocalStorage/) 12 | 13 | _Package Manager:_ 14 | ```csharp 15 | Install-Package SecureLocalStorage -Version 2.0.0 16 | ``` 17 | _.NET CLI:_ 18 | ```csharp 19 | dotnet add package SecureLocalStorage --version 2.0.0 20 | ``` 21 | 22 | 23 | **Caveat:** 24 | 25 | Version 1 does not support MacOs and Linux, so please upgrade to version 2 if you are encrypting local data in a cross-platform project. 26 | 27 | Since version 2, both Mac and Linux and Windows have the ability to store fully encrypted local files and data on the machine where your software runs. 28 | 29 | ## Simple Usage 30 | 31 | 32 | ### Instantiate the class with the default settings: 33 | 34 | ```csharp 35 | var config = new DefaultLocalStorageConfig(); 36 | var storage = new SecureLocalStorage.SecureLocalStorage(config); 37 | ``` 38 | ### Add data to storage: 39 | ```csharp 40 | storage.Set("Example", "Hello world."); 41 | //If key exists content will replaced. 42 | ``` 43 | ### Add custom data to storage: 44 | ```csharp 45 | var userExample = new UserExample {Name = "Juan", Verified = true}; 46 | storage.Set("User", userExample); 47 | ``` 48 | ### Get data from storage: 49 | ```csharp 50 | string data = storage.Get("Example"); //Hello world 51 | ``` 52 | ### Get custom data from storage: 53 | ```csharp 54 | var data = storage.Get("User"); //{Name = "Juan", Verified = true} 55 | ``` 56 | ### Remove data from storage: 57 | ```csharp 58 | storage.Remove("User"); 59 | ``` 60 | ### Check if data exists on storage 61 | ```csharp 62 | var exists = storage.Exists("User"); 63 | ``` 64 | 65 | ## Advanced Usage 66 | 67 | By default, the information is encrypted with the values of the machine that runs the application and it is only possible to manipulate the data in the same environment, that is, information stored between devices cannot be stolen. 68 | 69 | Optionally you can configure where that information is stored and how it is encrypted. 70 | 71 | ### Custom configuration 72 | 73 | The information is stored by default in `Environment.SpecialFolder.ApplicationData`. 74 | 75 | and its hierarchy is as follows: 76 | 77 | `%SpecialFolder% / Your_App_Name / default.` 78 | 79 | #### Change default app name: 80 | 81 | ```csharp 82 | config = new CustomLocalStorageConfig(null, "DotnetsaferTesting").WithDefaultKeyBuilder(); 83 | ``` 84 | Make sure the name is unique to your application, or it could create conflicts with other applications. 85 | 86 | #### Change default path: 87 | 88 | ```csharp 89 | config = new CustomLocalStorageConfig(@"current/default", "DotnetsaferTesting").WithDefaultKeyBuilder(); 90 | ``` 91 | 92 | #### Change default encryption key: 93 | 94 | If you don't want the encryption key to be unique values of the device, you can set one yourself. 95 | ```csharp 96 | config = new CustomLocalStorageConfig(@"current/default", "DotnetsaferTesting", "secret1234"); 97 | ``` 98 | **If you want to add a dynamic key you can override the `BuildLocalSecureKey` method:** 99 | 100 | ```csharp 101 | config.BuildLocalSecureKey = () => Guid.NewGuid().ToString(); 102 | ``` 103 | 104 | ## Contributing 105 | Pull requests are welcome. For major changes, please open an issue first to discuss what you would like to change. 106 | 107 | Please make sure to update tests as appropriate. 108 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.rsuser 8 | *.suo 9 | *.user 10 | *.userosscache 11 | *.sln.docstates 12 | 13 | # User-specific files (MonoDevelop/Xamarin Studio) 14 | *.userprefs 15 | 16 | # Build results 17 | [Dd]ebug/ 18 | [Dd]ebugPublic/ 19 | [Rr]elease/ 20 | [Rr]eleases/ 21 | x64/ 22 | x86/ 23 | [Aa][Rr][Mm]/ 24 | [Aa][Rr][Mm]64/ 25 | bld/ 26 | [Bb]in/ 27 | [Oo]bj/ 28 | [Ll]og/ 29 | 30 | # Visual Studio 2015/2017 cache/options directory 31 | .vs/ 32 | # Uncomment if you have tasks that create the project's static files in wwwroot 33 | #wwwroot/ 34 | 35 | # Visual Studio 2017 auto generated files 36 | Generated\ Files/ 37 | 38 | # MSTest test Results 39 | [Tt]est[Rr]esult*/ 40 | [Bb]uild[Ll]og.* 41 | 42 | # NUNIT 43 | *.VisualState.xml 44 | TestResult.xml 45 | 46 | # Build Results of an ATL Project 47 | [Dd]ebugPS/ 48 | [Rr]eleasePS/ 49 | dlldata.c 50 | 51 | # Benchmark Results 52 | BenchmarkDotNet.Artifacts/ 53 | 54 | # .NET Core 55 | project.lock.json 56 | project.fragment.lock.json 57 | artifacts/ 58 | 59 | # StyleCop 60 | StyleCopReport.xml 61 | 62 | # Files built by Visual Studio 63 | *_i.c 64 | *_p.c 65 | *_h.h 66 | *.ilk 67 | *.meta 68 | *.obj 69 | *.iobj 70 | *.pch 71 | *.pdb 72 | *.ipdb 73 | *.pgc 74 | *.pgd 75 | *.rsp 76 | *.sbr 77 | *.tlb 78 | *.tli 79 | *.tlh 80 | *.tmp 81 | *.tmp_proj 82 | *_wpftmp.csproj 83 | *.log 84 | *.vspscc 85 | *.vssscc 86 | .builds 87 | *.pidb 88 | *.svclog 89 | *.scc 90 | 91 | # Chutzpah Test files 92 | _Chutzpah* 93 | 94 | # Visual C++ cache files 95 | ipch/ 96 | *.aps 97 | *.ncb 98 | *.opendb 99 | *.opensdf 100 | *.sdf 101 | *.cachefile 102 | *.VC.db 103 | *.VC.VC.opendb 104 | 105 | # Visual Studio profiler 106 | *.psess 107 | *.vsp 108 | *.vspx 109 | *.sap 110 | 111 | # Visual Studio Trace Files 112 | *.e2e 113 | 114 | # TFS 2012 Local Workspace 115 | $tf/ 116 | 117 | # Guidance Automation Toolkit 118 | *.gpState 119 | 120 | # ReSharper is a .NET coding add-in 121 | _ReSharper*/ 122 | *.[Rr]e[Ss]harper 123 | *.DotSettings.user 124 | 125 | # JustCode is a .NET coding add-in 126 | .JustCode 127 | 128 | # TeamCity is a build add-in 129 | _TeamCity* 130 | 131 | # DotCover is a Code Coverage Tool 132 | *.dotCover 133 | 134 | # AxoCover is a Code Coverage Tool 135 | .axoCover/* 136 | !.axoCover/settings.json 137 | 138 | # Visual Studio code coverage results 139 | *.coverage 140 | *.coveragexml 141 | 142 | # NCrunch 143 | _NCrunch_* 144 | .*crunch*.local.xml 145 | nCrunchTemp_* 146 | 147 | # MightyMoose 148 | *.mm.* 149 | AutoTest.Net/ 150 | 151 | # Web workbench (sass) 152 | .sass-cache/ 153 | 154 | # Installshield output folder 155 | [Ee]xpress/ 156 | 157 | # DocProject is a documentation generator add-in 158 | DocProject/buildhelp/ 159 | DocProject/Help/*.HxT 160 | DocProject/Help/*.HxC 161 | DocProject/Help/*.hhc 162 | DocProject/Help/*.hhk 163 | DocProject/Help/*.hhp 164 | DocProject/Help/Html2 165 | DocProject/Help/html 166 | 167 | # Click-Once directory 168 | publish/ 169 | 170 | # Publish Web Output 171 | *.[Pp]ublish.xml 172 | *.azurePubxml 173 | # Note: Comment the next line if you want to checkin your web deploy settings, 174 | # but database connection strings (with potential passwords) will be unencrypted 175 | *.pubxml 176 | *.publishproj 177 | 178 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 179 | # checkin your Azure Web App publish settings, but sensitive information contained 180 | # in these scripts will be unencrypted 181 | PublishScripts/ 182 | 183 | # NuGet Packages 184 | *.nupkg 185 | # The packages folder can be ignored because of Package Restore 186 | **/[Pp]ackages/* 187 | # except build/, which is used as an MSBuild target. 188 | !**/[Pp]ackages/build/ 189 | # Uncomment if necessary however generally it will be regenerated when needed 190 | #!**/[Pp]ackages/repositories.config 191 | # NuGet v3's project.json files produces more ignorable files 192 | *.nuget.props 193 | *.nuget.targets 194 | 195 | # Microsoft Azure Build Output 196 | csx/ 197 | *.build.csdef 198 | 199 | # Microsoft Azure Emulator 200 | ecf/ 201 | rcf/ 202 | 203 | # Windows Store app package directories and files 204 | AppPackages/ 205 | BundleArtifacts/ 206 | Package.StoreAssociation.xml 207 | _pkginfo.txt 208 | *.appx 209 | 210 | # Visual Studio cache files 211 | # files ending in .cache can be ignored 212 | *.[Cc]ache 213 | # but keep track of directories ending in .cache 214 | !?*.[Cc]ache/ 215 | 216 | # Others 217 | ClientBin/ 218 | ~$* 219 | *~ 220 | *.dbmdl 221 | *.dbproj.schemaview 222 | *.jfm 223 | *.pfx 224 | *.publishsettings 225 | orleans.codegen.cs 226 | 227 | # Including strong name files can present a security risk 228 | # (https://github.com/github/gitignore/pull/2483#issue-259490424) 229 | #*.snk 230 | 231 | # Since there are multiple workflows, uncomment next line to ignore bower_components 232 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 233 | #bower_components/ 234 | 235 | # RIA/Silverlight projects 236 | Generated_Code/ 237 | 238 | # Backup & report files from converting an old project file 239 | # to a newer Visual Studio version. Backup files are not needed, 240 | # because we have git ;-) 241 | _UpgradeReport_Files/ 242 | Backup*/ 243 | UpgradeLog*.XML 244 | UpgradeLog*.htm 245 | ServiceFabricBackup/ 246 | *.rptproj.bak 247 | 248 | # SQL Server files 249 | *.mdf 250 | *.ldf 251 | *.ndf 252 | 253 | # Business Intelligence projects 254 | *.rdl.data 255 | *.bim.layout 256 | *.bim_*.settings 257 | *.rptproj.rsuser 258 | *- Backup*.rdl 259 | 260 | # Microsoft Fakes 261 | FakesAssemblies/ 262 | 263 | # GhostDoc plugin setting file 264 | *.GhostDoc.xml 265 | 266 | # Node.js Tools for Visual Studio 267 | .ntvs_analysis.dat 268 | node_modules/ 269 | 270 | # Visual Studio 6 build log 271 | *.plg 272 | 273 | # Visual Studio 6 workspace options file 274 | *.opt 275 | 276 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 277 | *.vbw 278 | 279 | # Visual Studio LightSwitch build output 280 | **/*.HTMLClient/GeneratedArtifacts 281 | **/*.DesktopClient/GeneratedArtifacts 282 | **/*.DesktopClient/ModelManifest.xml 283 | **/*.Server/GeneratedArtifacts 284 | **/*.Server/ModelManifest.xml 285 | _Pvt_Extensions 286 | 287 | # Paket dependency manager 288 | .paket/paket.exe 289 | paket-files/ 290 | 291 | # FAKE - F# Make 292 | .fake/ 293 | 294 | # JetBrains Rider 295 | .idea/ 296 | *.sln.iml 297 | 298 | # CodeRush personal settings 299 | .cr/personal 300 | 301 | # Python Tools for Visual Studio (PTVS) 302 | __pycache__/ 303 | *.pyc 304 | 305 | # Cake - Uncomment if you are using it 306 | # tools/** 307 | # !tools/packages.config 308 | 309 | # Tabs Studio 310 | *.tss 311 | 312 | # Telerik's JustMock configuration file 313 | *.jmconfig 314 | 315 | # BizTalk build output 316 | *.btp.cs 317 | *.btm.cs 318 | *.odx.cs 319 | *.xsd.cs 320 | 321 | # OpenCover UI analysis results 322 | OpenCover/ 323 | 324 | # Azure Stream Analytics local run output 325 | ASALocalRun/ 326 | 327 | # MSBuild Binary and Structured Log 328 | *.binlog 329 | 330 | # NVidia Nsight GPU debugger configuration file 331 | *.nvuser 332 | 333 | # MFractors (Xamarin productivity tool) working folder 334 | .mfractor/ 335 | 336 | # Local History for Visual Studio 337 | .localhistory/ 338 | 339 | # BeatPulse healthcheck temp database 340 | healthchecksdb -------------------------------------------------------------------------------- /SecureLocalStorage/SecureLocalStorage.cs: -------------------------------------------------------------------------------- 1 | using System; 2 | using System.Collections.Generic; 3 | using System.IO; 4 | using System.Linq; 5 | using System.Runtime.InteropServices; 6 | using System.Security.Cryptography; 7 | using System.Text; 8 | using Newtonsoft.Json; 9 | 10 | namespace SecureLocalStorage 11 | { 12 | public class SecureLocalStorage : ISecureLocalStorage 13 | { 14 | internal ISecureLocalStorageConfig Config { get; } 15 | internal Dictionary StoredData { get; set; } 16 | private byte[] Key { get; } 17 | 18 | internal void CreateIfNotExists(string path) 19 | { 20 | if (!Directory.Exists(path)) 21 | Directory.CreateDirectory(path); 22 | } 23 | public SecureLocalStorage(ISecureLocalStorageConfig configuration) 24 | { 25 | Config = configuration ?? throw new ArgumentNullException(nameof(configuration)); 26 | CreateIfNotExists(Config.StoragePath); 27 | Key = Encoding.UTF8.GetBytes(Config.BuildLocalSecureKey()); 28 | Read(); 29 | } 30 | 31 | 32 | internal byte[] EncryptData(string data, byte[] key, DataProtectionScope scope) 33 | { 34 | if (data == null) 35 | throw new ArgumentNullException(nameof(data)); 36 | if (data.Length <= 0) 37 | throw new ArgumentException("data"); 38 | if (key == null) 39 | throw new ArgumentNullException(nameof(key)); 40 | if (key.Length <= 0) 41 | throw new ArgumentException("key"); 42 | 43 | if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) 44 | return ProtectedData.Protect(Encoding.UTF8.GetBytes(data), key, scope); 45 | else return Encoding.UTF8.GetBytes(AESThenHMAC.SimpleEncryptWithPassword(data, Encoding.UTF8.GetString(key))); 46 | } 47 | 48 | internal string DecryptData(byte[] data, byte[] key, DataProtectionScope scope) 49 | { 50 | if (data == null) 51 | throw new ArgumentNullException(nameof(data)); 52 | if (data.Length <= 0) 53 | throw new ArgumentException("data"); 54 | if (key == null) 55 | throw new ArgumentNullException(nameof(key)); 56 | if (key.Length <= 0) 57 | throw new ArgumentException("key"); 58 | 59 | if (RuntimeInformation.IsOSPlatform(OSPlatform.Windows)) 60 | return Encoding.UTF8.GetString(ProtectedData.Unprotect(data, key, scope)); 61 | else return AESThenHMAC.SimpleDecryptWithPassword(Encoding.UTF8.GetString(data), Encoding.UTF8.GetString(key)); 62 | 63 | } 64 | 65 | internal void Read() 66 | => StoredData = 67 | File.Exists(Path.Combine(Config.StoragePath, "default")) ? 68 | JsonConvert.DeserializeObject>(DecryptData(File.ReadAllBytes(Path.Combine(Config.StoragePath, "default")), Key, DataProtectionScope.LocalMachine)) : 69 | new Dictionary(); 70 | 71 | 72 | internal void Write() 73 | => File.WriteAllBytes(Path.Combine(Config.StoragePath, "default"), 74 | EncryptData(JsonConvert.SerializeObject(StoredData), Key, DataProtectionScope.LocalMachine)); 75 | 76 | 77 | public int Count => StoredData.Count; 78 | 79 | public void Clear() 80 | 81 | => File.Delete(Path.Combine(Config.StoragePath, "default")); 82 | 83 | 84 | public bool Exists() 85 | => File.Exists(Path.Combine(Config.StoragePath, "default")); 86 | 87 | public bool Exists(string key) 88 | => StoredData.ContainsKey(key); 89 | 90 | public string Get(string key) 91 | 92 | => !StoredData.TryGetValue(key, out var value) ? default : JsonConvert.DeserializeObject(value ?? string.Empty); 93 | 94 | 95 | public T Get(string key) 96 | 97 | => !StoredData.TryGetValue(key, out var value) ? default : JsonConvert.DeserializeObject(value ?? string.Empty); 98 | 99 | 100 | public IReadOnlyCollection Keys() 101 | 102 | => StoredData.Keys; 103 | 104 | 105 | public void Remove(string key) 106 | { 107 | StoredData.Remove(key); 108 | Write(); 109 | } 110 | 111 | public void Set(string key, T data) 112 | { 113 | if (Exists(key)) 114 | Remove(key); 115 | StoredData.Add(key, JsonConvert.SerializeObject(data)); 116 | Write(); 117 | } 118 | 119 | #region Linux and MacOS encryption 120 | 121 | public static class AESThenHMAC 122 | { 123 | private static readonly RandomNumberGenerator Random = RandomNumberGenerator.Create(); 124 | 125 | //Preconfigured Encryption Parameters 126 | public static readonly int BlockBitSize = 128; 127 | public static readonly int KeyBitSize = 256; 128 | 129 | //Preconfigured Password Key Derivation Parameters 130 | public static readonly int SaltBitSize = 64; 131 | public static readonly int Iterations = 10000; 132 | public static readonly int MinPasswordLength = 12; 133 | 134 | ///

135 | /// Helper that generates a random key on each call. 136 | ///

137 | /// 138 | public static byte[] NewKey() 139 | { 140 | var key = new byte[KeyBitSize / 8]; 141 | Random.GetBytes(key); 142 | return key; 143 | } 144 | 145 | ///

146 | /// Simple Encryption (AES) then Authentication (HMAC) for a UTF8 Message. 147 | ///

148 | /// The secret message. 149 | /// The crypt key. 150 | /// The auth key. 151 | /// (Optional) Non-Secret Payload. 152 | /// 153 | /// Encrypted Message 154 | /// 155 | /// Secret Message Required!;secretMessage 156 | /// 157 | /// Adds overhead of (Optional-Payload + BlockSize(16) + Message-Padded-To-Blocksize + HMac-Tag(32)) * 1.33 Base64 158 | /// 159 | public static string SimpleEncrypt(string secretMessage, byte[] cryptKey, byte[] authKey, 160 | byte[] nonSecretPayload = null) 161 | { 162 | if (string.IsNullOrEmpty(secretMessage)) 163 | throw new ArgumentException("Secret Message Required!", "secretMessage"); 164 | 165 | var plainText = Encoding.UTF8.GetBytes(secretMessage); 166 | var cipherText = SimpleEncrypt(plainText, cryptKey, authKey, nonSecretPayload); 167 | return Convert.ToBase64String(cipherText); 168 | } 169 | 170 | ///

171 | /// Simple Authentication (HMAC) then Decryption (AES) for a secrets UTF8 Message. 172 | ///

173 | /// The encrypted message. 174 | /// The crypt key. 175 | /// The auth key. 176 | /// Length of the non secret payload. 177 | /// 178 | /// Decrypted Message 179 | /// 180 | /// Encrypted Message Required!;encryptedMessage 181 | public static string SimpleDecrypt(string encryptedMessage, byte[] cryptKey, byte[] authKey, 182 | int nonSecretPayloadLength = 0) 183 | { 184 | if (string.IsNullOrWhiteSpace(encryptedMessage)) 185 | throw new ArgumentException("Encrypted Message Required!", "encryptedMessage"); 186 | 187 | var cipherText = Convert.FromBase64String(encryptedMessage); 188 | var plainText = SimpleDecrypt(cipherText, cryptKey, authKey, nonSecretPayloadLength); 189 | return plainText == null ? null : Encoding.UTF8.GetString(plainText); 190 | } 191 | 192 | ///

193 | /// Simple Encryption (AES) then Authentication (HMAC) of a UTF8 message 194 | /// using Keys derived from a Password (PBKDF2). 195 | ///

196 | /// The secret message. 197 | /// The password. 198 | /// The non secret payload. 199 | /// 200 | /// Encrypted Message 201 | /// 202 | /// password 203 | /// 204 | /// Significantly less secure than using random binary keys. 205 | /// Adds additional non secret payload for key generation parameters. 206 | /// 207 | public static string SimpleEncryptWithPassword(string secretMessage, string password, 208 | byte[] nonSecretPayload = null) 209 | { 210 | if (string.IsNullOrEmpty(secretMessage)) 211 | throw new ArgumentException("Secret Message Required!", "secretMessage"); 212 | 213 | var plainText = Encoding.UTF8.GetBytes(secretMessage); 214 | var cipherText = SimpleEncryptWithPassword(plainText, password, nonSecretPayload); 215 | return Convert.ToBase64String(cipherText); 216 | } 217 | 218 | ///

219 | /// Simple Authentication (HMAC) and then Descryption (AES) of a UTF8 Message 220 | /// using keys derived from a password (PBKDF2). 221 | ///

222 | /// The encrypted message. 223 | /// The password. 224 | /// Length of the non secret payload. 225 | /// 226 | /// Decrypted Message 227 | /// 228 | /// Encrypted Message Required!;encryptedMessage 229 | /// 230 | /// Significantly less secure than using random binary keys. 231 | /// 232 | public static string SimpleDecryptWithPassword(string encryptedMessage, string password, 233 | int nonSecretPayloadLength = 0) 234 | { 235 | if (string.IsNullOrWhiteSpace(encryptedMessage)) 236 | throw new ArgumentException("Encrypted Message Required!", "encryptedMessage"); 237 | 238 | var cipherText = Convert.FromBase64String(encryptedMessage); 239 | var plainText = SimpleDecryptWithPassword(cipherText, password, nonSecretPayloadLength); 240 | return plainText == null ? null : Encoding.UTF8.GetString(plainText); 241 | } 242 | 243 | ///

244 | /// Simple Encryption(AES) then Authentication (HMAC) for a UTF8 Message. 245 | ///

246 | /// The secret message. 247 | /// The crypt key. 248 | /// The auth key. 249 | /// (Optional) Non-Secret Payload. 250 | /// 251 | /// Encrypted Message 252 | /// 253 | /// 254 | /// Adds overhead of (Optional-Payload + BlockSize(16) + Message-Padded-To-Blocksize + HMac-Tag(32)) * 1.33 Base64 255 | /// 256 | public static byte[] SimpleEncrypt(byte[] secretMessage, byte[] cryptKey, byte[] authKey, byte[] nonSecretPayload = null) 257 | { 258 | //User Error Checks 259 | if (cryptKey == null || cryptKey.Length != KeyBitSize / 8) 260 | throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "cryptKey"); 261 | 262 | if (authKey == null || authKey.Length != KeyBitSize / 8) 263 | throw new ArgumentException(String.Format("Key needs to be {0} bit!", KeyBitSize), "authKey"); 264 | 265 | if (secretMessage == null || secretMessage.Length < 1) 266 | throw new ArgumentException("Secret Message Required!", "secretMessage"); 267 | 268 | //non-secret payload optional 269 | nonSecretPayload = nonSecretPayload ?? new byte[] { }; 270 | 271 | byte[] cipherText; 272 | byte[] iv; 273 | 274 | using (var aes = new AesManaged 275 | { 276 | KeySize = KeyBitSize, 277 | BlockSize = BlockBitSize, 278 | Mode = CipherMode.CBC, 279 | Padding = PaddingMode.PKCS7 280 | }) 281 | { 282 | 283 | //Use random IV 284 | aes.GenerateIV(); 285 | iv = aes.IV; 286 | 287 | using (var encrypter = aes.CreateEncryptor(cryptKey, iv)) 288 | using (var cipherStream = new MemoryStream()) 289 | { 290 | using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write)) 291 | using (var binaryWriter = new BinaryWriter(cryptoStream)) 292 | { 293 | //Encrypt Data 294 | binaryWriter.Write(secretMessage); 295 | } 296 | 297 | cipherText = cipherStream.ToArray(); 298 | } 299 | 300 | } 301 | 302 | //Assemble encrypted message and add authentication 303 | using (var hmac = new HMACSHA256(authKey)) 304 | using (var encryptedStream = new MemoryStream()) 305 | { 306 | using (var binaryWriter = new BinaryWriter(encryptedStream)) 307 | { 308 | //Prepend non-secret payload if any 309 | binaryWriter.Write(nonSecretPayload); 310 | //Prepend IV 311 | binaryWriter.Write(iv); 312 | //Write Ciphertext 313 | binaryWriter.Write(cipherText); 314 | binaryWriter.Flush(); 315 | 316 | //Authenticate all data 317 | var tag = hmac.ComputeHash(encryptedStream.ToArray()); 318 | //Postpend tag 319 | binaryWriter.Write(tag); 320 | } 321 | return encryptedStream.ToArray(); 322 | } 323 | 324 | } 325 | 326 | ///

327 | /// Simple Authentication (HMAC) then Decryption (AES) for a secrets UTF8 Message. 328 | ///

329 | /// The encrypted message. 330 | /// The crypt key. 331 | /// The auth key. 332 | /// Length of the non secret payload. 333 | /// Decrypted Message 334 | public static byte[] SimpleDecrypt(byte[] encryptedMessage, byte[] cryptKey, byte[] authKey, int nonSecretPayloadLength = 0) 335 | { 336 | 337 | //Basic Usage Error Checks 338 | if (cryptKey == null || cryptKey.Length != KeyBitSize / 8) 339 | throw new ArgumentException(String.Format("CryptKey needs to be {0} bit!", KeyBitSize), "cryptKey"); 340 | 341 | if (authKey == null || authKey.Length != KeyBitSize / 8) 342 | throw new ArgumentException(String.Format("AuthKey needs to be {0} bit!", KeyBitSize), "authKey"); 343 | 344 | if (encryptedMessage == null || encryptedMessage.Length == 0) 345 | throw new ArgumentException("Encrypted Message Required!", "encryptedMessage"); 346 | 347 | using (var hmac = new HMACSHA256(authKey)) 348 | { 349 | var sentTag = new byte[hmac.HashSize / 8]; 350 | //Calculate Tag 351 | var calcTag = hmac.ComputeHash(encryptedMessage, 0, encryptedMessage.Length - sentTag.Length); 352 | var ivLength = (BlockBitSize / 8); 353 | 354 | //if message length is to small just return null 355 | if (encryptedMessage.Length < sentTag.Length + nonSecretPayloadLength + ivLength) 356 | return null; 357 | 358 | //Grab Sent Tag 359 | Array.Copy(encryptedMessage, encryptedMessage.Length - sentTag.Length, sentTag, 0, sentTag.Length); 360 | 361 | //Compare Tag with constant time comparison 362 | var compare = 0; 363 | for (var i = 0; i < sentTag.Length; i++) 364 | compare |= sentTag[i] ^ calcTag[i]; 365 | 366 | //if message doesn't authenticate return null 367 | if (compare != 0) 368 | return null; 369 | 370 | using (var aes = new AesManaged 371 | { 372 | KeySize = KeyBitSize, 373 | BlockSize = BlockBitSize, 374 | Mode = CipherMode.CBC, 375 | Padding = PaddingMode.PKCS7 376 | }) 377 | { 378 | 379 | //Grab IV from message 380 | var iv = new byte[ivLength]; 381 | Array.Copy(encryptedMessage, nonSecretPayloadLength, iv, 0, iv.Length); 382 | 383 | using (var decrypter = aes.CreateDecryptor(cryptKey, iv)) 384 | using (var plainTextStream = new MemoryStream()) 385 | { 386 | using (var decrypterStream = new CryptoStream(plainTextStream, decrypter, CryptoStreamMode.Write)) 387 | using (var binaryWriter = new BinaryWriter(decrypterStream)) 388 | { 389 | //Decrypt Cipher Text from Message 390 | binaryWriter.Write( 391 | encryptedMessage, 392 | nonSecretPayloadLength + iv.Length, 393 | encryptedMessage.Length - nonSecretPayloadLength - iv.Length - sentTag.Length 394 | ); 395 | } 396 | //Return Plain Text 397 | return plainTextStream.ToArray(); 398 | } 399 | } 400 | } 401 | } 402 | 403 | ///

404 | /// Simple Encryption (AES) then Authentication (HMAC) of a UTF8 message 405 | /// using Keys derived from a Password (PBKDF2) 406 | ///

407 | /// The secret message. 408 | /// The password. 409 | /// The non secret payload. 410 | /// 411 | /// Encrypted Message 412 | /// 413 | /// Must have a password of minimum length;password 414 | /// 415 | /// Significantly less secure than using random binary keys. 416 | /// Adds additional non secret payload for key generation parameters. 417 | /// 418 | public static byte[] SimpleEncryptWithPassword(byte[] secretMessage, string password, byte[] nonSecretPayload = null) 419 | { 420 | nonSecretPayload = nonSecretPayload ?? new byte[] { }; 421 | 422 | //User Error Checks 423 | if (string.IsNullOrWhiteSpace(password) || password.Length < MinPasswordLength) 424 | throw new ArgumentException(String.Format("Must have a password of at least {0} characters!", MinPasswordLength), "password"); 425 | 426 | if (secretMessage == null || secretMessage.Length == 0) 427 | throw new ArgumentException("Secret Message Required!", "secretMessage"); 428 | 429 | var payload = new byte[((SaltBitSize / 8) * 2) + nonSecretPayload.Length]; 430 | 431 | Array.Copy(nonSecretPayload, payload, nonSecretPayload.Length); 432 | int payloadIndex = nonSecretPayload.Length; 433 | 434 | byte[] cryptKey; 435 | byte[] authKey; 436 | //Use Random Salt to prevent pre-generated weak password attacks. 437 | using (var generator = new Rfc2898DeriveBytes(password, SaltBitSize / 8, Iterations)) 438 | { 439 | var salt = generator.Salt; 440 | 441 | //Generate Keys 442 | cryptKey = generator.GetBytes(KeyBitSize / 8); 443 | 444 | //Create Non Secret Payload 445 | Array.Copy(salt, 0, payload, payloadIndex, salt.Length); 446 | payloadIndex += salt.Length; 447 | } 448 | 449 | //Deriving separate key, might be less efficient than using HKDF, 450 | //but now compatible with RNEncryptor which had a very similar wireformat and requires less code than HKDF. 451 | using (var generator = new Rfc2898DeriveBytes(password, SaltBitSize / 8, Iterations)) 452 | { 453 | var salt = generator.Salt; 454 | 455 | //Generate Keys 456 | authKey = generator.GetBytes(KeyBitSize / 8); 457 | 458 | //Create Rest of Non Secret Payload 459 | Array.Copy(salt, 0, payload, payloadIndex, salt.Length); 460 | } 461 | 462 | return SimpleEncrypt(secretMessage, cryptKey, authKey, payload); 463 | } 464 | 465 | ///

466 | /// Simple Authentication (HMAC) and then Descryption (AES) of a UTF8 Message 467 | /// using keys derived from a password (PBKDF2). 468 | ///

469 | /// The encrypted message. 470 | /// The password. 471 | /// Length of the non secret payload. 472 | /// 473 | /// Decrypted Message 474 | /// 475 | /// Must have a password of minimum length;password 476 | /// 477 | /// Significantly less secure than using random binary keys. 478 | /// 479 | public static byte[] SimpleDecryptWithPassword(byte[] encryptedMessage, string password, int nonSecretPayloadLength = 0) 480 | { 481 | //User Error Checks 482 | if (string.IsNullOrWhiteSpace(password) || password.Length < MinPasswordLength) 483 | throw new ArgumentException(String.Format("Must have a password of at least {0} characters!", MinPasswordLength), "password"); 484 | 485 | if (encryptedMessage == null || encryptedMessage.Length == 0) 486 | throw new ArgumentException("Encrypted Message Required!", "encryptedMessage"); 487 | 488 | var cryptSalt = new byte[SaltBitSize / 8]; 489 | var authSalt = new byte[SaltBitSize / 8]; 490 | 491 | //Grab Salt from Non-Secret Payload 492 | Array.Copy(encryptedMessage, nonSecretPayloadLength, cryptSalt, 0, cryptSalt.Length); 493 | Array.Copy(encryptedMessage, nonSecretPayloadLength + cryptSalt.Length, authSalt, 0, authSalt.Length); 494 | 495 | byte[] cryptKey; 496 | byte[] authKey; 497 | 498 | //Generate crypt key 499 | using (var generator = new Rfc2898DeriveBytes(password, cryptSalt, Iterations)) 500 | { 501 | cryptKey = generator.GetBytes(KeyBitSize / 8); 502 | } 503 | //Generate auth key 504 | using (var generator = new Rfc2898DeriveBytes(password, authSalt, Iterations)) 505 | { 506 | authKey = generator.GetBytes(KeyBitSize / 8); 507 | } 508 | 509 | return SimpleDecrypt(encryptedMessage, cryptKey, authKey, cryptSalt.Length + authSalt.Length + nonSecretPayloadLength); 510 | } 511 | 512 | } 513 | 514 | #endregion 515 | } 516 | } 517 | --------------------------------------------------------------------------------