├── .gitignore ├── AuthenticatedEncryption.Tests ├── AuthenticatedEncryption.Tests.csproj ├── AuthenticatedEncryptionTests.cs └── Properties │ └── AssemblyInfo.cs ├── AuthenticatedEncryption.sln ├── AuthenticatedEncryption ├── AuthenticatedEncryption.csproj ├── Encryption.cs └── Properties │ └── AssemblyInfo.cs ├── LICENSE ├── README.md └── appveyor.yml /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | 4 | # User-specific files 5 | *.suo 6 | *.user 7 | *.userosscache 8 | *.sln.docstates 9 | 10 | # User-specific files (MonoDevelop/Xamarin Studio) 11 | *.userprefs 12 | 13 | # Build results 14 | [Dd]ebug/ 15 | [Dd]ebugPublic/ 16 | [Rr]elease/ 17 | [Rr]eleases/ 18 | x64/ 19 | x86/ 20 | bld/ 21 | [Bb]in/ 22 | [Oo]bj/ 23 | [Ll]og/ 24 | 25 | # Visual Studio 2015 cache/options directory 26 | .vs/ 27 | # Uncomment if you have tasks that create the project's static files in wwwroot 28 | #wwwroot/ 29 | 30 | # MSTest test Results 31 | [Tt]est[Rr]esult*/ 32 | [Bb]uild[Ll]og.* 33 | 34 | # NUNIT 35 | *.VisualState.xml 36 | TestResult.xml 37 | 38 | # Build Results of an ATL Project 39 | [Dd]ebugPS/ 40 | [Rr]eleasePS/ 41 | dlldata.c 42 | 43 | # DNX 44 | project.lock.json 45 | artifacts/ 46 | 47 | *_i.c 48 | *_p.c 49 | *_i.h 50 | *.ilk 51 | *.meta 52 | *.obj 53 | *.pch 54 | *.pdb 55 | *.pgc 56 | *.pgd 57 | *.rsp 58 | *.sbr 59 | *.tlb 60 | *.tli 61 | *.tlh 62 | *.tmp 63 | *.tmp_proj 64 | *.log 65 | *.vspscc 66 | *.vssscc 67 | .builds 68 | *.pidb 69 | *.svclog 70 | *.scc 71 | 72 | # Chutzpah Test files 73 | _Chutzpah* 74 | 75 | # Visual C++ cache files 76 | ipch/ 77 | *.aps 78 | *.ncb 79 | *.opendb 80 | *.opensdf 81 | *.sdf 82 | *.cachefile 83 | *.VC.db 84 | *.VC.VC.opendb 85 | 86 | # Visual Studio profiler 87 | *.psess 88 | *.vsp 89 | *.vspx 90 | *.sap 91 | 92 | # TFS 2012 Local Workspace 93 | $tf/ 94 | 95 | # Guidance Automation Toolkit 96 | *.gpState 97 | 98 | # ReSharper is a .NET coding add-in 99 | _ReSharper*/ 100 | *.[Rr]e[Ss]harper 101 | *.DotSettings.user 102 | 103 | # JustCode is a .NET coding add-in 104 | .JustCode 105 | 106 | # TeamCity is a build add-in 107 | _TeamCity* 108 | 109 | # DotCover is a Code Coverage Tool 110 | *.dotCover 111 | 112 | # NCrunch 113 | _NCrunch_* 114 | .*crunch*.local.xml 115 | nCrunchTemp_* 116 | *.ncrunchsolution* 117 | 118 | # MightyMoose 119 | *.mm.* 120 | AutoTest.Net/ 121 | 122 | # Web workbench (sass) 123 | .sass-cache/ 124 | 125 | # Installshield output folder 126 | [Ee]xpress/ 127 | 128 | # DocProject is a documentation generator add-in 129 | DocProject/buildhelp/ 130 | DocProject/Help/*.HxT 131 | DocProject/Help/*.HxC 132 | DocProject/Help/*.hhc 133 | DocProject/Help/*.hhk 134 | DocProject/Help/*.hhp 135 | DocProject/Help/Html2 136 | DocProject/Help/html 137 | 138 | # Click-Once directory 139 | publish/ 140 | 141 | # Publish Web Output 142 | *.[Pp]ublish.xml 143 | *.azurePubxml 144 | # TODO: Comment the next line if you want to checkin your web deploy settings 145 | # but database connection strings (with potential passwords) will be unencrypted 146 | *.pubxml 147 | *.publishproj 148 | 149 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 150 | # checkin your Azure Web App publish settings, but sensitive information contained 151 | # in these scripts will be unencrypted 152 | PublishScripts/ 153 | 154 | # NuGet Packages 155 | *.nupkg 156 | # The packages folder can be ignored because of Package Restore 157 | **/packages/* 158 | # except build/, which is used as an MSBuild target. 159 | !**/packages/build/ 160 | # Uncomment if necessary however generally it will be regenerated when needed 161 | #!**/packages/repositories.config 162 | # NuGet v3's project.json files produces more ignoreable files 163 | *.nuget.props 164 | *.nuget.targets 165 | 166 | # Microsoft Azure Build Output 167 | csx/ 168 | *.build.csdef 169 | 170 | # Microsoft Azure Emulator 171 | ecf/ 172 | rcf/ 173 | 174 | # Windows Store app package directories and files 175 | AppPackages/ 176 | BundleArtifacts/ 177 | Package.StoreAssociation.xml 178 | _pkginfo.txt 179 | 180 | # Visual Studio cache files 181 | # files ending in .cache can be ignored 182 | *.[Cc]ache 183 | # but keep track of directories ending in .cache 184 | !*.[Cc]ache/ 185 | 186 | # Others 187 | ClientBin/ 188 | ~$* 189 | *~ 190 | *.dbmdl 191 | *.dbproj.schemaview 192 | *.pfx 193 | *.publishsettings 194 | node_modules/ 195 | orleans.codegen.cs 196 | 197 | # Since there are multiple workflows, uncomment next line to ignore bower_components 198 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 199 | #bower_components/ 200 | 201 | # RIA/Silverlight projects 202 | Generated_Code/ 203 | 204 | # Backup & report files from converting an old project file 205 | # to a newer Visual Studio version. Backup files are not needed, 206 | # because we have git ;-) 207 | _UpgradeReport_Files/ 208 | Backup*/ 209 | UpgradeLog*.XML 210 | UpgradeLog*.htm 211 | 212 | # SQL Server files 213 | *.mdf 214 | *.ldf 215 | 216 | # Business Intelligence projects 217 | *.rdl.data 218 | *.bim.layout 219 | *.bim_*.settings 220 | 221 | # Microsoft Fakes 222 | FakesAssemblies/ 223 | 224 | # GhostDoc plugin setting file 225 | *.GhostDoc.xml 226 | 227 | # Node.js Tools for Visual Studio 228 | .ntvs_analysis.dat 229 | 230 | # Visual Studio 6 build log 231 | *.plg 232 | 233 | # Visual Studio 6 workspace options file 234 | *.opt 235 | 236 | # Visual Studio LightSwitch build output 237 | **/*.HTMLClient/GeneratedArtifacts 238 | **/*.DesktopClient/GeneratedArtifacts 239 | **/*.DesktopClient/ModelManifest.xml 240 | **/*.Server/GeneratedArtifacts 241 | **/*.Server/ModelManifest.xml 242 | _Pvt_Extensions 243 | 244 | # Paket dependency manager 245 | .paket/paket.exe 246 | paket-files/ 247 | 248 | # FAKE - F# Make 249 | .fake/ 250 | 251 | # JetBrains Rider 252 | .idea/ 253 | *.sln.iml 254 | -------------------------------------------------------------------------------- /AuthenticatedEncryption.Tests/AuthenticatedEncryption.Tests.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | netcoreapp1.0 5 | AuthenticatedEncryption.Tests 6 | AuthenticatedEncryption.Tests 7 | true 8 | 1.6.0 9 | 1.0.4 10 | false 11 | false 12 | false 13 | 14 | 15 | 16 | 17 | PreserveNewest 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /AuthenticatedEncryption.Tests/AuthenticatedEncryptionTests.cs: -------------------------------------------------------------------------------- 1 | namespace AuthenticatedEncryption.Tests 2 | { 3 | using System; 4 | using Shouldly; 5 | using Xunit; 6 | 7 | public class AuthenticatedEncryptionTests 8 | { 9 | [Fact] 10 | public void Encrypt_WhenGivenInput_EncryptsAndDecryptsCorrectly() 11 | { 12 | const string Input = "this is a test input string"; 13 | var cryptKey = Encryption.NewKey(); 14 | var authKey = Encryption.NewKey(); 15 | 16 | var cipherText = Encryption.Encrypt(Input, cryptKey, authKey); 17 | var plainText = Encryption.Decrypt(cipherText, cryptKey, authKey); 18 | 19 | plainText.ShouldBe(Input); 20 | } 21 | 22 | [Fact] 23 | public void Encrypt_WhenGivenInput_DecryptsCorrectly() 24 | { 25 | const string Input = "this is a test input string"; 26 | const string CipherText = "YGyEXyUEsqCDXvEylo4ZVRWjkAMD+nGd4jhqqbA04VHpnhx2eEEUXjBE5YHCjZP+3nYiodBXWYsjy3UTO6Z8v1XaeeUBgjj6vRcxqNH0HxU="; 27 | const string CryptKey = "g9hH6MkVnlKlGa5IG+5R/uKgyrCJxOsh5fXlwK0mjH0="; 28 | const string AuthKey = "oGmd/bHHkd+N6P6lZQxyfikjU7c5P/mhWO/noCsERyY="; 29 | var cryptKey = Convert.FromBase64String(CryptKey); 30 | var authKey = Convert.FromBase64String(AuthKey); 31 | 32 | var plainText = Encryption.Decrypt(CipherText, cryptKey, authKey); 33 | 34 | plainText.ShouldBe(Input); 35 | } 36 | } 37 | } 38 | -------------------------------------------------------------------------------- /AuthenticatedEncryption.Tests/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.CompilerServices; 3 | using System.Runtime.InteropServices; 4 | 5 | // General Information about an assembly is controlled through the following 6 | // set of attributes. Change these attribute values to modify the information 7 | // associated with an assembly. 8 | [assembly: AssemblyConfiguration("")] 9 | [assembly: AssemblyCompany("")] 10 | [assembly: AssemblyProduct("AuthenticatedEncryption.Tests")] 11 | [assembly: AssemblyTrademark("")] 12 | 13 | // Setting ComVisible to false makes the types in this assembly not visible 14 | // to COM components. If you need to access a type in this assembly from 15 | // COM, set the ComVisible attribute to true on that type. 16 | [assembly: ComVisible(false)] 17 | 18 | // The following GUID is for the ID of the typelib if this project is exposed to COM 19 | [assembly: Guid("b8fea289-a004-4f4b-bfc9-932d1cb0e71d")] 20 | -------------------------------------------------------------------------------- /AuthenticatedEncryption.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.26228.4 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{1A6E793C-A29D-4DBF-BF62-E573CF102DFC}" 7 | ProjectSection(SolutionItems) = preProject 8 | .gitignore = .gitignore 9 | appveyor.yml = appveyor.yml 10 | README.md = README.md 11 | EndProjectSection 12 | EndProject 13 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AuthenticatedEncryption", "AuthenticatedEncryption\AuthenticatedEncryption.csproj", "{10D1975E-8F48-4B5F-B4BD-5C963B7FB2B2}" 14 | EndProject 15 | Project("{9A19103F-16F7-4668-BE54-9A1E7A4F7556}") = "AuthenticatedEncryption.Tests", "AuthenticatedEncryption.Tests\AuthenticatedEncryption.Tests.csproj", "{B8FEA289-A004-4F4B-BFC9-932D1CB0E71D}" 16 | EndProject 17 | Global 18 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 19 | Debug|Any CPU = Debug|Any CPU 20 | Release|Any CPU = Release|Any CPU 21 | EndGlobalSection 22 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 23 | {10D1975E-8F48-4B5F-B4BD-5C963B7FB2B2}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 24 | {10D1975E-8F48-4B5F-B4BD-5C963B7FB2B2}.Debug|Any CPU.Build.0 = Debug|Any CPU 25 | {10D1975E-8F48-4B5F-B4BD-5C963B7FB2B2}.Release|Any CPU.ActiveCfg = Release|Any CPU 26 | {10D1975E-8F48-4B5F-B4BD-5C963B7FB2B2}.Release|Any CPU.Build.0 = Release|Any CPU 27 | {B8FEA289-A004-4F4B-BFC9-932D1CB0E71D}.Debug|Any CPU.ActiveCfg = Debug|Any CPU 28 | {B8FEA289-A004-4F4B-BFC9-932D1CB0E71D}.Debug|Any CPU.Build.0 = Debug|Any CPU 29 | {B8FEA289-A004-4F4B-BFC9-932D1CB0E71D}.Release|Any CPU.ActiveCfg = Release|Any CPU 30 | {B8FEA289-A004-4F4B-BFC9-932D1CB0E71D}.Release|Any CPU.Build.0 = Release|Any CPU 31 | EndGlobalSection 32 | GlobalSection(SolutionProperties) = preSolution 33 | HideSolutionNode = FALSE 34 | EndGlobalSection 35 | EndGlobal 36 | -------------------------------------------------------------------------------- /AuthenticatedEncryption/AuthenticatedEncryption.csproj: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 2.0.0 5 | net45;netstandard1.4 6 | AuthenticatedEncryption 7 | AuthenticatedEncryption 8 | https://github.com/trustpilot/nuget-authenticated-encryption 9 | https://github.com/trustpilot/nuget-authenticated-encryption/blob/master/LICENSE 10 | false 11 | false 12 | false 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /AuthenticatedEncryption/Encryption.cs: -------------------------------------------------------------------------------- 1 | namespace AuthenticatedEncryption 2 | { 3 | using System; 4 | using System.IO; 5 | using System.Security.Cryptography; 6 | using System.Text; 7 | 8 | public static class Encryption 9 | { 10 | private static readonly RandomNumberGenerator Random = RandomNumberGenerator.Create(); 11 | 12 | // Preconfigured Encryption Parameters 13 | private const int BlockBitSize = 128; 14 | private const int KeyBitSize = 256; 15 | 16 | /// 17 | /// Helper that generates a random key on each call. 18 | /// 19 | /// 20 | public static byte[] NewKey() 21 | { 22 | var key = new byte[KeyBitSize / 8]; 23 | Random.GetBytes(key); 24 | 25 | return key; 26 | } 27 | 28 | /// 29 | /// Helper that generates a random key on each call and encodes it in base64 30 | /// 31 | /// 32 | public static string NewKeyBase64Encoded() 33 | { 34 | return Convert.ToBase64String(NewKey()); 35 | } 36 | 37 | /// 38 | /// Simple Encryption (AES) then Authentication (HMAC) for a UTF8 Message. 39 | /// 40 | /// The secret message. 41 | /// The crypt key. 42 | /// The auth key. 43 | /// 44 | /// Encrypted Message 45 | /// 46 | /// Secret Message Required!;secretMessage 47 | /// 48 | /// Adds overhead of (BlockSize(16) + Message-Padded-To-Blocksize + HMac-Tag(32)) * 1.33 Base64 49 | /// 50 | public static string Encrypt(string secretMessage, byte[] cryptKey, byte[] authKey) 51 | { 52 | if (string.IsNullOrEmpty(secretMessage)) 53 | { 54 | throw new ArgumentException("Secret Message Required!", nameof(secretMessage)); 55 | } 56 | 57 | var plainText = Encoding.UTF8.GetBytes(secretMessage); 58 | var cipherText = Encrypt(plainText, cryptKey, authKey); 59 | 60 | return Convert.ToBase64String(cipherText); 61 | } 62 | 63 | /// 64 | /// Simple Encryption(AES) then Authentication (HMAC) for a UTF8 Message. 65 | /// 66 | /// The secret message. 67 | /// The crypt key. 68 | /// The auth key. 69 | /// 70 | /// Encrypted Message 71 | /// 72 | /// 73 | /// Adds overhead of (BlockSize(16) + Message-Padded-To-Blocksize + HMac-Tag(32)) * 1.33 Base64 74 | /// 75 | public static byte[] Encrypt(byte[] secretMessage, byte[] cryptKey, byte[] authKey) 76 | { 77 | if (cryptKey == null || cryptKey.Length != KeyBitSize / 8) 78 | { 79 | throw new ArgumentException($"Key needs to be {KeyBitSize} bit!", nameof(cryptKey)); 80 | } 81 | 82 | if (authKey == null || authKey.Length != KeyBitSize / 8) 83 | { 84 | throw new ArgumentException($"Key needs to be {KeyBitSize} bit!", nameof(authKey)); 85 | } 86 | 87 | if (secretMessage == null || secretMessage.Length < 1) 88 | { 89 | throw new ArgumentException("Secret Message Required!", nameof(secretMessage)); 90 | } 91 | 92 | byte[] cipherText; 93 | byte[] iv; 94 | 95 | using (var aes = CreateAes()) 96 | { 97 | // Use random IV 98 | aes.GenerateIV(); 99 | iv = aes.IV; 100 | 101 | using (var encrypter = aes.CreateEncryptor(cryptKey, iv)) 102 | { 103 | using (var cipherStream = new MemoryStream()) 104 | { 105 | using (var cryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write)) 106 | { 107 | using (var binaryWriter = new BinaryWriter(cryptoStream)) 108 | { 109 | binaryWriter.Write(secretMessage); 110 | } 111 | } 112 | 113 | cipherText = cipherStream.ToArray(); 114 | } 115 | } 116 | } 117 | 118 | // Assemble encrypted message and add authentication 119 | using (var hmac = new HMACSHA256(authKey)) 120 | { 121 | using (var encryptedStream = new MemoryStream()) 122 | { 123 | using (var binaryWriter = new BinaryWriter(encryptedStream)) 124 | { 125 | // Prepend IV 126 | binaryWriter.Write(iv); 127 | 128 | // Write Ciphertext 129 | binaryWriter.Write(cipherText); 130 | binaryWriter.Flush(); 131 | 132 | // Authenticate all data 133 | var tag = hmac.ComputeHash(encryptedStream.ToArray()); 134 | 135 | // Postpend tag 136 | binaryWriter.Write(tag); 137 | } 138 | 139 | return encryptedStream.ToArray(); 140 | } 141 | } 142 | } 143 | 144 | /// 145 | /// Simple Authentication (HMAC) then Decryption (AES) for a secrets UTF8 Message. 146 | /// 147 | /// The encrypted message. 148 | /// The crypt key. 149 | /// The auth key. 150 | /// 151 | /// Decrypted Message 152 | /// 153 | /// Encrypted Message Required!;encryptedMessage 154 | public static string Decrypt(string encryptedMessage, byte[] cryptKey, byte[] authKey) 155 | { 156 | if (string.IsNullOrWhiteSpace(encryptedMessage)) 157 | { 158 | throw new ArgumentException("Encrypted Message Required!", nameof(encryptedMessage)); 159 | } 160 | 161 | var cipherText = Convert.FromBase64String(encryptedMessage); 162 | var plainText = Decrypt(cipherText, cryptKey, authKey); 163 | 164 | return plainText == null ? null : Encoding.UTF8.GetString(plainText); 165 | } 166 | 167 | /// 168 | /// Simple Authentication (HMAC) then Decryption (AES) for a secrets UTF8 Message. 169 | /// 170 | /// The encrypted message. 171 | /// The crypt key. 172 | /// The auth key. 173 | /// Decrypted Message 174 | public static byte[] Decrypt(byte[] encryptedMessage, byte[] cryptKey, byte[] authKey) 175 | { 176 | if (cryptKey == null || cryptKey.Length != KeyBitSize / 8) 177 | { 178 | throw new ArgumentException($"CryptKey needs to be {KeyBitSize} bit!", nameof(cryptKey)); 179 | } 180 | 181 | if (authKey == null || authKey.Length != KeyBitSize / 8) 182 | { 183 | throw new ArgumentException($"AuthKey needs to be {KeyBitSize} bit!", nameof(authKey)); 184 | } 185 | 186 | if (encryptedMessage == null || encryptedMessage.Length == 0) 187 | { 188 | throw new ArgumentException("Encrypted Message Required!", nameof(encryptedMessage)); 189 | } 190 | 191 | using (var hmac = new HMACSHA256(authKey)) 192 | { 193 | var sentTag = new byte[hmac.HashSize / 8]; 194 | 195 | var calcTag = hmac.ComputeHash(encryptedMessage, 0, encryptedMessage.Length - sentTag.Length); 196 | var ivLength = (BlockBitSize / 8); 197 | 198 | if (encryptedMessage.Length < sentTag.Length + ivLength) 199 | { 200 | return null; 201 | } 202 | 203 | Array.Copy(encryptedMessage, encryptedMessage.Length - sentTag.Length, sentTag, 0, sentTag.Length); 204 | 205 | // Compare Tag with constant time comparison 206 | var compare = 0; 207 | for (var i = 0; i < sentTag.Length; i++) 208 | { 209 | compare |= sentTag[i] ^ calcTag[i]; 210 | } 211 | 212 | // If message doesn't authenticate return null 213 | if (compare != 0) 214 | { 215 | return null; 216 | } 217 | 218 | using (var aes = CreateAes()) 219 | { 220 | // Grab IV from message 221 | var iv = new byte[ivLength]; 222 | Array.Copy(encryptedMessage, 0, iv, 0, iv.Length); 223 | 224 | using (var decrypter = aes.CreateDecryptor(cryptKey, iv)) 225 | { 226 | using (var plainTextStream = new MemoryStream()) 227 | { 228 | using (var decrypterStream = new CryptoStream(plainTextStream, decrypter, CryptoStreamMode.Write)) 229 | { 230 | using (var binaryWriter = new BinaryWriter(decrypterStream)) 231 | { 232 | binaryWriter.Write( 233 | encryptedMessage, 234 | iv.Length, 235 | encryptedMessage.Length - iv.Length - sentTag.Length 236 | ); 237 | } 238 | } 239 | 240 | return plainTextStream.ToArray(); 241 | } 242 | } 243 | } 244 | } 245 | } 246 | 247 | private static Aes CreateAes() 248 | { 249 | var aes = Aes.Create(); 250 | aes.KeySize = KeyBitSize; 251 | aes.BlockSize = BlockBitSize; 252 | aes.Mode = CipherMode.CBC; 253 | aes.Padding = PaddingMode.PKCS7; 254 | 255 | return aes; 256 | } 257 | } 258 | } 259 | -------------------------------------------------------------------------------- /AuthenticatedEncryption/Properties/AssemblyInfo.cs: -------------------------------------------------------------------------------- 1 | using System.Reflection; 2 | using System.Runtime.InteropServices; 3 | 4 | // General Information about an assembly is controlled through the following 5 | // set of attributes. Change these attribute values to modify the information 6 | // associated with an assembly. 7 | [assembly: AssemblyConfiguration("")] 8 | [assembly: AssemblyCompany("Trustpilot A/S")] 9 | [assembly: AssemblyProduct("AuthenticatedEncryption")] 10 | [assembly: AssemblyTrademark("")] 11 | 12 | // Setting ComVisible to false makes the types in this assembly not visible 13 | // to COM components. If you need to access a type in this assembly from 14 | // COM, set the ComVisible attribute to true on that type. 15 | [assembly: ComVisible(false)] 16 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2016 Trustpilot 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Authenticated Encryption 2 | 3 | This library combines the .NET built-in AES and HMAC algorithms to provide an easy-to-use interface for doing authenticated encryption. 4 | The library is based on this Gist by James Tuley: https://gist.github.com/jbtule/4336842, but modified slightly to only support the key based versions. Also it does not use the GCM version currently, so there are no external dependencies. 5 | 6 | ## Build Status 7 | 8 | [![Build status](https://ci.appveyor.com/api/projects/status/du8bm82f1ru6ja3n?svg=true)](https://ci.appveyor.com/project/TrustpilotAppVeyor/nuget-authenticated-encryption) 9 | 10 | ## Installation 11 | 12 | Install via [NuGet](http://www.nuget.org/packages/AuthenticatedEncryption/): 13 | 14 | ``` 15 | Install-Package AuthenticatedEncryption 16 | ``` 17 | 18 | ## More information 19 | 20 | The library consists of a single static class. This makes it very easy to use. It uses [Authenticated Encryption with Associated Data (AEAD)](https://en.wikipedia.org/wiki/Authenticated_encryption), using the approach called “Encrypt then MAC” (EtM). It uses one key for the encryption part (cryptkey) and another key for the MAC part (authkey). 21 | 22 | This is a simple example of encrypting and decrypting some string: 23 | 24 | ```c# 25 | using AuthenticatedEncryption; 26 | 27 | const string Input = "this is a test input string"; 28 | var cryptKey = Encryption.NewKey(); 29 | var authKey = Encryption.NewKey(); 30 | 31 | var cipherText = Encryption.Encrypt(Input, cryptKey, authKey); 32 | var plainText = Encryption.Decrypt(cipherText, cryptKey, authKey); 33 | ``` 34 | 35 | ## Maintainer(s) 36 | 37 | - [Søren Pedersen (@spewu)](https://github.com/spewu) 38 | -------------------------------------------------------------------------------- /appveyor.yml: -------------------------------------------------------------------------------- 1 | version: '{build}' 2 | 3 | image: Visual Studio 2017 4 | 5 | configuration: Release 6 | 7 | branches: 8 | only: 9 | - master 10 | 11 | nuget: 12 | disable_publish_on_pr: true 13 | 14 | pull_requests: 15 | do_not_increment_build_number: true 16 | 17 | before_build: 18 | - dotnet restore 19 | 20 | build: 21 | project: AuthenticatedEncryption.sln 22 | 23 | test_script: 24 | - dotnet test "AuthenticatedEncryption.Tests/AuthenticatedEncryption.Tests.csproj" --configuration %configuration% 25 | 26 | after_test: 27 | - dotnet pack .\AuthenticatedEncryption -c Release 28 | 29 | artifacts: 30 | - path: '**\*.nupkg' 31 | 32 | deploy: 33 | - provider: NuGet 34 | name: myget 35 | server: https://trustpilot.myget.org/F/libraries/api/v2/package 36 | skip_symbols: true 37 | api_key: 38 | secure: Yc1XzJ8dryVs6qXbRM5hRLbQjCHDkp8sY5rwuYsRClQ29vVFUlVfT0XpGWm5o/6m 39 | on: 40 | branch: master 41 | appveyor_repo_tag: true 42 | - provider: NuGet 43 | name: nuget.org 44 | api_key: 45 | secure: s9avEz261DL/e11E3k2CvM+Rnr3t10FWzYvH+5HddkytYKT0FediEdye1hujM/Gb 46 | on: 47 | branch: master 48 | appveyor_repo_tag: true 49 | --------------------------------------------------------------------------------