-
Notifications
You must be signed in to change notification settings - Fork 0
/
CryptoProtector.cs
100 lines (81 loc) · 3.34 KB
/
CryptoProtector.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
using System;
using System.Collections.Generic;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using System.Xml.Linq;
namespace Packt.Crypto
{
public static class Protector
{
// salt size must be 8 bytes, using 16
private static readonly byte[] salt =
Encoding.Unicode.GetBytes("7BANANAS");
// iterations must be at least 1000, using 2000
private static readonly int iterations = 2000;
public static string Encrypt(string plainText, string password)
{
byte[] plainBytes = Encoding.Unicode.GetBytes(plainText);
var aes = Aes.Create();
var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
aes.Key = pbkdf2.GetBytes(32); // set a 26-bit key
aes.IV = pbkdf2.GetBytes(16); // set 128-bit IV
var ms = new MemoryStream();
using (var cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(plainBytes, 0, plainBytes.Length);
}
return Convert.ToBase64String(ms.ToArray());
}
public static string Decrypt(string cryptoText, string password)
{
byte[] cryptoBytes = Convert.FromBase64String(cryptoText);
var aes = Aes.Create();
var pbkdf2 = new Rfc2898DeriveBytes(password, salt, iterations);
aes.Key = pbkdf2.GetBytes(32);
aes.IV = pbkdf2.GetBytes(16);
var ms = new MemoryStream();
using (var cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cryptoBytes, 0, cryptoBytes.Length);
}
return Encoding.Unicode.GetString(ms.ToArray());
}
private static Dictionary<string, CryptoUser> Users = new Dictionary<string, CryptoUser>();
public static CryptoUser Register(string username, string password)
{
// generate random salt
var rng = RandomNumberGenerator.Create();
var saltBytes = new byte[16];
rng.GetBytes(saltBytes);
var saltText = Convert.ToBase64String(saltBytes);
// generate the salted and hashed password
var sha = SHA256.Create();
var saltedPassword = password + saltText;
var saltedhashedPassword = Convert.ToBase64String(
sha.ComputeHash(Encoding.Unicode.GetBytes(saltedPassword)));
var cryptoUser = new CryptoUser
{
Name = username,
Salt = saltText,
SaltedHashedPassword = saltedhashedPassword
};
Users.Add(cryptoUser.Name, cryptoUser);
return cryptoUser;
}
public static bool CheckPassword(string username, string password)
{
if (!Users.ContainsKey(username))
{
return false;
}
var user = Users[username];
// re-generate the salted and hashed password
var sha = SHA256.Create();
var saltedPassword = password + user.Salt;
var saltedhashedPassword = Convert.ToBase64String(
sha.ComputeHash(Encoding.Unicode.GetBytes(saltedPassword)));
return (saltedhashedPassword == user.SaltedHashedPassword);
}
}
}