SecurePass/Crypto.cs at main · FleimCode/SecurePass · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

public static class Crypto
{
    private const int SaltSize = 16;
    private const int KeySize = 32;
    private const int NonceSize = 12;
    private const int TagSize = 16;
    private const int Iterations = 100000;

    public static byte[] Encrypt(string plaintext, string password)
    {
        byte[] salt = RandomNumberGenerator.GetBytes(SaltSize);

        var keyDerivation = new Rfc2898DeriveBytes(password, salt, Iterations, HashAlgorithmName.SHA256);
        byte[] key = keyDerivation.GetBytes(KeySize);

        byte[] nonce = RandomNumberGenerator.GetBytes(NonceSize);
        byte[] tag = new byte[TagSize];
        byte[] plaintextBytes = Encoding.UTF8.GetBytes(plaintext);
        byte[] ciphertext = new byte[plaintextBytes.Length];

        using (var aesGcm = new AesGcm(key, TagSize))
        {
            aesGcm.Encrypt(nonce, plaintextBytes, ciphertext, tag);
        }

        byte[] result = new byte[SaltSize + NonceSize + TagSize + ciphertext.Length];
        Buffer.BlockCopy(salt, 0, result, 0, SaltSize);
        Buffer.BlockCopy(nonce, 0, result, SaltSize, NonceSize);
        Buffer.BlockCopy(tag, 0, result, SaltSize + NonceSize, TagSize);
        Buffer.BlockCopy(ciphertext, 0, result, SaltSize + NonceSize + TagSize, ciphertext.Length);

        return result;
    }

    public static string Decrypt(byte[] encryptedData, string password)
    {
        byte[] salt = new byte[SaltSize];
        Buffer.BlockCopy(encryptedData, 0, salt, 0, SaltSize);

        byte[] nonce = new byte[NonceSize];
        Buffer.BlockCopy(encryptedData, SaltSize, nonce, 0, NonceSize);

        byte[] tag = new byte[TagSize];
        Buffer.BlockCopy(encryptedData, SaltSize + NonceSize, tag, 0, TagSize);

        byte[] ciphertext = new byte[encryptedData.Length - SaltSize - NonceSize - TagSize];
        Buffer.BlockCopy(encryptedData, SaltSize + NonceSize + TagSize, ciphertext, 0, ciphertext.Length);

        var keyDerivation = new Rfc2898DeriveBytes(password, salt, Iterations, HashAlgorithmName.SHA256);
        byte[] key = keyDerivation.GetBytes(KeySize);

        byte[] decryptedBytes = new byte[ciphertext.Length];

        using (var aesGcm = new AesGcm(key, TagSize))
        {
            aesGcm.Decrypt(nonce, ciphertext, tag, decryptedBytes);
        }

        return Encoding.UTF8.GetString(decryptedBytes);
    }
}