The Crypt Design Pattern

We use the AES and RSA as the crypt algorithm.

The sample is :

        public static EncryptedExportKeyList EncryptExportFile(string productKeysXml)
        {
            X509Certificate2 certificate = GetChinasoftCerticate();
            byte[] productKeysData = Constants.DefaultEncoding.GetBytes(productKeysXml);
            byte[] key;
            byte[] iv;
            byte[] encryptedData = EncryptionHelper.AesEncrypt(productKeysData, out key, out iv);
            using (RSACryptoServiceProvider provider = (RSACryptoServiceProvider)certificate.PublicKey.Key)
            {
                EncryptedExportKeyList export = new EncryptedExportKeyList()
                {
                    Key = Convert.ToBase64String(EncryptionHelper.RsaEncrypt(key, provider)),
                    IV = Convert.ToBase64String(EncryptionHelper.RsaEncrypt(iv, provider)),
                    ProductKeys = Convert.ToBase64String(encryptedData)
                };
                return export;
            }
        }

The AES encrypt the data and rsa encrypt the key which used public and private key.

The decrypt design pattern code is:

        private ExportKeyList GetDecryptedFileKeys(EncryptedExportKeyList export)
        {
            try
            {
                X509Certificate2 certificate = KeyManagerHelper.GetChinasoftCerticate();
                using (RSACryptoServiceProvider provider = (RSACryptoServiceProvider)certificate.PrivateKey)
                {
                    byte[] key = EncryptionHelper.RsaDecrypt(Convert.FromBase64String(export.Key), provider);
                    byte[] iv = EncryptionHelper.RsaDecrypt(Convert.FromBase64String(export.IV), provider);
                    byte[] exportKeysData = EncryptionHelper.AesDecrypt(Convert.FromBase64String(export.ProductKeys), key, iv);
                    return Constants.DefaultEncoding.GetString(exportKeysData).FromXml<ExportKeyList>();
                }
            }
            catch (CryptographicException)
            {
                throw new DisException("Exception_GetprivateKeyError");
            }
        }

The crypt methods is:

//*********************************************************
//
// Copyright (c) Microsoft 2011. All rights reserved.
// This code is licensed under your Microsoft OEM Services support
//    services description or work order.
// THIS CODE IS PROVIDED *AS IS* WITHOUT WARRANTY OF
// ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING ANY
// IMPLIED WARRANTIES OF FITNESS FOR A PARTICULAR
// PURPOSE, MERCHANTABILITY, OR NON-INFRINGEMENT.
//
//*********************************************************

using System;
using System.Security.Cryptography;
using System.Security.Cryptography.X509Certificates;
using System.Configuration;
using System.IO;
using System.Security.AccessControl;
using System.Security.Principal;

namespace DIS.Common.Utility
{
    public static class EncryptionHelper
    {
        public static byte[] AesEncrypt(byte[] data, out byte[] key, out byte[] iv)
        {
            if (data == null)
                throw new ArgumentNullException("No data to encrypt.");

            using (AesCryptoServiceProvider provider = new AesCryptoServiceProvider())
            {
                provider.GenerateKey();
                provider.GenerateIV();
                key = provider.Key;
                iv = provider.IV;
                return provider.CreateEncryptor().TransformFinalBlock(data, 0, data.Length);
            }
        }

        public static byte[] AesDecrypt(byte[] data, byte[] key, byte[] iv)
        {
            if (data == null)
                throw new ArgumentNullException("No data to encrypt.");

            using (AesCryptoServiceProvider provider = new AesCryptoServiceProvider())
            {
                provider.Key = key;
                provider.IV = iv;
                return provider.CreateDecryptor().TransformFinalBlock(data, 0, data.Length);
            }
        }

        public static byte[] RsaEncrypt(byte[] data, RSACryptoServiceProvider provider)
        {
            if (data == null)
                throw new ArgumentNullException("No data to encrypt.");

            return provider.Encrypt(data, false);
        }

        public static byte[] RsaDecrypt(byte[] data, RSACryptoServiceProvider provider)
        {
            if (data == null)
                throw new ArgumentNullException("No data to decrypt.");

            return provider.Decrypt(data, false);
        }

        public static X509Certificate2 GetCertificate(string subject,
            StoreLocation storeLocation, StoreName storeName = StoreName.My)
        {
            return GetCertificate(storeName, storeLocation, OpenFlags.ReadOnly,
                X509FindType.FindBySubjectDistinguishedName, subject);
        }

        private static X509Certificate2 GetCertificate(StoreName storeName, StoreLocation storeLocation,
            OpenFlags openFlags, X509FindType findType, string subject)
        {
            X509Store store = new X509Store(storeName, storeLocation);
            store.Open(openFlags);
            X509Certificate2Collection certs = store.Certificates.Find(findType, subject, false);
            if (certs.Count == 0)
                throw new FileNotFoundException("Certificate cannot be found.");
            else
                return certs[0];
        }
    }
}