Click or drag to resize

NeonVault Class

Manages the encryption and decryption of files using passwords. This works a lot like Ansible Vault.
Inheritance Hierarchy
SystemObject
  Neon.CryptographyNeonVault

Namespace:  Neon.Cryptography
Assembly:  Neon.Cryptography (in Neon.Cryptography.dll) Version: 2.1.0
Syntax
public class NeonVault

The NeonVault type exposes the following members.

Constructors
  NameDescription
Public methodNeonVault
Constructor.
Top
Properties
  NameDescription
Public propertyStatic memberMagicBytes
Returns MagicString encoded as a byte array for ease of use.
Top
Methods
  NameDescription
Public methodDecrypt(Stream)
Decrypts a stream to a byte array.
Public methodDecrypt(String)
Decrypts file to a byte array.
Public methodDecrypt(Stream, Stream)
Decrypts a stream to another stream.
Public methodDecrypt(String, Stream)
Decrypts a file to a stream.
Public methodDecrypt(String, String)
Decrypts a file to another file.
Public methodEncrypt(Stream, String)
Encrypts a stream to a byte array.
Public methodEncrypt(String, String)
Encrypts a file to a byte array.
Public methodEncrypt(Stream, Stream, String)
Encrypts a stream to another stream.
Public methodEncrypt(Stream, String, String)
Encrypts a stream to a file.
Public methodEncrypt(String, String, String)
Encrypts a file to another file.
Public methodEquals
Determines whether the specified object is equal to the current object.
(Inherited from Object.)
Protected methodFinalize
Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.
(Inherited from Object.)
Public methodGetHashCode
Serves as the default hash function.
(Inherited from Object.)
Public methodGetType
Gets the Type of the current instance.
(Inherited from Object.)
Public methodStatic memberIsEncrypted(Stream)
Determines if a stream is encrypted via NeonVault.
Public methodStatic memberIsEncrypted(String)
Determines if a file is encrypted via NeonVault.
Public methodStatic memberIsEncrypted(Stream, String)
Determines if a stream is encrypted via NeonVault and returns the name of the password used.
Public methodStatic memberIsEncrypted(String, String)
Determines if a file is encrypted via NeonVault and returns the name of the password used.
Protected methodMemberwiseClone
Creates a shallow copy of the current Object.
(Inherited from Object.)
Public methodToString
Returns a string that represents the current object.
(Inherited from Object.)
Public methodStatic memberValidatePasswordName
Ensures that a password name is valid.
Top
Fields
  NameDescription
Public fieldStatic memberMagicString
The string at the beginning of all files encrypted by NeonVault. This is used to identify these files.
Top
Remarks

This class works by using AesCipher with a 256-bit key to encrypt and decrypt files using a Neon standard ASCII text file format. This encryption is performed using the value of a named password as the encryption key. The class depends on a password provider function like string LookupPassword(string) that will return the value for a named password.

The idea here is that applications will define one or more named passwords like: mypassword1=GU6qc2vsJgmCWmdL and mypassword2=GBRDUqsX3GSKJ2af and then implement a password provider that returns the value of a password based on its name. You'll pass this provider to the NeonVault constructor.

Note Note
Password names are case insensitive and will always be converted to lowercase using the invariant culture. Password names may include alphanumeric characters plus dashs, dots, or underscores.

Password providers should throw an exception whenever the named password cannot be located. Most providers will throw a KeyNotFoundException when this happens.

Encrypted files are encoded as ASCII and are formatted like:

$NEON_VAULT;4C823A36774CA4AC760F31DD8ABE7BD3;1.0;AES256;PASSWORD-NAME
4c5330744c5331435255644a5469424452564a5553555a4a51304655525330744c533074436b314a
53554e3552454e4451574a445a30463353554a425a306c4351555242546b4a6e6133466f61326c48
4f586377516b465263305a425245465754564a4e64305652575552575556464552586477636d5258
536d774b5932303162475248566e704e516a5259524652464e5531455358644e616b557954587072
4d4535736231684556456b3154555246656b314552544a4e656d7377546d787664305a555256524e
516b564851544656525170426545314c59544e5761567059536e566157464a735933704451304654
5358644555566c4b53323961535768325930354255555643516c46425247646e5256424252454e44
515646765132646e52554a42536d6c50436c6b345a45395163324a454f466379526c6b30566a5274
595570584d323032634452714e5467314e7a4131627a4e47527a6859564730724e33686957465130
546b68775645686d646e686161584e685a6e6f304f54414b4c325a6a53454d32546b4d3464697445
4e7a5a355931685156564a3164576f724f56646e51335133555670735a574d7954474a364b7a5a6f
55466f7a4c32347962544e7a51573952536c527253574e7565485172625170575458527157554d35
57573970633145305a453877634646444c3141784d6d4d7951586c46515663334d314a4555314256
526e597a555770365a47777255577052564556784b3068305257704a52544659626b4a70436e4a42
563078334d323872656d5a4f4e30684559555534596d7061636a4a765a7a687459574a454e566444
4c30395656

The first line of the file holds metadata that is used to identify encrypted files and also to identify the encryption method and name of the password to be used for decryption. The remaining lines encode the encrypted AesCipher output encoded as 80 character lines of HEX digits.

This class considers files starting $NEON_VAULT;4C823A36774CA4AC760F31DD8ABE7BD3 to be encrypted. This essentially acts as a very unique magic number. This is followed by the NeonVault format version (currently 1.0), the encryption cypher (currently AES256), and the name of the password that was used for encryption.

The decrypt methods are smart enough to determine whether a file is not encrypted and simply write the unencrypted data to the target. This means that you can safely call these methods on unencrypted data.

This class provides several methods to encrypt and decrypt data given a password.

Note Note
Source Stream instances passed to encryption and decryption methods must support reading and seeking and target Stream instances must support writing as well as reading and seeking to support HMAC signatures.
See Also