Click or drag to resize

NeonVault Class

Manages the encryption and decryption of files using passwords. This works a lot like Ansible Vault.
Inheritance Hierarchy

Namespace:  Neon.Cryptography
Assembly:  Neon.Cryptography (in Neon.Cryptography.dll) Version: 1.2.2
public class NeonVault

The NeonVault type exposes the following members.

Public methodNeonVault
Public propertyStatic memberMagicBytes
Returns MagicString encoded as a byte array for ease of use.
Public methodDecrypt(Stream)
Decrypts a stream to a byte array.
Public methodDecrypt(String)
Decrypts file to a byte array.
Public methodDecrypt(Stream, Stream)
Decrypts a stream to another stream.
Public methodDecrypt(String, Stream)
Decrypts a file to a stream.
Public methodDecrypt(String, String)
Decrypts a file to another file.
Public methodEncrypt(Stream, String)
Encrypts a stream to a byte array.
Public methodEncrypt(String, String)
Encrypts a file to a byte array.
Public methodEncrypt(Stream, Stream, String)
Encrypts a stream to another stream.
Public methodEncrypt(Stream, String, String)
Encrypts a stream to a file.
Public methodEncrypt(String, String, String)
Encrypts a file to another file.
Public methodEquals
Determines whether the specified object is equal to the current object.
(Inherited from Object.)
Protected methodFinalize
Allows an object to try to free resources and perform other cleanup operations before it is reclaimed by garbage collection.
(Inherited from Object.)
Public methodGetHashCode
Serves as the default hash function.
(Inherited from Object.)
Public methodGetType
Gets the Type of the current instance.
(Inherited from Object.)
Public methodStatic memberIsEncrypted(Stream)
Determines if a stream is encrypted via NeonVault.
Public methodStatic memberIsEncrypted(String)
Determines if a file is encrypted via NeonVault.
Public methodStatic memberIsEncrypted(Stream, String)
Determines if a stream is encrypted via NeonVault and returns the name of the password used.
Public methodStatic memberIsEncrypted(String, String)
Determines if a file is encrypted via NeonVault and returns the name of the password used.
Protected methodMemberwiseClone
Creates a shallow copy of the current Object.
(Inherited from Object.)
Public methodToString
Returns a string that represents the current object.
(Inherited from Object.)
Public methodStatic memberValidatePasswordName
Ensures that a password name is valid.
Public fieldStatic memberMagicString
The string at the beginning of all files encrypted by NeonVault. This is used to identify these files.

This class works by using AesCipher with a 256-bit key to encrypt and decrypt files using a Neon standard ASCII text file format. This encryption is performed using the value of a named password as the encryption key. The class depends on a password provider function like string LookupPassword(string) that will return the value for a named password.

The idea here is that applications will define one or more named passwords like: mypassword1=GU6qc2vsJgmCWmdL and mypassword2=GBRDUqsX3GSKJ2af and then implement a password provider that returns the value of a password based on its name. You'll pass this provider to the NeonVault constructor.

Note Note
Password names are case insensitive and will always be converted to lowercase using the invariant culture. Password names may include alphanumeric characters plus dashs, dots, or underscores.

Password providers should throw an exception whenever the named password cannot be located. Most providers will throw a KeyNotFoundException when this happens.

Encrypted files are encoded as ASCII and are formatted like:


The first line of the file holds metadata that is used to identify encrypted files and also to identify the encryption method and name of the password to be used for decryption. The remaining lines encode the encrypted AesCipher output encoded as 80 character lines of HEX digits.

This class considers files starting $NEON_VAULT;4C823A36774CA4AC760F31DD8ABE7BD3 to be encrypted. This essentially acts as a very unique magic number. This is followed by the NeonVault format version (currently 1.0), the encryption cypher (currently AES256), and the name of the password that was used for encryption.

The decrypt methods are smart enough to determine whether a file is not encrypted and simply write the unencrypted data to the target. This means that you can safely call these methods on unencrypted data.

This class provides several methods to encrypt and decrypt data given a password.

Note Note
Source Stream instances passed to encryption and decryption methods must support reading and seeking and target Stream instances must support writing as well as reading and seeking to support HMAC signatures.
See Also