I would like to encrypt some data on the server, so if someone gets access to the database and the code base, the secret data will not be compromised.
It seems to me a good way to do this through cryptography with an elliptic curve.
I am wondering how to do this in Bouncy Castle ? I googled around and read some blog posts, but they generate non-string keys, and I'm not sure how to implement it with a password, and I don't want to be wrong.
Essentially, I would like something like this:
var privateKey = GetPrivateKey("secretpassword"); var publicKey = GetPublicKey(privateKey); string data = "secret data"; var encryptedData = encryptData(publicKey, data); string data2 = unencryptData(privateKey, data); Assert.AreEqual(data, data2);
This is my current job:
string password = "n55xSMb7J7n7K8zBRn"; // this will not be hardcoded in the application. It will come from a password prompt byte[] salt = ASCIIEncoding.UTF8.GetBytes(password + password); int iterations = 5; int keySizeInBits = 32; Pkcs5S2ParametersGenerator generator = new Pkcs5S2ParametersGenerator(new Sha256Digest()); generator.Init(PbeParametersGenerator.Pkcs5PasswordToUtf8Bytes(password.ToCharArray()), salt, iterations); KeyParameter key = (KeyParameter)generator.GenerateDerivedMacParameters(keySizeInBits); byte[] k = key.GetKey(); X9ECParameters ecP = Org.BouncyCastle.Asn1.Sec.SecNamedCurves.GetByName("secp256k1"); ECDomainParameters ecSpec = new ECDomainParameters(ecP.Curve, ecP.G, ecP.N, ecP.H, ecP.GetSeed()); IAsymmetricCipherKeyPairGenerator g = GeneratorUtilities.GetKeyPairGenerator("ECDSA"); g.Init(new ECKeyGenerationParameters(ecSpec, new SecureRandom(k))); AsymmetricCipherKeyPair aKeyPair = g.GenerateKeyPair(); AsymmetricKeyParameter privateK = aKeyPair.Private; AsymmetricKeyParameter publicK = aKeyPair.Public;
source share