search

memd24 / Blazor.SubtleCrypto

20 stars 5 forks source link

Parameter for key in encrypt and decrypt method #3

Closed madcoda9000 closed 1 year ago

madcoda9000 commented 2 years ago

Hello,

i am using your Library and it is working as expected. But i dont want to put my key in program.cs and i dont want to use a dynamic key.

As i am using a protected api in my project i want to fetch the key from my api and then pass it to the encrypt decrypt method in my wasm (client) project.

I am thinking of something like:

var key = await myservice.GetKeyAsync();
var encryptedString = await _crypt.EncryptAsync("my string to encrypt", key);
CryptoResult decryptedString = await _crypt.DecryptAsync(encryptedString, key);
key = null;

doing it this way i can store the key in the appsettings of the server project and it is not accessible through the browser.

Could that be a change you can think of?

From my view that would be awsome!

Many Thanks for your awsome work and wish you the best...

Sascha

madcoda9000 commented 2 years ago

Hello,

i did it by my self.. :-)

I did the following:

  1. remove nuget Blazor.SubtleCrypto dependency from my project
  2. grep a copy of your code
  3. add the Blazor.SubtleCrypto to my Project
  4. restore nuget dendencies for Blazor.SubtleCrypto
  5. add the following methods to the Interface of CryptoService.cs
/// <summary>
        /// Converts plaintext to a ciphertextby a given text and key
        /// </summary>
        /// <param name="text"></param>
        /// <param name="key"></param>
        /// <returns>An object with ciphertext, origin and secret data.</returns>
        public Task<CryptoResult> EncryptByKeyAsync(string text, string key);

/// <summary>
        /// Converts a ciphertext to plaintext by an key
        /// </summary>
        /// <param name="text"></param>
        /// <param name="key"></param>
        /// <returns>A decoded plaintext.</returns>
        public Task<string> DecryptByKeyAsync(string text, string key);
  1. add the following methods to CryptoService.cs
public async Task<CryptoResult> EncryptByKeyAsync(string text, string key)
        {
            this._Key = key;
            this._isGlobalKey = true;
            if (string.IsNullOrEmpty(text))
                return null;

            var taskItem = CreateItem(0, text, true, key);
            var result = await SubtleEncrypt(new List<CryptoResult> { taskItem });
            return result.Any() ? result[0] : null;
        }

public async Task<string> DecryptByKeyAsync(string text, string key)
        {
            this._Key = key;
            this._isGlobalKey = true;
            if (string.IsNullOrEmpty(text))
                return null;

            var taskItem = CreateItem(0, text, false, key);
            var result = await SubtleDecrypt(new List<CryptoResult> { taskItem });
            return result.Any() ? result[0] : null;

        }
  1. build Blazor.SubtleCrypto
  2. add a reference in my client project to Blazor.SubtleCrypto
  3. add the service to program.cs of my client project without providing a key
//add crypto service
builder.Services.AddSubtleCrypto();
  1. now i can use it like that
var res = await _secs.GetS();
        if (res!=null && res.Success && res.Data!=null) {

            parameters.Add("us", await _crypt.DecryptByKeyAsync(sec.S_Username, res.Data));
            parameters.Add("pw", await _crypt.DecryptByKeyAsync(sec.S_Password, res.Data));

            res = null;
        }

To me this has the following advantages:

  1. you can store the encryption key in the appsettings file of the server project. So it is not published.
  2. on App Installation / deployment you can define your own key as it is not hard coded in program.cs
  3. i can fetch the key by my secured api (i use Authorization fro my api)

Maybe it is something that you're interested too.

Wish you the best.