type Data = byte[]
let rsaKeySize = 2048
+ let aesKeySize = 128
/// Returns a cryptographically strong sequence of bytes.
let rand size : byte[] =
/// Generate a new RSA key pair: (public * private).
let generateRSAKeysPair : Key * Key =
use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.ToXmlString false, rsa.ToXmlString true
- finally
- rsa.PersistKeyInCsp <- false
+ rsa.ToXmlString false, rsa.ToXmlString true
let encryptRSA (publicKey: Key) (plaindata: Data) : Data =
use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.FromXmlString publicKey
- rsa.Encrypt (plaindata, false) // Uses PKCS#1 v1.5 padding.
- finally
- rsa.PersistKeyInCsp <- false
+ rsa.FromXmlString publicKey
+ rsa.Encrypt (plaindata, false) // Uses PKCS#1 v1.5 padding.
let decryptRSA (privateKey: Key) (cipherdata: Data) : Data =
use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.FromXmlString privateKey
- rsa.Decrypt (cipherdata, false) // Uses PKCS#1 v1.5 padding.
- finally
- rsa.PersistKeyInCsp <- false
+ rsa.FromXmlString privateKey
+ rsa.Decrypt (cipherdata, false) // Uses PKCS#1 v1.5 padding.
/// Produces a signature from a given hash.
let signRSA (privKey: Key) (sha256: Data) : Data =
use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.FromXmlString privKey
- rsa.SignHash (sha256, CryptoConfig.MapNameToOID "SHA256")
- finally
- rsa.PersistKeyInCsp <- false
+ rsa.FromXmlString privKey
+ rsa.SignHash (sha256, CryptoConfig.MapNameToOID "SHA256")
/// Verify a signature against a given hash.
let verifySignRSA (pubKey: Key) (sha256: Data) (signature: Data) : bool =
use rsa = new RSACryptoServiceProvider (rsaKeySize)
- try
- rsa.FromXmlString pubKey
- rsa.VerifyHash (sha256, CryptoConfig.MapNameToOID "SHA256", signature)
- finally
- rsa.PersistKeyInCsp <- false
+ rsa.FromXmlString pubKey
+ rsa.VerifyHash (sha256, CryptoConfig.MapNameToOID "SHA256", signature)
/// Returns an encrypted output stream.
let encryptAES (key: byte[]) (iv: byte[]) (outputStream: Stream) : CryptoStream =
- assert (key.Length = 32 && iv.Length = 16)
+ assert (key.Length = aesKeySize / 8 && iv.Length = 16)
use aes = new AesCryptoServiceProvider () // Default mode is CBC.
- aes.KeySize <- 256
+ aes.KeySize <- aesKeySize
let encryptor = aes.CreateEncryptor (key, iv)
new CryptoStream (outputStream, encryptor, CryptoStreamMode.Write)
/// Returns a decrypted input stream.
let decryptAES (key: byte[]) (iv: byte[]) (inputStream: Stream) : CryptoStream =
- assert (key.Length = 32 && iv.Length = 16)
+ assert (key.Length = aesKeySize / 8 && iv.Length = 16)
use aes = new AesCryptoServiceProvider ()
- aes.KeySize <- 256
+ aes.KeySize <- aesKeySize
let decryptor = aes.CreateDecryptor (key, iv)
new CryptoStream (inputStream, decryptor, CryptoStreamMode.Read)