I would like to store user's profile data locally but would like to encrypt it using user's own ID and password. This way only when the same user logs back in can, she can decrypt her profile. Please find below steps I am using to encrypt on fetching data for first time and then decrypt on subsequent user login.
However, my attempt at it using code seen below is not working. I am able to encrypt and decrypt back same data. But decryption logic successfully returns data irrespective of which password I use.
The encryption algorithm arbitrarily chosen from the list available with Windows Runtime @ https://msdn.microsoft.com/en-us/library/windows/apps/windows.security.cryptography.core.symmetrickeyalgorithmprovider.openalgorithm.aspx
Encryption
Encrypt user profile data using key generated using an serialized object containing User ID and password.
- get buffer for original data
- get buffer for serialized User ID and Password object
- get a symmetric key using AES_ECB_PKCS7 algorithm
- encrypt the buffered data using obtained symmetric key
var bufferResponseObj = Windows.Security.Cryptography.CryptographicBuffer.convertStringToBinary(data, Windows.Security.Cryptography.BinaryStringEncoding.utf8);
var bufferTokenObj = Windows.Security.Cryptography.CryptographicBuffer.convertStringToBinary(JSON.stringify({UID:"abc",PWD:"abc"}), Windows.Security.Cryptography.BinaryStringEncoding.utf8);
var cryptographicKey = Windows.Security.Cryptography.Core.SymmetricKeyAlgorithmProvider.openAlgorithm(Windows.Security.Cryptography.Core.SymmetricAlgorithmNames.aesEcbPkcs7).createSymmetricKey(bufferTokenObj);
var encryptedBufferData = Windows.Security.Cryptography.Core.CryptographicEngine.encrypt(cryptographicKey, bufferResponseObj, null);
var hexProtectedData = Windows.Security.Cryptography.CryptographicBuffer.encodeToHexString(encryptedBufferData);
Decryption
Decrypt the user profile data using key generated again using new object containing User ID and password.
- get buffer for serialized User ID and Password object
- get a new symmetric key again using AES_ECB_PKCS7 algorithm using
- get buffer for encrypted data
- decrypt the encrypted buffer data
var bufferTokenObj = Windows.Security.Cryptography.CryptographicBuffer.convertStringToBinary(JSON.stringify({UID:"abc",PWD:"def"}), Windows.Security.Cryptography.BinaryStringEncoding.utf8);
var cryptographicKey = Windows.Security.Cryptography.Core.SymmetricKeyAlgorithmProvider.openAlgorithm(Windows.Security.Cryptography.Core.SymmetricAlgorithmNames.aesEcbPkcs7).createSymmetricKey(bufferTokenObj);
var protectedData = Windows.Security.Cryptography.CryptographicBuffer.decodeFromHexString(encryptedData);
var decryptedBufferData = Windows.Security.Cryptography.Core.CryptographicEngine.decrypt(cryptographicKey, protectedData, null)
var decodedResponseObj = Windows.Security.Cryptography.CryptographicBuffer.convertBinaryToString(Windows.Security.Cryptography.BinaryStringEncoding.utf8, decryptedBufferData);
