I want to implement authenticated encryption using C#. There is a dot net class called encryptAndAuthenticate, but it is only supported on windows 8 or later, and I need the code to also work on windows 7. In other words, there is no built-in dot net library to do AES in GMC mode that works on windows 7 or earlier. So it looks like I have to use separate calls to the C# aes and hmac routines. Here is the pseudocode in my head. Am I planning this correctly?
Encryption:
- User supplies plaintext.
- User supplies password.
- CSPRNG generates 256-bit salt.
- Slow key derivation function on password and salt produces 640-bit output.
- First 256 bits of output becomes AES key.
- Next 128 bits of output becomes AES IV.
- Last 256 bits of output becomes HMAC-256 key.
- AES encrypt CBC mode using (plaintext, AES key, AES IV) to produce ciphertext.
- HMAC-SHA256 on IV||ciphertext (using HMAC-256 key) to produce MAC.
- Publicly store salt, ciphertext, and MAC.
Decryption:
- User retrieves salt, ciphertext, and MAC.
- Step 2 from above.
- Steps 4-7 from above.
- Step 9 from above.
- Compare calculated MAC to retrieved MAC.
- If different, abort and tell user decryption failed.
- If valid, AES decrypt CBC mode using (ciphertext, AES key, AES IV) to produce plaintext.
- Display plaintext to user.
