diff --git a/EduNetworkBuilder/PersonClass.cs b/EduNetworkBuilder/PersonClass.cs
index 09d9ed9..ed464a3 100644
--- a/EduNetworkBuilder/PersonClass.cs
+++ b/EduNetworkBuilder/PersonClass.cs
@@ -7,6 +7,8 @@ using System.Xml;
using System.IO;
using System.Windows.Forms;
using System.Drawing;
+using System.Security.Cryptography;
+using System.Security.Cryptography.Xml;
namespace EduNetworkBuilder
{
@@ -30,7 +32,7 @@ namespace EduNetworkBuilder
/// </summary>
public string FullName = "";
- List<string> Passwords = new List<string>();
+ string Password = "";
string PasswordHint = "";
/// <summary>
@@ -79,22 +81,9 @@ namespace EduNetworkBuilder
}
- public string Password(int index = 0)
- {
- if (Passwords.Count == 0) return "";
- if (index < 0) return "";
- if (index >= Passwords.Count) return "";
- return Passwords[index];
- }
-
public void ChangePassword(string NewPassword)
{
- Passwords.Insert(0, NewPassword);
- int maxPWs = 1;
- if (isAdmin)
- maxPWs = 10; //Admins store the last 10 passwords. If the admin changed his PW, we still need to decrypt the student's files
- for (int a = Passwords.Count - 1; a >= maxPWs; a--)
- Passwords.RemoveAt(a); //Remove all but the one password
+ Password = NewPassword;
}
#region Load and Save
@@ -149,7 +138,7 @@ namespace EduNetworkBuilder
ChangePassAtFirstLogin = changepw;
break;
case "password":
- Passwords.Add(Individual.InnerText);
+ Password = Individual.InnerText;
break;
case "settings":
UserSettings = NB.Deserialize<NBSettings>(Individual.InnerText);
@@ -198,7 +187,12 @@ namespace EduNetworkBuilder
writer.WriteEndElement();
writer.WriteEndDocument();
}
- doc.Save(filename);
+ if(TryToEncrypt(doc) != null)
+ doc.Save(filename);
+ else
+ {
+ //We should blow up gracefully. Not sure why we failed.
+ }
}
@@ -222,8 +216,7 @@ namespace EduNetworkBuilder
string settingsstring = NB.SerializeObject<NBSettings>(UserSettings);
writer.WriteElementString("Settings", settingsstring);
- foreach(string One in Passwords)
- writer.WriteElementString("Password", One);
+ writer.WriteElementString("Password", Password);
foreach (PersonClass PC in Students)
PC.Save(writer, true); //Save as a student entry
//Save all the devices
@@ -233,6 +226,43 @@ namespace EduNetworkBuilder
}
writer.WriteEndElement();
}
+
+ private XmlDocument TryToEncrypt(XmlDocument What)
+ {
+ string UserPassword = UserName + Password;
+ if (UserPassword == "") return null; //This should never happen
+ string salt = TrippleDESDocumentEncryption.GenSalt(NB.GetRandom());
+
+ TripleDES tDESkey = TrippleDESDocumentEncryption.GenKey(UserPassword, salt);
+ TrippleDESDocumentEncryption xmlTDES = new TrippleDESDocumentEncryption(What, tDESkey);
+
+ try
+ {
+ // Encrypt the "user" element.
+ xmlTDES.Encrypt("User");
+ //make the entries for the key
+ XmlNode tNode = xmlTDES.Doc.CreateElement("EncryptedKey");
+ tNode.InnerText = UserPassword;
+ XmlElement inputElement = xmlTDES.Doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;
+ xmlTDES.Doc.DocumentElement.InsertAfter(tNode, inputElement);
+
+ //add the salt
+ tNode = xmlTDES.Doc.CreateElement("Salt");
+ tNode.InnerText = salt;
+ xmlTDES.Doc.DocumentElement.InsertAfter(tNode, inputElement);
+
+ //encrypt the user key with the admin key
+ xmlTDES.SetKey(AltPassword, salt);
+ xmlTDES.Encrypt("EncryptedKey");
+
+ }
+ catch (Exception e)
+ {
+ Console.WriteLine(e.Message);
+ return null;
+ }
+ return xmlTDES.Doc;
+ }
#endregion
public bool AddHomework(SchoolworkClass ToAdd)