using System.Security.Cryptography; using System.Text; using Purrse.Core.Interfaces.Services; namespace Purrse.Api.Services; public class EncryptionService : IEncryptionService { private readonly byte[] _key; public EncryptionService(IConfiguration configuration) { var keyString = configuration["BankSync:EncryptionKey"] ?? throw new InvalidOperationException("BankSync:EncryptionKey is not configured"); _key = SHA256.HashData(Encoding.UTF8.GetBytes(keyString)); } public string Encrypt(string plainText) { using var aes = Aes.Create(); aes.Key = _key; aes.GenerateIV(); using var encryptor = aes.CreateEncryptor(); var plainBytes = Encoding.UTF8.GetBytes(plainText); var cipherBytes = encryptor.TransformFinalBlock(plainBytes, 0, plainBytes.Length); // Prepend IV to ciphertext var result = new byte[aes.IV.Length + cipherBytes.Length]; Buffer.BlockCopy(aes.IV, 0, result, 0, aes.IV.Length); Buffer.BlockCopy(cipherBytes, 0, result, aes.IV.Length, cipherBytes.Length); return Convert.ToBase64String(result); } public string Decrypt(string cipherText) { var fullCipher = Convert.FromBase64String(cipherText); using var aes = Aes.Create(); aes.Key = _key; var iv = new byte[aes.BlockSize / 8]; var cipher = new byte[fullCipher.Length - iv.Length]; Buffer.BlockCopy(fullCipher, 0, iv, 0, iv.Length); Buffer.BlockCopy(fullCipher, iv.Length, cipher, 0, cipher.Length); aes.IV = iv; using var decryptor = aes.CreateDecryptor(); var plainBytes = decryptor.TransformFinalBlock(cipher, 0, cipher.Length); return Encoding.UTF8.GetString(plainBytes); } }