encryption of files and web.config
TRANSCRIPT
Encryption of FILES & WEB.CONFIG sections
Introduction
This article demonstrates how to use C# to encrypt and decrypt files of any type.
Background
Recently I needed to find a simple to way to encrypt and decrypt a file of any type (I actually needed to encrypt image and text files) and any size. I found hundreds of examples on the web, many of which just plain didn't work, or threw errors on certain file types.
Eventually I put together the following two methods using the Rijndael encryption algorithm, they simply require that you pass them the full path to the original and target files. They both require the System.Security, System.Security.Cryptography, System.Runtime.InteropServices and System.Text.RegularExpressions namespaces.
Unfortunately, as I looked at so many examples on the web and actually did all this a while ago, I do not remember which bits of code were orginally written by who. So if you recognise some of it, many thanks, leave a comment below so that your work doesn't go unrecognised.
Using the code
There are two methods: encryptFile and decryptFile. They both require that you pass in the filenames and paths of the source and destination files as strings. It is important that the user has the necessary files rights to create the encrypted file.
Collapse
Collapse Copy Code ///<summary> /// Steve Lydford - 12/05/2008. /// /// Encrypts a file using Rijndael algorithm. ///</summary> ///<param name="inputFile"></param> ///<param name="outputFile"></param> private void EncryptFile(string inputFile, string outputFile) { try { string password = @"myKey123"; // Your Key Here UnicodeEncoding UE = new UnicodeEncoding(); byte[] key = UE.GetBytes(password); string cryptFile = outputFile; FileStream fsCrypt = new FileStream(cryptFile, FileMode.Create);
RijndaelManaged RMCrypto = new RijndaelManaged(); CryptoStream cs = new CryptoStream(fsCrypt, RMCrypto.CreateEncryptor(key, key), CryptoStreamMode.Write); FileStream fsIn = new FileStream(inputFile, FileMode.Open); int data; while ((data = fsIn.ReadByte()) != -1) cs.WriteByte((byte)data); fsIn.Close(); cs.Close(); fsCrypt.Close(); } catch { MessageBox.Show("Encryption failed!", "Error"); } } ///<summary> /// Steve Lydford - 12/05/2008. /// /// Decrypts a file using Rijndael algorithm. ///</summary> ///<param name="inputFile"></param> ///<param name="outputFile"></param> private void DecryptFile(string inputFile, string outputFile) { { string password = @"myKey123"; // Your Key Here UnicodeEncoding UE = new UnicodeEncoding(); byte[] key = UE.GetBytes(password); FileStream fsCrypt = new FileStream(inputFile, FileMode.Open); RijndaelManaged RMCrypto = new RijndaelManaged(); CryptoStream cs = new CryptoStream(fsCrypt, RMCrypto.CreateDecryptor(key, key), CryptoStreamMode.Read); FileStream fsOut = new FileStream(outputFile, FileMode.Create); int data; while ((data = cs.ReadByte()) != -1) fsOut.WriteByte((byte)data); fsOut.Close(); cs.Close(); fsCrypt.Close(); } }
RijndaelManaged Classusing System;using System.Security.Cryptography;using System.Text;using System.IO;
class RijndaelSample{
static void Main() { try { // Create a new Rijndael object to generate a key // and initialization vector (IV). Rijndael RijndaelAlg = Rijndael.Create();
// Create a string to encrypt. string sData = "Here is some data to encrypt."; string FileName = "CText.txt";
// Encrypt text to a file using the file name, key, and IV. EncryptTextToFile(sData, FileName, RijndaelAlg.Key, RijndaelAlg.IV);
// Decrypt the text from a file using the file name, key, and IV. string Final = DecryptTextFromFile(FileName, RijndaelAlg.Key, RijndaelAlg.IV);
// Display the decrypted string to the console. Console.WriteLine(Final); } catch (Exception e) { Console.WriteLine(e.Message); }
Console.ReadLine(); }
public static void EncryptTextToFile(String Data, String FileName, byte[] Key, byte[] IV) { try { // Create or open the specified file. FileStream fStream = File.Open(FileName, FileMode.OpenOrCreate);
// Create a new Rijndael object. Rijndael RijndaelAlg = Rijndael.Create();
// Create a CryptoStream using the FileStream
// and the passed key and initialization vector (IV). CryptoStream cStream = new CryptoStream(fStream, RijndaelAlg.CreateEncryptor(Key, IV), CryptoStreamMode.Write);
// Create a StreamWriter using the CryptoStream. StreamWriter sWriter = new StreamWriter(cStream);
try { // Write the data to the stream // to encrypt it. sWriter.WriteLine(Data); } catch (Exception e) { Console.WriteLine("An error occurred: {0}", e.Message); } finally { // Close the streams and // close the file. sWriter.Close(); cStream.Close(); fStream.Close(); } } catch (CryptographicException e) { Console.WriteLine("A Cryptographic error occurred: {0}", e.Message); } catch (UnauthorizedAccessException e) { Console.WriteLine("A file error occurred: {0}", e.Message); }
}
public static string DecryptTextFromFile(String FileName, byte[] Key, byte[] IV) { try { // Create or open the specified file. FileStream fStream = File.Open(FileName, FileMode.OpenOrCreate);
// Create a new Rijndael object. Rijndael RijndaelAlg = Rijndael.Create();
// Create a CryptoStream using the FileStream // and the passed key and initialization vector (IV). CryptoStream cStream = new CryptoStream(fStream, RijndaelAlg.CreateDecryptor(Key, IV), CryptoStreamMode.Read);
// Create a StreamReader using the CryptoStream.
StreamReader sReader = new StreamReader(cStream);
string val = null;
try { // Read the data from the stream // to decrypt it. val = sReader.ReadLine();
} catch (Exception e) { Console.WriteLine("An error occurred: {0}", e.Message); } finally {
// Close the streams and // close the file. sReader.Close(); cStream.Close(); fStream.Close(); }
// Return the string. return val; } catch (CryptographicException e) { Console.WriteLine("A Cryptographic error occurred: {0}", e.Message); return null; } catch (UnauthorizedAccessException e) { Console.WriteLine("A file error occurred: {0}", e.Message); return null; } }}
ENCRYPT WEB.CONFIG SECTION
using System;using System.Data;using System.Configuration;using System.Collections;using System.Web;using System.Web.Security;using System.Web.UI;using System.Web.UI.WebControls;using System.Web.UI.WebControls.WebParts;using System.Web.UI.HtmlControls;using System.Security.Cryptography;using System.Web.Configuration;using System.IO;
public partial class Default2 : System.Web.UI.Page{ string provider = "RSAProtectedConfigurationProvider"; string section = "connectionStrings"; protected void Page_Load(object sender, EventArgs e) {
} protected void Button2_Click(object sender, EventArgs e) { Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection confStrSect = confg.GetSection(section);
if (confStrSect != null) { confStrSect.SectionInformation.ProtectSection(provider); confg.Save(); } }protected void Button1_Click(object sender, EventArgs e){ Configuration confg = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath); ConfigurationSection confStrSect = confg.GetSection(section); if (confStrSect != null && confStrSect.SectionInformation.IsProtected) { confStrSect.SectionInformation.UnprotectSection(); confg.Save(); }}}
ANOTHER METHOD
The classes that derive from the SymmetricAlgorithm class use a chaining mode called cipher block chaining (CBC), which requires a key (Key) and an initialization vector (IV) to perform cryptographic transformations on data. To decrypt data that was encrypted using one of the SymmetricAlgorithm classes, you must set the Key property and the IV property to the same values that were used for encryption. For a symmetric algorithm to be useful, the secret key must be known only to the sender and the receiver.
RijndaelManaged, DESCryptoServiceProvider, RC2CryptoServiceProvider, and TripleDESCryptoServiceProvider are implementations of symmetric algorithms.
Note that when using derived classes, it is not enough, from a security perspective, to simply force a garbage collection after you have finished using the object. You must explicitly call the Clear method on the object to zero out any sensitive data within the object before it is released. Note that garbage collection does not zero out the contents of collected objects but simply marks the memory as available for reallocation. Thus the data contained within a garbage collected object may still be present in the memory heap in unallocated memory. In the case of cryptographic objects, this data could contain sensitive information such as key data or a block of plain text.
All cryptographic classes in the .NET Framework that hold sensitive data implement a Clear method. When called, the Clear method overwrites all sensitive data within the object with zeros and then releases the object so that it can be safely garbage collected. When the object has been zeroed and released, you should then call the Dispose method with the disposing parameter set to True to dispose of all managed and unmanaged resources associated with the object.
Notes to Inheritors:
When you inherit from the SymmetricAlgorithm class, you must override the following members: CreateDecryptor, CreateEncryptor, GenerateIV, and GenerateKey.
private static void EncryptData(String inName, String outName, byte[] rijnKey, byte[] rijnIV) { //Create the file streams to handle the input and output files. FileStream fin = new FileStream(inName, FileMode.Open, FileAccess.Read); FileStream fout = new FileStream(outName, FileMode.OpenOrCreate, FileAccess.Write); fout.SetLength(0);
//Create variables to help with read and write. byte[] bin = new byte[100]; //This is intermediate storage for the encryption. long rdlen = 0; //This is the total number of bytes written. long totlen = fin.Length; //This is the total length of the input file.
int len; //This is the number of bytes to be written at a time.
SymmetricAlgorithm rijn = SymmetricAlgorithm.Create(); //Creates the default implementation, which is RijndaelManaged. CryptoStream encStream = new CryptoStream(fout, rijn.CreateEncryptor(rijnKey, rijnIV), CryptoStreamMode.Write);
Console.WriteLine("Encrypting...");
//Read from the input file, then encrypt and write to the output file. while(rdlen < totlen) { len = fin.Read(bin, 0, 100); encStream.Write(bin, 0, len); rdlen = rdlen + len; Console.WriteLine("{0} bytes processed", rdlen); }
encStream.Close(); fout.Close(); fin.Close(); }
System.Security.Cryptography Namespace
The System.Security.Cryptography namespace provides cryptographic services, including secure encoding and decoding of data, as well as many other operations, such as hashing, random number generation, and message authentication. For more information, see Cryptographic Services.
Class Description
AesRepresents the abstract base class from which all implementations of the Advanced Encryption Standard (AES) must inherit.
AesCryptoServiceProvider
Performs symmetric encryption and decryption using the Cryptographic Application Programming Interfaces (CAPI) implementation of the Advanced Encryption Standard (AES) algorithm.
AesManagedProvides a managed implementation of the Advanced Encryption Standard (AES) symmetric algorithm.
AsnEncodedDataRepresents Abstract Syntax Notation One (ASN.1)-encoded data.
AsnEncodedDataCollectionRepresents a collection of AsnEncodedData objects. This class cannot be inherited.
AsnEncodedDataEnumeratorProvides the ability to navigate through an AsnEncodedDataCollection object. This class cannot be inherited.
AsymmetricAlgorithmRepresents the abstract base class from which all implementations of asymmetric algorithms must inherit.
AsymmetricKeyExchangeDeformatterRepresents the base class from which all asymmetric key exchange deformatters derive.
AsymmetricKeyExchangeFormatterRepresents the base class from which all asymmetric key exchange formatters derive.
AsymmetricSignatureDeformatterRepresents the abstract base class from which all implementations of asymmetric signature deformatters derive.
AsymmetricSignatureFormatterRepresents the base class from which all implementations of asymmetric signature formatters derive.
CngAlgorithm Encapsulates the name of an encryption algorithm.
CngAlgorithmGroupEncapsulates the name of an encryption algorithm group.
CngKeyDefines the core functionality for keys that are used with Cryptography Next Generation (CNG) objects.
CngKeyBlobFormatSpecifies a key BLOB format for use with Microsoft Cryptography Next Generation (CNG) objects.
CngKeyCreationParameters Contains advanced properties for key creation.
CngPropertyCollectionProvides a strongly typed collection of Cryptography Next Generation (CNG) properties.
CngProviderEncapsulates the name of a key storage provider (KSP) for use with Cryptography Next Generation (CNG) objects.
CngUIPolicy
Encapsulates optional configuration parameters for the user interface (UI) that Cryptography Next Generation (CNG) displays when you access a protected key.
CryptoAPITransformPerforms a cryptographic transformation of data. This class cannot be inherited.
CryptoConfig Accesses the cryptography configuration information.
CryptographicAttributeObjectContains a type and a collection of values associated with that type.
CryptographicAttributeObjectCollectionContains a set of CryptographicAttributeObject objects.
CryptographicAttributeObjectEnumeratorProvides enumeration functionality for the CryptographicAttributeObjectCollection collection. This class cannot be inherited.
CryptographicExceptionThe exception that is thrown when an error occurs during a cryptographic operation.
CryptographicUnexpectedOperationExceptionThe exception that is thrown when an unexpected operation occurs during a cryptographic operation.
CryptoStreamDefines a stream that links data streams to cryptographic transformations.
CspKeyContainerInfoProvides additional information about a cryptographic key pair. This class cannot be inherited.
CspParameters
Contains parameters that are passed to the cryptographic service provider (CSP) that performs cryptographic computations. This class cannot be inherited.
DeriveBytesRepresents the abstract base class from which all classes that derive byte sequences of a specified length inherit.
DESRepresents the base class for the Data Encryption Standard (DES) algorithm from which all DES implementations must derive.
DESCryptoServiceProvider
Defines a wrapper object to access the cryptographic service provider (CSP) version of the Data Encryption Standard (DES) algorithm. This class cannot be inherited.
DSARepresents the abstract base class from which all implementations of the Digital Signature Algorithm (DSA) must inherit.
DSACryptoServiceProviderDefines a wrapper object to access the cryptographic service provider (CSP) implementation of the DSA algorithm. This class cannot be inherited.
DSASignatureDeformatterVerifies a Digital Signature Algorithm (DSA) PKCS#1 v1.5 signature.
DSASignatureFormatter Creates a Digital Signature Algorithm (DSA) signature.
ECDiffieHellman
Provides an abstract base class that Elliptic Curve Diffie-Hellman (ECDH) algorithm implementations can derive from. This class provides the basic set of operations that all ECDH implementations must support.
ECDiffieHellmanCng
Provides a Cryptography Next Generation (CNG) implementation of the Elliptic Curve Diffie-Hellman (ECDH) algorithm. This class is used to perform cryptographic operations.
ECDiffieHellmanCngPublicKeySpecifies an Elliptic Curve Diffie-Hellman (ECDH) public key for use with the ECDiffieHellmanCng class.
ECDiffieHellmanPublicKeyProvides an abstract base class from which all ECDiffieHellmanCngPublicKey implementations must inherit.
ECDsaProvides an abstract base class that encapsulates the Elliptic Curve Digital Signature Algorithm (ECDSA).
ECDsaCngProvides a Cryptography Next Generation (CNG) implementation of the Elliptic Curve Digital Signature Algorithm (ECDSA).
FromBase64Transform Converts a CryptoStream from base 64.
HashAlgorithmRepresents the base class from which all implementations of cryptographic hash algorithms must derive.
HMACRepresents the abstract class from which all implementations of Hash-based Message Authentication Code (HMAC) must derive.
HMACMD5Computes a Hash-based Message Authentication Code (HMAC) using the MD5 hash function.
HMACRIPEMD160Computes a Hash-based Message Authentication Code (HMAC) using the RIPEMD160 hash function.
HMACSHA1Computes a Hash-based Message Authentication Code (HMAC) using the SHA1 hash function.
HMACSHA256Computes a Hash-based Message Authentication Code (HMAC) using the SHA256 hash function.
HMACSHA384Computes a Hash-based Message Authentication Code (HMAC) using the SHA384 hash function.
HMACSHA512Computes a Hash-based Message Authentication Code (HMAC) using the SHA512 hash function.
KeyedHashAlgorithmRepresents the abstract class from which all implementations of keyed hash algorithms must derive.
KeySizesDetermines the set of valid key sizes for the symmetric cryptographic algorithms.
MACTripleDESComputes a Message Authentication Code (MAC) using TripleDES for the input data CryptoStream.
ManifestSignatureInformation Provides information for a manifest signature.
ManifestSignatureInformationCollectionRepresents a read-only collection of ManifestSignatureInformation objects.
MaskGenerationMethodRepresents the abstract class from which all mask generator algorithms must derive.
MD5Represents the abstract class from which all implementations of the MD5 hash algorithm inherit.
MD5CngProvides a CNG (Cryptography Next Generation) implementation of the MD5 (Message Digest 5) 128-bit hashing algorithm.
MD5CryptoServiceProvider
Computes the MD5 hash value for the input data using the implementation provided by the cryptographic service provider (CSP). This class cannot be inherited.
OidRepresents a cryptographic object identifier. This class cannot be inherited.
OidCollectionRepresents a collection of Oid objects. This class cannot be inherited.
OidEnumeratorProvides the ability to navigate through an OidCollection object. This class cannot be inherited.
PasswordDeriveBytesDerives a key from a password using an extension of the PBKDF1 algorithm.
PKCS1MaskGenerationMethodComputes masks according to PKCS #1 for use by key exchange algorithms.
ProtectedDataProvides methods for protecting and unprotecting data. This class cannot be inherited.
ProtectedMemoryProvides methods for protecting and unprotecting memory. This class cannot be inherited.
RandomNumberGeneratorRepresents the abstract class from which all implementations of cryptographic random number generators derive.
RC2Represents the base class from which all implementations of the RC2 algorithm must derive.
RC2CryptoServiceProviderDefines a wrapper object to access the cryptographic service provider (CSP) implementation of the RC2 algorithm. This class cannot be inherited.
Rfc2898DeriveBytesImplements password-based key derivation functionality, PBKDF2, by using a pseudo-random number generator based on HMACSHA1.
RijndaelRepresents the base class from which all implementations of the Rijndael symmetric encryption algorithm must inherit.
RijndaelManagedAccesses the managed version of the Rijndael algorithm. This class cannot be inherited.
RijndaelManagedTransformPerforms a cryptographic transformation of data using the Rijndael algorithm. This class cannot be inherited.
RIPEMD160Represents the abstract class from which all implementations of the MD160 hash algorithm inherit.
RIPEMD160ManagedComputes the RIPEMD160 hash for the input data using the managed library.
RNGCryptoServiceProvider
Implements a cryptographic Random Number Generator (RNG) using the implementation provided by the cryptographic service provider (CSP). This class cannot be inherited.
RSARepresents the base class from which all implementations of the RSA algorithm inherit.
RSACryptoServiceProvider
Performs asymmetric encryption and decryption using the implementation of the RSA algorithm provided by the cryptographic service provider (CSP). This class cannot be inherited.
RSAOAEPKeyExchangeDeformatterDecrypts Optimal Asymmetric Encryption Padding (OAEP) key exchange data.
RSAOAEPKeyExchangeFormatterCreates Optimal Asymmetric Encryption Padding (OAEP) key exchange data using RSA.
RSAPKCS1KeyExchangeDeformatter Decrypts the PKCS #1 key exchange data.
RSAPKCS1KeyExchangeFormatter Creates the PKCS#1 key exchange data using RSA.
RSAPKCS1SignatureDeformatter Verifies an RSA PKCS #1 version 1.5 signature.
RSAPKCS1SignatureFormatter Creates an RSA PKCS #1 version 1.5 signature.
SHA1 Computes the SHA1 hash for the input data.
SHA1CngProvides a Cryptography Next Generation (CNG) implementation of the Secure Hash Algorithm (SHA).
SHA1CryptoServiceProvider
Computes the SHA1 hash value for the input data using the implementation provided by the cryptographic service provider (CSP). This class cannot be inherited.
SHA1ManagedComputes the SHA1 hash for the input data using the managed library.
SHA256 Computes the SHA256 hash for the input data.
SHA256CngProvides a Cryptography Next Generation (CNG) implementation of the Secure Hash Algorithm (SHA) for 256-bit hash values.
SHA256CryptoServiceProviderDefines a wrapper object to access the cryptographic service provider (CSP) implementation of the SHA256 algorithm.
SHA256ManagedComputes the SHA256 hash for the input data using the managed library.
SHA384 Computes the SHA384 hash for the input data.
SHA384CngProvides a Cryptography Next Generation (CNG) implementation of the Secure Hash Algorithm (SHA) for 384-bit hash values.
SHA384CryptoServiceProviderDefines a wrapper object to access the cryptographic service provider (CSP) implementation of the SHA384 algorithm.
SHA384ManagedComputes the SHA384 hash for the input data using the managed library.
SHA512 Computes the SHA512 hash for the input data.
SHA512CngProvides a Cryptography Next Generation (CNG) implementation of the Secure Hash Algorithm (SHA) for 512-bit hash values.
SHA512CryptoServiceProviderDefines a wrapper object to access the cryptographic service provider (CSP) implementation of the SHA512 algorithm.
SHA512ManagedComputes the SHA512 hash algorithm for the input data using the managed library.
SignatureDescriptionContains information about the properties of a digital signature.
StrongNameSignatureInformationHolds the strong name signature information for a manifest.
SymmetricAlgorithmRepresents the abstract base class from which all implementations of symmetric algorithms must inherit.
ToBase64Transform Converts a CryptoStream to base 64.
TripleDESRepresents the base class for Triple Data Encryption Standard algorithms from which all TripleDES implementations must derive.
TripleDESCryptoServiceProviderDefines a wrapper object to access the cryptographic service provider (CSP) version of the TripleDES algorithm. This class cannot be inherited.
Structures
Structure Description
CngProperty Encapsulates a property of a Cryptography Next Generation (CNG) key or provider.
DSAParameters Contains the typical parameters for the DSA algorithm.
RSAParameters Represents the standard parameters for the RSA algorithm.
Interfaces
Interface Description
ICryptoTransform Defines the basic operations of cryptographic transformations.
ICspAsymmetricAlgorithmDefines methods that allow an AsymmetricAlgorithm class to enumerate key container information, and import and export Microsoft Cryptographic API (CAPI)–compatible key blobs.
Enumerations
Enumeration Description
CipherMode Specifies the block cipher mode to use for encryption.
CngExportPolicies Specifies the key export policies for a key.
CngKeyCreationOptions Specifies options used for key creation.
CngKeyHandleOpenOptions Specifies options for opening key handles.
CngKeyOpenOptions Specifies options for opening a key.
CngKeyUsagesSpecifies the cryptographic operations that a Cryptography Next Generation (CNG) key may be used with.
CngPropertyOptionsSpecifies Cryptography Next Generation (CNG) key property options.
CngUIProtectionLevelsSpecifies the protection level for the key in user interface (UI) prompting scenarios.
CryptoStreamMode Specifies the mode of a cryptographic stream.
CspProviderFlagsSpecifies flags that modify the behavior of the cryptographic service providers (CSP).
DataProtectionScopeSpecifies the scope of the data protection to be applied by the Protect method.
ECDiffieHellmanKeyDerivationFunctionSpecifies the key derivation function that the ECDiffieHellmanCng class will use to convert secret agreements into key material.
ECKeyXmlFormat Defines XML serialization formats for elliptic curve keys.
FromBase64TransformModeSpecifies whether white space should be ignored in the base 64 transformation.
KeyNumberSpecifies whether to create an asymmetric signature key or an asymmetric exchange key.
MemoryProtectionScopeSpecifies the scope of memory protection to be applied by the Protect method.
PaddingModeSpecifies the type of padding to apply when the message data block is shorter than the full number of bytes needed for a cryptographic operation.
SignatureVerificationResult Specifies most of the result codes for signature verification.
CryptoStream Class
Defines a stream that links data streams to cryptographic transformations.
Namespace: System.Security.CryptographyAssembly: mscorlib (in mscorlib.dll)
The common language runtime uses a stream-oriented design for cryptography. The core of this design is CryptoStream. Any cryptographic objects that implement CryptoStream can be chained together with any objects that implement Stream, so the streamed output from one object can be fed into the input of another object. The intermediate result (the output from the first object) does not need to be stored separately.
You should always explicitly close your CryptoStream object after you are done using it by calling the Close method. Doing so flushes the stream and causes all remain blocks of data to be processed by the CryptoStream object. However, if an exception occurs before you call the Close method, the CryptoStream object might not be closed. To ensure that the Close method always gets called, place your call to the Close method within the finally block of a try/catch statement.
using System;using System.Security.Cryptography;using System.Text;using System.IO;
class RijndaelSample{
static void Main() { try { // Create a new Rijndael object to generate a key
// and initialization vector (IV). Rijndael RijndaelAlg = Rijndael.Create();
// Create a string to encrypt. string sData = "Here is some data to encrypt."; string FileName = "CText.txt";
// Encrypt text to a file using the file name, key, and IV. EncryptTextToFile(sData, FileName, RijndaelAlg.Key, RijndaelAlg.IV);
// Decrypt the text from a file using the file name, key, and IV. string Final = DecryptTextFromFile(FileName, RijndaelAlg.Key, RijndaelAlg.IV);
// Display the decrypted string to the console. Console.WriteLine(Final); } catch (Exception e) { Console.WriteLine(e.Message); }
Console.ReadLine(); }
public static void EncryptTextToFile(String Data, String FileName, byte[] Key, byte[] IV) { try { // Create or open the specified file. FileStream fStream = File.Open(FileName, FileMode.OpenOrCreate);
// Create a new Rijndael object. Rijndael RijndaelAlg = Rijndael.Create();
// Create a CryptoStream using the FileStream // and the passed key and initialization vector (IV). CryptoStream cStream = new CryptoStream(fStream, RijndaelAlg.CreateEncryptor(Key, IV), CryptoStreamMode.Write);
// Create a StreamWriter using the CryptoStream. StreamWriter sWriter = new StreamWriter(cStream);
try { // Write the data to the stream // to encrypt it. sWriter.WriteLine(Data); } catch (Exception e) { Console.WriteLine("An error occurred: {0}", e.Message); } finally
{ // Close the streams and // close the file. sWriter.Close(); cStream.Close(); fStream.Close(); } } catch (CryptographicException e) { Console.WriteLine("A Cryptographic error occurred: {0}", e.Message); } catch (UnauthorizedAccessException e) { Console.WriteLine("A file error occurred: {0}", e.Message); }
}
public static string DecryptTextFromFile(String FileName, byte[] Key, byte[] IV) { try { // Create or open the specified file. FileStream fStream = File.Open(FileName, FileMode.OpenOrCreate);
// Create a new Rijndael object. Rijndael RijndaelAlg = Rijndael.Create();
// Create a CryptoStream using the FileStream // and the passed key and initialization vector (IV). CryptoStream cStream = new CryptoStream(fStream, RijndaelAlg.CreateDecryptor(Key, IV), CryptoStreamMode.Read);
// Create a StreamReader using the CryptoStream. StreamReader sReader = new StreamReader(cStream);
string val = null;
try { // Read the data from the stream // to decrypt it. val = sReader.ReadLine();
} catch (Exception e) { Console.WriteLine("An error occurred: {0}", e.Message); } finally {
// Close the streams and // close the file. sReader.Close(); cStream.Close(); fStream.Close(); }
// Return the string. return val; } catch (CryptographicException e) { Console.WriteLine("A Cryptographic error occurred: {0}", e.Message); return null; } catch (UnauthorizedAccessException e) { Console.WriteLine("A file error occurred: {0}", e.Message); return null; } }}
Cryptography in .NET By Suprotim Agarwal July 31, 2004
This article gives a brief overview of Cryptography and the Cryptography support provided by the .NET Framework. I begin by introducing Cryptography and then proceed to examine the various types of it. In particular, I review and analyze the various cryptography algorithms and objects supported by .NET. I conclude after proposing and briefly discussing the algorithmic technique that would work best for you.
This article gives a brief overview of Cryptography and the Cryptography support provided by the .NET Framework. I begin by introducing Cryptography and then proceed to examine the various types of it. In particular, I review and analyze the various cryptography algorithms and objects supported by .NET. I conclude after proposing and briefly discussing the algorithmic technique that would work best for you.
Cryptography
I remember as kids, we would often play a game called 'jumble the word', where in we would replace an alphabet of a word with another. This way, A would be replaced with C; B with D and so on. Only someone who could understand this algorithm( in this case shift by 2), could decipher these messages and tell the word. Well in fact, this is 'Cryptography'. Surprisingly, we often use cryptography without consciously knowing it. For example, you may've tried to pass on a secret message to your friend using signals that only the two of you understood, or scribbled some text whose meaning was known only to you. We have all done that. Well....so we begin.
Cryptography is the science of scrambling meaningful characters into non-meaningful characters so that people who do not have access to the data cannot read it. The science of cryptography has been around for many years, even long before computers. Cryptography, over the ages, has been an art practiced by many who have devised different techniques to meet some of the information security requirements. The last twenty years have been a period of transition as the discipline moved from an art to a science. With the advent of computers, however, the science was able to produce almost unbreakable codes.
Well, Cryptography has been considered as one of the most complex aspect used by a developer. Using cryptographic algorithms and techniques is not considered a child's play, as it requires a high level of mathematical knowledge. Fortunately, with Microsoft .NET, newly created classes wrap up these sophisticated algorithms into fairly easy-to-use properties and methods. This article gives you an overview of the cryptography support that is provided by the .NET Framework.
However lets first look into a few jargons to make you familiar with cryptography :
Data that can be read and understood without any special measures is called 'plaintext' or 'cleartext'.
The method of disguising plaintext in such a way as to hide its meaning is called 'Encryption'.
Encrypting plaintext results in unreadable chunks of data called 'Ciphertext'. You use encryption to make sure that information is hidden from anyone for whom it is not intended, even those who can see the encrypted data.
The process of reverting ciphertext to its original plaintext is called 'Decryption'. And finally 'key' is a string of bits used for encrypting and decrypting information to
be transmitted. It is a randomly generated set of numbers/ characters that is used to encrypt/decrypt information.
Types of Cryptography
After getting familiar with the terminology, let's delve into the types of Cryptography. There are two types of cryptography: private-key encryption and public-key encryption
Private key Encryption
Private Key encryption, also referred to as conventional or symmetric or single-key encryption was the only available option prior to the advent of Public Key encryption in 1976. This form of encryption was used by emperors like Julius Caesar and other military organizations to convey secret messages. This key requires all communicating parties, to share a common key. With private-key encryption, you encrypt a secret message using a
key that only you know. To decrypt the message, you need to use the same key. Private-key cryptography is effective only if the key can be kept secret. Despite the potential weakness of private-key encryption, it is very easy to implement and computationally doesn't consume excessive resources.
Lets see an example - Imagine Julius is trying to send a secret message to his army chief, using a private key. In order for his chief to decrypt the secret message, he must know the private key. So Julius needs to send the key to him. But if the secrecy of his key is known to his opponents somehow , the message remains no longer secure. Moreover, if the Chief tells his subordinate about the private key, he can then also decrypt the message.
Public-key encryption
Public key encryption algorithms are based on the premise that each sender and recipient has a private key, known only to him/her and a public key, which can be known by anyone. Each encryption/decryption process requires at least one public key and one private key. Each is related to the other mathematically, such that messages encrypted with the public key can only be decrypted with the corresponding private key.
Lets see an example - Before Julius sends a message to his chief, he needs to generate the key pair containing the private key and the public key. The chief then freely distributes the public key to his subordinates but keeps the private key to himself. When Julius wants to send a message to his chief, he uses his public key to encrypt the message and then send it to him. Upon receiving the encrypted message, the Chief proceeds to decrypt it with his private key. In this case, he's the only one who can decrypt the message, since the key pair works in such a way that only messages encrypted with the public key can be decrypted with the private key. Also, there's no need to exchange secret keys, thus eliminating the risk of compromising the secrecy of the key.The reverse can happen as well. Suppose the Chief sends a message encrypted with his private key to Julius. To decrypt the message, Julius need his public key. But what's the point of that? The public key isn't a secret-everyone knows it. However, using this method guarantees that the message hasn't been tampered with and is indeed from his chief and not his opponents. If the message had been modified, Julius wouldn't be able to decrypt it.
I wish he was here to read all this!!!
.NET and Cryptography
.NET provides a set of cryptographic objects, supporting well-known algorithms and common uses including hashing, encryption, and generating digital signatures. These objects are designed in a manner that facilitates the incorporation of these basic capabilities into more complex operations, such as signing and encrypting a document. Cryptographic objects are used by .NET to support internal services, but are also available to developers who need cryptographic support. The .NET Framework provides implementations of many such standard cryptographic algorithms and objects. Similar to the ready availability of simple authentication features within the .NET Framework, cryptographic primitives are also easily accessible to developers via stream-based managed code libraries for encryption, digital signatures, hashing, and random number generation. The System.Security.Cryptography namespace in the .NET Framework provides these cryptographic services. The Algorithm support includes:
RSA and DSA public key (asymmetric) encryption -
Asymmetric algorithms operate on fixed buffers. They use a public-key algorithm for encryption/decryption. An example for asymmetric algorithms is the RSA algorithm which is so named after its three inventors Rivest, Shamir, and Adleman. It is a popular public-key algorithm - the de facto standard - for digital signatures and can be used for encryption as well. The DSA_CSP is an implementation of the digital signature algorithm (DSA). This is a public-key algorithm. It can be used to create and verify a digital signature.
DES, TripleDES, and RC2 private key (symmetric) encryption -
Symmetric algorithms are used to modify variable length buffers and perform one operation for periodical data input. They use a single secret key to encrypt and decrypt data.The Data Encryption Standard (DES) is a world-wide standard for data encryption, which was published in the early 1970s. It is the most popular encryption algorithm. It is implemented by the DES_CSP class. This class represents a stream where you pour in data that is encrypted/decrypted using a single key. The Triple DES encryption algorithm operates on a block of data three times using one key. RC2 stands for Rivest Cipher or "Ron's Code", which is the name of its inventor. RC2 is a symmetric encryption algorithm and works with a variable key-size. it is a block cipher, like many other .NET cryptography algorithms, that operates on groups of bits in contrast to stream cipher algorithms.
MD5 and SHA1 hashing -
MD5 - Message Digest 5-is a one-way hash algorithm. Given variable length data as input it always produces a 128-bit hash value. The Secure Hash Algorithm (SHA) also is a one-way hash algorithm that produces a 160-bit hash value, which is longer than the MD5 produced hash value.
(You must have observed the word CSP. Well CSP is a Cryptographic Service Provider. It is the entity that performs the cryptographic computations. The CSP classes are derived from the corresponding base classes and implement a solution for a specific algorithm. For example, the DESCryptoServiceProvider class is derived from the DES class and implements the digital encryption standard. You can use the provided classes or implement your own solution. )
So many algorithms!! I am confused.
Here is a general guideline to help you decide when to use which method
Symmetric, or secret key, algorithms are extremely fast and are well suited for encrypting large streams of data. These algorithms, both encrypt and decrypt data. While these are fairly secure, they do have the potential to be broken given enough time, as someone could do a search on every known key value combination. Since each of these algorithms uses a fixed key length or ASCII characters, it is feasible that a computer program could try every possible combination of keys and eventually stumble onto the right one. A common use of these types of algorithms is for storing and retrieving connection strings to databases.
Asymmetric, or public key, algorithms are not as fast as symmetric, but are much harder codes to break. These algorithms rely on two keys, one is Private and the other is Public. The public key is used to encrypt a message. The Private key is the only one that can decrypt the message. The public and private keys are mathematically linked and thus both are needed for this cryptographic exchange to occur successfully. Asymmetric algorithms are not well suited to large amounts of data due to performance. One common use of
asymmetric algorithms is to encrypt and transfer to another party a symmetric key and initialization vector. The symmetric algorithm is then used for all messages being sent back and forth.
Hash values are used when you do not wish to ever recover the original value and you especially wish for no one else to discover the original value as well. Hashes will take any arbitrary string length and hash it to a fixed set of bytes. This operation is one-way, and thus is typically used for small amounts of data, like a password. If a user inputs a user password into a secure entry screen, the program can hash this value and store the hashed value into a database. Even if the database were compromised, no one would be able to read the password since it was hashed. When the user then logs into the system to gain entry, the password typed in is hashed using the same algorithm, and if the two hashed values match, then the system knows the input value was the same as the saved value from before.
Everyone Loves an Example
Everyone needs and loves a good example. After having read about the various algorithms available, lets see an example of encrypting and decrypting files using the System.Security.Cryptography namespace. I have used the Rijndael Managed encryption method. The Rijndael Managed class accesses the managed version of the Rijndael algorithm. This class cannot be inherited. The Rijndael class represents the base class from which all implementations of the Rijndael symmetric encryption algorithm must inherit.
The hierarchy is as follows :
System.ObjectSystem.Security.Cryptography.SymmetricAlgorithmSystem.Security.Cryptography.RijndaelSystem.Security.Cryptography.RijndaelManaged
To compile the following, cut and paste the code into a file, and run it in your VS.NET
// Encrypting and decrypting files using the Rijndael Managed encryption method.using System; using System.IO; using System.Security.Cryptography; class CryptoEx { public static void Main(string[] args) { if (args.Length!=1) { Console.WriteLine("FileName Not Entered. Specify a filename to encrypt."); return; } string file = args[0]; string tempfile = Path.GetTempFileName(); // Open the file to readFileStream fsIn = File.Open(file,FileMode.Open,FileAccess.Read); FileStream fsOut = File.Open(tempfile, FileMode.Open,FileAccess.Write); SymmetricAlgorithm symm = new RijndaelManaged(); //creating an instanceICryptoTransform transform = symm.CreateEncryptor(); //and calling the CreateEncryptor method which //creates a symmetric encryptor object.
CryptoStream cstream = new CryptoStream(fsOut,transform,CryptoStreamMode.Write); BinaryReader br = new BinaryReader(fsIn); cstream.Write(br.ReadBytes((int)fsIn.Length),0,(int)fsIn.Length); cstream.FlushFinalBlock(); cstream.Close(); fsIn.Close(); fsOut.Close(); Console.WriteLine("Created Encrypted File {0}", tempfile); fsIn = File.Open(tempfile,FileMode.Open,FileAccess.Read); transform = symm.CreateDecryptor(); cstream = new CryptoStream(fsIn,transform,CryptoStreamMode.Read); StreamReader sr = new StreamReader(cstream); Console.WriteLine("Decrypted the File: " + sr.ReadToEnd()); fsIn.Close(); }
Summary :
We saw that the .NET Framework supports encryption by means of cryptographic streaming objects based on the primitives. It also supports digital signatures, message authentication codes (MACs)/keyed hash, pseudo-random number generators (PRNGs), and authentication mechanisms. New or pre-standard primitives as SHA-256 or XMLDSIG are already supported. The ready availability of such libraries is hopefully going to drive more widespread reliance on Cryptography to fortify the security of everyday applications. Based on our own experiences, we can confidently state that well-implemented cryptography dramatically increases the security of many aspects of a given application.