Reputation: 81292
C# Encryption gone wrong part 2
Really not having a good week with encryption. Let me explain what I need.
- I want to encrypt string values to a file....
- I want to decrypt the file contents back to a string using C#
- I want to do this without having to worry about machine store or user store or any other store, neither a registry , etc.
- Any security key can be shipped in my application.
security doesn't have to be remarkably strong, and my code is obfuscated.
I just want a solution that is portable. I've tried RSA and it got me nowhere fast after finding out that in production a certain key file is missing, something I know nothing about and can't locate it on the dev machine.
Please help.
Upvotes: 1
Views: 534
Answers (5)
Reputation: 35971
If you're having trouble with creating keys try CrypTool, an enormously useful tool when learning about cryptology.
Upvotes: 1
Reputation: 294317
You can't store secrets in an application. Period. If the prize is worth anything, somebody will find your secret key. In this day and age, once is enough. Google will give the answer for anybody who is interested to find that key. And once the key is compromized, it will compromize the data for everybody, everywhere.
Your secret (key) must come from outside (eg. user provided password, provisioned certificates and keys, key exchange protocols).
If you insist on storing the key in the applicaiton, thus providing a minimum level of obfuscation of the data (is not trully protected), then use a CryptoStream and symmetric key algorithm, like the Rijndael based example at http://msdn.microsoft.com/en-us/library/system.security.cryptography.cryptostream.aspx with a hardcodded key. But you must undesrand that this is notthing but obfuscation.
Upvotes: 2
Reputation: 21178
Here is some code that I use quite a bit (adapted it from source on the web) which relies solely on a passphrase stored in web.config/app.config under setttings. It uses triple des.
/// <summary>
/// Encrypts the string.
/// </summary>
/// <param name="text">The text.</param>
/// <returns>Encrypted string</returns>
public string EncryptString(string text)
{
// Locals
var passphrase = ConfigurationManager.AppSettings["Your Encrypt Passphrase"];
byte[] results;
var utf8 = new UTF8Encoding();
// Step 1. We hash the passphrase using MD5
// We use the MD5 hash generator as the result is a 128 bit byte array
// which is a valid length for the TripleDES encoder we use below
var hashProvider = new MD5CryptoServiceProvider();
var tdesKey = hashProvider.ComputeHash(utf8.GetBytes(passphrase));
// Step 2. Create a new TripleDESCryptoServiceProvider object
// Step 3. Setup the encoder
var tdesAlgorithm = new TripleDESCryptoServiceProvider
{
Key = tdesKey,
Mode = CipherMode.ECB,
Padding = PaddingMode.PKCS7
};
// Step 4. Convert the input string to a byte[]
var dataToEncrypt = utf8.GetBytes(text);
// Step 5. Attempt to encrypt the string
try
{
var encryptor = tdesAlgorithm.CreateEncryptor();
results = encryptor.TransformFinalBlock(dataToEncrypt, 0, dataToEncrypt.Length);
}
finally
{
// Clear the TripleDes and Hashprovider services of any sensitive information
tdesAlgorithm.Clear();
hashProvider.Clear();
}
// Step 6. Return the encrypted string as a base64 encoded string
return Convert.ToBase64String(results);
}
/// <summary>
/// Decrypts the string.
/// </summary>
/// <param name="text">The text.</param>
/// <returns>Decrypted string</returns>
public string DecryptString(string text)
{
// Locals
var passphrase = ConfigurationManager.AppSettings["Your Encrypt Passphrase"];
byte[] results;
var utf8 = new UTF8Encoding();
// Step 1. We hash the passphrase using MD5
// We use the MD5 hash generator as the result is a 128 bit byte array
// which is a valid length for the TripleDES encoder we use below
var hashProvider = new MD5CryptoServiceProvider();
var tdesKey = hashProvider.ComputeHash(utf8.GetBytes(passphrase));
// Step 2. Create a new TripleDESCryptoServiceProvider object
// Step 3. Setup the decoder
var tdesAlgorithm = new TripleDESCryptoServiceProvider
{
Key = tdesKey,
Mode = CipherMode.ECB,
Padding = PaddingMode.PKCS7
};
// Step 4. Convert the input string to a byte[]
var dataToDecrypt = Convert.FromBase64String(text);
// Step 5. Attempt to decrypt the string
try
{
var decryptor = tdesAlgorithm.CreateDecryptor();
results = decryptor.TransformFinalBlock(dataToDecrypt, 0, dataToDecrypt.Length);
}
finally
{
// Clear the TripleDes and Hashprovider services of any sensitive information
tdesAlgorithm.Clear();
hashProvider.Clear();
}
// Step 6. Return the decrypted string in UTF8 format
return utf8.GetString(results);
}
The original source was here: http://www.dijksterhuis.org/encrypting-decrypting-string/
Upvotes: 3
Reputation: 81489
From Eric's response it sounds like you may be making things more complicated than you have to; by perhaps attempting asymmetric encryption when it is not necessary?
For the type of encryption you're describing you should really just need to pass a few arguments to an encrypt and decrypt method to get your task accomplished.
Take a look at this example from CodeProject. It uses the Rijndael algorithm in a straightforward manner and even includes code for reading/writing files.
Upvotes: 1
Related Questions
- How do I fix this encrypting program?
- Encryption Routine Not working, Can't figure out, subtle bug in it
- Encryption & Decryption in C#
- Simple Byte Encryption Not Working
- C# Weird encryption issue
- C# simple encryption
- c# encryption and decryption
- Encrypting data in C#
- C# Encryption Clarity?
- C# Encryption exception