CODEWITHSUNDEEP
c#encryptioncryptographyaes
Jonathan Wood
Jonathan Wood

Reputation: 67175

Correct AesCryptoServiceProvider usage

I'm trying to write some straight forward encryption routines. Here's what I've been able to come up with based on searching the Web.

public string Encrypt(string plainText)
{
    byte[] encrypted;

    // Create an AesCryptoServiceProvider object
    // with the specified key and IV.
    using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
    {
        // Create an encryptor to perform the stream transform.
        ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);

        // Create the streams used for encryption.
        using (MemoryStream msEncrypt = new MemoryStream())
        {
            msEncrypt.WriteByte((byte)aesAlg.Key.Length);
            msEncrypt.Write(aesAlg.Key, 0, aesAlg.Key.Length);
            msEncrypt.WriteByte((byte)aesAlg.IV.Length);
            msEncrypt.Write(aesAlg.IV, 0, aesAlg.IV.Length);

            using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
            {
                using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                {
                    //Write all data to the stream.
                    swEncrypt.Write(plainText);
                }
                encrypted = msEncrypt.ToArray();
            }
        }
    }
    return Convert.ToBase64String(encrypted);
}

public string Decrypt(string cipherText)
{
    string plaintext = null;

    using (AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider())
    {
        // Create the streams used for decryption.
        using (MemoryStream msDecrypt = new MemoryStream(Convert.FromBase64String(cipherText)))
        {
            int l = msDecrypt.ReadByte();
            byte[] key = new byte[l];
            msDecrypt.Read(key, 0, l);
            l = msDecrypt.ReadByte();
            byte[] IV = new byte[l];
            msDecrypt.Read(IV, 0, l);

            // Create a decryptor to perform the stream transform.
            ICryptoTransform decryptor = aesAlg.CreateDecryptor(key, IV);

            using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
            using (StreamReader srDecrypt = new StreamReader(csDecrypt))
            {

                // Read the decrypted bytes from the decrypting stream
                // and place them in a string.
                plaintext = srDecrypt.ReadToEnd();
            }
        }
    }
    return plaintext;
}

Two questions:

Upvotes: 3

Views: 1426

Answers (1)

Maarten Bodewes
Maarten Bodewes

Reputation: 93948

First, most of the examples I found hard coded the Key and IV. So what I'm doing is writing it to the encrypted bytes. This will make my encrypted data larger. Is there a better way?

Obviously you should not write the key to the unprotected stream, as the key needs to be shared or established in advance and remain secret. This sharing of the secret key can be performed in many ways, ranging from key agreement to key derivation, ratcheting, etc. etc.

Also, I'm not using any password. Would one use a password to generate a custom Key? And, if so, how would I know how long that key needed to be?

That's a possibility. However, remind yourself that passwords are often not that strong, so if password based encryption (PBE) can be avoided, it may be a good idea to do so.

If you derive a key from a password, you should use a Password Based Key Derivation Function (also sometimes called a password hash). In C# there is an implementation of PBKDF2 (badly) called Rfc2898DeriveBytes. By now that's not very state of the art either, but it should suffice - if you set a high enough iteration count anyway.

When you derive a key from a human remembered password then 128 bits is plenty. There is almost no way that the key can be found easier than the password that was used to derive it.

Upvotes: 4

Related Questions