• [C#] Basic File Encryption
    9 replies, posted
So I'm new to using file/text encryption in C-Sharp, and I'm trying to make a MySQL application that requires the text/files to be encrypted so the person using the client can't just open up the storage file and read all the private client information that the application's administrator is only suppose to be allowed to view. Tried multiple encryption techniques such as "System.Security.Cryptography" & basic string replace arguments such as s.replace('a', 'v') - all failed because I do not understand how to use it. Google wasn't very much help either, didn't describe every little bit of information that I'm actually looking. To put it straight, I'm looking for a simple way to Encrypt/Decrypt text and filedata that [b]only[/b] the application can access and nothing else. System.File.Encrypt doesn't do anything at all, the text still comes out the same as it's printed.
I'm no security expert or anything, but I'd look into Public Key Cryptography. You'll want your application generating a key pair and send the public key to the server, which encrypts the file with that and sends it to the application which can then decrypt it with the private key. I don't know my way around C#'s cryptography library though, I hope I can help you a little though. Check out the docs at MSDN, I generally found them to be very helpful.
Try and look into DPAPI. [url]http://www.c-sharpcorner.com/UploadFile/mosessaur/dpapiprotecteddataclass01052006142332PM/dpapiprotecteddataclass.aspx[/url] It makes sure that only the user that encrypted it can decrypt it, by using some keys build into windows. Tho a domain admin might be able to overwrite how it works :)
It all depends on the kind of encryption do you want to use. If you want symmetric encryption (one common password or key to both encrypt and decrypt), implement or get a library that does AES or DES encryption (DES is pretty fun to implement, as it's a very easy algorithm - basically one operation repeated over and over. The only thing you have to implement apart from that is key schduling, or, how to get a long string of bits from a single key/passphrase). Using symmetric encryption over a public channel is not that common, unless both parties (and only them) know the common key. There is a way to create a keypair that is only known by two parties, and can be realized over a cleartext channel, the [url=http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange]Diffie-Hellman[/url] key exchange. If you want [url=http://en.wikipedia.org/wiki/Public-key_cryptography]asymmetric encryption[/url] (two keys/passphrases - one encrypt, the other one decrypts, this is very useful for data exchange, signing, ceritficating) get a library that does RSA encryption (or implement it, although it's a bit harder than DES). It's also an eye opener to understanding the P=NP problem, as that's what makes the algorithm secure. And if you just want to keep secure password data (and only be able to verify it), use hashing (a.k.a. one way encryption) algorithms. With these, a piece of data can be contracted to a 160-byte (in this example when hashing with SHA1) string that is, in theory, unique to every single piece of data in the universe. Hashed data is also often used to use as a key in other types of encryption (eg Steam traffic is encrypted with DES, where the key is the user's password's hash, one per-account salt and one random salt, all hashed again with SHA1 [or 256, I can't remember. for more detail on the Steam encryption protocol, see SteamRE or my project, libsteam], which both the user and server know, yet it allows the server to keep a hashed password, yet allow for establishing a secure channel and stopping replay / MitM attacks).
You'll also want to know that if your application can open the file, so can your user. There's no exceptions.
Basic idea in .NET crypto is that you have a cryptographic stream to which you write plaintext and .Read() out ciphered text. The System.File.Encrypt method you mentioned is just a basic NTFS-level encryption, meaning it is decrypted on-the-fly by the user account who called .Encrypt(). Here's some basic code I just wrote. It uses symmetric algorithm (AES): [CODE] const string example = "I'm fat and my coffee is cold"; //Provides us with AES encryptor and decryptor var aes = new AesManaged(); //Let's create some random key and IV (init vector) for this example //both are stored in this.IV and this.Key aes.GenerateIV(); aes.GenerateKey(); //new up an AES encryptor ICryptoTransform encryptor = aes.CreateEncryptor(); //new up an AES decryptor ICryptoTransform decryptor = aes.CreateDecryptor(); //backing store to save encrypted text MemoryStream memstream = new MemoryStream(); //encryption stream which outputs encrypted text to memstream CryptoStream crs = new CryptoStream(memstream, encryptor, CryptoStreamMode.Write); //for easier writing to crypto stream bc this provides us with .Write(string) StreamWriter strwr = new StreamWriter(crs); //write plaintext to cryptostream which will encrypt it strwr.Write(example); strwr.Dispose(); //let's get our encrypted text from memstream byte[] arr = memstream.ToArray(); Console.WriteLine("IV sector:{0}",Convert.ToBase64String(aes.IV)); Console.WriteLine("Key:{0}",Convert.ToBase64String(aes.Key)); Console.WriteLine("Encrypted text:{0}", Convert.ToBase64String(arr)); //let's decrypt that madness //reuse memstream and fill it with encrypted text memstream = new MemoryStream(arr); //crypto stream which read from memstream and decipher it crs = new CryptoStream(memstream, decryptor, CryptoStreamMode.Read); //eased reading from raw bytes var strrd = new StreamReader(crs); //read to string string wonders = strrd.ReadToEnd(); Console.WriteLine("Deciphered plaintext:{0}",wonders); //Clean everything up encryptor.Dispose(); decryptor.Dispose(); aes = null; crs.Dispose(); memstream.Dispose(); strrd.Dispose(); [/CODE]
This should work: [lua] public static byte[] Encrypt(byte[] input, string pass) { List<byte> ret = new List<byte>() {}; int rnd = new Random().Next(1,255) int k = 0; for(int i=0; i<input.Length-1; i++) { ret.Add((byte)(rnd ^ input[i] ^ (int)Convert.ToChar(pass.Substring(k)))); if(k<pass.Length) { k++; } else { k=0; } } ret.Add(rnd); return ret.ToArray(); } public static byte[] Decrypt(byte[] input, string pass) { List<byte> ret = new List<byte>() {}; int rnd = input[input.Length-1]; int k = 0; for(int i=0; i<input.Length-1; i++) { ret.Add((byte)(rnd ^ input[i] ^ (int)Convert.ToChar(pass.Substring(k)))); if(k<pass.Length) { k++; } else { k=0; } } ret.Remove(input.Length-1); return ret.ToArray(); } [/lua] There could be errors, I just wiped it up.
Just remember that if your client program is running on the same machine that the database is stored on, your entire encryption setup MUST rely on a piece of information that is NOT stored on the machine - in this case, that's the application's administrator's password.
[QUOTE=phazmatis;33513278]Just remember that if your client program is running on the same machine that the database is stored on, your entire encryption setup MUST rely on a piece of information that is NOT stored on the machine - in this case, that's the application's administrator's password.[/QUOTE] So how would the application know if the password was correct?
[QUOTE=Jookia;33515091]So how would the application know if the password was correct?[/QUOTE] Because it would be able to decrypt all the information properly?
Sorry, you need to Log In to post a reply to this thread.