Encrypt And Decrypt An Object In C#
Question
I am sending Data from a Server to a Client over the Internet using WCF web services in form of Data Objects. I have created a Class, which is Serializable, and using this class to send my data.
Below is an example of my class:
[Serializable]
public class DBOList
{
public string A{ get; set; }
public string B { get; set; }
}
Is it possible for me to Encrypt the data in this object, and send it to the client as a stream?
If not What is the best approach to achive this?
Encryption Code:
DBOList NewLst = new DBOList();
NewLst.A = "Value 1";
NewLst.B = "Value 2";
byte[] key = { 1, 2, 3, 4, 5, 6, 7, 8 };
byte[] iv = { 1, 2, 3, 4, 5, 6, 7, 8 };
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
// Encryption
using (var fs = new MemoryStream())
{
var cryptoStream = new CryptoStream(fs, des.CreateEncryptor(key, iv), CryptoStreamMode.Write);
BinaryFormatter formatter = new BinaryFormatter();
// This is where you serialize the class
formatter.Serialize(cryptoStream, NewLst);
cryptoStream.FlushFinalBlock();
}
2 answers
solution1
2 ACCPTED 2012-08-11 11:27:39
It is best to use SSL instead, which will add all the security you need, while avoiding most pitfalls.
Short of that, you can of course use a CryptoStream . You can only encrypt bytes, but you already indicated that you understand this by mentioning Serializable .
Note that if you want to create your own secure stream you will need:
- two securely generated keys, and encryption and a MAC key
- a secure cipher such as
AesManaged - set using (the defaults) CBC and PKCS7Padding
- retrieve the randomly generated IV and prepend it to the ciphertext
- create a
HMACSHA256over the result
to be reasonably safe. If this does not ring any bells, use the most up to date TLS implementation .
solution2
0 2020-04-26 09:54:45
AES encryption and decryption an class object in C#
This is the best way for AES encryption and decryption an class object in C#. Here i'm explain about AES Key and AES IV usage. And provide an example to write and read byte[] into filestream using AES encryption and decryption an class object in C# .
- Create new class
public class Profile
{
[JsonPropertyName("name")]
[JsonProperty(PropertyName = "name")]
internal string Name { get; set; }
[JsonPropertyName("password")]
[JsonProperty(PropertyName = "password")]
internal string Password { get; set; }
[JsonPropertyName("profileData")]
[JsonProperty(PropertyName = "profileData")]
public byte[] ProfileData { get; set; }
}
AES KEY used the secret key for the symmetric algorithm. This is secret key, is something you keep secret. Anyone who knows your key (or can guess it) can decrypt any data you've encrypted with it (or forge any authentication codes you've calculated with it, etc.).
AES IV used as initialization vector (IV) for the symmetric algorithm. Initialization vector is, in its broadest sense, just the initial value used to start some iterated process. So you can maintain in your code itself.
private readonly static byte[] Key = Convert.FromBase64String("AsISxq9OwdZag1163OJqwovXfSWG98m+sPjVwJecfe4=");
private readonly static byte[] IV = Convert.FromBase64String("Aq0UThtJhjbuyWXtmZs1rw==");
- Example for write and read byte[] into filestream using AES encryption and decryption an class object in C#.
class Program
{
private readonly static byte[] Key = Convert.FromBase64String("AsISxq9OwdZag1163OJqwovXfSWG98m+sPjVwJecfe4=");
private readonly static byte[] IV = Convert.FromBase64String("Aq0UThtJhjbuyWXtmZs1rw==");
public static Profile Profile { get; set; }
static void Main(string[] args)
{
Profile = new Profile();
string fileName = "D:\\Profile.txt";
Profile.Name = "Ramesh";
Profile.Password = "Password";
Console.WriteLine("Enter your option:");
Console.WriteLine("1. Encryption");
Console.WriteLine("2. Decryption");
string option = Console.ReadLine();
if (option == "1")
{
FileStream fsWrite = new FileStream(fileName, FileMode.Create, FileAccess.Write);
string serializeProfile = Newtonsoft.Json.JsonConvert.SerializeObject(Profile);
Profile.ProfileData = EncryptStringToBytes(serializeProfile);
fsWrite.Write(Profile.ProfileData, 0, Profile.ProfileData.Length);
fsWrite.Close();
}
else
{
FileStream fsRead = new FileStream(fileName, FileMode.Open, FileAccess.Read);
BinaryReader br = new BinaryReader(fsRead);
long numBytes = new FileInfo(fileName).Length;
string decryptedText = DecryptStringFromBytes(br.ReadBytes((int)numBytes));
Profile DeserializeProfile = Newtonsoft.Json.JsonConvert.DeserializeObject<Profile>(decryptedText);
Console.WriteLine("Name :" + DeserializeProfile.Name);
Console.WriteLine("Password :" + DeserializeProfile.Password);
Console.ReadKey();
fsRead.Close();
}
}
private static byte[] EncryptStringToBytes(string profileText)
{
byte[] encryptedAuditTrail;
using (Aes newAes = Aes.Create())
{
newAes.Key = Key;
newAes.IV = IV;
ICryptoTransform encryptor = newAes.CreateEncryptor(Key, IV);
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
swEncrypt.Write(profileText);
}
encryptedAuditTrail = msEncrypt.ToArray();
}
}
}
return encryptedAuditTrail;
}
private static string DecryptStringFromBytes(byte[] profileText)
{
string decryptText;
using (Aes newAes = Aes.Create())
{
newAes.Key = Key;
newAes.IV = IV;
ICryptoTransform decryptor = newAes.CreateDecryptor(Key, IV);
using (MemoryStream msDecrypt = new MemoryStream(profileText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
decryptText = srDecrypt.ReadToEnd();
}
}
}
}
return decryptText;
}
}
- Console output snap
- GitHub link : https://strramesh.github.io/EncryptionAndDecryption/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.