Recipe 17.3. Encrypting and Decrypting a FileProblemYou have sensitive information that must be encrypted before it is written to a file that might be in a nonsecure area. This information must also be decrypted before it is read back in to the application. SolutionUse multiple cryptography providers and write the data to a file in encrypted format. This is accomplished in the following class, which has a constructor that expects an instance of the System.Security.Cryptography.SymmetricAlgorithm class and a path for the file. The SymmetricAlgorithm class is an abstract base class for all cryptographic providers in .NET, so you can be reasonably assured that this class could be extended to cover all of them. This example implements support for TripleDES and Rijndael. It is easily be extended for Data Encryption Standard (DES) and RC2, which are also provided by the Framework. The following namespaces are needed for this solution: using System; using System.Text; using System.IO; using System.Security.Cryptography; The class SecretFile (implemented in this recipe) can be used for TripleDES as shown: // Use TripleDES. using (TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider( )) { SecretFile secretTDESFile = new SecretFile(tdes,"tdestext.secret"); string encrypt = "My TDES Secret Data!"; Console.WriteLine("Writing secret data: {0}",encrypt); secretTDESFile.SaveSensitiveData(encrypt); // Save for storage to read file. byte [] key = secretTDESFile.Key; byte [] IV = secretTDESFile.IV; string decrypt = secretTDESFile.ReadSensitiveData( ); Console.WriteLine("Read secret data: {0}",decrypt); } To use SecretFile with Rijndael, just substitute the provider in the constructor like this: // Use Rijndael. using (RijndaelManaged rdProvider = new RijndaelManaged( )) { SecretFile secretRDFile = new SecretFile(rdProvider,"rdtext.secret"); string encrypt = "My Rijndael Secret Data!"; Console.WriteLine("Writing secret data: {0}",encrypt); secretRDFile.SaveSensitiveData(encrypt); // Save for storage to read file. byte [] key = secretRDFile.Key; byte [] IV = secretRDFile.IV; string decrypt = secretRDFile.ReadSensitiveData( ); Console.WriteLine("Read secret data: {0}",decrypt); } Example 17-6 shows the implementation of SecretFile. Example 17-6. SecretFile class
If the SaveSensitiveData method is used to save the following text to a file: This is a test This is sensitive data! the ReadSensitiveData method will display the following information from this same file: ---------- Encrypted Data -------- ???????????????????????????????????????? ---------- Encrypted Data -------- ---------- Decrypted Data --------- This is a test This is sensitive data! ---------- Decrypted Data --------- DiscussionEncrypting data is essential to many applications, especially ones that store information in easily accessible locations. Once data is encrypted, a decryption scheme is required to restore the data back to an unencrypted form without losing any information. The same underlying algorithms can be used to authenticate the source of a file or message. The encryption schemes used in this recipe are TripleDES and Rijndael. The reasons for using Triple DES are:
The main drawback to TripleDES is that both the sender and receiver must use the same key and initialization vector (IV) in order to encrypt and decrypt the data successfully. If you wish to have an even more secure encryption scheme, use the Rijndael scheme. This type of encryption scheme is highly regarded as a solid encryption scheme, since it is fast and can use larger key sizes than TripleDES. However, it is still a symmetric cryptosystem, which means that it relies on shared secrets. Use an asymmetric cryptosystem, such as RSA or DSA, for a cryptosystem that uses shared public keys with private keys that are never shared between parties. See AlsoSee the "SymmetricAlgorithm Class," "TripleDESCryptoServiceProvider Class," and "RijndaelManaged Class" topics in the MSDN documentation. |