I think Any Developer need to protect his data from nasty people
Ex. We will assume we have an application (windows application – web application ….etc) will connect to
Active directory or Team Foundation Server or any application need authentication to connect to it
First thing any developer should thinking about how I made my application secured
So when we pass the credentials will pass it Encrypted and from another side will decrypt these credentials.
In this article I’ll show you how to encrypt any string and decrypt it.
Create a new windows application using C# the design will be something like the below image:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Security.Cryptography;
using System.IO;
namespace RsaEncryption
{
public partial class Main : Form
{
public Main()
{
InitializeComponent();
}
private static string sKey = "UJYHCX783her*&5@$%#(MJCX**38n*#6835ncv56tvbry(&#MX98cn342cn4*&X#&";
public static string Encrypt(string sPainText)
{
if (sPainText.Length == 0)
return (sPainText);
return (EncryptString(sPainText, sKey));
}
public static string Decrypt(string sEncryptText)
{
if (sEncryptText.Length == 0)
return (sEncryptText);
return (DecryptString(sEncryptText, sKey));
}
protected static string EncryptString(string InputText, string Password)
{
// "Password" string variable is nothing but the key(your secret key) value which is sent from the front end.
// "InputText" string variable is the actual password sent from the login page.
// We are now going to create an instance of the
// Rihndael class.
RijndaelManaged RijndaelCipher = new RijndaelManaged();
// First we need to turn the input strings into a byte array.
byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);
// We are using Salt to make it harder to guess our key
// using a dictionary attack.
byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
// The (Secret Key) will be generated from the specified
// password and Salt.
//PasswordDeriveBytes -- It Derives a key from a password
PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);
// Create a encryptor from the existing SecretKey bytes.
// We use 32 bytes for the secret key
// (the default Rijndael key length is 256 bit = 32 bytes) and
// then 16 bytes for the IV (initialization vector),
// (the default Rijndael IV length is 128 bit = 16 bytes)
ICryptoTransform Encryptor = RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(16), SecretKey.GetBytes(16));
// Create a MemoryStream that is going to hold the encrypted bytes
MemoryStream memoryStream = new MemoryStream();
// Create a CryptoStream through which we are going to be processing our data.
// CryptoStreamMode.Write means that we are going to be writing data
// to the stream and the output will be written in the MemoryStream
// we have provided. (always use write mode for encryption)
CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor, CryptoStreamMode.Write);
// Start the encryption process.
cryptoStream.Write(PlainText, 0, PlainText.Length);
// Finish encrypting.
cryptoStream.FlushFinalBlock();
// Convert our encrypted data from a memoryStream into a byte array.
byte[] CipherBytes = memoryStream.ToArray();
// Close both streams.
memoryStream.Close();
cryptoStream.Close();
// Convert encrypted data into a base64-encoded string.
// A common mistake would be to use an Encoding class for that.
// It does not work, because not all byte values can be
// represented by characters. We are going to be using Base64 encoding
// That is designed exactly for what we are trying to do.
string EncryptedData = Convert.ToBase64String(CipherBytes);
// Return encrypted string.
return EncryptedData;
}
protected static string DecryptString(string InputText, string Password)
{
try
{
RijndaelManaged RijndaelCipher = new RijndaelManaged();
byte[] EncryptedData = Convert.FromBase64String(InputText);
byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);
// Create a decryptor from the existing SecretKey bytes.
ICryptoTransform Decryptor = RijndaelCipher.CreateDecryptor(SecretKey.GetBytes(16), SecretKey.GetBytes(16));
MemoryStream memoryStream = new MemoryStream(EncryptedData);
// Create a CryptoStream. (always use Read mode for decryption).
CryptoStream cryptoStream = new CryptoStream(memoryStream, Decryptor, CryptoStreamMode.Read);
// Since at this point we don't know what the size of decrypted data
// will be, allocate the buffer long enough to hold EncryptedData;
// DecryptedData is never longer than EncryptedData.
byte[] PlainText = new byte[EncryptedData.Length];
// Start decrypting.
int DecryptedCount = cryptoStream.Read(PlainText, 0, PlainText.Length);
memoryStream.Close();
cryptoStream.Close();
// Convert decrypted data into a string.
string DecryptedData = Encoding.Unicode.GetString(PlainText, 0, DecryptedCount);
// Return decrypted string.
return DecryptedData;
}
catch (Exception exception)
{
return (exception.Message);
}
}
private void btnEncrypt_Click(object sender, EventArgs e)
{
txtEncryption.Text= Encrypt(txtPassword.Text);
}
private void btnDecrypt_Click(object sender, EventArgs e)
{
MessageBox.Show(Decrypt(txtEncryption.Text));
}
}
}
hi, nice article but if i wanna to use algorithms
ReplyDeleteto encrypt or decrypt like (MD5 OR SHA1)
I THINK IT WOULD BE EASLY
Boorekt ya a7'y
ReplyDeletethank you all,
ReplyDeletethis article I was talking about two way encryption.
if you want sample for MD5 and SHA1 visit the below URL:
http://waleedelkot.blogspot.com/2009/08/how-to-hash-data-using-md5-and-sha1.html
Hi Waleed,
ReplyDeleteThanks- great articler very helpful!
But, here's a really strange thing.
I swapped from RinandelManaged to AESManaged as per below and the encrypted output was exactly the same!
Seems to indicate that something is not working quite right. I really want to use AES. Any suggestions?
Thanks!
J
//RijndaelManaged RijndaelCipher = new RijndaelManaged();
AesManaged AESCipher = new AesManaged();
Ah ha- a little more research and I've figured it out. Rijndael is a precursor to AES and as long as you set the Rijndael Block Size to 128 bit the output from Rijndael and AES is identical.
ReplyDeleteThat explains that mystery! More details at article below:
http://blogs.msdn.com/shawnfa/archive/2006/10/09/The-Differences-Between-Rijndael-and-AES.aspx
thanks very much for this
ReplyDeleteDear Friend,
ReplyDeleteI wanted to encrypt in 128 bit format. This will work for 64 bits. Please help me to encrypt in 128 bit format.
Thanks
Basawareddy M Gopsen.
Thank You Very Much !
ReplyDeleteThats what i'm searching for !
Thanks for this. Worked perfectly and saved me loads of time.
ReplyDelete