a hello world encryption 
Author Message
 a hello world encryption


Quote:
> I looked at the System.Secutiry.Cryptography section on msdn but it's gets
> too complicated and i couldn't find quite what i wanted.. is the above

What kind of encryption do you need? Symmetric (where you share a secret for
example) or asymmetric (where you only know part of the secret)? What is the
purpose of the encryption? Will it be used only by your application, or does
your application encrypt the data, while someone else should decrypt it?

--
   Mathias



Mon, 21 Feb 2005 02:06:21 GMT  
 a hello world encryption
Henok,

Unfortunately, there is no easy way to answer to your question. While
certain cryptographic operations in .NET can be simplified by providing
wrapper classes, as a developer you must still make some decisions. First,
you have to determine the following:

(1) Type of encryption, i.e. symmetric or public/private. In most cases, you
will probably get around with symmetric encryption.
(2) Encryption algorithm (for symmetric encryption), e.g. DES, Triple-DES,
RC2, RC4, AES, etc. The latest and best is supposed to be AES, which is
called RijndaelManaged in .NET. One of the advantages of this algorithm is
that unlike other algorithms, this one is totally implemented in managed
code.
(3) Encryption key characteristics, e.g. size, initialization vector (or
IV), padding, salt, etc. You will not go wrong if you pick the longest key
length (256 bits for RijndaelManaged). You can probably use defaults for
miscellaneous characteristics.

Having done this, you have to figure out how to generate the key. For
session keys (the keys which are only kept for the lifetime of a session),
you can call a method which generates a random key, e.g.
RijndaelManaged.GenerateKey(). If you need a persistent key, i.e. the key
which must remain the same at any time, you may have to derive it from
something, which is commonly called "password". The trickiest part here is
how to manage this password, because even if you implement the most secure
encryption logic using the best algorithm, if a bad guy gets hold of your
password and figures out how you generate the key, your encryption will do
you no good. This is especially true given the fact that .NET assemblies are
really easy to decompile. There is no easy way to solve this problem, so I
will let you think about it.

In the meantime, here is the encryption/decryption code you can use as an
example (it uses a Triple-DES key - which is rather good, but not as good as
AES - derived from a password).

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

namespace TestSymmetricEncryption
{
    public class TestCrypto
    {
        public TestCrypto()
        {
            EncryptedMessage msg;
            SymmetricAlgorithm encrKey, decrKey;
            CryptoStream cryptoStream;
            MemoryStream memStream;
            PasswordDeriveBytes passwordBytes;

            string algString = "TripleDES";
            string hashString = "MD5";
            string saltString = "MySecretSalt";

            msg = new EncryptedMessage();

            passwordBytes = new PasswordDeriveBytes("MySecretPassword",
                                Encoding.ASCII.GetBytes(saltString),
hashString, 1);
            encrKey = SymmetricAlgorithm.Create(algString);
            encrKey.IV = Encoding.ASCII.GetBytes(IVString);
            encrKey.Key = passwordBytes.CryptDeriveKey(algString,
                                                        hashString,
                                                        0,
Encoding.ASCII.GetBytes(IVString));

            memStream = new MemoryStream();

            cryptoStream = new CryptoStream(memStream,
                                encrKey.Crea{*filter*}cryptor(),
                                CryptoStreamMode.Write);
            byte[] bytesToBeEncrypted =
                    Encoding.ASCII.GetBytes("This is a plaintext message.");
            cryptoStream.Write(bytesToBeEncrypted, 0,
bytesToBeEncrypted.Length);
            cryptoStream.Close();

            msg.Bytes = memStream.ToArray();
            memStream.Close();

            memStream = new MemoryStream(msg.Bytes);

            passwordBytes = new PasswordDeriveBytes("MySecretPassword",
                                Encoding.ASCII.GetBytes(saltString),
hashString, 1);
            decrKey = SymmetricAlgorithm.Create(algString);
            decrKey.IV = Encoding.ASCII.GetBytes(IVString);
            decrKey.Key = passwordBytes.CryptDeriveKey(algString,
                                                        hashString,
                                                        0,

Encoding.ASCII.GetBytes(IVString));

            cryptoStream = new CryptoStream(memStream,
                                decrKey.CreateDecryptor(),
                                CryptoStreamMode.Read);
            byte[] decryptedData = new byte[msg.Bytes.Length];
            int decryptedDataLen = 0;
            decryptedDataLen = cryptoStream.Read(decryptedData, 0,
decryptedData.Length);
            cryptoStream.Close();

            Console.WriteLine("[{0}]\n",
                Encoding.ASCII.GetString(decryptedData, 0,
decryptedDataLen));
            memStream.Close();
        }
        public static int Main(string[] args)
        {
            TestCrypto crypto;

            crypto = new TestCrypto();
            return 0;
        }
    }
    class EncryptedMessage
    {
        private byte[] encryptedBytes;
        public byte[] Bytes
        {
            get
            {
                return encryptedBytes;
            }
            set
            {
                encryptedBytes = value;
            }
        }
    }

Quote:
}

-
--
Alek


Quote:
> Hello,
> I am looking for a simple Hello World Encyption example.. something to
this
> effect,
> i send in a string, it returns me the encrypted string,
> theString = Encyprt(theString);
> MessageBox.Show(theString);
> theString = Decrypt(theString);
> MessageBox.Show(theString);

> I looked at the System.Secutiry.Cryptography section on msdn but it's gets
> too complicated and i couldn't find quite what i wanted.. is the above
> possible, if so what is the include statement and what are the methods.

> thank you,



Mon, 21 Feb 2005 02:56:36 GMT  
 a hello world encryption
If you need a one-line solution, you can try what many people do: use
exclusive OR (XOR) operation to reverse bits of the string characters (you
will probably need to convert the strings to byte arrays, perform XOR on
each byte, and save byte array in the registry as binary data). While this
approach is better than storing data values as plain text, it cannot be
considered secure, because even a novice hacker will be able to break this
type of "encryption."

--
Alek


Quote:
> Well, maybe i am in it over my head,
> what i wanted was a simple solution, i developed a small application that
> ftps and download a file to edit, once editing is done, it ftps the file
> back. On that application i store the user settings,loginname,password
> ect... in the registy. before i store it in registry i wanted to encrypt
> it... that why i wanted a simple HelloWorld like example. I will look into
> the solution provided below and see how to make it work for my needs.
Thank
> you both for taking time to help me, if there is am alternate, easier way
of
> doing thing, please let me know. It doesn't have to be extra secure, i saw
> on a sql newsgroup a simple way to encrypt password before storing in the
> the table and used it below; however i was not able to decrypt it back :)
> this is what i have...
> private string encryptPass(string passwd) {
>    string newPass = string.Empty;
>    for(int i =0;i<passwd.Length;i++)
>      newPass += (passwd[i] * 7)^2;
>    return newPass;
> }

> the delimea for me, remeber i am a small time coder, is to find the
opposite
> of this..
> thank you...






Mon, 21 Feb 2005 05:57:22 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. Canocical hello world

2. The Program Only Harder Then Hello World...

3. Hello World not working

4. Hello World Problem

5. Newbie Question about Hello World

6. Hello World

7. Hello world without semicolon

8. Hello World

9. Hello World problems

10. Hello World Web service

11. Hello world!

12. Help with Hello World

 

 
Powered by phpBB® Forum Software