C# Cryptography - Encrypting a bunch of bytes

C# has some pretty brilliant encryption classes built in. For a recent project, i needed to store a password in clear text (it needs to be passed onto another system) and i figured i didn't want to be storing it in a settings file without being encrypted. Of course, anyone who decompiles the executable of my program can figure out how to decrypt it, but it's better than nothing. So here's the code:

public static byte[] Encrypt(byte[] input)
{
  PasswordDeriveBytes pdb =
    new PasswordDeriveBytes("hjiweykaksd", // Change this
    new byte[] { 0x43, 0x87, 0x23, 0x72}); // Change this
  MemoryStream ms = new MemoryStream();
  Aes aes = new AesManaged();
  aes.Key = pdb.GetBytes(aes.KeySize / 8);
  aes.IV = pdb.GetBytes(aes.BlockSize / 8);
  CryptoStream cs = new CryptoStream(ms,
    aes.CreateEncryptor(), CryptoStreamMode.Write);
  cs.Write(input, 0, input.Length);
  cs.Close();
  return ms.ToArray();
}
public static byte[] Decrypt(byte[] input)
{
  PasswordDeriveBytes pdb =
    new PasswordDeriveBytes("hjiweykaksd", // Change this
    new byte[] { 0x43, 0x87, 0x23, 0x72}); // Change this
  MemoryStream ms = new MemoryStream();
  Aes aes = new AesManaged();
  aes.Key = pdb.GetBytes(aes.KeySize / 8);
  aes.IV = pdb.GetBytes(aes.BlockSize / 8);
  CryptoStream cs = new CryptoStream(ms,
    aes.CreateDecryptor(), CryptoStreamMode.Write);
  cs.Write(input, 0, input.Length);
  cs.Close();
  return ms.ToArray();
}

Basically these two functions take a bunch of bytes, encrypt/decrypt it, and return another bunch of bytes. If you want to convert these bytes into strings for convenience's sake, as i did, here's the functions i used:

public static string Encrypt(string input)
{
  return Convert.ToBase64String(Encrypt(Encoding.UTF8.GetBytes(input)));
}
public static string Decrypt(string input)
{
  return Encoding.UTF8.GetString(Decrypt(Convert.FromBase64String(input)));
}

With the above functions, you can get a string password, encrypt it which results in another string, store the encrypted string in the registry or your ini file, and when you need the clear password again, just decrypt the encrypted string again. The PasswordDeriveBytes is basically a handy class for generating consistent but random-looking data based on a password (the string) and salt (the 4 byte array). This is used to generate the encryption key and initialisation vector (IV). Since we use the same password/salt in the encrypt and decrypt functions, they will then have the same key and IV and be able to work together. You'll want to use your own password and salt values. Oh yeah, you'll probably need these too:

using System.Text;
using System.IO;
using System.Security.Cryptography;

Thanks for reading! And if you want to get in touch, I'd love to hear from you: chris.hulbert at gmail.

Chris Hulbert

(Comp Sci, Hons - UTS)

Software Developer (Freelancer / Contractor) in Australia.

I have worked at places such as Google, Cochlear, Assembly Payments, News Corp, Fox Sports, NineMSN, FetchTV, Coles, Woolworths, Trust Bank, and Westpac, among others. If you're looking for help developing an iOS app, drop me a line!

Get in touch:
[email protected]
github.com/chrishulbert
linkedin

Subscribe via RSS