we know that in our applications, both web and desktop we need to use encrypting and decrypting functionalities. but problem is how strong your encryption is. and how you are going to manage url encode and url decode against encrypted content.
if you are passing encrypted content as url parameters you must be aware that receiver’s end receive the correct content you intend to send. tric is to use utf-8 encoding at both ends.
first we will look in to the encrypt and decrypt functions..
using System.Security.Cryptography;
public class CryptoManager
{
public static string Encrypt(string data)
{
string passPhrase = "@#$%$_LongPassPhrase_#$%";
string saltValue = "sALtValue";
string hashAlgorithm = "SHA1";
int passwordIterations = 7;
string initVector = "~1B2c3D4e5F6g7H8";
int keySize = 256;
byte[] bytes = Encoding.ASCII.GetBytes(initVector);
byte[] rgbSalt = Encoding.ASCII.GetBytes(saltValue);
byte[] buffer = Encoding.UTF8.GetBytes(data);
byte[] rgbKey = new PasswordDeriveBytes(passPhrase, rgbSalt, hashAlgorithm, passwordIterations).GetBytes(keySize / 8);
RijndaelManaged managed = new RijndaelManaged();
managed.Mode = CipherMode.CBC;
ICryptoTransform transform = managed.CreateEncryptor(rgbKey, bytes);
MemoryStream stream = new MemoryStream();
CryptoStream stream2 = new CryptoStream(stream, transform, CryptoStreamMode.Write);
stream2.Write(buffer, 0, buffer.Length);
stream2.FlushFinalBlock();
byte[] inArray = stream.ToArray();
stream.Close();
stream2.Close();
stream.Dispose();
stream2.Dispose();
return Convert.ToBase64String(inArray);
}
public static string Decrypt(string data)
{
string passPhrase = "@#$%$_LongPassPhrase_#$%";
string saltValue = "sALtValue";
string hashAlgorithm = "SHA1";
int passwordIterations = 7;
string initVector = "~1B2c3D4e5F6g7H8";
int keySize = 256;
byte[] bytes = Encoding.ASCII.GetBytes(initVector);
byte[] rgbSalt = Encoding.ASCII.GetBytes(saltValue);
byte[] buffer = Convert.FromBase64String(data);
byte[] rgbKey = new PasswordDeriveBytes(passPhrase, rgbSalt, hashAlgorithm, passwordIterations).GetBytes(keySize / 8);
RijndaelManaged managed = new RijndaelManaged();
managed.Mode = CipherMode.CBC;
ICryptoTransform transform = managed.CreateDecryptor(rgbKey, bytes);
MemoryStream stream = new MemoryStream(buffer);
CryptoStream stream2 = new CryptoStream(stream, transform, CryptoStreamMode.Read);
byte[] buffer5 = new byte[buffer.Length];
int count = stream2.Read(buffer5, 0, buffer5.Length);
stream.Close();
stream2.Close();
stream.Dispose();
stream2.Dispose();
return Encoding.UTF8.GetString(buffer5, 0, count);
}
}
Now we’ll look how we are going to use them.
In Desktop applications
Encrypting
string dataString = "Some thing you want to Encrypt"; string encryptedDataString = CryptoManager.Encrypt(dataString); // your code go here
Decrypting
string content = "Some Encrypted Content"; string decryptedContent = CryptoManager.Decrypt(content); // now you have decrypted content.
In Web Applications
Encrypting
string dataString = "Some thing you want to Encrypt"; string encryptedDataString = CryptoManager.Encrypt(dataString); string urlStr = "http://www.yourdomain.com/yourPage.aspx?content=" + HttpUtility.UrlEncode(encryptedDataString); // now urlStr having utf-8 encoded url ready to be sent over a email.. or something like confirmation link..
Decrypting
// reading the encrypted content from url parameters ( parameter is "content") string content = Request.QueryString["content"]; //Decode Url parameters content= HttpUtility.UrlDecode(content).ToString(); string decryptedContent = CryptoManager.Decrypt(content); // now we have clean utf-8 content sent over url parameters.
Advertisements
