Encryption mechanism
I am currently creating a library that will do common tasks in C # .Net. I am mainly targeting C # newbies so they can take advantage of my library and use it to minimize the hassle they run into. I am currently adding encryption features to my library and I have some success. But my encryption criteria are not very complicated and complicated. so that in the future any hacker can break through and decrypt important data (like passwords, etc.). so please tell me how can I write my own complex criteria for encrypting passwords. This library is for free and beginners alike.
thank
+3
source to share
4 answers
I advise you not to write your own encryption engine for no good reason when there are already many, as first take a look at the Encryption API in the Enterprise Library . This is a completely newbie.
If you're still in the mood to write your own, still look at the Enterperise library and others at BouncyCastle to see how the other frameworks are put together - you'll learn a lot, and this is the best way to try and improve what's out there.
+5
source to share
You can write easy-to-use wrappers around .NET encryption methods.
Aes example (my own wrapper):
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;
using Synercoding.CodeGuard;
namespace Synercoding.Encryption.Symmetrical
{
/// <summary>
/// A class to Encrypt and Decrypt with Rijndael AES encryption
/// </summary>
public sealed class AesEncryption : IDisposable
{
private byte[] m_salt;
private RijndaelManaged m_aesAlg = new RijndaelManaged(); // RijndaelManaged object used to encrypt/decrypt the data.
/// <summary>
/// Create a new AesEncryption object with the standard salt
/// </summary>
public AesEncryption() : this("850nW94vN39iUx") { }
/// <summary>
/// Create a new AesEncryption object with the specified salt
/// </summary>
/// <param name="salt">The salt used for salting the key. Must be atleast 8 chars long</param>
public AesEncryption(string salt)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(salt), "param salt can't be null or empty.");
Guard.Requires<ArgumentException>(salt.Length >= 8, "param salt must be atleast 8 chars long.");
m_salt = Encoding.ASCII.GetBytes(salt);
}
/// <summary>
/// The salt in ASCII string format
/// </summary>
public string SaltString
{
get
{
return Encoding.ASCII.GetString(m_salt);
}
}
/// <summary>
/// The salt that is used for the key and IV generation.
/// </summary>
public byte[] Salt
{
get
{
return m_salt;
}
}
/// <summary>
/// Encrypt the given string using AES. The string can be decrypted using
/// DecryptStringAES(). The sharedSecret parameters must match.
/// </summary>
/// <param name="plainText">The text to encrypt.</param>
/// <param name="sharedSecret">A password used to generate a key for encryption.</param>
public string EncryptStringAES(string plainText, string sharedSecret)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(plainText), "param plainText can't be null or empty");
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(sharedSecret), "param sharedSecret can't be null or empty");
Guard.Requires<InvalidOperationException>(m_aesAlg != null, "this object is already disposed");
string outStr = null; // Encrypted string to return
// generate the key from the shared secret and the salt
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, Salt);
m_aesAlg.Key = key.GetBytes(m_aesAlg.KeySize / 8);
m_aesAlg.IV = key.GetBytes(m_aesAlg.BlockSize / 8);
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = m_aesAlg.CreateEncryptor(m_aesAlg.Key, m_aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
outStr = Convert.ToBase64String(msEncrypt.ToArray());
}
// Return the encrypted bytes from the memory stream.
return outStr;
}
/// <summary>
/// Decrypt the given string. Assumes the string was encrypted using
/// EncryptStringAES(), using an identical sharedSecret.
/// </summary>
/// <param name="cipherText">The text to decrypt.</param>
/// <param name="sharedSecret">A password used to generate a key for decryption.</param>
public string DecryptStringAES(string cipherText, string sharedSecret)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(cipherText), "param cipherText can't be null or empty");
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(sharedSecret), "param sharedSecret can't be null or empty");
Guard.Requires<InvalidOperationException>(m_aesAlg != null, "this object is already disposed");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// generate the key from the shared secret and the salt
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, Salt);
m_aesAlg.Key = key.GetBytes(m_aesAlg.KeySize / 8);
m_aesAlg.IV = key.GetBytes(m_aesAlg.BlockSize / 8);
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = m_aesAlg.CreateDecryptor(m_aesAlg.Key, m_aesAlg.IV);
// Create the streams used for decryption.
byte[] bytes = Convert.FromBase64String(cipherText);
using (MemoryStream msDecrypt = new MemoryStream(bytes))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
return plaintext;
}
public void Dispose()
{
if (m_aesAlg != null)
{
m_aesAlg.Clear();
m_aesAlg.Dispose();
m_aesAlg = null;
}
}
}
}
MD5 example (hash):
using System;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using Synercoding.CodeGuard;
namespace Synercoding.Encryption.Hashing
{
/// <summary>
/// Class to verify and generate MD5 hashes
/// </summary>
public static class MD5Hash
{
/// <summary>
/// Creates a MD5 hexadecimal string based on the input
/// </summary>
/// <param name="input">The string to hash</param>
/// <returns>A MD5 hex string</returns>
public static string GetHash(string input)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(input), "param input can't be null or empty");
// Create a new Stringbuilder to collect the bytes
// and create a string.
StringBuilder sBuilder = new StringBuilder();
using (MD5 md5Hash = MD5.Create())
{
// Convert the input string to a byte array and compute the hash.
byte[] data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
// Loop through each byte of the hashed data
// and format each one as a hexadecimal string.
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
}
// Return the hexadecimal string.
return sBuilder.ToString();
}
/// <summary>
/// Creates a MD5 hexadecimal string based on the input
/// </summary>
/// <param name="input">The string to hash</param>
/// <returns>A MD5 hash in byte format</returns>
public static byte[] GetByteHash(string input)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(input), "param input can't be null or empty");
byte[] data;
using (MD5 md5Hash = MD5.Create())
{
// Convert the input string to a byte array and compute the hash.
data = md5Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
}
return data;
}
/// <summary>
/// Verifies the input with the hash.
/// </summary>
/// <param name="input">The input to compare</param>
/// <param name="hash">The hash to compare the input with</param>
/// <returns>True is the input validates.</returns>
public static bool VerifyHash(string input, string hash)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(input), "param input can't be null or empty");
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(hash), "param hash can't be null or empty");
Guard.Requires<ArgumentNullException>(hash.Length == 32, "param hash must be 32 chars long");
// Hash the input.
string hashOfInput = GetHash(input);
// Create a StringComparer an compare the hashes.
StringComparer comparer = StringComparer.OrdinalIgnoreCase;
if (0 == comparer.Compare(hashOfInput, hash))
{
return true;
}
else
{
return false;
}
}
/// <summary>
/// Verifies the input with the hash.
/// </summary>
/// <param name="input">The input to compare</param>
/// <param name="hash">The hash to compare the input with</param>
/// <returns>True is the input validates.</returns>
public static bool VerifyHash(string input, byte[] hash)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(input), "param input can't be null or empty");
Guard.Requires<ArgumentNullException>(hash != null, "param hash can't be null");
Guard.Requires<ArgumentNullException>(hash.Length == 128 / 8, "param hash must be 128bits (16 bytes) long");
// Hash the input.
byte[] hashOfInput = GetByteHash(input);
if (hashOfInput.SequenceEqual(hash))
{
return true;
}
else
{
return false;
}
}
}
}
SHA512 example (hash):
using System;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using Synercoding.CodeGuard;
namespace Synercoding.Encryption.Hashing
{
/// <summary>
/// Class to verify and generate SHA512 hashes
/// </summary>
public static class SHA512Hash
{
/// <summary>
/// Creates a SHA512 hexadecimal string based on the input
/// </summary>
/// <param name="input">The string to hash</param>
/// <returns>A SHA512 hex string</returns>
public static string GetHash(string input)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(input), "param input can't be null or empty");
// Create a new Stringbuilder to collect the bytes
// and create a string.
StringBuilder sBuilder = new StringBuilder();
using (SHA512 SHA512Hash = SHA512.Create())
{
// Convert the input string to a byte array and compute the hash.
byte[] data = SHA512Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
// Loop through each byte of the hashed data
// and format each one as a hexadecimal string.
for (int i = 0; i < data.Length; i++)
{
sBuilder.Append(data[i].ToString("x2"));
}
}
// Return the hexadecimal string.
return sBuilder.ToString();
}
/// <summary>
/// Creates a SHA512 hash based on the input
/// </summary>
/// <param name="input">The string to hash</param>
/// <returns>A SHA512 hash in byte format</returns>
public static byte[] GetByteHash(string input)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(input), "param input can't be null or empty");
byte[] data;
using (SHA512 SHA512Hash = SHA512.Create())
{
// Convert the input string to a byte array and compute the hash.
data = SHA512Hash.ComputeHash(Encoding.UTF8.GetBytes(input));
}
return data;
}
/// <summary>
/// Verifies the input with the hash.
/// </summary>
/// <param name="input">The input to compare</param>
/// <param name="hash">The hash to compare the input with</param>
/// <returns>True is the input validates.</returns>
public static bool VerifyHash(string input, string hash)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(input), "param input can't be null or empty");
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(hash), "param hash can't be null or empty");
Guard.Requires<ArgumentNullException>(hash.Length == 128, "param hash must be 128 chars long");
// Hash the input.
string hashOfInput = GetHash(input);
// Create a StringComparer an compare the hashes.
StringComparer comparer = StringComparer.OrdinalIgnoreCase;
if (0 == comparer.Compare(hashOfInput, hash))
{
return true;
}
else
{
return false;
}
}
/// <summary>
/// Verifies the input with the hash.
/// </summary>
/// <param name="input">The input to compare</param>
/// <param name="hash">The hash to compare the input with</param>
/// <returns>True is the input validates.</returns>
public static bool VerifyHash(string input, byte[] hash)
{
Guard.Requires<ArgumentNullException>(!string.IsNullOrEmpty(input), "param input can't be null or empty");
Guard.Requires<ArgumentNullException>(hash != null, "param hash can't be null");
Guard.Requires<ArgumentNullException>(hash.Length == 512 / 8, "param hash must be 512bits (64 bytes) long");
// Hash the input.
byte[] hashOfInput = GetByteHash(input);
if (hashOfInput.SequenceEqual(hash))
{
return true;
}
else
{
return false;
}
}
}
}
0
source to share