C# - Serializing/Deserializing a DES encrypted file from a stream

Asked 8/6, 2009 at 13:56 Answered 16/5, 2012 at 14:47

Does anyone have any examples of how to encrypt serialized data to a file and then read it back using DES?

I've written some code already that isn't working, but I'd rather see a fresh attempt instead of pursuing my code.

EDIT: Sorry, forgot to mention I need an example using XmlSerializer.Serialize/Deserialize.

Whitmer answered 8/6, 2009 at 13:56 Comment(3)

By the way, I'm using the CF, so memory is a constraint. – Whitmer 8/6, 2009 at 13:58

Can you elaborate? Do you want to encrypt something and then serialize it to the XML format, or do you want to encrypt the serialized data? – Cortie 8/6, 2009 at 14:16

Whichever is less time consuming. I've got a collection of customer information that needs to be encrypted to a file. The way I saw it working was to serialize through a cryptostream to a file (which works) and then deserialize through a cryptostream from a file (which doesn't work). – Whitmer 8/6, 2009 at 14:21

Encryption

public static void EncryptAndSerialize(string filename, MyObject obj, SymmetricAlgorithm key)
{
    using(FileStream fs = File.Open(filename, FileMode.Create))
    {
        using(CryptoStream cs = new CryptoStream(fs, key.CreateEncryptor(), CryptoStreamMode.Write))
        {
            XmlSerializer xmlser = new XmlSerializer(typeof(MyObject));
            xmlser.Serialize(cs, obj); 
        }
    }
}

Decryption:

public static MyObject DecryptAndDeserialize(string filename, SymmetricAlgorithm key)    
{
    using(FileStream fs = File.Open(filename, FileMode.Open))
    {
        using(CryptoStream cs = new CryptoStream(fs, key.CreateDecryptor(), CryptoStreamMode.Read))
        {
            XmlSerializer xmlser = new XmlSerializer(typeof(MyObject));
            return (MyObject) xmlser.Deserialize(cs);
        }
    }
}

Usage:

DESCryptoServiceProvider key = new DESCryptoServiceProvider();
MyObject obj = new MyObject();
EncryptAndSerialize("testfile.xml", obj, key);
MyObject deobj = DecryptAndDeserialize("testfile.xml", key);

You need to change MyObject to whatever the type of your object is that you are serializing, but this is the general idea. The trick is to use the same SymmetricAlgorithm instance to encrypt and decrypt.

Elyse answered 8/6, 2009 at 14:34 Comment(3)

Looks like we posted about the same time, I'll accept as it's near enough what I actually wanted! Thanks Bryce. – Whitmer 8/6, 2009 at 14:38

But how would I make key from a known string? Like "this_is_a_password_to_unlock_the_file"? This works in your "Usage" case, but if you want to save the key, and then use it to unlock the encrypted data, how would I do that? :/ – Burlie 18/10, 2011 at 11:27

Got it! To encrypt with a certain password: key.CreateEncryptor(Encoding.ASCII.GetBytes("64bitPas"), Encoding.ASCII.GetBytes("InitVector")), to decrypt with the same password: key.CreateDecryptor(Encoding.ASCII.GetBytes("64bitPas"), Encoding.ASCII.GetBytes("InitVector")) – Burlie 18/10, 2011 at 11:41

This thread gave the basic idea. Here's a version that makes the functions generic, and also allows you to pass an encryption key so it's reversible.

public static void EncryptAndSerialize<T>(string filename, T obj, string encryptionKey) {
  var key = new DESCryptoServiceProvider();
  var e = key.CreateEncryptor(Encoding.ASCII.GetBytes("64bitPas"), Encoding.ASCII.GetBytes(encryptionKey));
  using (var fs = File.Open(filename, FileMode.Create))
  using (var cs = new CryptoStream(fs, e, CryptoStreamMode.Write))
      (new XmlSerializer(typeof (T))).Serialize(cs, obj);
}

public static T DecryptAndDeserialize<T>(string filename, string encryptionKey) {
  var key = new DESCryptoServiceProvider();
  var d = key.CreateDecryptor(Encoding.ASCII.GetBytes("64bitPas"), Encoding.ASCII.GetBytes(encryptionKey));
  using (var fs = File.Open(filename, FileMode.Open))
  using (var cs = new CryptoStream(fs, d, CryptoStreamMode.Read))
      return (T) (new XmlSerializer(typeof (T))).Deserialize(cs);
}

Overthecounter answered 16/5, 2012 at 14:47 Comment(1)

-1 for wrong ordering of params in CreateEncryptor & invalid initialization vector for DES and that that it wont decrypt the stream properly (due to unflushed cryptostream). – Arliearliene 1/10, 2013 at 6:18

Here is an example of DES encryption/decription for a string.

Cortie answered 8/6, 2009 at 14:9 Comment(1)

Sorry, I need an example using XmlSerializer. I'll amend the main question. – Whitmer 8/6, 2009 at 14:10

Recommended topics

Hot tags