Really simple encryption with C# and SymmetricAlgorithm

Asked 27/1, 2012 at 9:56 Answered 27/1, 2012 at 13:54

Solved c#encryption encryption-symmetric des

I'm looking for a very simple crypt / decrypt method. I will be using always the same static key. I'm aware of the risks of this approach. Currently I'm using the following code but it does not generate the same result after crypting and decripting the same string (there is some garbage in the middle of the string).

public static string Crypt(this string text)
{
    string result = null;

    if (!String.IsNullOrEmpty(text))
    {
        byte[] plaintextBytes = Encoding.Unicode.GetBytes(text);

        SymmetricAlgorithm symmetricAlgorithm = DES.Create();
        symmetricAlgorithm.Key = new byte[8] {1, 2, 3, 4, 5, 6, 7, 8};
        using (MemoryStream memoryStream = new MemoryStream())
        {
            using (CryptoStream cryptoStream = new CryptoStream(memoryStream, symmetricAlgorithm.CreateEncryptor(), CryptoStreamMode.Write))
            {
                cryptoStream.Write(plaintextBytes, 0, plaintextBytes.Length);
            }

            result = Encoding.Unicode.GetString(memoryStream.ToArray());
        }
    }

    return result;
}

public static string Decrypt(this string text)
{
    string result = null;

    if (!String.IsNullOrEmpty(text))
    {
        byte[] encryptedBytes = Encoding.Unicode.GetBytes(text);

        SymmetricAlgorithm symmetricAlgorithm = DES.Create();
        symmetricAlgorithm.Key = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
        using (MemoryStream memoryStream = new MemoryStream(encryptedBytes))
        {
            using (CryptoStream cryptoStream = new CryptoStream(memoryStream, symmetricAlgorithm.CreateDecryptor(), CryptoStreamMode.Read))
            {
                byte[] decryptedBytes = new byte[encryptedBytes.Length];
                cryptoStream.Read(decryptedBytes, 0, decryptedBytes.Length);
                result = Encoding.Unicode.GetString(decryptedBytes);
            }
        }
    }

    return result;
}

I can change whatever is needed, no limits (but I want just to have on method to crypt and another one to decrypt without sharing variables between them).

Thanks.

Faiyum answered 27/1, 2012 at 9:56 Comment(1)

Either pad your data to a multiple of the cipher's block size or use a stream algorithm instead of a block algorithm. – Dessiatine 27/1, 2012 at 10:1

If you don't want to handle keys yourself then let the operating system do it for your. E.g. use Windows Data Protection (DPAPI).

You can write your own, string-based, version of System.Security.Cryptography.ProtectedData.Protect and Unprotect methods by using something like:

public static string Crypt (this string text)
{
    return Convert.ToBase64String (
        ProtectedData.Protect (
            Encoding.Unicode.GetBytes (text) ) );
}

public static string Decrypt (this string text)
{
    return Encoding.Unicode.GetString (
        ProtectedData.Unprotect (
             Convert.FromBase64String (text) ) );
}

Viscous answered 27/1, 2012 at 13:54 Comment(6)

Be careful with this, you can't decrypt the encrpyted string on any other computer or even with a different profile on the same machine. Only good for storing things very locally. – Typehigh 1/2, 2013 at 13:33

@JonathanDeMarks, The latest version of the base class libraries DO allow this to be encrypted/decrypted by both CurrentUser as well as LocalMachine. The signature for the encrypt is as follows: public static byte[] Protect (byte[] userData, byte[] optionalEntropy, DataProtectionScope scope) where scope can be DataProtectionScope.CurrentUser or DataProtectionScope.LocalMachine – Elanaeland 4/6, 2014 at 12:54

he is saying "I will be using always the same static key". And you are offering something that will get him into trouble – Fig 26/11, 2014 at 8:7

@JonathanDeMarks thanks for killing the joy of finding simple method... – Counterwork 26/10, 2016 at 22:55

The Protect and Unprotect do not allow single argument. Therefore, I had to use, for example: ProtectedData.Protect(Encoding.Unicode.GetBytes(text),null,DataProtectionScope.CurrentUser) and ProtectedData.Unprotect(Convert.FromBase64String(text), null, DataProtectionScope.CurrentUser) – Gourami 14/8, 2018 at 8:55

Remember do add a reference to System.Security.dll in your project. – Scabies 20/12, 2018 at 21:27

How about something like this?

Code

using System;
using System.Security.Cryptography;
using System.Text;

public static class StringUtil
{
    private static byte[] key = new byte[8] {1, 2, 3, 4, 5, 6, 7, 8};
    private static byte[] iv = new byte[8] {1, 2, 3, 4, 5, 6, 7, 8};

    public static string Crypt(this string text)
    {
        SymmetricAlgorithm algorithm = DES.Create();
        ICryptoTransform transform = algorithm.CreateEncryptor(key, iv);
        byte[] inputbuffer = Encoding.Unicode.GetBytes(text);
        byte[] outputBuffer = transform.TransformFinalBlock(inputbuffer, 0, inputbuffer.Length);
        return Convert.ToBase64String(outputBuffer);
    }

    public static string Decrypt(this string text)
    {
        SymmetricAlgorithm algorithm = DES.Create();
        ICryptoTransform transform = algorithm.CreateDecryptor(key, iv);
        byte[] inputbuffer = Convert.FromBase64String(text);
        byte[] outputBuffer = transform.TransformFinalBlock(inputbuffer, 0, inputbuffer.Length);
        return Encoding.Unicode.GetString(outputBuffer);
    }
}

Unit Test

[Test]
public void Test()
{
    string expected = "this is my test string";
    string a = expected.Crypt();
    Debug.WriteLine(a);
    string actual = a.Decrypt();
    Assert.AreEqual(expected, actual);
}

EDIT:

To clarify: I am aware this is not good practice.

"I'm aware of the risks of this approach. "

Iv'e made the assumption that the OP is also aware and will make relevant code changes before considering using anything like this in a production environment.

The question emphasizes simplicity over good practice.

Wangle answered 27/1, 2012 at 10:27 Comment(5)

IV should be random and stored with the message. – Maiocco 27/1, 2012 at 10:39

Served it's purpose for my little project just fine, thanks :) – Facilitation 21/5, 2014 at 5:27

This just throws an error "System.Security.Cryptography.CryptographicException: Bad Data." – Shortcut 23/6, 2020 at 1:4

what changes do I need to do to make it production worthy? – Fig 20/4, 2021 at 14:2

Consider using AES instead of DES as this one is more exposed to attacks. learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/… – Genesa 16/3, 2023 at 14:1

You'll need to set the cipher mode to CipherMode.ECB or use an IV.

SymmetricAlgorithm symmetricAlgorithm = DES.Create();
symmetricAlgorithm.Key = new byte[8] { 1, 2, 3, 4, 5, 6, 7, 8 };
symmetricAlgorithm.Mode = CipherMode.ECB;
...

Another point is not to use Unicode encoding. Use Base64 instead. Unicode might "destroy" bytes that are not UTF-16.

Architrave answered 27/1, 2012 at 10:3 Comment(4)

Anyway I get the beggining of the string corrupted. – Faiyum 27/1, 2012 at 10:11

+1. An alternative can be to just return (and then use) the raw bytes rather than a string, but either way the problem is that Encoding.Unicode.GetString is going to catch and "fix" cases where the encrypted bytes aren't valid UTF-16, which ruins the plan. – Wooster 27/1, 2012 at 10:13

Greeeeeeeat. Now it works, thanks! (It's hard when you have to work with things that you don't understand and you don't want to understand ;) thanks again. – Faiyum 27/1, 2012 at 10:24

@CodeInChaos: Nothing wrong with using ECB. It all depends on the context. To solve his/her problem the necessary steps to take is what I described in my answer, ECB or IV. Though I'd never use ECB myself, using ECB is one of the possible solutions. – Architrave 27/1, 2012 at 10:50

Recommended topics

Hot tags