Byte array to string and back - newbie question

Discussion in 'ASP .Net Security' started by popsovy@rusmex.com, Feb 5, 2004.

  1. Guest

    Hi,

    I am trying to implement DES algorithm as described in the Microsoft article at
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetHT10.asp.

    The problem is that I need to save the data in the database as String, and for that I have to convet from Byte array to string and back.

    When I cast a byte array into a string and then back to a byte array, I don't get the same array. For example:


    Dim SecretText As Byte()
    Dim SecretText1 As Byte()
    Dim Text as string
    ......
    SecretText = enc.Encrypt(Data, Key, Vector) 'returns Byte Array
    Text = Encoding.ASCII.GetString(SecretText) 'convert to string in order to save into the DB
    .....
    .....
    .....
    SecretText1 = Encoding.ASCII.GetBytes(Text) 'prepare for decryption routine



    At the end, SecretText1 does NOT equal to SecretText, and I want it to be. How should I do the conversion correctly?

    Thanks!!!

    Zhenya
    http://www.rusmex.com
    , Feb 5, 2004
    #1
    1. Advertising

  2. Mattias Sjögren, Feb 5, 2004
    #2
    1. Advertising

  3. Craig Guest

    Actually, this might help you a LOT. I didn't write this, and I don't seem
    to have bookmarked where it came from, but this class works GREAT and it's
    SUPER documented so you can disect what he's doing. It includes functions
    to encode and decode with any options you can dream. Just snip below the
    line and you're set...

    ------------------------------------------------

    using System;

    using System.IO;

    using System.Security.Cryptography;

    namespace perfClientConfig

    {

    /// <summary>

    /// Summary description for EncDec.

    /// </summary>

    //

    // Sample encrypt/decrypt functions

    // Parameter checks and error handling are ommited for better readability

    //

    public class EncDec

    {

    // Encrypt a byte array into a byte array using a key and an IV

    public static byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)

    {

    // Create a MemoryStream that is going to accept the encrypted bytes

    MemoryStream ms = new MemoryStream();

    // Create a symmetric algorithm.

    // We are going to use Rijndael because it is strong and available on all
    platforms.

    // You can use other algorithms, to do so substitute the next line with
    something like

    // TripleDES alg = TripleDES.Create();

    Rijndael alg = Rijndael.Create();

    // Now set the key and the IV.

    // We need the IV (Initialization Vector) because the algorithm is operating
    in its default

    // mode called CBC (Cipher Block Chaining). The IV is XORed with the first
    block (8 byte)

    // of the data before it is encrypted, and then each encrypted block is
    XORed with the

    // following block of plaintext. This is done to make encryption more
    secure.

    // There is also a mode called ECB which does not need an IV, but it is much
    less secure.

    alg.Key = Key;

    alg.IV = IV;

    // Create a CryptoStream through which we are going to be pumping our data.

    // CryptoStreamMode.Write means that we are going to be writing data to the
    stream

    // and the output will be written in the MemoryStream we have provided.

    CryptoStream cs = new CryptoStream(ms, alg.CreateEncryptor(),
    CryptoStreamMode.Write);

    // Write the data and make it do the encryption

    cs.Write(clearData, 0, clearData.Length);

    // Close the crypto stream (or do FlushFinalBlock).

    // This will tell it that we have done our encryption and there is no more
    data coming in,

    // and it is now a good time to apply the padding and finalize the
    encryption process.

    cs.Close();

    // Now get the encrypted data from the MemoryStream.

    // Some people make a mistake of using GetBuffer() here, which is not the
    right way.

    byte[] encryptedData = ms.ToArray();

    return encryptedData;

    }

    // Encrypt a string into a string using a password

    // Uses Encrypt(byte[], byte[], byte[])

    public static string Encrypt(string clearText, string Password)

    {

    // First we need to turn the input string into a byte array.

    byte[] clearBytes = System.Text.Encoding.Unicode.GetBytes(clearText);

    // Then, we need to turn the password into Key and IV

    // We are using salt to make it harder to guess our key using a dictionary
    attack -

    // trying to guess a password by enumerating all possible words.

    PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,

    new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65,
    0x64, 0x65, 0x76});

    // Now get the key/IV and do the encryption using the function that accepts
    byte arrays.

    // Using PasswordDeriveBytes object we are first getting 32 bytes for the
    Key

    // (the default Rijndael key length is 256bit = 32bytes) and then 16 bytes
    for the IV.

    // IV should always be the block size, which is by default 16 bytes (128
    bit) for Rijndael.

    // If you are using DES/TripleDES/RC2 the block size is 8 bytes and so
    should be the IV size.

    // You can also read KeySize/BlockSize properties off the algorithm to find
    out the sizes.

    byte[] encryptedData = Encrypt(clearBytes, pdb.GetBytes(32),
    pdb.GetBytes(16));

    // Now we need to turn the resulting byte array into a string.

    // A common mistake would be to use an Encoding class for that. It does not
    work

    // because not all byte values can be represented by characters.

    // We are going to be using Base64 encoding that is designed exactly for
    what we are

    // trying to do.

    return Convert.ToBase64String(encryptedData);

    }

    // Encrypt bytes into bytes using a password

    // Uses Encrypt(byte[], byte[], byte[])

    public static byte[] Encrypt(byte[] clearData, string Password)

    {

    // We need to turn the password into Key and IV.

    // We are using salt to make it harder to guess our key using a dictionary
    attack -

    // trying to guess a password by enumerating all possible words.

    PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,

    new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65,
    0x64, 0x65, 0x76});

    // Now get the key/IV and do the encryption using the function that accepts
    byte arrays.

    // Using PasswordDeriveBytes object we are first getting 32 bytes for the
    Key

    // (the default Rijndael key length is 256bit = 32bytes) and then 16 bytes
    for the IV.

    // IV should always be the block size, which is by default 16 bytes (128
    bit) for Rijndael.

    // If you are using DES/TripleDES/RC2 the block size is 8 bytes and so
    should be the IV size.

    // You can also read KeySize/BlockSize properties off the algorithm to find
    out the sizes.

    return Encrypt(clearData, pdb.GetBytes(32), pdb.GetBytes(16));

    }

    // Encrypt a file into another file using a password

    public static void Encrypt(string fileIn, string fileOut, string Password)

    {

    // First we are going to open the file streams

    FileStream fsIn = new FileStream(fileIn, FileMode.Open, FileAccess.Read);

    FileStream fsOut = new FileStream(fileOut, FileMode.OpenOrCreate,
    FileAccess.Write);

    // Then we are going to derive a Key and an IV from the Password and create
    an algorithm

    PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,

    new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65,
    0x64, 0x65, 0x76});

    Rijndael alg = Rijndael.Create();

    alg.Key = pdb.GetBytes(32);

    alg.IV = pdb.GetBytes(16);

    // Now create a crypto stream through which we are going to be pumping data.

    // Our fileOut is going to be receiving the encrypted bytes.

    CryptoStream cs = new CryptoStream(fsOut, alg.CreateEncryptor(),
    CryptoStreamMode.Write);

    // Now will will initialize a buffer and will be processing the input file
    in chunks.

    // This is done to avoid reading the whole file (which can be huge) into
    memory.

    int bufferLen = 4096;

    byte[] buffer = new byte[bufferLen];

    int bytesRead;

    do

    {

    // read a chunk of data from the input file

    bytesRead = fsIn.Read(buffer, 0, bufferLen);

    // encrypt it

    cs.Write(buffer, 0, bytesRead);

    } while(bytesRead != 0);

    // close everything

    cs.Close(); // this will also close the unrelying fsOut stream

    fsIn.Close();

    }

    // Decrypt a byte array into a byte array using a key and an IV

    public static byte[] Decrypt(byte[] cipherData, byte[] Key, byte[] IV)

    {

    // Create a MemoryStream that is going to accept the decrypted bytes

    MemoryStream ms = new MemoryStream();

    // Create a symmetric algorithm.

    // We are going to use Rijndael because it is strong and available on all
    platforms.

    // You can use other algorithms, to do so substitute the next line with
    something like

    // TripleDES alg = TripleDES.Create();

    Rijndael alg = Rijndael.Create();

    // Now set the key and the IV.

    // We need the IV (Initialization Vector) because the algorithm is operating
    in its default

    // mode called CBC (Cipher Block Chaining). The IV is XORed with the first
    block (8 byte)

    // of the data after it is decrypted, and then each decrypted block is XORed
    with the previous

    // cipher block. This is done to make encryption more secure.

    // There is also a mode called ECB which does not need an IV, but it is much
    less secure.

    alg.Key = Key;

    alg.IV = IV;

    // Create a CryptoStream through which we are going to be pumping our data.

    // CryptoStreamMode.Write means that we are going to be writing data to the
    stream

    // and the output will be written in the MemoryStream we have provided.

    CryptoStream cs = new CryptoStream(ms, alg.CreateDecryptor(),
    CryptoStreamMode.Write);

    // Write the data and make it do the decryption

    cs.Write(cipherData, 0, cipherData.Length);

    // Close the crypto stream (or do FlushFinalBlock).

    // This will tell it that we have done our decryption and there is no more
    data coming in,

    // and it is now a good time to remove the padding and finalize the
    decryption process.

    cs.Close();

    // Now get the decrypted data from the MemoryStream.

    // Some people make a mistake of using GetBuffer() here, which is not the
    right way.

    byte[] decryptedData = ms.ToArray();

    return decryptedData;

    }

    // Decrypt a string into a string using a password

    // Uses Decrypt(byte[], byte[], byte[])

    public static string Decrypt(string cipherText, string Password)

    {

    // First we need to turn the input string into a byte array.

    // We presume that Base64 encoding was used

    byte[] cipherBytes = Convert.FromBase64String(cipherText);

    // Then, we need to turn the password into Key and IV

    // We are using salt to make it harder to guess our key using a dictionary
    attack -

    // trying to guess a password by enumerating all possible words.

    PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,

    new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65,
    0x64, 0x65, 0x76});

    // Now get the key/IV and do the decryption using the function that accepts
    byte arrays.

    // Using PasswordDeriveBytes object we are first getting 32 bytes for the
    Key

    // (the default Rijndael key length is 256bit = 32bytes) and then 16 bytes
    for the IV.

    // IV should always be the block size, which is by default 16 bytes (128
    bit) for Rijndael.

    // If you are using DES/TripleDES/RC2 the block size is 8 bytes and so
    should be the IV size.

    // You can also read KeySize/BlockSize properties off the algorithm to find
    out the sizes.

    byte[] decryptedData = Decrypt(cipherBytes, pdb.GetBytes(32),
    pdb.GetBytes(16));

    // Now we need to turn the resulting byte array into a string.

    // A common mistake would be to use an Encoding class for that. It does not
    work

    // because not all byte values can be represented by characters.

    // We are going to be using Base64 encoding that is designed exactly for
    what we are

    // trying to do.

    return System.Text.Encoding.Unicode.GetString(decryptedData);

    }

    // Decrypt bytes into bytes using a password

    // Uses Decrypt(byte[], byte[], byte[])

    public static byte[] Decrypt(byte[] cipherData, string Password)

    {

    // We need to turn the password into Key and IV.

    // We are using salt to make it harder to guess our key using a dictionary
    attack -

    // trying to guess a password by enumerating all possible words.

    PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,

    new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65,
    0x64, 0x65, 0x76});

    // Now get the key/IV and do the Decryption using the function that accepts
    byte arrays.

    // Using PasswordDeriveBytes object we are first getting 32 bytes for the
    Key

    // (the default Rijndael key length is 256bit = 32bytes) and then 16 bytes
    for the IV.

    // IV should always be the block size, which is by default 16 bytes (128
    bit) for Rijndael.

    // If you are using DES/TripleDES/RC2 the block size is 8 bytes and so
    should be the IV size.

    // You can also read KeySize/BlockSize properties off the algorithm to find
    out the sizes.

    return Decrypt(cipherData, pdb.GetBytes(32), pdb.GetBytes(16));

    }

    // Decrypt a file into another file using a password

    public static void Decrypt(string fileIn, string fileOut, string Password)

    {

    // First we are going to open the file streams

    FileStream fsIn = new FileStream(fileIn, FileMode.Open, FileAccess.Read);

    FileStream fsOut = new FileStream(fileOut, FileMode.OpenOrCreate,
    FileAccess.Write);

    // Then we are going to derive a Key and an IV from the Password and create
    an algorithm

    PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,

    new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65,
    0x64, 0x65, 0x76});

    Rijndael alg = Rijndael.Create();

    alg.Key = pdb.GetBytes(32);

    alg.IV = pdb.GetBytes(16);

    // Now create a crypto stream through which we are going to be pumping data.

    // Our fileOut is going to be receiving the Decrypted bytes.

    CryptoStream cs = new CryptoStream(fsOut, alg.CreateDecryptor(),
    CryptoStreamMode.Write);

    // Now will will initialize a buffer and will be processing the input file
    in chunks.

    // This is done to avoid reading the whole file (which can be huge) into
    memory.

    int bufferLen = 4096;

    byte[] buffer = new byte[bufferLen];

    int bytesRead;

    do

    {

    // read a chunk of data from the input file

    bytesRead = fsIn.Read(buffer, 0, bufferLen);

    // Decrypt it

    cs.Write(buffer, 0, bytesRead);

    } while(bytesRead != 0);

    // close everything

    cs.Close(); // this will also close the unrelying fsOut stream

    fsIn.Close();

    }

    //

    // Testing function

    // I am sure you will be able to figure out what it does!

    //

    public static void testFunc(string[] args)

    {

    if (args.Length == 0)

    {

    string plainText = "This is some plain text";

    string Password = "Password";

    Console.WriteLine("Plain text: \"" + plainText + "\", Password: \"" +
    Password + "\"");

    string cipherText = Encrypt(plainText, Password );

    Console.WriteLine("Encrypted text: " + cipherText);

    string decryptedText = Decrypt(cipherText, Password);

    Console.WriteLine("Decrypted: " + decryptedText);

    }

    else

    {

    Encrypt(args[0], args[0]+".encrypted", "Password");

    Decrypt(args[0]+".encrypted", args[0]+".decrypted", "Password");

    }

    Console.WriteLine("Done.");

    }

    }

    }
    Craig, Feb 5, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Bharat Bhushan

    Appending byte[] to another byte[] array

    Bharat Bhushan, Aug 5, 2003, in forum: Java
    Replies:
    15
    Views:
    40,234
    Roedy Green
    Aug 5, 2003
  2. Kirby
    Replies:
    3
    Views:
    637
    Kirby
    Oct 8, 2004
  3. Replies:
    20
    Views:
    9,748
    licebmi
    Sep 7, 2009
  4. Ike
    Replies:
    3
    Views:
    483
    Dale King
    Nov 29, 2006
  5. jt
    Replies:
    3
    Views:
    921
    Keith Thompson
    May 23, 2005
Loading...

Share This Page