.Net Encryption Wrapper

[ad#336x280 Large Rectangle] Share

Encryption is always one of those things that you know you need but you are not exactly sure where to get it and which one to select for your needs. Well, definitely .Net makes it much easier with the comprehensive System.Security.Cryptography namespace. But sometimes, you just want to be able to type Encrypt and get an encrypted string, or type Decrypt and get a decrypted string. Is that so much to ask? Not at all...

This is why a while back I wrote a tiny little class library that wraps around the most widely used cryptographic algorithm in .Net and allows me to encrypt and decrypt strings on the fly. It uses the TripleDESCryptoServiceProvider which is itself a wrapper around the Triple DES algorithm.

I attached the class library and a small test project that shows all the features of the library.

One thing that I found the Mime encoding very useful for is in web applications. Sometimes you find yourself needing to pass a lot of parameters to a certain page, and you don't really want everyone to see them. Imagine this:

/editArticle.aspx?articleID=100&userID=1000

When users look at this they can figure that perhaps by changing the value of the articleID they might be able to edit somebody else's article. Of course, most likely your code can capture and prevent that, but still, why leave it even open? If you encrypt the parameters and present the user with this:

/editArticle.aspx?data=776D72472F53462B4C564F4331696C4E2B577
634487A53764B78657071585934744D466C536B6A4779796B3D

it will be much harder for somebody to figure out what is going on behind the scenes. Of course, now you have to write your own string parser to grab the specific values on the query string, but that is not too difficult.

So, that is how I use the EncryptMime and DecryptMime functions in the library. The Encrypt and Decrypt are using the same algorithm, but just don't encode the results.

Also, sometimes, you might want to prevent users from figuring out numbers in your pages. For example, imagine you have a page with a lot of combo boxes and you give them names that include the ID of a certain item so you can check which one is selected on PostBack, something like this:

CB_1001
CB_1002, etc.

Now a smart user might attempt to go into FireFox with a tool like FireBug and edit that to see what happens. What if you give the user the right to select a checkbox and then click delete to erase something? And what if the user changes that value to CB_2001 so that they are able to delete something else?

Here is where my LiteCrypt class comes along. It simply encodes integer values to a hexadecimal representation of a mathematical permutation and bit-wise operations of the bits in the original value. So, instead of the values above, you would see something like this:

CB_FA4F372D
CB_DB1F352C

Now, that is a little more difficult to figure out. The reason why I like this class is it's simplicity. It doesn't use anything other than XOR and bitwise moves, so it's really fast and lightweight.

However, remember, there is really nothing that can't be cracked or hacked, ultimately, so the things described above are not meant to be a complete security solution. They are just meant to be a deterrent of anyone who would even consider trying to do something bad.

Before I move to examples, I have one more thing I need to mention: the QuotedPrintable class was not written by me. I have it since a long time ago, I got it from somewhere, and I have no idea where it came from. If you know who wrote it, or if it is you who wrote it, send me a message and I will give you all the proper credits for the code. Until then, I am just saying that I did't write it and I simply used it to help my code.

Here are some examples:

Encrypting a string:
[sourcecode language='csharp'] string encrypted = EncryptionManager.Encrypt(toEncrypt, password);
string encryptedEncoded = EncryptionManager.EncryptMime(toEncrypt, password);
[/sourcecode]

Decrypting a string:
[sourcecode language='csharp']

string decryptedEncoded = EncryptionManager.DecryptMime(encryptedEncoded, password);
string decrypted = EncryptionManager.Decrypt(encrypted, password);
[/sourcecode]

Encrypting and decryption an integer:
[sourcecode language='csharp'] int number = 123456789;
int decryptedNumber = 0;
encrypted = LiteCrypt.Encrypt((uint)number);
decryptedNumber = LiteCrypt.Decrypt(encrypted);
[/sourcecode]

Here is the download link: JJ.Encryption

So, there you have it. Enjoy this code and write me your opinions.

Iulian

Sharing is caring...Share on FacebookTweet about this on TwitterShare on Google+Share on TumblrPin on PinterestShare on LinkedInShare on StumbleUponDigg this