MovGP0        Über mich        Hilfen        Artikel        Weblinks        Literatur        Zitate        Notizen        Programmierung        MSCert        Physik      

Encryption

Bearbeiten
var password = "password";

var byteConverter = new UnicodeEncoding();
var data = byteConverter.GetBytes(password);

var sha256 = SHA256.Create();
var hash = sha256.CompiteHash(data);

Symmetric Encryption

Bearbeiten

Asymmetric Encryption

Bearbeiten
var password = "password";

var byteConverter = new UnicodeEncoding();
var dataToEncrypt = byteConverter.GetBytes(password);

// export Keys 
var provider = new RSACryptoServiceProvider();
var publicKeyXml = provider.ToXmlString(false);
var privateKeyXml = provider.ToXmlString(true);

// Encrypt
byte[] enryptedData;
using(var provider = new RSACryptoServiceProvider())
{
    provider.FromXmlString(publicKeyXml);
    encryptedData = provider.Encrypt(dataToEncrypt);
}

// Decrypt
byte[] decryptedData;
using(var provider = new RSACryptoServiceProvider())
{
    provider.FromXmlString(privateKeyXml);
    decryptedData = provider.Decrypt(enryptedData);
}

var enrcyptedPassword = byteConverter.GetString(decryptedData);
Namespaces
using System;
using System.IO;
using System.Runtime.InteropServices;
using System.Security;
using System.Security.Cryptography;
using System.Text;
Helper classes
public static class SecureStringExtensions
{
    public static string ConvertToString(this SecureString secstrPassword)
    {
        IntPtr unmanagedString = IntPtr.Zero;
        try
        {
            unmanagedString = Marshal.SecureStringToGlobalAllocUnicode(secstrPassword);
            return Marshal.PtrToStringUni(unmanagedString);
        }
        finally
        {
            Marshal.ZeroFreeGlobalAllocUnicode(unmanagedString);
        }
    }
    
    public static SecureString ConvertToSecureString(this string plainText)
    {
        return plainText.ToCharArray().Aggregate(new SecureString(), (secureString, c) => {
            secureString.AppendChar(c);
            return secureString;    
        });
    }
}

public static class HashAlgorithm
{
    public static readonly string Sha1 = "SHA1";
    public static readonly string Md5 = "MD5"; 
}

/// <summary>
/// Size of encryption key in bits. 
/// Values are: 128, 192, and 256. 
/// Longer keys are more secure than shorter keys.
/// </summary>
public enum KeySize
{
    Short = 128, 
    Medium = 192, 
    Long = 256
}
Encryption
/// <summary>
/// This class uses a symmetric key algorithm (Rijndael/AES) to encrypt and 
/// decrypt data. As long as encryption and decryption routines use the same
/// parameters to generate the keys, the keys are guaranteed to be the same.
/// The class uses static functions with duplicate code to make it easier to
/// demonstrate encryption and decryption logic. In a real-life application, 
/// this may not be the most efficient way of handling encryption, so - as
/// soon as you feel comfortable with it - you may want to redesign this class.
/// </summary>
public sealed class RijndaelSimple
{
    /// <summary>
    /// Encrypts specified plaintext using Rijndael symmetric key algorithm
    /// and returns a base64-encoded result.
    /// </summary>
    /// <param name="plainText">
    /// Plaintext value to be encrypted.
    /// </param>
    /// <param name="passPhrase">
    /// Passphrase from which a pseudo-random password will be derived. The
    /// derived password will be used to generate the encryption key.
    /// Passphrase can be any string. In this example we assume that this
    /// passphrase is an ASCII string.
    /// </param>
    /// <param name="saltValue">
    /// Salt value used along with passphrase to generate password. Salt can
    /// be any string. In this example we assume that salt is an ASCII string.
    /// </param>
    /// <param name="hashAlgorithm">
    /// Hash algorithm used to generate password. Allowed values are: "MD5" and
    /// "SHA1". SHA1 hashes are a bit slower, but more secure than MD5 hashes.
    /// </param>
    /// <param name="passwordIterations">
    /// Number of iterations used to generate password. One or two iterations
    /// should be enough.
    /// </param>
    /// <param name="initVector">
    /// Initialization vector (or IV). This value is required to encrypt the
    /// first block of plaintext data. For RijndaelManaged class IV must be 
    /// exactly 16 ASCII characters long.
    /// </param>
    /// <param name="keySize">
    /// Size of encryption key in bits. Allowed values are: 128, 192, and 256. 
    /// Longer keys are more secure than shorter keys.
    /// </param>
    /// <returns>
    /// Encrypted value formatted as a base64-encoded string.
    /// </returns>
    public static string Encrypt(string plainText, string passPhrase, string saltValue, string hashAlgorithm, int passwordIterations, string initVector, KeySize keySize)
    {
        // Convert strings into byte arrays.
        // Let us assume that strings only contain ASCII codes.
        // If strings include Unicode characters, use Unicode, UTF7, or UTF8 
        // encoding.
        var initVectorBytes = Encoding.ASCII.GetBytes(initVector);
 
        if(initVectorBytes.Count() != 16)
        {
            throw new ArgumentException("For RijndaelManaged, the Initialization Vector must be exactly 16 ASCII characters.", initVector);
        }
 
        var saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
 
        // Convert our plaintext into a byte array.
        // Let us assume that plaintext contains UTF8-encoded characters.
        var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
 
        // First, we must create a password, from which the key will be derived.
        // This password will be generated from the specified passphrase and 
        // salt value. The password will be created using the specified hash 
        // algorithm. Password creation can be done in several iterations.
        var password = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations);
 
        // Use the password to generate pseudo-random bytes for the encryption
        // key. Specify the size of the key in bytes (instead of bits).
        var keyBytes = password.GetBytes((int)keySize / 8);
 
        // Create uninitialized Rijndael encryption object.
        var symmetricKey = new RijndaelManaged();
 
        // It is reasonable to set encryption mode to Cipher Block Chaining
        // (CBC). Use default options for other symmetric key parameters.
        symmetricKey.Mode = CipherMode.CBC;
 
        // Generate encryptor from the existing key bytes and initialization 
        // vector. Key size will be defined based on the number of the key 
        // bytes.
        var encryptor = symmetricKey.CreateEncryptor
        (
            keyBytes,
            initVectorBytes
        );
 
        // Define memory stream which will be used to hold encrypted data.
        var memoryStream = new MemoryStream();
 
        // Define cryptographic stream (always use Write mode for encryption).
        var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write);
 
        // Start encrypting.
        cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
 
        // Finish encrypting.
        cryptoStream.FlushFinalBlock();
 
        // Convert our encrypted data from a memory stream into a byte array.
        var cipherTextBytes = memoryStream.ToArray();
 
        // Close both streams.
        memoryStream.Close();
        cryptoStream.Close();
 
        // Convert encrypted data into a base64-encoded string.
        var cipherText = Convert.ToBase64String(cipherTextBytes);
 
        // Return encrypted string.
        return cipherText;
    }
 
    /// <summary>
    /// Decrypts specified ciphertext using Rijndael symmetric key algorithm.
    /// </summary>
    /// <param name="cipherText">
    /// Base64-formatted ciphertext value.
    /// </param>
    /// <param name="passPhrase">
    /// Passphrase from which a pseudo-random password will be derived. The
    /// derived password will be used to generate the encryption key.
    /// Passphrase can be any string. In this example we assume that this
    /// passphrase is an ASCII string.
    /// </param>
    /// <param name="saltValue">
    /// Salt value used along with passphrase to generate password. Salt can
    /// be any string. In this example we assume that salt is an ASCII string.
    /// </param>
    /// <param name="hashAlgorithm">
    /// Hash algorithm used to generate password. Allowed values are: "MD5" and
    /// "SHA1". SHA1 hashes are a bit slower, but more secure than MD5 hashes.
    /// </param>
    /// <param name="passwordIterations">
    /// Number of iterations used to generate password. One or two iterations
    /// should be enough.
    /// </param>
    /// <param name="initVector">
    /// Initialization vector (or IV). This value is required to encrypt the
    /// first block of plaintext data. For RijndaelManaged class IV must be
    /// exactly 16 ASCII characters long.
    /// </param>
    /// <param name="keySize">
    /// Size of encryption key in bits. Allowed values are: 128, 192, and 256.
    /// Longer keys are more secure than shorter keys.
    /// </param>
    /// <returns>
    /// Decrypted string value.
    /// </returns>
    /// <remarks>
    /// Most of the logic in this function is similar to the Encrypt
    /// logic. In order for decryption to work, all parameters of this function
    /// - except cipherText value - must match the corresponding parameters of
    /// the Encrypt function which was called to generate the
    /// ciphertext.
    /// </remarks>
    public static SecureString Decrypt(string cipherText, string passPhrase, string saltValue, string hashAlgorithm, int passwordIterations, string initVector, KeySize keySize)
    {
        // Convert strings defining encryption key characteristics into byte
        // arrays. Let us assume that strings only contain ASCII codes.
        // If strings include Unicode characters, use Unicode, UTF7, or UTF8
        // encoding.
        var initVectorBytes = Encoding.ASCII.GetBytes(initVector);
        var saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
 
        // Convert our ciphertext into a byte array.
        var cipherTextBytes = Convert.FromBase64String(cipherText);
 
         byte[] keyBytes;
        // First, we must create a password, from which the key will be 
        // derived. This password will be generated from the specified 
        // passphrase and salt value. The password will be created using
        // the specified hash algorithm. Password creation can be done in
        // several iterations.
        using(var password = new PasswordDeriveBytes(passPhrase, saltValueBytes, hashAlgorithm, passwordIterations))
        {
            // Use the password to generate pseudo-random bytes for the encryption
            // key. Specify the size of the key in bytes (instead of bits).
            keyBytes = password.GetBytes((int)keySize / 8);
        }
        string plainText;
 
        // Create uninitialized Rijndael encryption object.
        using(var symmetricKey = new RijndaelManaged())
         {
            // It is reasonable to set encryption mode to Cipher Block Chaining
            // (CBC). Use default options for other symmetric key parameters.
            symmetricKey.Mode = CipherMode.CBC;
    
            // Generate decryptor from the existing key bytes and initialization 
            // vector. Key size will be defined based on the number of the key 
            // bytes.
            using(var decryptor = symmetricKey.CreateDecryptor(keyBytes, initVectorBytes))
            {
                // Define memory stream which will be used to hold encrypted data.
                using(var memoryStream = new MemoryStream(cipherTextBytes))
                {
                    // Define cryptographic stream (always use Read mode for encryption).
                    using(var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                    {
                        // Since at this point we don't know what the size of decrypted data
                        // will be, allocate the buffer long enough to hold ciphertext;
                        // plaintext is never longer than ciphertext.
                        var plainTextBytes = new byte[cipherTextBytes.Length];
                
                        // Start decrypting.
                        var decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
                
                        // Close both streams.
                        memoryStream.Close();
                        cryptoStream.Close();
                        
                        // Convert decrypted data into a string. 
                        // Let us assume that the original plaintext string was UTF8-encoded.
                        plainText = Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
                        
                        // Secure string.
                        return plainText.ConvertToSecureString();
                    }
                }
            }
        }
    }
}
Application
void Main()
{
    var plainText       = "Hello, World!";    // original plaintext
    var passPhrase      = "Pas5pr@se";        // can be any string
    var saltValue       = "s@1tValue";        // can be any string
    var hashAlgorithm   = HashAlgorithm.Sha1;
    var passwordIterations = 2;                // can be any positive number
    var initVector      = "@1B2c3D4e5F6g7H8"; // must be 16 bytes
    var keySize         = KeySize.Long; 
 
    Console.WriteLine(string.Format("Plaintext : {0}", plainText));
 
    var cipherText = RijndaelSimple.Encrypt(plainText, passPhrase, saltValue, hashAlgorithm, passwordIterations, initVector, keySize);
 
    Console.WriteLine(String.Format("Encrypted : {0}", cipherText));
 
    var securePlainText = RijndaelSimple.Decrypt(cipherText, passPhrase, saltValue, hashAlgorithm, passwordIterations, initVector, keySize);
 
    Console.WriteLine(string.Format("Decrypted : {0}", securePlainText.ConvertToString()));
}

Internetquellen

Bearbeiten

|}