0

I'm currently trying to pass a encrypted message to msmq and have got as far as being able to encrypt some of the fields in the body such as username and password thanks to the following link Simple insecure two-way "obfuscation" for C#

See the following code:

var simpleAes = new SimpleAES();

            var a = new AddToBasketView
            {
                Url = simpleAes.EncryptToString(retailerProduct.DeepLink),
                RetailerProductId = retailerProduct.Id,
                RetailerId = retailerProduct.RetailerId,
                Password = simpleAes.EncryptToString((form["Password"])),
                Username = simpleAes.EncryptToString(form["Username"])
            };
            a.RetailerProduct = _retailerProductRepository.GetRetailerProduct(a.RetailerProductId);
  msgQ.Send(a);

But what i really want to do is encrypt the whole message.Body

so i tried the following

 msgQ.Send(simpleAes.EncryptToString(a.ToString()));

This encrypts the body but when i come to decrypt it my codes expecting an object it fails - i'm not sure how to deal with this.

Here is the code i was using when decrypting the username and password:

  var message = _msgQ.Receive(); // this should be synchronous and block until we receive

        // Is the message we have an empty message or a message?
        if (message != null)
        {


            #region decrypt paword and username
            var simpleAes = new SimpleAES();


            var addToBasketView = (AddToBasketView)message.Body;

            addToBasketView.Password = simpleAes.DecryptString(addToBasketView.Password);
            addToBasketView.Username = simpleAes.DecryptString(addToBasketView.Username);

            #endregion  decrypt paword and username

How can i decrypt the (AddToBasketView)message.Body if i have passed it as a string?

EDIT:

so the problem is that if i encrypt the object aa follows i have to cast it to a string:

msgQ.Send(simpleAes.EncryptToString(a.ToString()));

when i come to decrypt it i need it to be an object not a string so i can use it i.e. a.url a.password a.retailerid etc....

Community
  • 1
  • 1
anna
  • 1,001
  • 6
  • 23
  • 40

1 Answers1

1

Okay, the abstraction on "Cryptography" you are using only supports encrypting strings for some reason. So, if you want to use SimpleAes you will need to serialize your object to a string so that you can use SimpleAes to encrypt it.

Then, when you decrypt you will need to decrypt your encrypted string back to a clear string, then deserialize the clear string back to a class instance.

You can't access the properties of an object once it is encrypted. All the data should be scrambled and it should be very difficult to change it back, or interperet its meaning, without the key and the decryption algorithm.

This is not the same as encoding or serialization.

Jodrell
  • 34,946
  • 5
  • 87
  • 124