6

I need to download a large video file and save it to the hard drive. Then I need to play this video file using a XAML media element. But the file must be encrypted using AES 256 algorithm and encryption key. An unencrypted data must not be written to the hard drive at any time.

E.g. I can have a stream that can transform unencrypted data to a file and vice-versa.

WinRT has an API that allows me to encrypt buffers. But if the file is large this will not work. WinRT has an API that allows to encrypt streams DataProtectionProvider. But there is a magical protectionDescriptor parameter and I did not found an information about how to specify an algorithm and a key.

What I was able to do is to implement IRandomAccessStream in C#. It works but it is slow.

Please do not provide answers that are not related to WinRT platform. Any other help would be appreciated.

maxim pg
  • 701
  • 4
  • 9
  • 1
    Could you please clarify what you mean with "implement IRandomAccessStream in C#"? Did you find a way to use symmetric encryption with streams directly? I use a method that reads the stream in chunks, encrypts chunk by chunk and writes the result to the destination stream. This works even with very large files and is not too slow. – Jürgen Bayer Jan 05 '13 at 09:00
  • I've solved the problem in my implementation. Now it works fast for both: read and write operations. – maxim pg Jan 22 '13 at 19:42
  • It's a pity that you cannot share the source code. Sounds like a very good solution. Could you at least share some information how you solved the problem? – Jürgen Bayer Jan 22 '13 at 20:50

2 Answers2

0

The example here: http://msdn.microsoft.com/en-us/library/windows/apps/xaml/windows.security.cryptography.dataprotection.dataprotectionprovider.aspx, gives you information about what protectionDescriptor is, in short, it identify the user or group or computer that will provide the key for encryption, in the example you have:

String strDescriptor = "LOCAL=user";

and later:

DataProtectionProvider Provider = new DataProtectionProvider(strDescriptor);

Which means that the provider of the key will be the current user, for the look of this class it seems that it's intended to protect user's information, probably using user's own generated certificate and a default algorithm, which can't ve overrided, so if you look for a way to explicity expecify a key and an algorithm, you may be stuck with CryptographicEngine

Rafael
  • 2,827
  • 1
  • 16
  • 17
  • So how to specify that I need AES 256 and an encryption key? – maxim pg Nov 12 '12 at 20:47
  • With DataProtectionProvider you can't the only way is CryptographicEngine, the API used to encrypt buffers, for better understanding, DataProtectionProvider is akin to .NET Framework File.Encrypt (http://msdn.microsoft.com/en-us/library/system.io.file.encrypt.aspx). – Rafael Nov 12 '12 at 20:53
  • MSDN says (see the link from the question): You can protect data by using a symmetric key. This works, for example, to protect data to a non-AD principal such as Live ID. – maxim pg Nov 12 '12 at 21:15
  • @maximpg, these two resources refer to hashing large files, they may apply to encrytion also: http://stackoverflow.com/questions/13534334/how-to-compute-hash-md5-or-sha-of-a-large-file-with-c-sharp-in-windows-store-a and http://stackoverflow.com/questions/2124468/possible-to-calculate-md5-or-other-hash-with-buffered-reads – Rafael Nov 23 '12 at 19:30
  • Unfortunately they are not helpful. – maxim pg Dec 11 '12 at 19:03
0

I was able to implement IRandomAccessStream that encrypts or decrypts data on the fly using AES_CBC_PKCS7 algorithm. It supports sequential writing and random access reading. Unfortunately I cannot share the source code.

maxim pg
  • 701
  • 4
  • 9
  • could you at least give us a clue? or maybe help with https://stackoverflow.com/questions/28677469/implementing-a-custom-irandomaccessstream ? – Igor Kulman Feb 23 '15 at 15:52