0

Somebody can tell me what the best way to encrypt and decrypt query string? What algorithm is best? Symmetric algorithm, Assymetric algorithm, Digital signature, Or other algorithm that I don't know Please help

MiladCr7
  • 1
  • 2
  • 1
    What's the source? What's the purpose? Is it for internally produced urls, or to authenticate referrals from third party? – sisve May 09 '14 at 08:04
  • Also, what qualifies as the `best`? Is it the fastest, is it the most complex (hardest to crack) is it the one that produces the most beautiful strings? Besides I think this question is far better suited for http://programmers.stackexchange.com/ than for so. – DrCopyPaste May 09 '14 at 08:08
  • For transmit important information – MiladCr7 May 09 '14 at 08:08
  • What is faster? What is hardest to crack?I want know – MiladCr7 May 09 '14 at 08:09
  • You didn't answer my questions. We understand that the information is important to you, but who's transmitting it? Who's generating the urls? Do you need tamper-production to avoid that someone changes data, or completely hide what data is transmitted? – sisve May 09 '14 at 08:13
  • I think there is not a good general answer - because it depends on the scenario. What exactly is it that you want to do? I.e. it _could_ be an option to just use SSL/TLS - because that includes the encryption of the query string. However, that is not a best practice; please see [Is an HTTPS query string secure?](http://stackoverflow.com/questions/323200/is-an-https-query-string-secure) – user4531 May 09 '14 at 08:16
  • I want completely hide query string – MiladCr7 May 09 '14 at 08:27
  • you cant 'hide' querystring but u can encrypt the querystring. please check below.. – SHEKHAR SHETE May 09 '14 at 08:29
  • _Why_ do you want to hide your query strings? Have you used obscene words as database identifiers? Do you want to avoid people guessing identifiers? Is this an attempt to avoid implementing proper access security? – sisve May 09 '14 at 09:10

1 Answers1

0

For symmetric encryption, check out the MSDN doc and examples:

System.Security.Cryptography.Aes
System.Security.Cryptography.DES
System.Security.Cryptography.RC2
System.Security.Cryptography.Rijndael
System.Security.Cryptography.TripleDES

For asymmetric encryption, check out the MSDN doc and examples:

System.Security.Cryptography.DSA
System.Security.Cryptography.ECDiffieHellman
System.Security.Cryptography.ECDsa
System.Security.Cryptography.RSA

Example :

you can change these 

static readonly string PasswordHash = "P@@Sw0rd";
static readonly string SaltKey = "S@LT&KEY";
static readonly string VIKey = "@1B2c3D4e5F6g7H8";

Encrypt:

public static string Encrypt(string plainText)
        {
            byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);

            byte[] keyBytes = new Rfc2898DeriveBytes(PasswordHash, Encoding.ASCII.GetBytes(SaltKey)).GetBytes(256 / 8);
            var symmetricKey = new RijndaelManaged() { Mode = CipherMode.CBC, Padding = PaddingMode.Zeros };
            var encryptor = symmetricKey.CreateEncryptor(keyBytes, Encoding.ASCII.GetBytes(VIKey));

            byte[] cipherTextBytes;

            using (var memoryStream = new MemoryStream())
            {
                using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                {
                    cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
                    cryptoStream.FlushFinalBlock();
                    cipherTextBytes = memoryStream.ToArray();
                    cryptoStream.Close();
                }
                memoryStream.Close();
            }
            return Convert.ToBase64String(cipherTextBytes);
        }

Decrypt:

public static string Decrypt(string encryptedText)
        {
            byte[] cipherTextBytes = Convert.FromBase64String(encryptedText);
            byte[] keyBytes = new Rfc2898DeriveBytes(PasswordHash, Encoding.ASCII.GetBytes(SaltKey)).GetBytes(256 / 8);
            var symmetricKey = new RijndaelManaged() { Mode = CipherMode.CBC, Padding = PaddingMode.None };

            var decryptor = symmetricKey.CreateDecryptor(keyBytes, Encoding.ASCII.GetBytes(VIKey));
            var memoryStream = new MemoryStream(cipherTextBytes);
            var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read);
            byte[] plainTextBytes = new byte[cipherTextBytes.Length];

            int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
            memoryStream.Close();
            cryptoStream.Close();
            return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount).TrimEnd("\0".ToCharArray());
        }

Usage of Above:

string strvalue=Encrypt(someid);
Response.Redirect("yourpage.aspx?id=strvalue");

On Redirected Page:

if(Request.QueryString["id"]!=null)
{
    string decryptval=Decrypt(Request.QueryString["id"].ToString());
}

View other Encryption Methods

Hope this helps!

Community
  • 1
  • 1
SHEKHAR SHETE
  • 5,964
  • 15
  • 85
  • 143