5

I create my file using File.WriteAllBytes(). Byte[] that is passed to File.WriteAllBytes() is encrypted by algorithm of my own. You need password that was used when file was encrypted (user of the program knows the password) to decrypt it. But when some file is opened by my program using File.ReadAllBytes() there are 3 situations:

  1. File that is being opened is my program's file and user knows the password to open it.
  2. File that is being opened is my program's file but user doesn't know the password to open it.
  3. File that is being opened is not my program's file.

First one is easy to handle. 2nd and 3rd are same for my program because my program doesn't know the difference between encrypted byte[] and byte[] of some random file.

How do I differ these situations? I was thinking of adding some sequence of bytes to the end or beginning of byte[] before passing it to File.WriteAllBytes(). Is that safe? How do modern programs differ their files from other files?

foxneSs
  • 2,259
  • 3
  • 18
  • 21

2 Answers2

4

You can give your file some structure before encryption, and check that the structure is there after decryption. If the structure is not there, it's not your file.

For example, you could compute a check sum, and store it in the first few bytes prior to the "payload" block of data. Encrypt the check sum along with the rest of the file.

When you decrypt, take the payload content, and compute its check sum again. Compare the stored result to the computed result to see if the two match. If they don't match, it's not your file. If they do match, very good chances are that it is your file.

This is not the only approach - the structure could be anything you wish, from placing a special sequence of bytes at a specific place to using a specific strict format (e.g. an XML) for your content, and then validating this format after the decryption.

[the file is] encrypted by algorithm of my own.

Be very careful with security through obscurity: coming up with an algorithm that is cryptographically secure is an extremely hard task.

Sergey Kalinichenko
  • 714,442
  • 84
  • 1,110
  • 1,523
  • don't worry :) I use algorithm similar to RC4. Also nobody is gonna use that program except me anyways. I created this program just because I want to create something xD btw, I think I've found a solution: first N decrypted bytes are always the same (I think/needs to be confirmed) because they are product of http://stackoverflow.com/a/18205093/1412924 this guy's slighty edited code. Serialization header seems to be always be the same. I'm gonna check that now – foxneSs Nov 08 '14 at 12:49
2

Many many file format use "Magic numbers" in front of the file to determine their types. Use the first ... 4 bytes, write a custom sequence it it then read it when you load the file.

Eric
  • 19,525
  • 19
  • 84
  • 147