3

I want to generate a link

http://site/?code=xxxxxxxxxx

Where xxxxxxxxxx is an encrypted string generated from the string user01. And I will need to convert it back later.

Is there a simple way to encrypt and decrypt a string like this?

BrunoLM
  • 97,872
  • 84
  • 296
  • 452
  • What do you meann by encoded/encrypted? How secure do you want it to be? – The Archetypal Paul Oct 29 '10 at 16:03
  • Yes there are several "simple" ways but what have you tried so far? What are your thoughts and mostly what is currently the problem? – Sani Huttunen Oct 29 '10 at 16:03
  • @Paul: Doesn't really matter. Just a bit hard to "guess" a code. – BrunoLM Oct 29 '10 at 16:04
  • @Sani: I haven't tried anything because I don't a simple way. If I can't find a simple solution I will just use base64 and convert to hex. – BrunoLM Oct 29 '10 at 16:05
  • Yes really is it encoded or encrypted? – A_Nabelsi Oct 29 '10 at 16:05
  • 1
    @BrunoML: If all you really need is a "hard to guess" value then Base64 encoding should suffice. The problem you are facing can be one of two things. Either this is in WebForms or it's in WinForms. Hiding stuff from users in a secure manner is easier in WebForms than WinForms. (Well, novice users atleast). – Sani Huttunen Oct 29 '10 at 16:09
  • Anything can be made simple if you have the right level of abstraction. – Jordão Oct 29 '10 at 16:30
  • @BrunoLM, are you asking for the proper way to encrypt data in the minimal amount of code? Or looking for code that is essentially more obfuscated than the "encrypted" data. – AviD May 01 '11 at 15:17

3 Answers3

10

What you need to do is to look into the System.Security.Cryptography namespace.

Edit:
In one line of code? OK:

class Program
{
    static void Main(string[] args)
    {
        Console.WriteLine(Decrypt(Encrypt("This is a sample", "thisismypassword"), "thisismypassword"));
    }

    public static string Encrypt(string plaintext, string password)
    {
        return Convert.ToBase64String((new AesManaged { Key = Encoding.UTF8.GetBytes(password), Mode = CipherMode.ECB  }).CreateEncryptor().TransformFinalBlock(Encoding.UTF8.GetBytes(plaintext), 0, Encoding.UTF8.GetBytes(plaintext).Length));
    }

    public static string Decrypt(string ciphertext, string password)
    {
        return Encoding.UTF8.GetString((new AesManaged { Key = Encoding.UTF8.GetBytes(password), Mode = CipherMode.ECB }).CreateDecryptor().TransformFinalBlock(Convert.FromBase64String(ciphertext), 0, Convert.FromBase64String(ciphertext).Length));
    }
}
Sani Huttunen
  • 23,620
  • 6
  • 72
  • 79
  • Most of it generate arrays of bytes that converted to a string doesn't look pretty to put in a url. And I couldn't find a simple way to do it. – BrunoLM Oct 29 '10 at 16:07
  • Just convert the array byte to Base64. That is the usual approach. It's one line of code. – Sani Huttunen Oct 29 '10 at 16:10
4

you can try this to convert your string. It is going to convert to Base64 and to then hex allowing you to put on the URL.

var inputString = "xxxxx";
var code = Convert.ToBase64String((new ASCIIEncoding()).GetBytes(inputString)).ToCharArray().Select(x => String.Format("{0:X}", (int)x)).Aggregate(new StringBuilder(), (x, y) => x.Append(y)).ToString();

and this to get the string back, from hex to Base64 and from Base64 to your original string

var back = (new ASCIIEncoding()).GetString(Convert.FromBase64String(Enumerable.Range(0, code.Length / 2).Select(i => code.Substring(i * 2, 2)).Select(x => (char)Convert.ToInt32(x, 16)).Aggregate(new StringBuilder(), (x, y) => x.Append(y)).ToString()));
Gadonski
  • 3,150
  • 2
  • 25
  • 31
  • 2
    Seems there isn't an easier way. I was going to do that if I couldn't find another way. Thanks for posting it! – BrunoLM Oct 29 '10 at 17:03
  • 3
    This is NOT encryption! It is trivial to misuse, bypass, or retrieve the original data. – AviD May 01 '11 at 15:15
1
  • ROT13
  • ROT26
  • reverse-the-order-of-the-characters
  • application/x-www-form-urlencoded
  • encode_hex(aes_256(secret_key, known_iv, to_utf_8(value)))
  • store the string and a randomly-generated lookup key in a persistent dictionary (like a database table with columns string and lookup_key)
yfeldblum
  • 65,165
  • 12
  • 129
  • 169