C# Byte[] Encryption

Question

I have a Byte[] field that is a file contents that I need to encrypt. Nothing special or fancy, just enough to make sure the next person who gets it won't be able to easily decode it without some effort. I would use the encryption that comes with .Net Framework 4.0 but I definitely do not need to make the file any bigger than it is.

I thought about just simply reversing the array or adding a few bytes to the end...?

If I can avoid making the array to much bigger that would be great.

Any suggestions?

Thanks!

possible duplicate of [Encrypt/Decrypt string in .NET](http://stackoverflow.com/questions/202011/encrypt-decrypt-string-in-net) — Bobby, Dec 21 '10 at 16:14
I've voted for duplicate because it is basically the same. Before you can encrypt a string you have to convert it to a byte-array, which is pretty much this question. I also vote for the first answer on that question, RSA. — Bobby, Dec 21 '10 at 16:15
http://msdn.microsoft.com/en-us/library/system.security.cryptography.tripledes.aspx just an example... — digEmAll, Dec 21 '10 at 16:15
I see alot of answers and I appreciate the comments. My primary concern is that the byte array will increase in size significantly if I use any of the encryption mechanisms offered by .Net. Can anyone give me some insight as to the truth of this? From what I've done before, the size of the array dramatically increased. Btw, I didn't post the linked item above, I hadn't seen it before. My concern is more about the size of the array. — ErocM, Dec 21 '10 at 16:22
Take a look at the answer to this question: http://stackoverflow.com/q/202011/50079. — Jon, Dec 21 '10 at 16:11

Jesse C. Slicer · Accepted Answer · 2020-11-25T20:17:41.273

Does the addition of 1-16 bytes hurt? AES will pad by default using the below method:

    private static void EncryptThenDecrypt(byte[] msg)
    {
        byte[] message = msg; // fill with your bytes

        if (message is null)
        {
            return;
        }

        byte[] encMessage; // the encrypted bytes
        byte[] decMessage; // the decrypted bytes - s/b same as message
        byte[] key;
        byte[] iv;

        using (SymmetricAlgorithm aes = Aes.Create())
        {
            if (aes is null)
            {
                iv = key = null;
                encMessage = Array.Empty<byte>();
            }
            else
            {
                aes.GenerateKey();
                aes.GenerateIV();
                key = aes.Key;
                iv = aes.IV;
                encMessage = EncryptBytes(aes, message);
            }
        }

        using (SymmetricAlgorithm aes = Aes.Create())
        {
            if (aes is null || key is null)
            {
                decMessage = Array.Empty<byte>();
            }
            else
            {
                aes.Key = key;
                aes.IV = iv;
                decMessage = DecryptBytes(aes, encMessage);
            }
        }

        Debug.Assert(message.SequenceEqual(decMessage), "Decrypted bytes do not match original bytes.");
    }

    private static byte[] EncryptBytes(SymmetricAlgorithm alg, byte[] message)
    {
        if (message is null)
        {
#pragma warning disable S1168 // Empty arrays and collections should be returned instead of null
            return null;
#pragma warning restore S1168 // Empty arrays and collections should be returned instead of null
        }

        if (message.Length == 0)
        {
            return message;
        }

        if (alg is null)
        {
            throw new ArgumentNullException(nameof(alg));
        }

        using (MemoryStream stream = new MemoryStream())
        using (ICryptoTransform encryptor = alg.CreateEncryptor())
        using (CryptoStream encrypt = new CryptoStream(stream, encryptor, CryptoStreamMode.Write))
        {
            encrypt.Write(message, 0, message.Length);
            encrypt.FlushFinalBlock();
            return stream.ToArray();
        }
    }

    private static byte[] DecryptBytes(SymmetricAlgorithm alg, byte[] message)
    {
        if (message is null)
        {
#pragma warning disable S1168 // Empty arrays and collections should be returned instead of null
            return null;
#pragma warning restore S1168 // Empty arrays and collections should be returned instead of null
        }

        if (message.Length == 0)
        {
            return message;
        }

        if (alg is null)
        {
            throw new ArgumentNullException(nameof(alg));
        }

        using (MemoryStream stream = new MemoryStream())
        using (ICryptoTransform decryptor = alg.CreateDecryptor())
        using (CryptoStream encrypt = new CryptoStream(stream, decryptor, CryptoStreamMode.Write))
        {
            encrypt.Write(message, 0, message.Length);
            encrypt.FlushFinalBlock();
            return stream.ToArray();
        }
    }

First, keep your Key and IV handy from when you created your `SymmetricAlgorithm`. Then use the `DecryptBytes` method I'm about to edit the answer to have. — Jesse C. Slicer, Dec 21 '10 at 16:52

score 2 · Answer 2 · answered Dec 21 '10 at 16:10

2

Don't invent your own Encryption mechanism (i.e. Security by Obfuscation), use one of the classes provided by the framework.

answered Dec 21 '10 at 16:10

Ta01

31,040
13
70
99

1

If I have various sized files, wouldn't this significantly change the size of the array, making it much bigger than the original? – ErocM Dec 21 '10 at 16:15
Any approach worth even doing is going to increase the size of the file some. What is the current size of the file, one route you could take is to simply compress the file. You woudln't have to advertise what you did to the file, it certaintly wouldn't increase the file size, it might even decrease the size. – Security Hound Dec 21 '10 at 16:19

C# Byte[] Encryption

2 Answers2

Linked