Really simple encryption with C# and SymmetricAlgorithm

Question

I'm looking for a very simple crypt / decrypt method. I will be using always the same static key. I'm aware of the risks of this approach. Currently I'm using the following code but it does not generate the same result after crypting and decripting the same string (there is some garbage in the middle of the string).

public static string Crypt(this string text)
{
    string result = null;

    if (!String.IsNullOrEmpty(text))
    {
        byte[] plaintextBytes = Encoding.Unicode.GetBytes(text);

        SymmetricAlgorithm symmetricAlgorithm = DES.Create();
        symmetricAlgorithm.Key = new byte[8] {1, 2, 3, 4, 5, 6, 7, 8};
        using (MemoryStream memoryStream = new MemoryStream())
        {
            using (CryptoStream cryptoStream = new CryptoStream(memoryStream, symmetricAlgorithm.CreateEncryptor(), CryptoStreamMode.Write))
            {
                cryptoStream.Write(plaintextBytes, 0, plaintextBytes.Length);
            }

            result = Encoding.Unicode.GetString(memoryStream.ToArray());
        }
    }

    return result;
}

public static string Decrypt(this string text)
{
    string result = null;

    if (!String.IsNullOrEmpty(text))
    {
        byte[] encryptedBytes = Encoding.Unicode.GetBytes(text);

        SymmetricAlgorithm symmetricAlgorithm = DES.Create();
        symmetricAlgorithm.Key = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 };
        using (MemoryStream memoryStream = new MemoryStream(encryptedBytes))
        {
            using (CryptoStream cryptoStream = new CryptoStream(memoryStream, symmetricAlgorithm.CreateDecryptor(), CryptoStreamMode.Read))
            {
                byte[] decryptedBytes = new byte[encryptedBytes.Length];
                cryptoStream.Read(decryptedBytes, 0, decryptedBytes.Length);
                result = Encoding.Unicode.GetString(decryptedBytes);
            }
        }
    }

    return result;
}

I can change whatever is needed, no limits (but I want just to have on method to crypt and another one to decrypt without sharing variables between them).

Thanks.

Either pad your data to a multiple of the cipher's block size or use a stream algorithm instead of a block algorithm. — David Schwartz, Jan 27 '12 at 10:01

score 69 · Accepted Answer · edited Mar 23 '21 at 15:09

69

If you don't want to handle keys yourself then let the operating system do it for your. E.g. use Windows Data Protection (DPAPI).

You can write your own, string-based, version of System.Security.Cryptography.ProtectedData.Protect and Unprotect methods by using something like:

public static string Crypt (this string text)
{
    return Convert.ToBase64String (
        ProtectedData.Protect (
            Encoding.Unicode.GetBytes (text) ) );
}

public static string Decrypt (this string text)
{
    return Encoding.Unicode.GetString (
        ProtectedData.Unprotect (
             Convert.FromBase64String (text) ) );
}

edited Mar 23 '21 at 15:09

DevDave

6,700
12
65
99

answered Jan 27 '12 at 13:54

poupou

43,413
6
77
174

74

Be careful with this, you can't decrypt the encrpyted string on any other computer or even with a different profile on the same machine. Only good for storing things very locally. – Jonathan DeMarks Feb 01 '13 at 13:33
8

@JonathanDeMarks, The latest version of the base class libraries **DO** allow this to be encrypted/decrypted by both **CurrentUser** as well as **LocalMachine**. The signature for the encrypt is as follows: `public static byte[] Protect (byte[] userData, byte[] optionalEntropy, DataProtectionScope scope)` where `scope` can be `DataProtectionScope.CurrentUser` or `DataProtectionScope.LocalMachine` – Ryan Griffith Jun 04 '14 at 12:54
5

he is saying "I will be using always the same static key". And you are offering something that will get him into trouble – Toolkit Nov 26 '14 at 08:07
4

@JonathanDeMarks thanks for killing the joy of finding simple method... – TheVillageIdiot Oct 26 '16 at 22:55
10

The `Protect` and `Unprotect` do not allow single argument. Therefore, I had to use, for example: `ProtectedData.Protect(Encoding.Unicode.GetBytes(text),null,DataProtectionScope.CurrentUser)` and `ProtectedData.Unprotect(Convert.FromBase64String(text), null, DataProtectionScope.CurrentUser)` – Tomáš Kratochvíla Aug 14 '18 at 08:55
1

Remember do add a reference to System.Security.dll in your project. – Bruno Soares Dec 20 '18 at 21:27

Sam Greenhalgh · Answer 2 · 2012-01-27T13:58:15.943

How about something like this?

Code

using System;
using System.Security.Cryptography;
using System.Text;

public static class StringUtil
{
    private static byte[] key = new byte[8] {1, 2, 3, 4, 5, 6, 7, 8};
    private static byte[] iv = new byte[8] {1, 2, 3, 4, 5, 6, 7, 8};

    public static string Crypt(this string text)
    {
        SymmetricAlgorithm algorithm = DES.Create();
        ICryptoTransform transform = algorithm.CreateEncryptor(key, iv);
        byte[] inputbuffer = Encoding.Unicode.GetBytes(text);
        byte[] outputBuffer = transform.TransformFinalBlock(inputbuffer, 0, inputbuffer.Length);
        return Convert.ToBase64String(outputBuffer);
    }

    public static string Decrypt(this string text)
    {
        SymmetricAlgorithm algorithm = DES.Create();
        ICryptoTransform transform = algorithm.CreateDecryptor(key, iv);
        byte[] inputbuffer = Convert.FromBase64String(text);
        byte[] outputBuffer = transform.TransformFinalBlock(inputbuffer, 0, inputbuffer.Length);
        return Encoding.Unicode.GetString(outputBuffer);
    }
}

Unit Test

[Test]
public void Test()
{
    string expected = "this is my test string";
    string a = expected.Crypt();
    Debug.WriteLine(a);
    string actual = a.Decrypt();
    Assert.AreEqual(expected, actual);
}

EDIT:

To clarify: I am aware this is not good practice.

"I'm aware of the risks of this approach. "

Iv'e made the assumption that the OP is also aware and will make relevant code changes before considering using anything like this in a production environment.

The question emphasizes simplicity over good practice.

Served it's purpose for my little project just fine, thanks :) — JARRRRG, May 21 '14 at 05:27
This just throws an error "System.Security.Cryptography.CryptographicException: Bad Data." — user1034912, Jun 23 '20 at 01:04
Consider using AES instead of DES as this one is more exposed to attacks. https://learn.microsoft.com/en-us/dotnet/fundamentals/code-analysis/quality-rules/ca5351#how-to-fix-violations — carraua, Mar 16 '23 at 14:01

Sani Huttunen · Answer 3 · 2012-01-27T10:18:15.870

13

You'll need to set the cipher mode to CipherMode.ECB or use an IV.

SymmetricAlgorithm symmetricAlgorithm = DES.Create();
symmetricAlgorithm.Key = new byte[8] { 1, 2, 3, 4, 5, 6, 7, 8 };
symmetricAlgorithm.Mode = CipherMode.ECB;
...

Another point is not to use Unicode encoding. Use Base64 instead. Unicode might "destroy" bytes that are not UTF-16.

edited Jan 27 '12 at 10:18

answered Jan 27 '12 at 10:03

Sani Huttunen

23,620
6
72
79

Anyway I get the beggining of the string corrupted. – Ignacio Soler Garcia Jan 27 '12 at 10:11
+1. An alternative can be to just return (and then use) the raw bytes rather than a string, but either way the problem is that `Encoding.Unicode.GetString` is going to catch and "fix" cases where the encrypted bytes aren't valid UTF-16, which ruins the plan. – Jon Hanna Jan 27 '12 at 10:13
Greeeeeeeat. Now it works, thanks! (It's hard when you have to work with things that you don't understand and you don't want to understand ;) thanks again. – Ignacio Soler Garcia Jan 27 '12 at 10:24
1

@CodeInChaos: Nothing wrong with using ECB. It all depends on the context. To solve his/her problem the necessary steps to take is what I described in my answer, ECB or IV. Though I'd never use ECB myself, using ECB is one of the possible solutions. – Sani Huttunen Jan 27 '12 at 10:50

Really simple encryption with C# and SymmetricAlgorithm

3 Answers3

Linked