Hi peeps!
hoh! this is the thing that ive been trying to do for 2-3 days! encountered quite a number of problems!
so guys this thing really forced me to google a lot on exception that thrown to me. I hope This tutorial
really helps those who trying to accomplishing the same objective and encountered bugs along the way.
Question : Why is it important to Encrypt our data? isnt serialization is sufficient enough?
Answer : As i posted in my serialization tutorial we can see the data that we serialized into a file is not secure enough. Sensitive data are still exposed.
I hope you guys been patient to go tru step by step tutorial that i provided as this implementation if there are missing codes or steps. you wll encountered numerous exception later. so be patient and keep reading through.
1. Declare our global variables.
a) secretKey, any string that you wish to use for encryption purpose. means without this key, other program cant decrypt you stream to get the data values.
b) store the key for encryption and decryption in bytes.
c) store the initialization vectors for encryption and decryption in bytes. in this scenario im using the same string.
d) declare dataObject, des and desencrypt.
3) Write the Decryption and Deserialization function code.
a) create a file stream to store our file data into it.
b) create des crypto stream provider object together with it padding, mode, key and iv setting.
c) create a decryptor.
d) construct a crypto stream with our file stream and decryptor.
e) create a byte array with our file stream length size.
f) store the crypto stream byte data into our byteArray.
g) create a memory stream object
h) write the byteArray data to our memory stream.
i) deserialize our memory stream into our dataObject.
j) flush and close all streams.
k) return the data object.
4) Write our main program.
P/S: im making use the same DataObjectSerialize class,
Walaaaa... you have finished the tutorial!!!
The result : Able to read the encrypted and serialized object!
Kindly visit my git repo for full code.
https://github.com/aliaramli/c-tutorials/tree/master/EncryptionDecrpytion/EncryptionDecrpytion
if you encountered any problem feel free to comment out, i understand your feelings will try to help if possible! tq
References :
http://stackoverflow.com/questions/306596/end-of-stream-encountered-before-parsing-was-completed?
http://stackoverflow.com/questions/2228850/deserialization-not-working-on-memorystream
http://www.codeproject.com/Articles/26085/File-Encryption-and-Decryption-in-C
http://forums.asp.net/t/1390152.aspx?How+to+solve+System+Security+Cryptography+CryptographicException+Bad+Data+error
https://support.microsoft.com/en-us/kb/307010/
http://geekswithblogs.net/simonc/archive/2012/02/28/oh-no-my-paddings-invalid.aspx
hoh! this is the thing that ive been trying to do for 2-3 days! encountered quite a number of problems!
so guys this thing really forced me to google a lot on exception that thrown to me. I hope This tutorial
really helps those who trying to accomplishing the same objective and encountered bugs along the way.
Objective : To serialized object to a memory stream and encrypt the stream then only write the stream into a file.
Question : Why is it important to Encrypt our data? isnt serialization is sufficient enough?
Answer : As i posted in my serialization tutorial we can see the data that we serialized into a file is not secure enough. Sensitive data are still exposed.
 |
| Left : Encrypted data Right: Non Encrypted data |
1. Declare our global variables.
a) secretKey, any string that you wish to use for encryption purpose. means without this key, other program cant decrypt you stream to get the data values.
b) store the key for encryption and decryption in bytes.
c) store the initialization vectors for encryption and decryption in bytes. in this scenario im using the same string.
d) declare dataObject, des and desencrypt.
2. Write the encryption and serialization function code.
a) serialized our data object into a memory stream.
b) set the memory stream to position 0 because during serialization the stream position has been shift to the end postiion. *****This is really important to avoid exceptions.
c) create the filestream to write out our encrpyted stream to it.
d) read the byte data from memory stream into byteArray
e) set the des padding, mode, key, iv
f) contruct cryptostream object with filestream and des encryptor.
g) write the byte data to filestream via cryptoStream.write.
h) flush and close all stream.***remember to call FlushFinalBlock to avoid padding exception!
3) Write the Decryption and Deserialization function code.
a) create a file stream to store our file data into it.
b) create des crypto stream provider object together with it padding, mode, key and iv setting.
c) create a decryptor.
d) construct a crypto stream with our file stream and decryptor.
e) create a byte array with our file stream length size.
f) store the crypto stream byte data into our byteArray.
g) create a memory stream object
h) write the byteArray data to our memory stream.
i) deserialize our memory stream into our dataObject.
j) flush and close all streams.
k) return the data object.
4) Write our main program.
P/S: im making use the same DataObjectSerialize class,
Walaaaa... you have finished the tutorial!!!
The result : Able to read the encrypted and serialized object!
Kindly visit my git repo for full code.
https://github.com/aliaramli/c-tutorials/tree/master/EncryptionDecrpytion/EncryptionDecrpytion
if you encountered any problem feel free to comment out, i understand your feelings will try to help if possible! tq
References :
http://stackoverflow.com/questions/306596/end-of-stream-encountered-before-parsing-was-completed?
http://stackoverflow.com/questions/2228850/deserialization-not-working-on-memorystream
http://www.codeproject.com/Articles/26085/File-Encryption-and-Decryption-in-C
http://forums.asp.net/t/1390152.aspx?How+to+solve+System+Security+Cryptography+CryptographicException+Bad+Data+error
https://support.microsoft.com/en-us/kb/307010/
http://geekswithblogs.net/simonc/archive/2012/02/28/oh-no-my-paddings-invalid.aspx
Comments
Post a Comment