Skip to content

Instantly share code, notes, and snippets.

@ctigeek
Created June 19, 2018 15:36
Show Gist options
  • Save ctigeek/46f49bf9e8303434ed14398ec33918d3 to your computer and use it in GitHub Desktop.
Save ctigeek/46f49bf9e8303434ed14398ec33918d3 to your computer and use it in GitHub Desktop.
File Encryption example.
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography;
namespace EncryptionExample
{
class Program
{
static void Main(string[] args)
{
var path = "c:\\code\\test.txt";
//var key = CreateKey();
var key = "RxwjeMYiGlNz+0Ngn0YSaiIruSfN4t2mUqY8wJFLbSw=";
EncryptFile(path, key);
File.Move(path, "c:\\code\\test.blah.txt");
DecryptFile(path, key);
}
private static void EncryptFile(string path, string key)
{
if (!File.Exists(path))
{
throw new ArgumentException("File `" + path + "` does not exist.");
}
var fingerprint = GetFingerprint(key);
var encryptedFileName = path + "." + fingerprint + ".crypted";
if (File.Exists(encryptedFileName))
{
throw new Exception("File `" + encryptedFileName + "` already exists.");
}
using (var aesManaged = new AesManaged())
{
aesManaged.KeySize = 256;
aesManaged.Key = Convert.FromBase64String(key);
aesManaged.Mode = CipherMode.CBC; //always use CBC unless you have a compelling reason to do otherwise (like not decrypting from the beginning to support random-seeks)
aesManaged.GenerateIV(); //never re-use initialization vectors
Debug.WriteLine("Encrypting IV:" + Convert.ToBase64String(aesManaged.IV));
using (var fileStream = File.Create(encryptedFileName))
{
fileStream.Write(aesManaged.IV, 0, aesManaged.IV.Length); //We write the 16-byte IV to the file first. You must keep the IV for decrypting. The IV is NOT a secret and does not need protecting.
var encryptor = aesManaged.CreateEncryptor();
using (var cryptoStream = new CryptoStream(fileStream, encryptor, CryptoStreamMode.Write))
{
using (var inputStream = File.OpenRead(path))
{
inputStream.CopyTo(cryptoStream);
}
cryptoStream.FlushFinalBlock();
}
}
}
}
private static void DecryptFile(string originalFilePath, string key)
{
if (File.Exists(originalFilePath))
{
throw new ArgumentException("File `" + originalFilePath + "` already exists.");
}
var fingerprint = GetFingerprint(key);
var encryptedFileName = originalFilePath + "." + fingerprint + ".crypted";
if (!File.Exists(encryptedFileName))
{
throw new Exception("Encrypted file `" + encryptedFileName + "` does not exist.");
}
using (var reader = File.OpenRead(encryptedFileName))
{
using (var aesManaged = new AesManaged())
{
aesManaged.KeySize = 256;
aesManaged.Key = Convert.FromBase64String(key);
aesManaged.Mode = CipherMode.CBC;
byte[] IV = new byte[16];
reader.Read(IV, 0, 16); // IVs are always 16 bytes.
aesManaged.IV = IV;
Debug.WriteLine("Decrypting IV:" + Convert.ToBase64String(aesManaged.IV));
var encryptor = aesManaged.CreateDecryptor();
using (var writeFileStream = File.Create(originalFilePath))
{
using (var cryptoWriter = new CryptoStream(writeFileStream, encryptor, CryptoStreamMode.Write))
{
reader.CopyTo(cryptoWriter);
cryptoWriter.FlushFinalBlock();
}
}
}
}
}
private static string GetFingerprint(string key)
{
using (var sha2 = new SHA512Managed())
{
var bytes = Convert.FromBase64String(key);
var hash = sha2.ComputeHash(bytes);
return Convert.ToBase64String(hash).Substring(0, 8).Replace('/','3').Replace('+','0');
}
}
private static string CreateKey()
{
using (AesManaged aesManaged = new AesManaged())
{
aesManaged.KeySize = 256;
aesManaged.GenerateKey();
return Convert.ToBase64String(aesManaged.Key);
}
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment