ctigeek/EncryptionExample.cs

## EncryptionExample.cs
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Cryptography;

namespace EncryptionExample
{
    class Program
    {
        static void Main(string[] args)
        {
            var path = "c:\\code\\test.txt";

            //var key = CreateKey();
            var key = "RxwjeMYiGlNz+0Ngn0YSaiIruSfN4t2mUqY8wJFLbSw=";

            EncryptFile(path, key);

            File.Move(path, "c:\\code\\test.blah.txt");

            DecryptFile(path, key);
        }

        private static void EncryptFile(string path, string key)
        {
            if (!File.Exists(path))
            {
                throw new ArgumentException("File `" + path + "` does not exist.");
            }

            var fingerprint = GetFingerprint(key);
            var encryptedFileName = path + "." + fingerprint + ".crypted";

            if (File.Exists(encryptedFileName))
            {
                throw new Exception("File `" + encryptedFileName + "` already exists.");
            }

            using (var aesManaged = new AesManaged())
            {
                aesManaged.KeySize = 256;
                aesManaged.Key = Convert.FromBase64String(key);
                aesManaged.Mode = CipherMode.CBC; //always use CBC unless you have a compelling reason to do otherwise (like not decrypting from the beginning to support random-seeks)
                aesManaged.GenerateIV(); //never re-use initialization vectors

                Debug.WriteLine("Encrypting IV:" + Convert.ToBase64String(aesManaged.IV));

                using (var fileStream = File.Create(encryptedFileName))
                {
                    fileStream.Write(aesManaged.IV, 0, aesManaged.IV.Length); //We write the 16-byte IV to the file first. You must keep the IV for decrypting. The IV is NOT a secret and does not need protecting.

                    var encryptor = aesManaged.CreateEncryptor();
                    using (var cryptoStream = new CryptoStream(fileStream, encryptor, CryptoStreamMode.Write))
                    {
                        using (var inputStream = File.OpenRead(path))
                        {
                            inputStream.CopyTo(cryptoStream);
                        }
                        cryptoStream.FlushFinalBlock();
                    }
                }
            }
        }

        private static void DecryptFile(string originalFilePath, string key)
        {
            if (File.Exists(originalFilePath))
            {
                throw new ArgumentException("File `" + originalFilePath + "` already exists.");
            }

            var fingerprint = GetFingerprint(key);
            var encryptedFileName = originalFilePath + "." + fingerprint + ".crypted";

            if (!File.Exists(encryptedFileName))
            {
                throw new Exception("Encrypted file `" + encryptedFileName + "` does not exist.");
            }

            using (var reader = File.OpenRead(encryptedFileName))
            {
                using (var aesManaged = new AesManaged())
                {
                    aesManaged.KeySize = 256;
                    aesManaged.Key = Convert.FromBase64String(key);
                    aesManaged.Mode = CipherMode.CBC;
                    byte[] IV = new byte[16];
                    reader.Read(IV, 0, 16); // IVs are always 16 bytes.
                    aesManaged.IV = IV;

                    Debug.WriteLine("Decrypting IV:" + Convert.ToBase64String(aesManaged.IV));

                    var encryptor = aesManaged.CreateDecryptor();

                    using (var writeFileStream = File.Create(originalFilePath))
                    {
                        using (var cryptoWriter = new CryptoStream(writeFileStream, encryptor, CryptoStreamMode.Write))
                        {
                            reader.CopyTo(cryptoWriter);
                            cryptoWriter.FlushFinalBlock();
                        }
                    }
                }
            }
        }

        private static string GetFingerprint(string key)
        {
            using (var sha2 = new SHA512Managed())
            {
                var bytes = Convert.FromBase64String(key);
                var hash = sha2.ComputeHash(bytes);
                return Convert.ToBase64String(hash).Substring(0, 8).Replace('/','3').Replace('+','0');
            }
        }

        private static string CreateKey()
        {
            using (AesManaged aesManaged = new AesManaged())
            {
                aesManaged.KeySize = 256;
                aesManaged.GenerateKey();
                return Convert.ToBase64String(aesManaged.Key);
            }
        }
    }
}
	using System;
	using System.Diagnostics;
	using System.IO;
	using System.Security.Cryptography;

	namespace EncryptionExample
	{
	class Program
	{
	static void Main(string[] args)
	{
	var path = "c:\\code\\test.txt";

	//var key = CreateKey();
	var key = "RxwjeMYiGlNz+0Ngn0YSaiIruSfN4t2mUqY8wJFLbSw=";

	EncryptFile(path, key);

	File.Move(path, "c:\\code\\test.blah.txt");

	DecryptFile(path, key);
	}

	private static void EncryptFile(string path, string key)
	{
	if (!File.Exists(path))
	{
	throw new ArgumentException("File `" + path + "` does not exist.");
	}

	var fingerprint = GetFingerprint(key);
	var encryptedFileName = path + "." + fingerprint + ".crypted";

	if (File.Exists(encryptedFileName))
	{
	throw new Exception("File `" + encryptedFileName + "` already exists.");
	}

	using (var aesManaged = new AesManaged())
	{
	aesManaged.KeySize = 256;
	aesManaged.Key = Convert.FromBase64String(key);
	aesManaged.Mode = CipherMode.CBC; //always use CBC unless you have a compelling reason to do otherwise (like not decrypting from the beginning to support random-seeks)
	aesManaged.GenerateIV(); //never re-use initialization vectors

	Debug.WriteLine("Encrypting IV:" + Convert.ToBase64String(aesManaged.IV));

	using (var fileStream = File.Create(encryptedFileName))
	{
	fileStream.Write(aesManaged.IV, 0, aesManaged.IV.Length); //We write the 16-byte IV to the file first. You must keep the IV for decrypting. The IV is NOT a secret and does not need protecting.

	var encryptor = aesManaged.CreateEncryptor();
	using (var cryptoStream = new CryptoStream(fileStream, encryptor, CryptoStreamMode.Write))
	{
	using (var inputStream = File.OpenRead(path))
	{
	inputStream.CopyTo(cryptoStream);
	}
	cryptoStream.FlushFinalBlock();
	}
	}
	}
	}

	private static void DecryptFile(string originalFilePath, string key)
	{
	if (File.Exists(originalFilePath))
	{
	throw new ArgumentException("File `" + originalFilePath + "` already exists.");
	}

	var fingerprint = GetFingerprint(key);
	var encryptedFileName = originalFilePath + "." + fingerprint + ".crypted";

	if (!File.Exists(encryptedFileName))
	{
	throw new Exception("Encrypted file `" + encryptedFileName + "` does not exist.");
	}

	using (var reader = File.OpenRead(encryptedFileName))
	{
	using (var aesManaged = new AesManaged())
	{
	aesManaged.KeySize = 256;
	aesManaged.Key = Convert.FromBase64String(key);
	aesManaged.Mode = CipherMode.CBC;
	byte[] IV = new byte[16];
	reader.Read(IV, 0, 16); // IVs are always 16 bytes.
	aesManaged.IV = IV;

	Debug.WriteLine("Decrypting IV:" + Convert.ToBase64String(aesManaged.IV));

	var encryptor = aesManaged.CreateDecryptor();

	using (var writeFileStream = File.Create(originalFilePath))
	{
	using (var cryptoWriter = new CryptoStream(writeFileStream, encryptor, CryptoStreamMode.Write))
	{
	reader.CopyTo(cryptoWriter);
	cryptoWriter.FlushFinalBlock();
	}
	}
	}
	}
	}

	private static string GetFingerprint(string key)
	{
	using (var sha2 = new SHA512Managed())
	{
	var bytes = Convert.FromBase64String(key);
	var hash = sha2.ComputeHash(bytes);
	return Convert.ToBase64String(hash).Substring(0, 8).Replace('/','3').Replace('+','0');
	}
	}

	private static string CreateKey()
	{
	using (AesManaged aesManaged = new AesManaged())
	{
	aesManaged.KeySize = 256;
	aesManaged.GenerateKey();
	return Convert.ToBase64String(aesManaged.Key);
	}
	}
	}
	}