Encrytion and decryption a string [modified]

3bood ghzawi

Hello anyone.., How we can differentiate between an encrypted and none encrypted txt??? i need a method for that, to using in my project..., Please help me.........,,, An encryption methode is below:

using System;
using System.Collections.Generic;
using System.Text;
using System.Security.Cryptography;
using System.Configuration;

namespace SharpPcap.EnCryptDecrypt
{
public class CryptorEngine
{
public static string Encrypt(string toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);

        System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader();
        // Get the key from config file
        string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));
        //System.Windows.Forms.MessageBox.Show(key);
        if (useHashing)
        {
            MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
            keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
            hashmd5.Clear();
        }
        else
            keyArray = UTF8Encoding.UTF8.GetBytes(key);

        TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
        tdes.Key = keyArray;
        tdes.Mode = CipherMode.ECB;
        tdes.Padding = PaddingMode.PKCS7;

        ICryptoTransform cTransform = tdes.CreateEncryptor();
        byte\[\] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
        tdes.Clear();
        return Convert.ToBase64String(resultArray, 0, resultArray.Length);
    }
}

}

Regards...

modified on Wednesday, January 27, 2010 6:56 AM

Keith Barrow · modified on Wednesday, January 27, 2010 6:56 AM

3bood.ghzawi wrote:

How we can differentiate between an encrypted and none encrypted txt???

You can't, not without decrypting. It is possible to perform a preliminary check to see whether the decryption "string" is HEX (which encrypted strings are), but not all HEX strings are encrypted information. The only reliable way is to attempt to decrypt, even then it only checks for the decryption key. Also this is worrying:

3bood.ghzawi wrote:

// Get the key from config file string key = (string)settingsReader.GetValue("SecurityKey", typeof(String));

The app config is by-and-large publicly available, and the key *MUST* be kept secret for the cryptography to be worth anything.

CCC solved so far: 2 (including a Hard One!) 37!?!! - Randall, Clerks