Encrypting a stream
-
I'm currently writing a little password-manager to store my passwords and the associated data my way. Of course I would prefer the stored data not to be plainly readable to anyone, so I thought of encrypting it. However, I couldn't really find any way of doing it elegantly. 1. I want to enter a password of my choice to encrypt it. Rijndael and others always need a key of a specific length, so the choice of passwords is limited to the accepted length :( . 2. Some methods I found need an input file and an output file. This is not particularly elegant, since one has to erase the input file (encryption) or the output file (decryption) afterwards, in order not to have a plainly readable version. Other methods encrypt a string, while I am serializing objects in a stream. Here is what I have so far (without encryption): Saving:
private void SaveFile(string path) { Stream stream = null; try { stream = new FileStream(path, FileMode.Create, FileAccess.Write, FileShare.None); MemoryStream memoryStream = new MemoryStream(); GZipStream compressedStream = new GZipStream(stream, CompressionMode.Compress); IFormatter formatter = new BinaryFormatter(); formatter.Serialize(memoryStream, ((PasswordList)ActiveMdiChild).List); memoryStream.WriteTo(compressedStream); compressedStream.Flush(); compressedStream.Close(); } catch (Exception r) { throw new ApplicationException("File could not be created " + r); } finally { if (null != stream) stream.Close(); } }Opening:private void openToolStripMenuItem_Click(object sender, EventArgs e) { OpenFileDialog openFile = new OpenFileDialog(); openFile.Title = "Open"; openFile.InitialDirectory = Environment.CurrentDirectory; if (openFile.ShowDialog() == DialogResult.OK) { Stream stream = null; try { IFormatter formatter = new BinaryFormatter(); stream = new FileStream(openFile.FileName, FileMode.Open, FileAccess.Read, FileShare.Read); GZipStream compressedStream = new GZipStream(stream, CompressionMode.Decompress); PasswordList newList = new PasswordList(this, (List)formatter.Deserialize(compressedStream)); compressedStream.Close(); newList.MdiParent = this; newList.filename = openFile.FileName; InitializeNewList(newList); } catch (Exception r) { throw new ApplicationExcepti -
I'm currently writing a little password-manager to store my passwords and the associated data my way. Of course I would prefer the stored data not to be plainly readable to anyone, so I thought of encrypting it. However, I couldn't really find any way of doing it elegantly. 1. I want to enter a password of my choice to encrypt it. Rijndael and others always need a key of a specific length, so the choice of passwords is limited to the accepted length :( . 2. Some methods I found need an input file and an output file. This is not particularly elegant, since one has to erase the input file (encryption) or the output file (decryption) afterwards, in order not to have a plainly readable version. Other methods encrypt a string, while I am serializing objects in a stream. Here is what I have so far (without encryption): Saving:
private void SaveFile(string path) { Stream stream = null; try { stream = new FileStream(path, FileMode.Create, FileAccess.Write, FileShare.None); MemoryStream memoryStream = new MemoryStream(); GZipStream compressedStream = new GZipStream(stream, CompressionMode.Compress); IFormatter formatter = new BinaryFormatter(); formatter.Serialize(memoryStream, ((PasswordList)ActiveMdiChild).List); memoryStream.WriteTo(compressedStream); compressedStream.Flush(); compressedStream.Close(); } catch (Exception r) { throw new ApplicationException("File could not be created " + r); } finally { if (null != stream) stream.Close(); } }Opening:private void openToolStripMenuItem_Click(object sender, EventArgs e) { OpenFileDialog openFile = new OpenFileDialog(); openFile.Title = "Open"; openFile.InitialDirectory = Environment.CurrentDirectory; if (openFile.ShowDialog() == DialogResult.OK) { Stream stream = null; try { IFormatter formatter = new BinaryFormatter(); stream = new FileStream(openFile.FileName, FileMode.Open, FileAccess.Read, FileShare.Read); GZipStream compressedStream = new GZipStream(stream, CompressionMode.Decompress); PasswordList newList = new PasswordList(this, (List)formatter.Deserialize(compressedStream)); compressedStream.Close(); newList.MdiParent = this; newList.filename = openFile.FileName; InitializeNewList(newList); } catch (Exception r) { throw new ApplicationExceptiCryptoStream Class[^] might help you :)
#region signature my articles #endregion
-
CryptoStream Class[^] might help you :)
#region signature my articles #endregion
I found that article too. But the problems I described are not solved by this method. 1. The method encrypts a string and decrypts to a string. I don't have a string! (Or I would first have to encrypt all the strings before serializing! :( ) 2. The key for Rijndael has to be of a fixed length (128, 192, or 256 bits), so I can't use a password of my choice.
-
I found that article too. But the problems I described are not solved by this method. 1. The method encrypts a string and decrypts to a string. I don't have a string! (Or I would first have to encrypt all the strings before serializing! :( ) 2. The key for Rijndael has to be of a fixed length (128, 192, or 256 bits), so I can't use a password of my choice.
Some encryption methods always give a fixed length (I'm thinking of PHP's MD5 function). You could maybe encrypt the password you choose using something like that and then use that to do the Rijndael thing. There's quite a few examples of MD5 PHP style encryption if you google but (from experience) check them carefully as I've found with some they don't always work properly. I remember one I tried that didn't give a leading Hex zero for bytes less than 16 (decimal) so what should have been 0A0A0A0A0A0A0A0A came out as AAAAAAAA - not fixed length. I haven't tried it but this[^] one looks ok.
-
I'm currently writing a little password-manager to store my passwords and the associated data my way. Of course I would prefer the stored data not to be plainly readable to anyone, so I thought of encrypting it. However, I couldn't really find any way of doing it elegantly. 1. I want to enter a password of my choice to encrypt it. Rijndael and others always need a key of a specific length, so the choice of passwords is limited to the accepted length :( . 2. Some methods I found need an input file and an output file. This is not particularly elegant, since one has to erase the input file (encryption) or the output file (decryption) afterwards, in order not to have a plainly readable version. Other methods encrypt a string, while I am serializing objects in a stream. Here is what I have so far (without encryption): Saving:
private void SaveFile(string path) { Stream stream = null; try { stream = new FileStream(path, FileMode.Create, FileAccess.Write, FileShare.None); MemoryStream memoryStream = new MemoryStream(); GZipStream compressedStream = new GZipStream(stream, CompressionMode.Compress); IFormatter formatter = new BinaryFormatter(); formatter.Serialize(memoryStream, ((PasswordList)ActiveMdiChild).List); memoryStream.WriteTo(compressedStream); compressedStream.Flush(); compressedStream.Close(); } catch (Exception r) { throw new ApplicationException("File could not be created " + r); } finally { if (null != stream) stream.Close(); } }Opening:private void openToolStripMenuItem_Click(object sender, EventArgs e) { OpenFileDialog openFile = new OpenFileDialog(); openFile.Title = "Open"; openFile.InitialDirectory = Environment.CurrentDirectory; if (openFile.ShowDialog() == DialogResult.OK) { Stream stream = null; try { IFormatter formatter = new BinaryFormatter(); stream = new FileStream(openFile.FileName, FileMode.Open, FileAccess.Read, FileShare.Read); GZipStream compressedStream = new GZipStream(stream, CompressionMode.Decompress); PasswordList newList = new PasswordList(this, (List)formatter.Deserialize(compressedStream)); compressedStream.Close(); newList.MdiParent = this; newList.filename = openFile.FileName; InitializeNewList(newList); } catch (Exception r) { throw new ApplicationExceptiAs indicated by a previous user, all you need to do is intantiate the cryptostream class on top of your GZipStream, then use the resulting stream to read/write the serialized data. As far as the password goes, I would try to add some random characters (salt) to your passphrase, then take the SHA256 hash of that new string and use the hash as the key to create a new Rijandael cryptostream which would be used as previously stated. Hope this helps,
Sounds like somebody's got a case of the Mondays -Jeff