File Encryption in Microsoft .NET

Introduction

The classes in the .Net Framework cryptography namespace manage many details of cryptography for you. Some are wrappers for the unmanaged Microsoft CryptoAPI, while others are purely managed implementations. Cryptography protects data from being viewed or modified and provides secure channels of communication over otherwise insecure channels. For example, data can be encrypted using a cryptographic algorithm, transmitted in an encrypted state, and later decrypted by the intended party. If a third party intercepts the encrypted data, it will be difficult to decipher the data. We use a combination of algorithms and practices known as cryptographic primitives to create a cryptographic scheme. Those primitives are: private-key encryption, public-key encryption, cryptographic signing and cryptographic hashes.

Private-key encryption (symmetric cryptography)

In this article and code example I've used private-key encryption to encrypt files. Private-key encryption algorithms use a single private key to encrypt and decrypt data so it also referred to as symmetric encryption because the same key is used for encryption and decryption. Thus, we need a key and an initialization vector (IV) to encrypt and decrypt data. Without an IV the same input block of plaintext will encrypt to same output block of ciphertext, but with IV the output of two identical plaintext blocks are different and it is hard for unauthorized user to recover the key. The disadvantage of private-key encryption is that it presumes two parties have agreed on a key and IV and communicated their values. Also, the key must be kept secret from unauthorized users. Because of these problems, private-key encryption is often used in conjunction with public-key encryption to privately communicate the values of the key and IV.

The .NET Framework provides the following classes that implement private-key encryption algorithms:

• DESCryptoServiceProvider (DES algorithm)
• RC2CryptoServiceProvider (RC2 algorithm)
• RijndaelManaged (Rijndael algorithm)
• TrippleDESCryptoServiceProvider (TrippleDES algorithm)

Code explanation

In this simple example I use a Rijndael algorithm to encrypt files. First, to encrypt file, we have to make a key and IV (16 bytes each). Below is shown how to compose a key and an IV (key and IV have the same value) from password entered by user (Form1.EncryptFile() function): 

If password.Length > 8 Then
password = password.Substring(0, 8)
Else
If password.Length < 8 Then
Dim add As Integer = 8 - password.Length
Dim i As Integer
For i = 0 To add - 1
password = password + i
Next i
End If
End If
Dim UE As New UnicodeEncoding
Dim key As Byte() = UE.GetBytes(password)

A key and an IV have to be byte[] type. Because the key and IV have to be exactly 16 bytes long by default, we have to add some characters if the password is less then 8 characters (1 character = 2 bytes) or we have to truncate password string if it'is have more then 8 characters.

Next, we have to create a FileStream instance for crypted data (cryptFile is file where crypted data should be written):

Dim fsCrypt As New FileStream(cryptFile, FileMode.Create)

Next, we create a instance of RijndaelManaged class and an instance of special stream class called a CryptoStream that encrypts data read into the stream. The CryptoStream class is initialized with managed stream class (FileStream), a class that implements the ICryptoTransform interface (created from a class that implements a cryptographic algorithm - RijndaelManaged) and a CryptoStreamMode enumeration that describes the type of access permitted to the CryptoStream:

After the previous code is executed, any data written to the CryptoStream object is encrypted using the Rijndael algorithm: