Encrypting the contents of a file is a common task, especially with configuration files which may contain sensitive passwords, or database connectivity information.
Microsoft’s 70-540 exam covers knowledge about encryption by outlining a couple of common usage scenarios and expecting candidates are capable of implementing them. One such task is the ability to encrypt and decrypt the contents of a file and this blog entry covers an example implementation of this.
How to use the sample application
The main user interface is a single form. By making selections in the combo boxes at the top of the form you can select the required encryption algorithm and key size.
Whenever you change key sizes, a random encryption key is generated for you and this is inserted into the key text box. If you have a message encrypted with a specific encryption key, you can type it into the key text box manually.
To create an encrypted text file, type your message into the textbox at the bottom of the form and tap the encrypt button. A file save dialog box will appear to ask you where you want to save the encrypted file.
To decrypt a text file, tap the decrypt button and a file open dialog box will appear to ask you to select a file to decrypt. Once you have selected one an attempt will be made to decrypt the message using the encryption key present within the UI, and if successful the cleartext message will be displayed in the textbox.
If you use Pocket Word to open the text files you have encrypted, you should see that they contain no human readable content and simply contain a “garbled mess”. You should only be able to recover your encrypted message by configuring identical encryption parameters within the GUI again and pressing the decrypt button.
How it works
The process of implementing symmetric encryption within the .NET Compact Framework has been covered before, so please refer to that blog entry for technical details on the implementation. The source code of the sample application is also available, and is heavily commented to describe what is happening at each stage of the process.
A high level overview of how this application performs encryption of text files is as follows:
- An instance of a class which derives from SymmetricAlgorithm is created.
- The LegalKeySizes property is read to determine a list of valid key sizes.
- The KeySize and Key properties are configured with the desired values.
- The IV property is configured with the desired value (and optionally the BlockSize property is altered).
- A FileStream instance is created to allow access to the file.
- The FileStream is wrapped in a CryptoStream, which is then used instead of the original file stream (this is what performs the encryption/decryption).
Questions to ask yourself while reviewing the source code of this sample include:
- How does a CryptoStream know if it is encrypting or decrypting data?
- How can I verify if a given key size is valid for the selected encryption algorithm?
- What exceptions may be thrown during decryption if an incorrect key is utilised?
- What object oriented concept makes it easy to switch between different symmetric encryption algorithms with only minor code changes?
This sample application only demonstrates the use of symmetric encryption algorithms. As an exercise left to the user, see if you can alter the sample application to use asymmetric encryption by using the RSACryptoServiceProvider class. As part of your solution you should figure out how to export and import the public part of your public/private key pair, so other devices can read your encrypted messages.
The source code for the sample application can be downloaded.