ansaurus

Question

C# Encrypt an object?

Answer 1

A:

No, it is not stupid. And yes, this is done all the time.

Daniel A. White 2009-07-02 11:29:48

Answer 2

+7 A:

Sure it can be done. Just serialize the object and encrypt the serialized content.

Serializing an object :

http://support.microsoft.com/kb/815813

Encrypting a string :

http://www.dijksterhuis.org/encrypting-decrypting-string/

Update to question: No you can't encrypt an object in memory without serializing it. (well, you can't do it with your application, there might be a third party software which will encrypt/decrypt objects in memory as the OS and applications use them.)

Kevin 2009-07-02 11:30:13

Boy people are getting faster everyday, I was half through my answer when there were 4 already :)

Vinko Vrsalovic 2009-07-02 11:33:22

What type of data are u encrypting? If it is a passwor type of thing u should look at a one way crypt

Simon 2009-07-02 11:34:17

Can I go any other way?

abmv 2009-07-02 11:34:27

Yes, you can encrypt and decrypt the serialized object, and this should probably not be a hash as Simon is talking about. You wouldn't be able to get the object back to a usable state if you did.

Kevin 2009-07-02 11:38:00

Answer 3

+1 A:

Two steps: serialize the object, then encrypt the serialized data. Plenty of information on both steps available by Googling.

David M 2009-07-02 11:30:22

hopefully google points here though...

annakata 2009-07-02 11:31:22

Answer 4

+1 A:

This is a very general question, but, if you are looking to store an arbitrary stream of bytes in the database, well the only way to turn an object to a stream of bytes is a serialization process of sorts, whether it is the built in .Net one or a contract based one.

There is a problem with having blobs in the db, for one, stuff is not indexable.

However, if you want your favorite ORM(tm) to take care of this in a more granular way, for example just have it encrypt the password field, automagically, you could give your an ORM a directive to do that and take care of that in that layer.

Sam Saffron 2009-07-02 11:37:51

Answer 5

+1 A:

Here is a way of getting a byte array out of an object (note the object must be serializable). For production code, some error checking should be added. Additionally, you would have your choice of Crypto Providers. To Deserialize this, you basically reverse the process.

    public byte[] Serialize(object obj)
    {
        byte[] bytes = new byte[0];
        using (var mStream = new MemoryStream())
        {
            var crypt = new TripleDESCryptoServiceProvider();

            crypt.IV = iv;
            crypt.Key = key;
            crypt.Padding = PaddingMode.Zeros;

            using (var cStream = new CryptoStream(
                mStream, crypt.CreateEncryptor(), CryptoStreamMode.Write))
            {
                var bFormatter = new BinaryFormatter();
                bFormatter.Serialize(cStream, obj);

                cStream.Close();
                mStream.Close();
            }

            bytes = mStream.ToArray();
        }

        return bytes;
    }

For test purposes I used the following for key and iv, though certainly you would want something different.

    private byte[] key = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10,
        11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 };
    private byte[] iv = { 0, 1, 2, 3, 4, 5, 6, 7 };

Timothy Carter 2009-07-02 13:35:20

ansaurus

tags:

views:

answers:

C# Encrypt an object?

related questions