How can I use AES in C# .NET to encrypt a file and then securely remove the local copy of the file?
Can someone please point me to a good example on how to do this.
Is AES the strongest encryption available in .NET 3.5?
views:
743answers:
5
+2
A:
1) You can't securely remove a file without messing with filesystem internals.
2) It depends on your definition of stronger.
wRAR
2009-09-20 14:50:58
+1 for point 1), a simple delete will leave the original to be picked up by a Dos-era UnDelete.
Henk Holterman
2009-09-20 14:54:16
1)So it's not possible to secure delete a file through managed code?2)Well I meant the most secure. I've read an article that AES has theoretically been broken and that it's life span has been shortened.
2009-09-20 15:20:40
AES is still the best choice. There was a recent attack covering 11 rounds (of the full 14 when using AES 256). There is no practical attack against full AES 256 yet, but its arguable that AES 128 with its different key schedule is more secure right now.
PaulG
2009-09-20 15:43:09
A:
You might want to look at something like this for a tutorial on encryption in the .NET framework, as there are many settings you will need to decide on. http://www.vbdotnetheaven.com/UploadFile/gsparamasivam/cryp04112005063256AM/cryp.aspx
To delete the file is a bit trickier. You may want to write over the file with zeroes that is the same size as the file you wanted to delete.
Then delete that file. That way there should mainly be zeroes in the hard drive, if someone takes your hard drive apart.
I prefer IDEA or Twofish, but AES can work, it depends on the key size you generated.
Update: I tend to use Bouncycastle's library for encryption, as I found it easy to use, and it worked better for me, generally. http://www.bouncycastle.org/csharp/ If you download the source code you can get examples which would help you out perhaps.
James Black
2009-09-20 14:51:48
+2
A:
You may be approaching your problem from the wrong angle if you want to receive a file and THEN encrypt it. As other have mentioned, there isn't an easy way to securely delete a file.
As an alternative then you may want to setup an encrypted partition or folder using something like TrueCrypt, and drop the file into the encrypted partition as soon as it is received.
Writing encryption routines using c# may seem fairly trivial, but without a good understanding of the issues that surround encryption there is a good chance you will make mistakes, such as with key management or picking the wrong block encryption mode.
PaulG
2009-09-20 14:59:32
A:
You can't securely delete unless you delve into unsafe code, there's an example on codeproject but you might be better find a command line program like Sdelete and calling it from your application, you'd have to use unsafe code either way.
The strongest encryption is, well, too hard to call, especially when you take key sizes into the equation. There are attacks against AES at its maximum keysize, 256 bits, but a lot of them depend on specific versions, attacking the implementation rather than the algorithm and the ones that target the algorithm are still very complex - if you rotate your keys every time like you should then really you have very little to worry about. If you're worried about the managed code implementation then you should turn FIPS compliance on, but that affects the whole OS. This would limit you to the DESCryptoServiceProvider / TripleDESCryptoServiceProvider for symmetric encryption and DSACryptoServiceProvider / RSACryptoServiceProvider for asymmetric encryption.
blowdart
2009-09-20 15:51:40
+1
A:
Here's an example of using AES in C# that generates a symmetric key and IV and uses RSA with a self signed certificate to store the AES key and IV in a file. To decrypt, it will decrypt the keyfile using RSA, and then use that to decrypt the encrypted file back to the original.
You may need to modify of course, but I think it's a decent round trip example of encryption in C#.
markt
2009-09-20 16:09:02