ASP.Net - Encrypt and Decrypt Password
Encryption and Decryption in Asp .Net with C#
Here I will explain
how to encrypt and decrypt password in asp .net using C#.
What is Encryption and Decryption?
- Encryption is the activity of converting data or information into code or a secret key.
- Decryption is the activity of making clear or converting from code into plain text.
Source Code Example:
/// <summary>
/// To encrypt the input password
/// </summary>
/// <param name="textPassword"></param>
/// <returns>It returns encrypted code</returns>
public string EncryptPassword(string
textPassword)
{
//Input
byte[]
passBytes = System.Text.Encoding.Unicode.GetBytes(textPassword);
string
encryptPass = Convert.ToBase64String(passBytes);
return encryptPass ;
}
/// <summary>
/// To Decode the encrypted password
/// </summary>
/// <param name="encryptedPassword"></param>
/// <returns>It returns plain password</returns>
public string DecryptPassword(string
encryptedPassword)
{
//output
byte[]
passByteData = Convert.FromBase64String(encryptedPassword);
string
originalPassword = System.Text.Encoding.Unicode.GetString(passByteData);
return
originalPassword;
}
ASP.Net - Encrypt and Decrypt Password
Reviewed by Ravi Kumar
on
6:39 PM
Rating:
Reviewed by Ravi Kumar
on
6:39 PM
Rating:
this is not encrypting..
ReplyDeleteFor encrypting you need a encryption algorithm with a seed and a cypher.
converting a unicode to a byte aray is not encryption.. because it can be reversed without any cypher...
So i would not use this..
I agree with your thought but I am not saying its the best practise to encrypting.
ReplyDeleteyeah sure we can use a cypher and I used this also:
public static string Encrypt(string plainText,
string passPhrase,
string saltValue,
string hashAlgorithm,
int passwordIterations,
string initVector,
int keySize)
{
// Convert strings into byte arrays.
// Let us assume that strings only contain ASCII codes.
// If strings include Unicode characters, use Unicode, UTF7, or UTF8
// encoding.
byte[] initVectorBytes = Encoding.ASCII.GetBytes(initVector);
byte[] saltValueBytes = Encoding.ASCII.GetBytes(saltValue);
// Convert our plaintext into a byte array.
// Let us assume that plaintext contains UTF8-encoded characters.
byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);
// First, we must create a password, from which the key will be derived.
// This password will be generated from the specified passphrase and
// salt value. The password will be created using the specified hash
// algorithm. Password creation can be done in several iterations.
PasswordDeriveBytes password = new PasswordDeriveBytes(
passPhrase,
saltValueBytes,
hashAlgorithm,
passwordIterations);
// Use the password to generate pseudo-random bytes for the encryption
// key. Specify the size of the key in bytes (instead of bits).
byte[] keyBytes = password.GetBytes(keySize / 8);
// Create uninitialized Rijndael encryption object.
RijndaelManaged symmetricKey = new RijndaelManaged();
// It is reasonable to set encryption mode to Cipher Block Chaining
// (CBC). Use default options for other symmetric key parameters.
symmetricKey.Mode = CipherMode.CBC;
// Generate encryptor from the existing key bytes and initialization
// vector. Key size will be defined based on the number of the key
// bytes.
ICryptoTransform encryptor = symmetricKey.CreateEncryptor(
keyBytes,
initVectorBytes);
// Define memory stream which will be used to hold encrypted data.
MemoryStream memoryStream = new MemoryStream();
// Define cryptographic stream (always use Write mode for encryption).
CryptoStream cryptoStream = new CryptoStream(memoryStream,
encryptor,
CryptoStreamMode.Write);
// Start encrypting.
cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
// Finish encrypting.
cryptoStream.FlushFinalBlock();
// Convert our encrypted data from a memory stream into a byte array.
byte[] cipherTextBytes = memoryStream.ToArray();
// Close both streams.
memoryStream.Close();
cryptoStream.Close();
// Convert encrypted data into a base64-encoded string.
string cipherText = Convert.ToBase64String(cipherTextBytes);
// Return encrypted string.
return cipherText;
}
Here is an example that uses the Rijndael algorithm with Key and IV that you can change as you wish.
ReplyDelete--------------------------------------
using System;
using System.Security.Cryptography;
using System.Text;
using System.IO;
public class Encryption
{
private static byte[] Key = { 69, 75, 101, 56, 255, 46, 182, 135, 193, 155, 221, 154, 53, 178, 68, 56, 42, 11, 135, 145, 185, 28, 78, 49, 97, 168, 84, 117, 225, 130, 145, 65 };
private static byte[] IV = { 54, 36, 255, 23, 165, 153, 88, 248, 175, 184, 198, 241, 175, 67, 69, 65 };
//Encrypte string
public static string DecryptString(string src)
{
string strReturn = "";
MemoryStream ms = null;
CryptoStream cs = null;
byte[] p = Convert.FromBase64String(src);
byte[] initialText = new Byte[p.Length];
int intIndex = 0;
bool IsEndOfString = false;
RijndaelManaged rv = new RijndaelManaged();
ms = new MemoryStream(p);
cs = new CryptoStream(ms, rv.CreateDecryptor(Key, IV), CryptoStreamMode.Read);
cs.Read(initialText, 0, initialText.Length);
while ((intIndex < initialText.Length) && !IsEndOfString)
{
if (initialText[intIndex] != 0)
strReturn += ((char)initialText[intIndex]);
else
IsEndOfString = true;
intIndex++;
}
return strReturn;
}
//Decrypt string
public static string EncryptString(string src)
{
byte[] p = Encoding.ASCII.GetBytes(src.ToCharArray());
byte[] encodedBytes = { };
MemoryStream ms = new MemoryStream();
RijndaelManaged rv = new RijndaelManaged();
CryptoStream cs = new CryptoStream(ms, rv.CreateEncryptor(Key, IV), CryptoStreamMode.Write);
cs.Write(p, 0, p.Length);
cs.FlushFinalBlock();
encodedBytes = ms.ToArray();
return Convert.ToBase64String(encodedBytes);
}
}
You should use SecurityString class for working with private data. Your post is just simple converting string to BASE64 format.
ReplyDelete