The following code from the sample utility illustrates how to encrypt a file:
Catch e As Exception
Sub Encrypt(ByVal inName As String , ByVal outName As String )
Dim storage(4096) As Byte 'create buffer
Dim totalBytesWritten As Long = 8 'Keeps track
of bytes written.
Dim packageSize As Integer 'Specifies the number
of bytes written at one time.
'Declare the file streams.
Dim fin As New FileStream(inName, FileMode.Open,
Dim fout As New FileStream(outName, FileMode.OpenOrCreate, _
Dim totalFileLength As Long = fin.Length 'Specifies the size
of the source file.
'create the Crypto object
Dim des As New DESCryptoServiceProvider()
Dim crStream As New CryptoStream(fout, _
des.CreateEncryptor(TheKey, Vector), _
'flow the streams
While totalBytesWritten < totalFileLength
packageSize = fin.Read(storage, 0, 4096)
crStream.Write(storage, 0, packageSize)
totalBytesWritten = Convert.ToInt32(totalBytesWritten +
packageSize / des.BlockSize * des.BlockSize)
Note the three streams created: file in (
fin , the plaintext original data), file out (
fout , the encrypted result), and
crStream (a cryptostream that feeds the results of the DES encryption to the output file
fout ). The virtue of the cryptostream is that you don't need to store its results in some intermediate file or buffer. The streamed output can simply be fed to the input of some other object.
The only fundamental difference between this encryption procedure and the decryption procedure is that when you decrypt, you use a different method (
CreateDecryptor ) of the
DESCryptoServiceProvider object. Otherwise the process (the arguments, the streams, and so on) is identical going in either the encryption or decryption direction.
Prevent Repetition Searches and Brute Force Attacks
Hackers or cryptanalyst employ two common methods to attack encrypted files. One is looking for repetition in your ciphertext and the other is a brute force search for your key. Let's first consider how the initialization vector prevents repetitions, and then explore why a stronger algorithm may be your best bet for defending against brute force searches.
Cryptanalysts search for patternsparticularly repeating patternsas they try to break a cipher. Unfortunately, people commonly start their communications in repetitive ways (Dear Sir, From the Desk of, and so on). If you begin multiple messages with the same phrase and you use the same key with each one, the start of the ciphertext will be identical for each message. If each encrypted message from Antonio Banderas begins with the greeting @4^F (2$@Fx, a spy would be rather dull not to test and see if the first words were Dear Melanie. An important procedure when deciphering secret messages is guessing some of the words that likely will be used in the message. Don't give a cryptanalyst this advantage. In the example code, the initialization vector's bits are padded at the beginning of your message, which solves the repetition problem. Only the beginning of a message is vulnerable in this way.
Because computers are far faster and more accurate than humans, they are particularly adept at repetitive tasks like trying every possible key combination to crack your key. What's more, the DES encryption algorithm is, itself, not secret. The method it uses to encrypt data was made public back in the 1970s. And, of course, an intruder who wants to automate his or her search for your key can easily employ the .NET DESCryptoServiceProvider class.
How long would it take your computer to test every possible combination of the 128 bits in the key/vector combination? Experts disagree on a length of time. Some claim it would take months, while others say that a six-figure computer with specialized hardware could test billions of keys per second and crack a DES ciphertext in hours. If you have enemies willing to spend months or hundreds of thousands worth of cash to find out your secrets, I suggest you switch to TripleDES or some other algorithm. TripleDES, as you might guess, asks for a password three times as long as the eight-character DES password. The resulting key is therefore 192 bits, rather than the 64-bit DES key. Remember, all other things being equal, the longer the key, the stronger the encryption.
To further confound intruders, the TripleDES process divides the 192 bits into three separate 64-bit keys, which it uses to encrypt the data with the first key, decrypt it using the second key, and finally encrypt it again with the third key.
Don't Stop with Cryptography
Now that you've seen how .NET DES cryptography works, you could further experiment with other .NET security features, including the extremely interesting public key techniques. Although they execute slowly, they probably can offer even greater security than TripleDES. I personally don't have secrets important enough to resort to more than simple DES, but your encryption needs may be different.