Really simple encryption with C# and SymmetricAlgorithm

Question

I\'m looking for a very simple crypt / decrypt method. I will be using always the same static key. I\'m aware of the risks of this approach. Currently I\'m

Answer 1

You'll need to set the cipher mode to CipherMode.ECB or use an IV.

SymmetricAlgorithm symmetricAlgorithm = DES.Create();
symmetricAlgorithm.Key = new byte[8] { 1, 2, 3, 4, 5, 6, 7, 8 };
symmetricAlgorithm.Mode = CipherMode.ECB;
...

Another point is not to use Unicode encoding. Use Base64 instead. Unicode might "destroy" bytes that are not UTF-16.

Answer 2

How about something like this?

Code

using System;
using System.Security.Cryptography;
using System.Text;

public static class StringUtil
{
    private static byte[] key = new byte[8] {1, 2, 3, 4, 5, 6, 7, 8};
    private static byte[] iv = new byte[8] {1, 2, 3, 4, 5, 6, 7, 8};

    public static string Crypt(this string text)
    {
        SymmetricAlgorithm algorithm = DES.Create();
        ICryptoTransform transform = algorithm.CreateEncryptor(key, iv);
        byte[] inputbuffer = Encoding.Unicode.GetBytes(text);
        byte[] outputBuffer = transform.TransformFinalBlock(inputbuffer, 0, inputbuffer.Length);
        return Convert.ToBase64String(outputBuffer);
    }

    public static string Decrypt(this string text)
    {
        SymmetricAlgorithm algorithm = DES.Create();
        ICryptoTransform transform = algorithm.CreateDecryptor(key, iv);
        byte[] inputbuffer = Convert.FromBase64String(text);
        byte[] outputBuffer = transform.TransformFinalBlock(inputbuffer, 0, inputbuffer.Length);
        return Encoding.Unicode.GetString(outputBuffer);
    }
}

Unit Test

[Test]
public void Test()
{
    string expected = "this is my test string";
    string a = expected.Crypt();
    Debug.WriteLine(a);
    string actual = a.Decrypt();
    Assert.AreEqual(expected, actual);
}

---

EDIT:

To clarify: I am aware this is not good practice.

"I'm aware of the risks of this approach. "

Iv'e made the assumption that the OP is also aware and will make relevant code changes before considering using anything like this in a production environment.

The question emphasizes simplicity over good practice.

Answer 3

If you don't want to handle keys yourself then let the operating system do it for your. E.g. use Windows Data Protection (DPAPI).

You can write your own, string-based, version of System.Security.Cryptography.ProtectedData.Protect and Unprotect methods by using something like:

public static string Crypt (this string text)
{
    return Convert.ToBase64String (
        ProtectedData.Protect (
            Encoding.Unicode.GetBytes (text) ) );
}

public static string Derypt (this string text)
{
    return Encoding.Unicode.GetString (
        ProtectedData.Unprotect (
             Convert.FromBase64String (text) ) );
}