HPF ortify scan reported Privacy Violation issue at below line of code.
csEncrypt.Write(buffer, 0, read);
complete code
public void Encrypt(Stream data, Stream output, byte[] key = null, byte[] iv = null)
{
if (data == null) { throw new ArgumentNullException("data"); }
if (data.Length <= 0) { throw new ArgumentException("Empty Data", "data"); }
if (output == null) { throw new ArgumentNullException("output"); }
using (var rijAlg = new RijndaelManaged())
using (var encryptor = rijAlg.CreateEncryptor(key ?? GetDefaultKey(), iv ?? GetDefaultIV()))
using (var csEncrypt = new CryptoStream(output, encryptor, CryptoStreamMode.Write))
{
var buffer = new byte[bufferLength];
var read = data.Read(buffer, 0, bufferLength);
while (read != 0)
{
csEncrypt.Write(buffer, 0, read);
read = data.Read(buffer, 0, bufferLength);
}
csEncrypt.Close();
}
}
I wanted to know best way to encrypt data and avoid privacy violation issue.
What I have tried:
HP Fortify scan says:
The method Encrypt() mishandles confidential information, which can compromise user privacy and is often illegal.Mishandling private information, such as customer passwords or social security numbers, can compromise user privacy and is often illegal.