Click here to Skip to main content
13,410,463 members (36,586 online)
Rate this:
 
Please Sign up or sign in to vote.
See more:
Hello, I created a class called "ClassA" and I write its content to hard drive as an XML file like this:
static void Write(ClassA cA)
{
    var serializer = new XmlSerializer(typeof(ClassA));

    using (var stream = new FileStream(System.IO.Path.Combine("C:\\","AFile.XML"), FileMode.Create))
    {
        serializer.Serialize(stream, cA);
        stream.Close();
        stream.Dispose();
    }
}

And I read it like this:
static ClassA Load()
{
    var serializer = new XmlSerializer(typeof(ClassA));
        using (FileStream stream = new FileStream(System.IO.Path.Combine("C:\\","AFile.XML"), FileMode.Open))
        {

            var container = serializer.Deserialize(stream) as ClassA;
            stream.Close();
            stream.Dispose();
            return container;
        }
}


The problem is, the XML file is - obviously - plain text and everyone can see and change its values. How can I encrypt the whole XML file so that people can't easily manipulate it? I would be glad if you help step by step.
Thanks.

What I have tried:

I tried this for encrypting, but it kept saying "Wrong Key length" and I didn't actually get it whether it encrypts whole XML file or just the values. Overall, it just did not work and kept saying the error.
string sKey = //I tried 128, 32 and 256 bytes of string, none worked;

 var serializer = new XmlSerializer(obj.GetType());
 var stream = new FileStream(path, FileMode.Create);

 DESCryptoServiceProvider DES = new DESCryptoServiceProvider();
 DES.Key = ASCIIEncoding.ASCII.GetBytes(sKey);
 DES.IV = ASCIIEncoding.ASCII.GetBytes(sKey);

 ICryptoTransform desencrypt = DES.CreateEncryptor();

 using(CryptoStream cStream = new CryptoStream(stream, desencrypt, CryptoStreamMode.Write)){
 serializer.Serialize(cStream, obj);
 }

 stream.Close ();

The sample code is in the link below, You can find the other part (reading, decrypting) there.
Encrypting an XML File : Unity3D[^]
Posted 12-Jan-18 22:16pm
Updated 13-Jan-18 10:00am
v5
Comments
phil.o 13-Jan-18 5:35am
   
Why not using a binary serializer in the first place instead of a XML serializer, if you do not want the content of the file being human-readable?
_D4N 13-Jan-18 7:52am
   
That is a good idea, Which source - video or website - do you think is the best to study that?
phil.o 13-Jan-18 11:56am
   
If security is your concern, then binary serialization could only provide a quick solution which would not resist the determination of someone willing to know the content of the file.
Though, if you want to have a look at it, you can use a System.Runtime.Serialization.Formatters.Binary.BinaryFormatter instead of your XmlSerializer: BinaryFormatter Class[^]. The linked page provides an example usage.
Kindly.
F-ES Sitecore 13-Jan-18 9:45am
   
Anyone could use a file viewer (such as Notepad) to see the binary file as text and the xml will be visible.
phil.o 13-Jan-18 11:58am
   
Not exactly, as the binary formatter does not store values as XML; but I agree with your point and warned OP about the false security level it seems to provide.
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 1

See Encrypting Data | Microsoft Docs[^]. However, if you are concerned about securing your data then XML is not the best storage choice.
  Permalink  
Rate this: bad
 
good
Please Sign up or sign in to vote.

Solution 2

Use LegalKeySizes to discover the legal size of your key

KeySizes[] sizes = DES.LegalKeySizes;

foreach (var s in sizes)
{
    Debug.WriteLine(s.MinSize + " - " + s.MaxSize);
}


For DES you'll see this is a min and max of 64, ie it has to be 64 bytes, and if you use ASCII characters to build your key then 64 bytes is 8 characters so the key has to be 8 characters in length. You also shouldn't use the same bytes for the key and the IV.
  Permalink  

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month


Advertise | Privacy |
Web02 | 2.8.180221.1 | Last Updated 13 Jan 2018
Copyright © CodeProject, 1999-2018
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100