Encrypt XML so that people can't look at its data

Question

0.00/5 (No votes)

See more:

Hello, I created a class called "ClassA" and I write its content to hard drive as an XML file like this:

C#

static void Write(ClassA cA)
{
    var serializer = new XmlSerializer(typeof(ClassA));

    using (var stream = new FileStream(System.IO.Path.Combine("C:\\","AFile.XML"), FileMode.Create))
    {
        serializer.Serialize(stream, cA);
        stream.Close();
        stream.Dispose();
    }
}

And I read it like this:

C#

static ClassA Load()
{
    var serializer = new XmlSerializer(typeof(ClassA));
        using (FileStream stream = new FileStream(System.IO.Path.Combine("C:\\","AFile.XML"), FileMode.Open))
        {

            var container = serializer.Deserialize(stream) as ClassA;
            stream.Close();
            stream.Dispose();
            return container;
        }
}

The problem is, the XML file is - obviously - plain text and everyone can see and change its values. How can I encrypt the whole XML file so that people can't easily manipulate it? I would be glad if you help step by step.
Thanks.

What I have tried:

I tried this for encrypting, but it kept saying "Wrong Key length" and I didn't actually get it whether it encrypts whole XML file or just the values. Overall, it just did not work and kept saying the error.

C#

string sKey = //I tried 128, 32 and 256 bytes of string, none worked;

 var serializer = new XmlSerializer(obj.GetType());
 var stream = new FileStream(path, FileMode.Create);

 DESCryptoServiceProvider DES = new DESCryptoServiceProvider();
 DES.Key = ASCIIEncoding.ASCII.GetBytes(sKey);
 DES.IV = ASCIIEncoding.ASCII.GetBytes(sKey);

 ICryptoTransform desencrypt = DES.CreateEncryptor();

 using(CryptoStream cStream = new CryptoStream(stream, desencrypt, CryptoStreamMode.Write)){
 serializer.Serialize(cStream, obj);
 }

 stream.Close ();

The sample code is in the link below, You can find the other part (reading, decrypting) there.
Encrypting an XML File : Unity3D[^]

Posted 12-Jan-18 21:16pm

_D4N

Updated 13-Jan-18 9:00am

v5

Add a Solution

Comments

phil.o 13-Jan-18 5:35am

Why not using a binary serializer in the first place instead of a XML serializer, if you do not want the content of the file being human-readable?

_D4N 13-Jan-18 7:52am

That is a good idea, Which source - video or website - do you think is the best to study that?

phil.o 13-Jan-18 11:56am

If security is your concern, then binary serialization could only provide a quick solution which would not resist the determination of someone willing to know the content of the file.
Though, if you want to have a look at it, you can use a System.Runtime.Serialization.Formatters.Binary.BinaryFormatter instead of your XmlSerializer: BinaryFormatter Class[^]. The linked page provides an example usage.
Kindly.

F-ES Sitecore 13-Jan-18 9:45am

Anyone could use a file viewer (such as Notepad) to see the binary file as text and the xml will be visible.

phil.o 13-Jan-18 11:58am

Not exactly, as the binary formatter does not store values as XML; but I agree with your point and warned OP about the false security level it seems to provide.

2 solutions

Solution 1

See Encrypting Data | Microsoft Docs[^]. However, if you are concerned about securing your data then XML is not the best storage choice.

Posted 12-Jan-18 22:41pm

Richard MacCutchan

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2018-01-13T03:38:00

Use LegalKeySizes to discover the legal size of your key

KeySizes[] sizes = DES.LegalKeySizes;

foreach (var s in sizes)
{
    Debug.WriteLine(s.MinSize + " - " + s.MaxSize);
}

For DES you'll see this is a min and max of 64, ie it has to be 64 bytes, and if you use ASCII characters to build your key then 64 bytes is 8 characters so the key has to be 8 characters in length. You also shouldn't use the same bytes for the key and the IV.