AesCipher Class

Implements a convienent wrapper over AesManaged that handles the encryption and decryption of data using the AES algorthim using many security best practices.

Inheritance Hierarchy

SystemObject
Neon.CryptographyAesCipher

Namespace: Neon.Cryptography
Assembly: Neon.Cryptography (in Neon.Cryptography.dll) Version: 2.14.0

Syntax

C++

Copy

public sealed class AesCipher : IDisposable

Public NotInheritable Class AesCipher
	Implements IDisposable

public ref class AesCipher sealed : IDisposable

[<SealedAttribute>]
type AesCipher =  
    class
        interface IDisposable
    end

The AesCipher type exposes the following members.

Constructors

	Name	Description
	AesCipher(Int32, Int32)	Constructs an AES cypher using a randomly generated encyption key.
	AesCipher(String, Int32)	Constructs an AES cypher using a specific encryption key.

Top

Properties

	Name	Description
	IV	Returns the encyption initialization vector encoded as base-64.
	Key	Returns the encyption key encoded as base-64.

Top

Methods

	Name	Description
	DecryptBytesFrom(Byte)	Decrypts the encrypted base-64 text passed returning the result as a byte array.
	DecryptBytesFrom(String)	Decrypts the encrypted base-64 text passed returning the result as a byte array.
	DecryptStream	Decrypts one stream to another.
	DecryptStringFrom(Byte)	Decrypts the encrypted bytes passed returning the result as a string.
	DecryptStringFrom(String)	Decrypts the encrypted base-64 text passed returning the result as a string.
	Dispose	Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
	EncryptStream	Encrypts one stream to another.
	EncryptToBase64(Byte)	Encrypts the bytes passed returning the result encoded as base-64.
	EncryptToBase64(String)	Encrypts the text passed returning the result encoded as base-64.
	EncryptToBytes(Byte)	Encrypts the text passed returning the result encoded as a byte array.
	EncryptToBytes(String)	Encrypts the text passed returning the result encoded as a byte array.
	Equals	Determines whether the specified object is equal to the current object. (Inherited from Object.)
	GenerateKey	Generates a random encryption key with the specified size in bits.
	GetHashCode	Serves as the default hash function. (Inherited from Object.)
	GetType	Gets the Type of the current instance. (Inherited from Object.)
	ToString	Returns a string that represents the current object. (Inherited from Object.)

Top

Fields

	Name	Description
	Magic	The 32-bit magic number that will be written in plaintext to the beginning of the encrypted output to be used to verify that encrypted buffers will generated by this class.

Top

Remarks

This class uses the BinaryWriter to generate the encrypted output and BinaryReader to read it.

The data is formatted with an unencrypted header that specifies the initialization vector (IV), as well as the HMAC512 that will be used to validate the encrypted data. The encrypted data includes variable length psuedo random padding followed by the encrypted user data.

Copy

 Header (plaintext)
+------------------+
|    0x3BBAA035    |    32-bit magic number (for verification)
+------------------+
|     IV Size      |    16-bits
+------------------+
|                  |
|     IV Bytes     |    IV Size bytes
|                  |
+------------------+
|    HMAC Size     |    16-bits
+------------------+
|                  |
|    HMAC Bytes    |    HMAC Size bytes
|                  |
+-------------------

  AES256 Encrypted:
+------------------+
|   Padding Size   |    16-bits
+------------------+
|                  |
|   Padding Bytes  |    Padding Size bytes
|                  |
+------------------+
|                  |
|                  |
|                  |
|    User Data     |
|                  |
|                  |
|                  |
+------------------+

Note
Note that this encodes multi-byte integers using little endian byte ordering via BinaryWriter and BinaryReader.

This class automatically generates a new initialization vector for every encyption operation. This ensures that every encryption operation will generate different ciphertext even when the key and data haven't changed to enhance security.

The class is designed to be easier to use than the .NET Core AesManaged base implementation.

To encrypt data:

Generate an encryption key via GenerateKey(Int32) and create an instance via AesCipher(String, Int32) passing the key, or just call AesCipher(Int32, Int32) to create with a generated key of the specified size.
You can always obtain the key via the Key property.
Call one of EncryptToBase64(Byte), EncryptToBase64(Byte), EncryptToBytes(String), or EncryptToBytes(Byte) to perform the encryption with varying input and output formats.

To decrypt data:

Use AesCipher(String, Int32) to construct and instance using the key originally used to encrypt the data.
Call one of DecryptBytesFrom(Byte), DecryptBytesFrom(String), DecryptStringFrom(Byte), or DecryptStringFrom(Byte). to decrypt data.

Thread Safety

Instance members of this type are not safe for multi-threaded operations.

Reference

Neon.Cryptography Namespace