Click or drag to resize

AesCipher Class

Implements a convienent wrapper over AesManaged that handles the encryption and decryption of data using the AES algorthim using many security best practices.
Inheritance Hierarchy
SystemObject
  Neon.CryptographyAesCipher

Namespace:  Neon.Cryptography
Assembly:  Neon.Cryptography (in Neon.Cryptography.dll) Version: 2.1.0
Syntax
public sealed class AesCipher : IDisposable

The AesCipher type exposes the following members.

Constructors
  NameDescription
Public methodAesCipher(Int32, Int32)
Constructs an AES cypher using a randomly generated encyption key.
Public methodAesCipher(String, Int32)
Constructs an AES cypher using a specific encryption key.
Top
Properties
  NameDescription
Public propertyIV
Returns the encyption initialization vector encoded as base-64.
Public propertyKey
Returns the encyption key encoded as base-64.
Top
Methods
  NameDescription
Public methodDecryptBytesFrom(Byte)
Decrypts the encrypted base-64 text passed returning the result as a byte array.
Public methodDecryptBytesFrom(String)
Decrypts the encrypted base-64 text passed returning the result as a byte array.
Public methodDecryptStream
Decrypts one stream to another.
Public methodDecryptStringFrom(Byte)
Decrypts the encrypted bytes passed returning the result as a string.
Public methodDecryptStringFrom(String)
Decrypts the encrypted base-64 text passed returning the result as a string.
Public methodDispose
Performs application-defined tasks associated with freeing, releasing, or resetting unmanaged resources.
Public methodEncryptStream
Encrypts one stream to another.
Public methodEncryptToBase64(Byte)
Encrypts the bytes passed returning the result encoded as base-64.
Public methodEncryptToBase64(String)
Encrypts the text passed returning the result encoded as base-64.
Public methodEncryptToBytes(Byte)
Encrypts the text passed returning the result encoded as a byte array.
Public methodEncryptToBytes(String)
Encrypts the text passed returning the result encoded as a byte array.
Public methodEquals
Determines whether the specified object is equal to the current object.
(Inherited from Object.)
Public methodStatic memberGenerateKey
Generates a random encryption key with the specified size in bits.
Public methodGetHashCode
Serves as the default hash function.
(Inherited from Object.)
Public methodGetType
Gets the Type of the current instance.
(Inherited from Object.)
Public methodToString
Returns a string that represents the current object.
(Inherited from Object.)
Top
Fields
  NameDescription
Public fieldStatic memberMagic
The 32-bit magic number that will be written in plaintext to the beginning of the encrypted output to be used to verify that encrypted buffers will generated by this class.
Top
Remarks

This class uses the BinaryWriter to generate the encrypted output and BinaryReader to read it.

The data is formatted with an unencrypted header that specifies the initialization vector (IV), as well as the HMAC512 that will be used to validate the encrypted data. The encrypted data includes variable length psuedo random padding followed by the encrypted user data.

 Header (plaintext)
+------------------+
|    0x3BBAA035    |    32-bit magic number (for verification)
+------------------+
|     IV Size      |    16-bits
+------------------+
|                  |
|     IV Bytes     |    IV Size bytes
|                  |
+------------------+
|    HMAC Size     |    16-bits
+------------------+
|                  |
|    HMAC Bytes    |    HMAC Size bytes
|                  |
+-------------------

  AES256 Encrypted:
+------------------+
|   Padding Size   |    16-bits
+------------------+
|                  |
|   Padding Bytes  |    Padding Size bytes
|                  |
+------------------+
|                  |
|                  |
|                  |
|    User Data     |
|                  |
|                  |
|                  |
+------------------+
Note Note
Note that this encodes multi-byte integers using little endian byte ordering via BinaryWriter and BinaryReader.

This class automatically generates a new initialization vector for every encyption operation. This ensures that every encryption operation will generate different ciphertext even when the key and data haven't changed to enhance security.

The class is designed to be easier to use than the .NET Core AesManaged base implementation.

To encrypt data:

  1. Generate an encryption key via GenerateKey(Int32) and create an instance via AesCipher(String, Int32) passing the key, or just call AesCipher(Int32, Int32) to create with a generated key of the specified size.
  2. You can always obtain the key via the Key property.
  3. Call one of EncryptToBase64(Byte), EncryptToBase64(Byte), EncryptToBytes(String), or EncryptToBytes(Byte) to perform the encryption with varying input and output formats.

To decrypt data:

  1. Use AesCipher(String, Int32) to construct and instance using the key originally used to encrypt the data.
  2. Call one of DecryptBytesFrom(Byte), DecryptBytesFrom(String), DecryptStringFrom(Byte), or DecryptStringFrom(Byte). to decrypt data.
Thread Safety
Instance members of this type are not safe for multi-threaded operations.
See Also