How Do I...? Common Tasks QuickStart Tutorial

Cryptography

Encrypt and decrypt a file

Generate and compare a hash value

Back to Common Tasks Home

How Do I...Encrypt and Decrypt a file?

The CryptoStream class in the System.Security.Cryptography namespace is used to easily define cryptographic transforms on any data stream. The constructor is defined as the following: CryptoStream (Stream argument, ICryptoTransform transform, CryptoStreamMode mode).

Stream argument - Defines the stream on which the cryptographic transform is to be performed. Any stream that derives from System.IO.Stream can be plugged in here. For example, pass in an instance of System.IO.FileStream to perform a cryptographic transform on a file. Because CryptoStream derives from Stream, it is possible to use CryptoStream to define cryptographic transforms on other cryptographic streams. This makes it possible to chain objects that implement CryptoStream together, for example encrypting a file and computing the hash for the encryption in a single operation.

ICrypto Transformtransform - Defines the cryptographic transform that is to be performed on the stream. Because every class that derives from HashAlgorithm implements the ICryptoTransform interface, an instance of a hash algorithm can be passed in here to take the hash of a stream. All symmetric encryption or decryption algorithms that derive from the SymmetricAlgorithm class have CreateEncryptor() and CreateDecryptor() functions that return an instance of an ICryptoTransform implementation. To define a TripleDES encryption on a given stream, call the CreateEncryptor() function on an instance of a TripleDES implementation and pass the result into the CryptoStream constructor. Generally, any class that implements ICryptoTransform can be passed into the CryptoStream constructor.

CryptoStreamMode mode - Defines whether you are reading from or writing to the stream. To write to a CryptoStream you must pass CryptoStreamMode.Write into the CryptoStream constructor. To read from the stream, CryptoStreamMode.Read must be passed into the constructor.

The CryptoStream class contains the standard stream member functions to either read a byte array from the stream or write a byte array to the stream. The CryptoStream class handles the buffering internally when reading from or writing to the stream. Application code needs only to provide the byte buffer and call the appropriate read or write method on the stream.

The following sample code shows the creation of a CryptoStream to encrypt a file using the DES algorithm. First, the FileStream that will contain the encrypted file is created. Then, an instance of a DES implementation is created. If an instance of a symmetric or asymmetric algorithm is created without explicit constructor arguments, a random key (or public or private key pair) is generated and default properties are set that cover most encryption or decryption scenarios. A DES encryptor object is created on the DES instance. Next, a CryptoStream is created by passing the FileStream instance and the DES encryptor into the CryptoStream constructor; the stream is set to write mode. Finally, we write a byte array of plain text to the stream and close the stream. The result is a file named "EncryptedFile.txt" which contains the DES encryption of bytearrayinput.

		
FileStream fs  = new FileStream("EncryptedFile.txt",FileMode.Create,FileAccess.Write);
DESCryptoServiceProvider des = new DESCryptoServiceProvider();
ICryptoTransform desencrypt = des.CreateEncryptor();
CryptoStream cryptostream = new CryptoStream(fs,desencrypt,CryptoStreamMode.Write);
cryptostream.Write(bytearrayinput,0,bytearrayinput.Length);
cryptostream.Close();

Example

VB fileencrypt.exe

[This sample can be found at e:\web\quickstart\QuickStart\howto\samples\cryptography\fileencrypt\]