Simple Encryption/Decryption

Introduction

The world of encryption/decryption is filled with lots of details and terminology that makes it difficult to understand. Some folks believe the complexity of the subject is deliberate... to help keep the world of encryption programming secret.

Like a lot of things in programming, there are quite a few choices for doing encryption and lots of ways to perform a simple encryption task... with no immediately obvious "right way". This fact is often blamed by users as the reason the subject of encryption is so difficult to understand.

Well, the article is gonna be different... we will not bother with the list of different encryption types and the history of each algorithm. Instead, we are going to show you how to perform a common encryption/decryption task in the simplest possible way.

String Encryption/Decryption Example

So, let's get started.... in this example, we will encrypt/decrypt a string using a common technique called Data Encryption Standard (DES) that requires a single password that is used for both encryption and decryption. That's an example of symmetrical encryption, but I promised not to go into too much detail... :)

The password used by this encryption technique is stored in two 8-byte arrays. The password can be any combination of characters. The password doesn't have to contain printable ASCII characters... you can use any valid hex values (&H0 to &HFF) for the password.

Note: In this case, the password is stored inside the program, so you won't have to remember it.

' The password is made up of a pair of arrays, each 8 bytes long
Private TheKey() As Byte = {&H1F, &H27, &HB3, &H24, &H50, &H06, &H7A, &H88}
Private Vector() As Byte = {&HF1, &H5E, &H33, &H30, &H2F, &H9A, &H99, &H81}

Next, let's look at the part of the program that takes an ordinary string and converts it into an encrypted string. This is done similar to an English to French "translator"... you push English into the translator, and you get French out.

'
' A simple DES string Encryption routine
'
Public Function Encrypt(ByVal message As String) As String
    Dim des As New DESCryptoServiceProvider
    Dim ms As New MemoryStream
    Dim in_buf(), out_buf() As Byte

    ' put the cleartext into the byte input buffer
    in_buf = Encoding.ASCII.GetBytes(message)

    Try
        ' create an DES Encryptor output stream
        Dim crStream As New CryptoStream(ms, des.CreateEncryptor(TheKey, Vector), 
         CryptoStreamMode.Write)
         
        ' push the cleartext into the "translator"
        crStream.Write(in_buf, 0, in_buf.Length)
        crStream.FlushFinalBlock()

        ' read the ciphertext out of the translator
        out_buf = ms.ToArray

        ms.Close()
        crStream.Close()
    Catch ex As System.Security.Cryptography.CryptographicException
        ' if encryption fails, just silently return an empty string
        Return ""
    End Try

    ' the result is binary, so we convert it to a "Base 64" string
    Return Convert.ToBase64String(out_buf)
End Function

Let's look at the steps evolved to encrypt a string in some additional detail...

• Convert the string into a byte array
• Create a "cryptographic" stream to perform the translation
• Send the "clear text" byte array into the translator
• Read the resulting "cipher text" byte array out of the translator
• Convert the resulting byte array into a Base64 string

Here is the second half of the example... to convert the encrypted text back into it's original text.

'
' A simple DES decryption routine
'
Public Function Decrypt(ByVal message As String) As String
    Dim des As New DESCryptoServiceProvider
    Dim ms As New MemoryStream
    Dim in_buf(), out_buf() As Byte

    Try
        ' put the "Base 64" ciphertext into the byte input buffer
        in_buf = Convert.FromBase64String(message)
    Catch ex As System.FormatException
        ' if the string isn't in the correct format, then just silently fail
        Return ""
    End Try

    Try
        ' Create an DES Decryptor output stream
        Dim crStream As New CryptoStream(ms, des.CreateDecryptor(TheKey, Vector),
         CryptoStreamMode.Write)

        ' push the ciphertext into the "translator" 
        crStream.Write(in_buf, 0, in_buf.Length)
        crStream.FlushFinalBlock()

        ' read the cleartext out of the translator
        out_buf = ms.ToArray

        ms.Close()
        crStream.Close()
    Catch ex As System.Security.Cryptography.CryptographicException
        ' if decryption fails, just silently return an empty string
        Return ""
    End Try

    ' the output is a byte array, so we must convert it into a string
    Return Encoding.ASCII.GetString(out_buf)
End Function

The steps are essentially the same as in the Encrypt function, except that this time we're using the CreateDecryptor() method.

Yes, there are quite a few more techniques and encryption routines that can be used, and a ton stuff you can read about encryption... but I hope this simple example will help you down that road.

Note: Storing passwords inside your application isn't totally secure. A reasonably resourceful hacker could "de-compile" your application and see the password.

Documentation Links

• Cryptography Overview
• DESCryptoServiceProvider

Downloads/Links

Download the VB.Net Source code examples used in this article: Encryption.zip
Read a related article on How To Encrypt Connection Strings