Apr 08, 2016

Protection of confidential data is a very important requirement in many business applications. In a previous blog we have seen the fundamentals of symmetric cryptography with a step-by-step code walkthrough showing you how to encrypt a piece of data using the .NET framework. Today I will continue with our journey in cryptography and show you how you decrypt the data.

We are using a symmetric algorithm known as AES (Advanced Encryption Standard). Please review the previous blog post for more information on AES.

So you need to transmit confidential data and you have first encrypted it as we have seen in the previous blog. Now we will focus on the code you need to develop a receiver application that gets the encrypted data as input and using the symmetric key and initialisation vector shared with the sender application recovers the original data.

The first step is to add a reference to the Cryptography namespace

using System.Security.Cryptography;

Now lets assume our receiver application has access to the Secret Key and the Initialisation Vector (IV) that were generated by the sender application. The variables holding this important piece of information and declared as:

byte[] key;
byte[] iv;

We also have an array of bytes containing the text that was encrypted by the sender:

byte[] encryptedMessage;

We need an instance of AesManaged

AesManaged algorithm = new AesManaged();

Using algorithm, key and iv we can create the decryptor as you see below:

ICryptoTransform decryptor =
algorithm.CreateDecryptor(key, iv);

To use the decryptor we need a CryptoStream together with any other stream where we can write the decrypted bytes as for example a MemoryStream. The next code snippet shows these steps:

MemoryStream bufferStream = new MemoryStream();
CryptoStream cryptoStream = new
CryptoStream( bufferStream, decryptor, CryptoStreamMode.Write);

Finally we can call the Write method of the CryptoStream and complete the decryption process

cryptoStream.Write(encryptedMessage, 0,
encryptedMessage.Length);
cryptoStream.FlushFinalBlock();
cryptoStream.Close();

In the snippet above the variable encryptedMessage is the array of bytes with the confidential data we received from the sender.

Note that the cryptoStream is using the MemoryStream instance bufferStream, so after we call the Write method the result to be collected comes from the bufferStream which we could for example use to pass the decrypted stream to another process or simply show it in a text box to the user.

string decryptedText =
Encoding.Default.GetString(bufferStream.ToArray());
messageText.Text = decryptedText;