A set of ciphers suitable for encryption, hashing and signing data at rest.

The Ciphers project helps in addressing a common requirement for achieving confidentiality, integrity and source authentication of data at rest, e.g. PII (Personally Identifiable Information) fields.

I was really disappointed when the Enterprise Library lost the security application block and all the encryption/decryption routines. Since I had to encrypt a bunch of PII fields in my current project and I didn't want to go a version back with Enterprise Library, I did what every developer out there would do - wrote a reusable library.

These are the general requirements I had in mind:
  1. The library should use industry strong cryptographic algorithms for encryption, hashing and signing.
  2. It should include ciphers for protecting plain documents (opaque sequences of bytes - arrays and streams) as well as XML documents.
  3. It should be very easy to integrate the library with a Dependency Injection container, i.e. abstract the behaviors with simple interfaces.
  4. It should leverage the Common Service Locator for resolving externally provided classes which may change the default behaviors for locating, storage and retrieval of the encrypted symmetric keys.
  5. It should be very easy to use and configure. Possibly no configuration at all.
  6. Besides the .NET framework and the Common Service Locator, the library should not have any other dependencies.
So here it is. I hope it may help someone else in their data protection tasks.

The cyphers are abstracted by two simple interfaces: ICipher and IHasher which makes them very easy to integrate through dependency injection containers. For XML documents there are two similar interfaces: IXmlCipher and IXmlSigner.

Each of the cipher implementation classes leverages the encryption algorithms provided in the .NET framework namespaces System.Security.Cryptography and System.Security.Cryptography.Xml.

The ICipher interface contains three pairs of Encrypt/Decrypt methods. A pair that works on arrays of bytes, another - on Stream-s, and a third that is asynchronous version of the latter. For example you can find there the following methods:
  • byte[] Encrypt(byte[] data);
  • byte[] Decrypt(byte[] encryptedData);
When you invoke the Encrypt method on the parameter data it produces encryptedData and Decrypt is the inverse operation. The encryptedData is actually a "crypto-package" - a structure which besides the encrypted text, contains some information needed for proper decryption, e.g. the length and the encrypted symmetric key, or the length and the contents of the initialization vector, or the length and the text of the signature, the hash salt, etc. The structure of each crypto-package is documented in the XML documentation comments of each cypher.

Similarly the IHasher has several methods, for example:
  • byte[] Hash(byte[] data);
  • bool TryVerifyHash(byte[] data, byte[] hash);
The solution consists of five projects: the main project Ciphers, a unit-test project Tests, two command line utility projects ProtectedKey and EncryptedKey for managing the encrypted keys, and a sample project CiphersSample that demonstrates the basic usages of the ciphers.

Each programming element is well documented with XML documentation comment. Also the project contains a Word document - Ciphers.docx, which describes the library in more details.

Please note: the project has moved to GitHub: https://github.com/vmelamed/vm/tree/master/Aspects/Security/Cryptography/Ciphers.

Last edited May 25, 2016 at 12:03 AM by VMelamed, version 13