Custom Encryption And Decryption

Lotusamaze-Custom encryption and decryptionIn ASP.NET there is a general requirement passing the values in query string parameter from one page to another page but query string parameter is passed in plain text and can be read and changed easily. So from the security point of view query string parameter has to be in encrypted form. In this post “Custom encryption and decryption” I will explain how to encrypt and decrypt using custom technique. Using Custom encryption and decryption you can create a string URL  in GUID format. Custom encryption and decryption technique is also helpful for encryption and decryption of vital information.

Topics Covered in post “Custom encryption and decryption”

1. What is AES Symmetric Key

2. Valid characters in query string

3. Custom encryption and decryption

There are so many solutions for encrypting the query string parameters using AES Symmetric Key or Cryptography properties.

In this post I will explain with examples how to encrypt and decrypt parameters in URL, data, password, files  or other vital  informations using custom encryption and decryption technique.

Valid characters in query string

In my study following characters are valid for query string parameters.

  • a-z(All lower Case)
  • A-Z(All Upper Case)
  • 0-9 ( Numbers)
  • – (Hyphen)
  • _(UnderScore)
  • . (Dot)
  • ~(Tilde)

Any other special character should be avoided if used then it has to be percent encoded.  So following above rule I have not taken any special character for my custom encryption and decryption functions.

Step 1-Custom encryption and decryption

First Create a class and define properties according to your requirement. In my case it is ObjectParam.

public class ObjectParam
{
public string EmployeeID { get; set;}
public string FirstName { get; set; }
public string LastName { get; set; }
public string PhoneNo { get; set; }
public string DOB { get; set; }
}

Step 2-Custom encryption and decryption

Create a Utilities class and declare two array for encryption and decryption values. In my case it is string[] CustomDecryptArray and string[] CustomEncryptArray. CustomDecryptArray’s elements are having correspoding values in CustomEncryptArray.

Example.
  • a->Zb
  • b->Zs
  • c->Bq

So if you encrypt abc then result would be “ZbZs-Bq” but  this just concept clarification. For more clarification please example below.

public class Utilities
{

public char seprator = ‘~’;
string[] CustomDecryptArray = { “a”, “b”, “c”, “d”, “e”, “f”, “g”, “h”, “i”, “j”, “k”, “l”, “m”, “n”, “o”,   “p”, “q”, “r”, “s”, “t”, “u”, “v”, “w”, “x”, “y”, “z”,”A”, “B”, “C”, “D”, “E”, “F”, “G”, “H”, “I”, “J”, “K”,”L”,   “M”, “N”, “O”, “P”, “Q”, “R”, “S”, “T”, “U”, “V”, “W”, “X”, “Y”, “Z”,”0″,”1″,”2″,”3″,”4″,”5″,”6″,”7″,”8″,”9″,” “,”-“,”_”,”/”,”~”};

string[] CustomEncryptArray = { “Zb”, “Zs”, “Bq”, “Cy”, “Dg”, “Eh”, “Fa”, “Gk”, “Ha”, “Ip”, “Ja”, “Kn”, “lj”, “Mf”, “Na”, “Of”, “Pk”, “Qk”, “Rk”, “So”, “Ts”, “Uc”, “Vj”, “Wo”, “Xy”, “Zz” ,”1m”, “2v”, “3o”, “4k”, “5w”, “6y”, “7z”, “8x”, “9n”, “p1”, “a2”, “n3”, “j4”, “f5”, “a6”, “f7”, “k9”, “k0”, “kk”, “sq”, “sr”, “uy”, “xa”, “xh”, “yk”, “nq”,”ga”, “qw”, “er”, “ty”, “ui”, “op”, “as”, “df”, “gh”, “ij”,”9q”,”9w”,”78″,”oq”,”lz”};

public string CustomEncryption(ObjectParam objectParam)
{

string returnEncryptString = “”; string encryptString = “”; encryptString += objectParam.EmployeeID + seprator; //Index 0 encryptString += objectParam.FirstName + seprator;// Index 1 encryptString += objectParam.LastName + seprator;// Index 2 encryptString += objectParam.PhoneNo + seprator;//Index 3 encryptString += objectParam.DOB + seprator;//Index 4 char[] charArray = encryptString.ToCharArray(); foreach (char chr in charArray) {   returnEncryptString += CustomEncryptArray[Array.IndexOf(CustomDecryptArray, chr.ToString())]; }
}
try //Formatting encrypted string like GUID
{
returnEncryptString = returnEncryptString.Insert(4, “-“);
returnEncryptString = returnEncryptString.Insert(12, “-“);
returnEncryptString = returnEncryptString.Insert(24, “-“);
returnEncryptString = returnEncryptString.Insert(48, “-“);
}
finally
{}

return returnEncryptString;
}//End of Function

public ObjectParam CustomDecryption(string encryptString)
{
string decryptString = “”;
encryptString = encryptString.Replace(“-“, “”);
ObjectParam objectParam = new ObjectParam();
for (int count = 0; count < encryptString.Length; count += 2)
{
string twoChar = encryptString.Substring(count, 2);
decryptString += CustomDecryptArray[Array.IndexOf(CustomEncryptArray, twoChar)];
}
objectParam.EmployeeID = decryptString.Split(seprator)[0];
objectParam.FirstName = decryptString.Split(seprator)[1];
objectParam.LastName = decryptString.Split(seprator)[2];
objectParam.PhoneNo = decryptString.Split(seprator)[3];
objectParam.DOB = decryptString.Split(seprator)[4];
return objectParam;
}//End of Function

}//End of Class

Encrypting query string parameters using  custom encryption and decryption

ObjectParam objectParam = new ObjectParam();
Utilities utilities = new Utilities();
objectParam.EmployeeID = “11212”;
objectParam.FirstName = “Johon”;
objectParam.LastName = “Ibrahim”;
objectParam.PhoneNo = “087659876”;
objectParam.DOB = “11/12/1988”;

//assign the values in fields of ObjectParam and pass it into CustomEncryption
string encryptString = utilities.CustomEncryption(objectParam);

//Result Encrypted Stringqwqw-erqwerl-zp1NaGkNaMf-lz9nZsQkZbGkHaljlzgaghd-fasopijghdfaslzqwqwoqqweroqqwijghghlz

You can use this in url like

http://lotusamaze.com?EmpInfo=qwqw-erqwerl-zp1NaGkNaMf-lz9nZsQkZbGkHaljlzgaghd-fasopijghdfaslzqwqwoqqweroqqwijghghlz

In ASP.Net Page extract query string and decrypt using  CustomDecryption function which will return object with origial values.

//Pass encrypted value and CustomDecryption function returns object with original values.

ASP.NET Page

string empInfo=Request.QueryString[“EmpInfo”];
ObjectParam objectParam2 = utilities.CustomDecryption(empInfo);

Now access the values from objectParam2.

 

See Also: C# Interview Questions And Answers

 

 

About: Avinash