Encrypt / Decrypt data ? #73
Replies: 2 comments
-
Hi @FlorinParaschivescu. This isn't something that the library has built-in. I also don't plan on adding it as I don't want to take on the liability when it inevitably gets broken. If you want to do this yourself, I'd suggest writing some wrapper methods or extension methods that do the encryption before storing and decryption after retrieving. As a general bit of advice, if something is sensitive enough to require encryption, I'd store it Server-side. Anything client-side will never be secure. |
Beta Was this translation helpful? Give feedback.
-
Thank you! Well, for whoever needs it, I'll add here something that I used based on your suggestion. using Blazored.SessionStorage;
using Newtonsoft.Json;
using System.Security.Cryptography;
using System.Threading;
using System.Threading.Tasks;
public static class SessionStorageExtension
{
public static async ValueTask<string> GetEncryptedItemAsStringAsync(this ISessionStorageService sessionStorage, string key, CancellationToken cancellationToken = default)
{
string encryptedData = await sessionStorage.GetItemAsStringAsync(key, cancellationToken),
aesKey = AESEncryptionOperation.KEY,
decryptedResult = AESEncryptionOperation.DecryptString(aesKey, encryptedData);
return decryptedResult;
}
public static async ValueTask<T> GetEncryptedItemAsync<T>(this ISessionStorageService sessionStorage, string key, CancellationToken cancellationToken = default)
{
string decryptedResult = await GetEncryptedItemAsStringAsync(sessionStorage, key, cancellationToken);
return JsonConvert.DeserializeObject<T>(decryptedResult);
}
public static async ValueTask SetEncryptedItemAsStringAsync(this ISessionStorageService sessionStorage, string key, string data, CancellationToken cancellationToken = default)
{
string aesKey = AESEncryptionOperation.KEY,
encryptedData = AESEncryptionOperation.EncryptString(aesKey, data);
await sessionStorage.SetItemAsStringAsync(key, encryptedData, cancellationToken);
}
public static async ValueTask SetEncryptedItemAsync<T>(this ISessionStorageService sessionStorage, string key, T data, CancellationToken cancellationToken = default)
{
string aesKey = AESEncryptionOperation.KEY,
serializedData = JsonConvert.SerializeObject(data);
await sessionStorage.SetEncryptedItemAsStringAsync(key, serializedData, cancellationToken);
}
}
public static class AESEncryptionOperation
{
// 256 bit
public static readonly string KEY = "YOUR_KEY_HERE";
public static string EncryptString(string key, string plainText)
{
byte[] iv = new byte[16],
array;
using (Aes aes = Aes.Create())
{
aes.Key = Encoding.UTF8.GetBytes(key);
aes.IV = iv;
ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
using (MemoryStream memoryStream = new MemoryStream())
using (CryptoStream cryptoStream = new CryptoStream((Stream)memoryStream, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter streamWriter = new StreamWriter((Stream)cryptoStream))
{
streamWriter.Write(plainText);
}
array = memoryStream.ToArray();
}
}
return Convert.ToBase64String(array);
}
public static string DecryptString(string key, string cipherText)
{
byte[] iv = new byte[16],
buffer = Convert.FromBase64String(cipherText);
using (Aes aes = Aes.Create())
{
aes.Key = Encoding.UTF8.GetBytes(key);
aes.IV = iv;
ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
using (MemoryStream memoryStream = new MemoryStream(buffer))
using (CryptoStream cryptoStream = new CryptoStream((Stream)memoryStream, decryptor, CryptoStreamMode.Read))
using (StreamReader streamReader = new StreamReader((Stream)cryptoStream))
{
return streamReader.ReadToEnd();
}
}
}
} Cheers! |
Beta Was this translation helpful? Give feedback.
-
Hello,
Will this be possible ? as atm there is no way (or I don't know how to).
Thanks!
Beta Was this translation helpful? Give feedback.
All reactions