What's the best method of Encryption whilst using ProtoBuf?
https://stackoverflow.com/questions/881734
-
22-08-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I've migrated my database on my mobile device away from VistaDB because it's just too slow. I'm now using ProtoBuf instead to create a series of flat files on a Storage Card, the only issue is there's obviously no encryption.
Which encryption method works best with ProtoBuf? I'm basically serializing a collection of data entities to a file, then deserializing from the File back into my collections. I figure the best place to put the encryption would be in the FileStream on the read/write.
The data will contain NI numbers, names and addresses, so this has to be secure. Any idea anyone?
Solution
I think you're on the right track. You should just be able to do something like:
ICryptoTransform encryptor = ...
Stream encStream = new CryptoStream(outputFileStream, encryptor, CryptoStreamMode.Write);
Serializer.Serialize(encStream, obj);
encStream.FlushFinalBlock()
encStream.Close();
ICryptoTransform decryptor = ...
Stream decStream = new CryptoStream(inputputFileStream, decryptor, CryptoStreamMode.Read);
Serializer.Deserialize<Type>(decStream);
decStream.FlushFinalBlock()
decStream.Close();
For the basics of .NET's encryption framework (including how to get the ICryptoTransform objects, see other questions like What’s the best way to encrypt short strings in .NET?.
OTHER TIPS
Another option is to actually encrypt the entire folder where the data is stored by installing a system-wide file system filter. The advantages here are that:
- Your app code is agnostic to the encryption and the encryption will be done in native code.
- Since the encryption is done in native code, it's going to be faster
- Since the encryption is not inside managed code, it's a lot harder to reverse engineer and figure out your keys, salts, etc.
Of course the disadvantage (for those who don't write C anyway) is that you can't write it in C#.
