serialize class object that contain secret data - serialization with encryption

StackOverflow https://stackoverflow.com/questions/17332143

  •  01-06-2022
  •  | 
  •  

Question

I'm developing Add-In for office. In my application i need to store some data provided by the user.

Now these data 'll be shared among office programs(word, excel, power-point), So i need to store them in some file i can access from my application under any office program.

My question is how i can serialize my data objects(i got examples on that) but i want some data like passwords to be encrypted. I have tried to store the data objects into binary format but i still can read the data(just open it in notepad++).. Any ideas?

UPDATE

I don't need to know how to encrypt data, i want to serialize my data objects and in same time encrypt the important or secret data(serialization with encryption)

Was it helpful?

Solution

After realizing what you needed the following methods decorated with the correct attributes should work... you just need some custom code to run during and after serialization and then after deserialization...

// Save your password so you can reset it after the object has been serialized.
[NonSerialized()] 
private string SavedPassword;

// This saves the value of Password and Encrpts it so it will be stored Encrypted.
// I am leaving out the Encrypt code to make it cleaner here.
[OnSerializing()]
internal void OnSerializingMethod(StreamingContext context)
{
    SavedPassword = Password;
    Password = Encrypt(Password);
}

// reset the Password after serialization so you can continue to use your object.
[OnSerialized()]
internal void OnSerializedMethod(StreamingContext context)
{
    Password = SavedPassword;
}

// On deserialize you need to Decrypt your Password.
[OnDeserialized()]
internal void OnDeserializedMethod(StreamingContext context)
{
    Password = Decrypt(Password);
}

Explanation of the attributes and methods...

[NonSerialized()] - tells the serializer to not include this field / property in the serialized object.

[OnSerializing()] - tells the serializer to call this method before serializing the object. Our encryption code goes here because we want the encrypted value of the password to be serialized.

[OnSerialized()] - tells the serializer to call this method after the object has been serialized. We need to reset the password to it's unencrypted state here. (instead of saving the password unencrypted you could do a decrypt here just as easily)

[OnDeserialized()] - tells the serializer to call this method after the object has been deserialized. This is where our decrypt goes because the object isn't ready to be used until we decrypt the password.

With these attributes and methods in place the Password property will automatically be encrypted during serialization and decrypted during deserialization.

OTHER TIPS

A: if you want to be lazy, just GZip it - it compresses the data to make it so you can only read it by first un-GZiping it.

B: Encrypt the data. This requires you have a password to read it. This is also harder to implement.

Feel free to ask for clarification on how to use either of these options.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top