EasyCrypto

Primary goal of this library is to enable users with little or no cryptography knowledge to encrypt and decrypt data in an easy and safe manner as well work with passwords and random values.

EasyCrypto is .NET 6, 7, 8+ library that helps with

• Encryption and decryption of streams, byte arrays, strings and files
• Password generating, hashing and validating
• Generating crypto secure random bytes, integers and doubles
• Generating crypto secure random string tokens and string identifiers

For .NETStandard 1.6 implementation use version 5.0.

Implementation details:

• For symmetric encryption AES265 is used, IVs are 128 bits large and every result of the encryption is embedded with KCV (just first three bytes) and MAC. MAC is calculated using HMACSHA384.
• CryptoRandom and PasswordGenerator is using RNGCryptoServiceProvider
• Hashing of password is done with Rfc2898DeriveBytes with default hash and salt size of 256 bits and 25K iterations (by default).
• Asymmetric (public key) encryption is using RSA with 2048 bits keys (by default).

---

Version 5.0 is the last release which supports old .NET Framework 4.8 and will receive only critical fixes. Starting from version 6 EasyCrypto will be built using officially supported releases of .NET (at the moment .NET 6 and .NET 7).

---

For changes see history.

Install from nuget

nuget.org link

Install-Package EasyCrypto

Docs

Table of contents:

• EasyCrypto
  • Install from nuget
  • Docs
    • Static class AesEncryption
    • Static class AesFileEncryption
    • Static class AesEncryptionAdditionalData
    • Class CryptoRandom : IDisposable
    • Class ThreadSafeRandom
    • Class PasswordGenerator : IDisposable
    • PasswordHasherAndValidator
    • Class PasswordHasher
    • Class TokenGenerator
    • Class IdGenerator
    • Static Class RsaEncryption
    • Class QuickEncryption

---

Static class AesEncryption

AesEncryption class can work with streams, byte arrays and strings.

Available methods:

static void Encrypt(Stream dataToEncrypt, byte[] key, byte[] iv, Stream destination)
static void Decrypt(Stream dataToDecrypt, byte[] key, byte[] iv, Stream destination)

static byte[] Decrypt(byte[] dataToDecrypt, byte[] key, byte[] iv) 
static byte[] Encrypt(byte[] dataToEncrypt, byte[] key, byte[] iv)


// following methods are generating random IV and embedding it into the encrypted data
// so encrypted data can be decrypted with just the key

static void EncryptAndEmbedIv(Stream dataToEncrypt, byte[] key, Stream destination)
static void DecryptWithEmbeddedIv(Stream dataToDecrypt, byte[] key, Stream destination)

static byte[] EncryptAndEmbedIv(byte[] dataToEncrypt, byte[] key)
static byte[] DecryptWithEmbeddedIv(byte[] dataToDecrypt, byte[] key) 


// following methods are generating random salt and random IV
// calculating hash from the password
// then generated salt and hash are embeded into the encrypted data
// so data can be decrypted using just the password

static void EncryptWithPassword(Stream dataToEncrypt, string password, Stream destination)
static void DecryptWithPassword(Stream dataToDecrypt, string password, Stream destination)

static byte[] EncryptWithPassword(byte[] dataToEncrypt, string password)
static byte[] DecryptWithPassword(byte[] dataToDecrypt, string password)

static string EncryptWithPassword(string dataToEncrypt, string password)
static string DecryptWithPassword(string dataToDecrypt, string password)


// validation methods (from v1.1.0, used to verify key/password and data integrity):

static ValidationResult ValidateEncryptedData(byte[] encryptedData, byte[] key, byte[] iv)
static ValidationResult ValidateEncryptedData(Stream encryptedData, byte[] key, byte[] iv)

static ValidationResult ValidateEncryptedDataWithEmbeddedIv(byte[] encryptedData, byte[] key)
static ValidationResult ValidateEncryptedDataWithEmbeddedIv(Stream encryptedData, byte[] key)

static ValidationResult ValidateEncryptedDataWithPassword(string encryptedData, string password)
static ValidationResult ValidateEncryptedDataWithPassword(byte[] encryptedData, string password)
static ValidationResult ValidateEncryptedDataWithPassword(Stream encryptedData, string password)

---

Static class AesFileEncryption

From v3.2 we have API for file encryption in order to avoid out of memory exceptions

// methods for encryption of files
void Encrypt(string sourceFilePath, string destinationFilePath, byte[] key, byte[] iv, bool overwriteExistingFile)
async Task EncryptAsync(string sourceFilePath, string destinationFilePath, byte[] key, byte[] iv, bool overwriteExistingFile)
void EncryptWithPassword(string sourceFilePath, string destinationFilePath, string password, bool overwriteExistingFile)
async Task EncryptWithPasswordAsync(string sourceFilePath, string destinationFilePath, string password, bool overwriteExistingFile)

// methods for decryption of files
void Decrypt(string sourceFilePath, string destinationFilePath, byte[] key, byte[] iv, bool overwriteExistingFile)
async Task DecryptAsync(string sourceFilePath, string destinationFilePath, byte[] key, byte[] iv, bool overwriteExistingFile)
void DecryptWithPassword(string sourceFilePath, string destinationFilePath, string password, bool overwriteExistingFile)
async Task DecryptWithPasswordAsync(string sourceFilePath, string destinationFilePath, string password, bool overwriteExistingFile)

---

Static class AesEncryptionAdditionalData

From v2 this class can be used for adding additional data to encrypted package. Added additional data is encrypted with hard-coded key and IV, so it's not realy secure. It can be used for embedding password hint into the package or any other data that can fit into Dictionary<string, string>. Note that additional data is Dictionary<string, string> and entries where key or value is null or empty will be ignored. This might be a chance for improvement. Also note that encrypted data with embedded additional data can be normally decrypted as encrypted data without embedded additional data. Here are available methods:

// methods for adding additional data
static string AddAdditionalData(string encryptedData, Dictionary<string, string> additionalData)
static byte[] AddAdditionalData(byte[] encryptedData, Dictionary<string, string> additionalData)
static void AddAdditionalData(Stream encryptedData, Dictionary<string, string> additionalData, Stream destination)

// methods for reading additional data
static Dictionary<string, string> ReadAdditionalData(string encryptedData)
static Dictionary<string, string> ReadAdditionalData(byte[] encryptedData) 
static Dictionary<string, string> ReadAdditionalData(Stream encryptedData)

---

Class CryptoRandom : IDisposable

Every method in CryptoRandom class has static equivalent method which is called [MethodName]Static. This class is disposable and if you are generating multiple random values it's recommended to use instance methods of one instance instead of calling static methods.

Available methods and properties:

static CryptoRandom Default { get; } // default instance

byte[] NextBytes(uint length)

int NextInt() => NextInt(0, int.MaxValue)
int NextInt(int maxExclusive) => NextInt(0, maxExclusive)
int NextInt(int minInclusive, int maxExclusive)

static double NextDoubleStatic()
double NextDouble()

void FillIntArrayWithRandomValues(int[] arrayToFill, int minInclusive, int maxExclusive)

void Dispose()

---

Class ThreadSafeRandom

Thread safe random is inheriting System.Random but all methods are thread safe. This class does not have crypto level of randomness.

public class ThreadSafeRandom : System.Random
{
    int Next();
    int Next(int maxValue);
    int Next(int minValue, int maxValue);
    void NextBytes(byte[] buffer);
    double NextDouble()
}

---

Class PasswordGenerator : IDisposable

PasswordGenerator has static methods in the same manner as CryptoRandom, following examples will show only calls to instance methods.

using (var pg = new PasswordGenerator())
{
    string pass1 = pg.Generate(); // 16 chars, includes symbols, numbers, lower and upper case letters
    string pass2 = pg.Generate(8); // 8 chars, includes symbols, numbers, lower and upper case letters
    string pass3 = pg.Generate(
        PasswordGenerationOptions.Default
            .SetMinNumbers(4)   // at least one number
            .SetMinSymbols(4)