ASP.NET - image encryption and stor to database

Asked By msakt on 25-May-12 09:47 AM
Earn up to 30 extra points for answering this tough question.
fileupload option.. here image upload and encrypt then store to database..here ont use folder for image..


how to encrypt image and save to sql
Neha Garg replied to msakt on 25-May-12 04:13 PM
Hiii   msakt...

See the code to Encrypt and decrypt the image file and then store the file into SQL DB..

http://stackoverflow.com/questions/3822520/encrypt-and-decrypt-image-net

Download the codes from...
http://www.sourcecodester.com/visual-basic/saving-encrypted-picture.html

http://www.c-sharpcorner.com/UploadFile/ahsanshakir/EncryptFile12212006042816AM/EncryptFile.aspx
LIJO PHILIP replied to msakt on 25-May-12 10:57 PM

Just read in the image into the byte array, encrypt the array, and save it to the database.

Jitendra Faye replied to msakt on 26-May-12 12:29 AM
There is no special work for this because Images are stored in  sql server in the format of Byte array, so you can not directly see those images.

Even then if you want to perform encryption then after getting image to byte array encrypt that byte array and save into database.

for this use this function-

// Encrypt a byte array into a byte array using a key and an IV
    public static byte[] Encrypt(byte[] clearData, byte[] Key, byte[] IV)
    {
    
      MemoryStream ms = new MemoryStream();

      Rijndael alg = Rijndael.Create();

      alg.Key = Key;
      alg.IV = IV;

      CryptoStream cs = new CryptoStream(ms,
       alg.CreateEncryptor(), CryptoStreamMode.Write);

      cs.Write(clearData, 0, clearData.Length);

      cs.Close();

      byte[] encryptedData = ms.ToArray();

      return encryptedData;
    }

 // Decrypt a string into a string using a password
 

    public static string Decrypt(string cipherText, string Password)
    {
      byte[] cipherBytes = Convert.FromBase64String(cipherText);
      PasswordDeriveBytes pdb = new PasswordDeriveBytes(Password,
        new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65,
        0x64, 0x76, 0x65, 0x64, 0x65, 0x76});

      byte[] decryptedData = Decrypt(cipherBytes,
        pdb.GetBytes(32), pdb.GetBytes(16));

      return System.Text.Encoding.Unicode.GetString(decryptedData);
    }


TRy this and let em know.
 
Somesh Yadav replied to msakt on 26-May-12 03:26 AM

.net comes with cryptography in the System.Security.Cryptography namespace. The examples on this page are helpful:

http://msdn.microsoft.com/en-us/library/system.security.cryptography.aesmanaged.aspx

[)ia6l0 iii replied to msakt on 30-May-12 10:16 AM
The second code sample that "Vickey" proposed is not relevant for a byte array. 

Since, the file upload already gives you a byte array, encrypt the array and store it in the byte array form in an Imagefield. When you need to display it on the web-forms, read the field and then decrypt it and then show it. 

Here's a sample security helper class that encrypts and decrypts a byte array using the Rijndael classes. Feel free to modify if it does not suit your needs.

Add references to the System.Security.Cryptography assembly and namespaces in your class

public class SecurityHelper
{
    RijndaelManaged rindaelCipherObject = new RijndaelManaged();
    const string SHA1 = "SHA1";
 
    SecurityHelper()
    {
        rindaelCipherObject.Mode = CipherMode.CBC;
    }
 
    public static byte[] EncryptByteArray(byte[] inputBytes, string passPhrase, string saltValue)
    {
        byte[] salt = Encoding.ASCII.GetBytes(saltValue);
        PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, salt, "SHA1", 2);
        ICryptoTransform Encryptor = rindaelCipherObject.CreateEncryptor(password.GetBytes(32), password.GetBytes(16));
        MemoryStream memoryStream = new MemoryStream();
        CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor, CryptoStreamMode.Write);
        cryptoStream.Write(inputBytes, 0, inputBytes.Length);
        cryptoStream.FlushFinalBlock();
        byte[] outputBytes = memoryStream.ToArray();
        memoryStream.Close();
        cryptoStream.Close();
 
        return outputBytes;
    }
 
    public static byte[] DecryptByteArray(byte[] inputBytes, string passPhrase, string saltValue)
    {
        byte[] salt = Encoding.ASCII.GetBytes(saltValue);
        PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, salt, SHA1 , 2);
 
        ICryptoTransform cryptoDecryptor= rindaelCipherObject.CreateDecryptor(password.GetBytes(32), password.GetBytes(16));
        MemoryStream memoryStream = new MemoryStream(inputBytes);
        using (CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoDecryptor, CryptoStreamMode.Read))
        {
            byte[] unEncryptedBytes = new byte[inputBytes.Length];
            int DecryptedCount = cryptoStream.Read(unEncryptedBytes, 0, unEncryptedBytes.Length);
            memoryStream.Close();
        }
 
        return unEncryptedBytes;
    }
}

As an alternate and viable option, look at securing data in the databases. Note that databases are always faster than you web servers off late. SQL Server allows you to encrypt columns of data using Symmetric algorithms using the EncryptByKey function. Look at http://msdn.microsoft.com/en-us/library/ms179331(v=SQL.90).aspx , scroll down to the section titled "A. Simple symmetric encryption" for a simple example on encrypting a column of data

This would be the syntax:
UPDATE tablename
SET newEncryptedColumn = EncryptByKey(Key_GUID('key name'), existingColumn);

And when you want to decrypt:
SELECT DecryptByKey(newEncryptedColumn , 1)

Alternatively, in my opinion, you should use secure connections to upload files, and not invest on encryption and decryption of files. This hurts performance.

Hope this helps.
RAJASEKHAR RAJENDRAN replied to msakt on 04-Jun-12 07:10 AM
Hi msakt,

Try the code below.

public byte[] EncryptStream(byte[] input)
{
  RijndaelManaged rijn = new RijndaelManaged();
  byte[] encrypted = null;
  byte[] key = new byte[] {
    0x22,
    0xc0,
    0x6d,
    0xcb,
    0x23,
    0xa6,
    0x3,
    0x1b,
    0x5a,
    0x1d,
    0xd3,
    0x9f,
    0x85,
    0xd,
    0xc1,
    0x72,
    0xed,
    0xf4,
    0x54,
    0xe6,
    0xba,
    0x65,
    0xc,
    0x22,
    0x62,
    0xbe,
    0xf3,
    0xec,
    0x14,
    0x81,
    0xa8,
    0xa
  };
  //32
  byte[] IV = new byte[] {
    0x43,
    0xb1,
    0x93,
    0xb,
    0x1a,
    0x87,
    0x52,
    0x62,
    0xfb,
    0x8,
    0xd,
    0xc0,
    0xca,
    0x40,
    0xc2,
    0xdb
  };
  //16
  //Get an encryptor.
  ICryptoTransform encryptor = rijn.CreateEncryptor(key, IV);
 
  //Encrypt the data.
  MemoryStream msEncrypt = new MemoryStream();
  CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);
 
 
  //Write all data to the crypto stream and flush it.
  csEncrypt.Write(input, 0, input.Length);
  csEncrypt.FlushFinalBlock();
 
  //Get encrypted array of bytes.
  encrypted = msEncrypt.ToArray();
 
  return encrypted;
 
}

Try and let me know.

Thanks & Regards,
Rajasekhar.R