All geek questions in one place

Query string encryption, including keys

I have an application that uses a query string to pass some values ​​across pages. I found some examples of how to encrypt the values ​​in the query string, but the problem is that my KEYS report more about the query string than values ​​that are integers converted to a string.

Is there a way to encrypt the entire query string in ASP.NET, including keys and key values?

Sort of:

Default.aspx?value1=40&value2=30&value3=20

in

  Default.aspx?56sdf78fgh90sdf4564k34klog5646l

Thanks!

+6
source share
2 answers

There are many examples on the Internet.

some of them:

How can I encrypt a request in asp.net?

how to pass an encrypted request string in asp.net

http://www.codeproject.com/Articles/33350/Encrypting-Query-Strings

http://www.keyvan.ms/how-to-encrypt-query-string-parameters-in-asp-net

http://forums.asp.net/t/989552.aspx/1

Now you say that you also need to encrypt the keys, in fact you need to encrypt them the entire URL string, and then you just read RawUrl, what after? and decrypt it .

+8
source

There is one problem that many of the links above ignore, and this is just before the return of the encrypted string, the URL Encode (see below, before the string is returned). I am using IIS 7.5 and it will automatically “decrypt” the string for you, so the decryption “should” be ok. The encryption and decryption code is shown below.

 public string EncryptQueryString(string inputText, string key, string salt) { byte[] plainText = Encoding.UTF8.GetBytes(inputText); using (RijndaelManaged rijndaelCipher = new RijndaelManaged()) { PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt)); using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(secretKey.GetBytes(32), secretKey.GetBytes(16))) { using (MemoryStream memoryStream = new MemoryStream()) { using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write)) { cryptoStream.Write(plainText, 0, plainText.Length); cryptoStream.FlushFinalBlock(); string base64 = Convert.ToBase64String(memoryStream.ToArray()); // Generate a string that won't get screwed up when passed as a query string. string urlEncoded = HttpUtility.UrlEncode(base64); return urlEncoded; } } } } } public string DecryptQueryString(string inputText, string key, string salt) { byte[] encryptedData = Convert.FromBase64String(inputText); PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt)); using (RijndaelManaged rijndaelCipher = new RijndaelManaged()) { using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16))) { using (MemoryStream memoryStream = new MemoryStream(encryptedData)) { using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read)) { byte[] plainText = new byte[encryptedData.Length]; cryptoStream.Read(plainText, 0, plainText.Length); string utf8 = Encoding.UTF8.GetString(plainText); return utf8; } } } } }
+19
source

Source: https://habr.com/ru/post/1394366/

More articles:


All Articles