0

I need to encrypt a string which I am sending in a URL and later I need to decrypt it ...

Which approach would be better for this? I tried the following:

string s = "String to be encrypted";

string encrypted = CipherUtility.Encrypt<RijndaelManaged>(s, "pass", "salt");

string decrypted = CipherUtility.Decrypt<RijndaelManaged>(encrypted, "pass", "salt");

But the encrypted string gets an "=" at the end ... I would like to avoid that.

And I am not sure that this would be the best option ...

The CipherUtility is the following:

public class CipherUtility
{
  public static string Encrypt<T>(string value, string password, string salt)
    where T : SymmetricAlgorithm, new()
  {
    DeriveBytes rgb = new Rfc2898DeriveBytes(password, Encoding.Unicode.GetBytes(salt));

    SymmetricAlgorithm algorithm = new T();

    byte[] rgbKey = rgb.GetBytes(algorithm.KeySize >> 3);
    byte[] rgbIV = rgb.GetBytes(algorithm.BlockSize >> 3);

    ICryptoTransform transform = algorithm.CreateEncryptor(rgbKey, rgbIV);

    using (MemoryStream buffer = new MemoryStream())
    {
       using (CryptoStream stream = new CryptoStream(buffer, transform, CryptoStreamMode.Write))
       {
          using (StreamWriter writer = new StreamWriter(stream, Encoding.Unicode))
          {
             writer.Write(value);
          }
       }

       return Convert.ToBase64String(buffer.ToArray());
    }
 }

 public static string Decrypt<T>(string text, string password, string salt)
  where T : SymmetricAlgorithm, new()
 {
   DeriveBytes rgb = new Rfc2898DeriveBytes(password, Encoding.Unicode.GetBytes(salt));

   SymmetricAlgorithm algorithm = new T();

   byte[] rgbKey = rgb.GetBytes(algorithm.KeySize >> 3);
   byte[] rgbIV = rgb.GetBytes(algorithm.BlockSize >> 3);

   ICryptoTransform transform = algorithm.CreateDecryptor(rgbKey, rgbIV);

   using (MemoryStream buffer = new MemoryStream(Convert.FromBase64String(text)))
   {
     using (CryptoStream stream = new CryptoStream(buffer, transform, CryptoStreamMode.Read))
     {
        using (StreamReader reader = new StreamReader(stream, Encoding.Unicode))
        {
           return reader.ReadToEnd();
        }
      }
    }
  }
}

Thank You, Miguel

Improve this question
7
  • 1
    after encrypting the string, can you try url encoding it? Commented Mar 10, 2014 at 22:45
  • 3
    You should use HTTPS instead of it. Commented Mar 10, 2014 at 22:46
  • Well, I was trying to get something that I would need to URL encode and get all the % in there. Commented Mar 10, 2014 at 22:46
  • 1
    Why HTTPS? In this case the data is only an email ... I need to create a URL in a newsletter to unsubscribe but I would like to not display the email raw in it Commented Mar 10, 2014 at 22:47
  • 1
    @MDMoura Instead of encrypting the URL, consider a more traditional nonce. Commented Mar 10, 2014 at 22:48

1 Answer 1

Reset to default
2

On a newsletter I received I see something like /unsubscribe?u=16b832d9ad4b28edf261f56df. I was looking for something like this with the email somehow "hidden"

This is not "hidden." All this is a reference to a repository (e.g. a database) that contains all the information necessary to unsubscribe. Essentially a key into a record that contains all the necessary info about a subscriber.

If feasible, that'll probably be easier approach than to encrypt individual values in a URL.

If you still want to encrypt the value (to avoid storage in DB and redesign), what's the issue with having = at the end of a URL? It's just a character as part of encrypted output?

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yes, but in this case I am working with two system through and API and one system does not have the key of the user so I am sending the email ... My idea would be to create such a key from the email without the = at the end. I was just wondering if this was possible
But what is the issue with having = at the end?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.