I am using a slightly modified version of this code. to create a mission critical application. That files that will be encrypted are very important. This has to be done from scratch because there are some other things that has to be done along with this.
How secure is this? Its impossible to crack this encryption right?
Am very sorry here is a working link. http://www.codeproject.com/Articles/12092/Encrypt-Decrypt-Files-in-VB-NET-Using-Rijndael
Imports System
Imports System.IO
Imports System.Security
Imports System.Security.Cryptography
'*************************
'** Global Variables
'*************************
Dim strFileToEncrypt As String
Dim strFileToDecrypt As String
Dim strOutputEncrypt As String
Dim strOutputDecrypt As String
Dim fsInput As System.IO.FileStream
Dim fsOutput As System.IO.FileStream
'*************************
'** Create A Key
'*************************
Private Function CreateKey(ByVal strPassword As String) As Byte()
'Convert strPassword to an array and store in chrData.
Dim chrData() As Char = strPassword.ToCharArray
'Use intLength to get strPassword size.
Dim intLength As Integer = chrData.GetUpperBound(0)
'Declare bytDataToHash and make it the same size as chrData.
Dim bytDataToHash(intLength) As Byte
'Use For Next to convert and store chrData into bytDataToHash.
For i As Integer = 0 To chrData.GetUpperBound(0)
bytDataToHash(i) = CByte(Asc(chrData(i)))
Next
'Declare what hash to use.
Dim SHA512 As New System.Security.Cryptography.SHA512Managed
'Declare bytResult, Hash bytDataToHash and store it in bytResult.
Dim bytResult As Byte() = SHA512.ComputeHash(bytDataToHash)
'Declare bytKey(31). It will hold 256 bits.
Dim bytKey(31) As Byte
'Use For Next to put a specific size (256 bits) of
'bytResult into bytKey. The 0 To 31 will put the first 256 bits
'of 512 bits into bytKey.
For i As Integer = 0 To 31
bytKey(i) = bytResult(i)
Next
Return bytKey 'Return the key.
End Function
'*************************
'** Create An IV
'*************************
Private Function CreateIV(ByVal strPassword As String) As Byte()
'Convert strPassword to an array and store in chrData.
Dim chrData() As Char = strPassword.ToCharArray
'Use intLength to get strPassword size.
Dim intLength As Integer = chrData.GetUpperBound(0)
'Declare bytDataToHash and make it the same size as chrData.
Dim bytDataToHash(intLength) As Byte
'Use For Next to convert and store chrData into bytDataToHash.
For i As Integer = 0 To chrData.GetUpperBound(0)
bytDataToHash(i) = CByte(Asc(chrData(i)))
Next
'Declare what hash to use.
Dim SHA512 As New System.Security.Cryptography.SHA512Managed
'Declare bytResult, Hash bytDataToHash and store it in bytResult.
Dim bytResult As Byte() = SHA512.ComputeHash(bytDataToHash)
'Declare bytIV(15). It will hold 128 bits.
Dim bytIV(15) As Byte
'Use For Next to put a specific size (128 bits) of bytResult into bytIV.
'The 0 To 30 for bytKey used the first 256 bits of the hashed password.
'The 32 To 47 will put the next 128 bits into bytIV.
For i As Integer = 32 To 47
bytIV(i - 32) = bytResult(i)
Next
Return bytIV 'Return the IV.
End Function
Encryption and Decryption
'****************************
'** Encrypt/Decrypt File
'****************************
Private Enum CryptoAction
'Define the enumeration for CryptoAction.
ActionEncrypt = 1
ActionDecrypt = 2
End Enum
Private Sub EncryptOrDecryptFile(ByVal strInputFile As String, _
ByVal strOutputFile As String, _
ByVal bytKey() As Byte, _
ByVal bytIV() As Byte, _
ByVal Direction As CryptoAction)
Try 'In case of errors.
'Setup file streams to handle input and output.
fsInput = New System.IO.FileStream(strInputFile, FileMode.Open, _
FileAccess.Read)
fsOutput = New System.IO.FileStream(strOutputFile, _
FileMode.OpenOrCreate, _
FileAccess.Write)
fsOutput.SetLength(0) 'make sure fsOutput is empty
'Declare variables for encrypt/decrypt process.
Dim bytBuffer(4096) As Byte 'holds a block of bytes for processing
Dim lngBytesProcessed As Long = 0 'running count of bytes processed
Dim lngFileLength As Long = fsInput.Length 'the input file's length
Dim intBytesInCurrentBlock As Integer 'current bytes being processed
Dim csCryptoStream As CryptoStream
'Declare your CryptoServiceProvider.
Dim cspRijndael As New System.Security.Cryptography.RijndaelManaged
'Setup Progress Bar
pbStatus.Value = 0
pbStatus.Maximum = 100
'Determine if ecryption or decryption and setup CryptoStream.
Select Case Direction
Case CryptoAction.ActionEncrypt
csCryptoStream = New CryptoStream(fsOutput, _
cspRijndael.CreateEncryptor(bytKey, bytIV), _
CryptoStreamMode.Write)
Case CryptoAction.ActionDecrypt
csCryptoStream = New CryptoStream(fsOutput, _
cspRijndael.CreateDecryptor(bytKey, bytIV), _
CryptoStreamMode.Write)
End Select
'Use While to loop until all of the file is processed.
While lngBytesProcessed < lngFileLength
'Read file with the input filestream.
intBytesInCurrentBlock = fsInput.Read(bytBuffer, 0, 4096)
'Write output file with the cryptostream.
csCryptoStream.Write(bytBuffer, 0, intBytesInCurrentBlock)
'Update lngBytesProcessed
lngBytesProcessed = lngBytesProcessed + _
CLng(intBytesInCurrentBlock)
'Update Progress Bar
pbStatus.Value = CInt((lngBytesProcessed / lngFileLength) * 100)
End While
'Close FileStreams and CryptoStream.
csCryptoStream.Close()
fsInput.Close()
fsOutput.Close()
I have pasted the main codes from there to here.
As stated nothing is impossible to crack, you can only follow best practices to make it as hard as possible for any potential attacker.
Actually, the code you linked to is not regarded as state-of-the-art anymore (if it ever was). It creates the symmetric encryption key by hashing a password. This is bad because passwords generally don’t possess enough entropy to thwart sophisticated attacks based on dictionaries. In addition, it doesn’t use any salt or equivalent, so it’s quite easy to attack this with precomputed tables.
Whenever you can, you should generate symmetric keys with a secure PRNG (pseudo-random number generator). If there’s no particular need for involving passwords, don’t do it. If it absolutely has to be passwords, use PBKDF2 from PKCS5 or alternatives like bcrypt or scrypt.
The IV should also always be generated from a secure PRNG, and never reused if possible. There’s no need to derive it from the password, too, as is shown in the example you linked.
The IV is public information, that means you may safely publish it – but it is mandatory that it stays unpredictable and random – otherwise you are susceptible to some dedicated attacks unless you are using an Authenticated Encryption mode such as GCM.
If you are unfamiliar with these topics and in doubt, I would strongly recommend to consult specialists. If the data to be secured is as important as you say, the extra money should be well spent. If not experienced in the area, chances are just too high that you may overlook something important when hand-crafting your own solution.