Encode and decode file at client side before uploading it using ASP.NET

Question

0.00/5 (No votes)

See more:

, +

I have asp.net code to encrypt and decrypt files using Cryptography and Steganography to upload it to a server and return download it with the same manner. but asp.net code is run at server. how to make the encryption and decryption process executed at client side to avoid man in middle attack.

I don't have a problem with a code the code is work correctly but i want to make the encryption and decryption executed at client side.

What I have tried:

the following code is my asp.net code to encrypt at uploading:

I encrypt file using cryptography class
then hide the encrypted file with some header information into a cover image selected by the user using steganography class

protected void hidebtn_Click(object sender, EventArgs e)
  {
    if (fileBrowsebtn.HasFile && imageBrowsebtn.HasFile && encPass.Text != "")
    {
        //Get the Input File Name and Extension.
        string fileName = Path.GetFileNameWithoutExtension(fileBrowsebtn.PostedFile.FileName);
        string fileExtension = Path.GetExtension(fileBrowsebtn.PostedFile.FileName);

        //Build the File Path for the original (input) and the encrypted (output) file.
        string input = Server.MapPath("~/Files/") + fileName + fileExtension;                
        string output = Server.MapPath("~/Files/") + fileName + fileExtension + ".aes";

        //Save the Input File, Encrypt it and save the encrypted file in output path.
        fileBrowsebtn.SaveAs(input);
        FileInfo finfo = new FileInfo(input);
        long fileSize = finfo.Length;
        int fileNameSize = Path.GetFileNameWithoutExtension(output).Length;

        //Encrypt the File Using AES and generate encrypted byte array
        Cryptography encryptor = new Cryptography();
        byte[] fileContainer = encryptor.FileEncrypt(input, output, encPass.Text);

        //generate a new password for the next session using the current password  
        string Newpassword = encryptor.CreateRandomPassword(encPass.Text.Length);               
        byte[] Newpasswordbytes = System.Text.Encoding.UTF8.GetBytes(Newpassword);
        //Encrypt the file hash code and the new password using RSA
        byte[] RSAplain = Combine(encryptor.hashcode, Newpasswordbytes);                
         string pkpath = Server.MapPath("publickey.xml");
         byte[] RSAcipher = encryptor.RSAEncryptData(RSAplain, pkpath);
        byte[] header = new byte[3];

        //preparing the encode packet to embedded into the image
        int fileLength = fileContainer.Length;
        header[0] = (byte)((fileLength >> 16) & 0xff);
        header[1] = (byte)((fileLength >> 8) & 0xff);
        header[2] = (byte)(fileLength & 0xff);
        byte[] bytestobehidden = Combine(header, fileContainer);               
        bytestobehidden = Combine(bytestobehidden, RSAcipher);
        fileSize = bytestobehidden.Length;

        //prepare the cover image              
        string imgName = Path.GetFileName(imageBrowsebtn.PostedFile.FileName);
        string imgPath = Server.MapPath("~/Images/") + imgName;
        imageBrowsebtn.SaveAs(imgPath);                
        string stegimgpath = Server.MapPath("~/Images/") + fileName + "stego.bmp";
        Steganography Steg = new Steganography(imgPath);
        Bitmap stegImg = Steg.StegoLayer(fileSize, output, stegimgpath, bytestobehidden);                              
        string stgimgname = Path.GetFileName(stegimgpath);

        //uploading the stego-image and add the file to user DB
        DUser dataowner = new DUser();
        string constring = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Server.MapPath("StorageDB.mdb") + ";";
        dataowner.addFile((fileName + fileExtension), stgimgname, "false", constring);                

        //Delete the original (input) and the encrypted (output) file.
        File.Delete(input);
        File.Delete(output);
    }           
}

the following code is the extracting code before downloading :

First, i extract the data from the image

then decrypt it to get the original file

protected void extbtn_Click(object sender, EventArgs e)
  {
    if (fileList.SelectedIndex != -1 && decPass.Text != "")
    {              
        //Get the Input File Name and Extension
        string fileName = Path.GetFileNameWithoutExtension(fileList.SelectedItem.ToString());
        string fileExtension = Path.GetExtension(fileList.SelectedItem.ToString());
        string stgimname = Path.GetFileName(fileList.SelectedItem.Value);

        //Build the File Path for the original (input) and the decrypted (output) file
        string stgpath = Server.MapPath("~/Images/") + stgimname;


        //Extract the encode packet from the stegoimage
        Steganography stg = new Steganography(stgpath);
        string extFName = "";
        byte[] extBytes = stg.ExtractLayer(out extFName);
        int fileLength = (int)(extBytes[0] << 16) +
          (int)(extBytes[1] << 8) +
          (int)extBytes[2];

        //separate the encode packet element in separate arrays to decrypt
        byte[] filebytes = new byte[fileLength];
        byte[] RSACipher = new byte[extBytes.Length - fileLength - 3];
        System.Array.Copy(extBytes, 3, filebytes, 0, fileLength);
        System.Array.Copy(extBytes, fileLength + 3, RSACipher, 0, extBytes.Length - fileLength - 3);

        //decrypt the new password and hashcode using RSA
        Cryptography crypto = new Cryptography();
        string prpath = Server.MapPath("privatekey.xml");               
        byte[] hashplusnewpass = crypto.RSADecryptData(RSACipher,prpath);
        byte[] newpass = new byte[hashplusnewpass.Length - 32];
        byte[] oldhash = new byte[32];
        Array.Copy(hashplusnewpass, 0, oldhash, 0, 32);
        Array.Copy(hashplusnewpass, 32, newpass, 0, newpass.Length);

        //get the new generated password
        string newpasswrd = System.Text.Encoding.UTF8.GetString(newpass);
        Application["NewPass"] = newpasswrd;
         string newpassfile = Server.MapPath("~/Files/") + "newpassword.txt";
        //decrypt the File bytes using AES
        string input = Server.MapPath("~/Files/") + "ext" + extFName;
        string output = Server.MapPath("~/Files/") + "dec" + extFName;
        File.WriteAllBytes(input, filebytes);               
        crypto.FileDecrypt(input, output, decPass.Text);

        // get and compare the current and old hash values to validate the file
        byte[] outfilebytes = File.ReadAllBytes(output);
        byte[] curhashcode = SHA256.Create().ComputeHash(outfilebytes);
        if (!CompareByteArrays(oldhash, curhashcode))
            throw new CryptographicException("File Corrupted!");
        else
        {
           Infolbl.Visible = true;
           Infolbl.Text = "the data file is validated and The password for next session is generated";

        }   
           //Download the Decrypted File.
            Response.Clear();
            Response.ContentType = fileList.SelectedItem.GetType().ToString();
            Response.AppendHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(output));
            Response.WriteFile(output);
            Response.Flush();

            //Delete the original (input) and the decrypted (output) file.
            File.Delete(input);
            File.Delete(output);
            Response.End();                              
    }           
}

Posted 13-Mar-18 0:08am

Member 12666574

Updated 13-Mar-18 0:10am

Add a Solution

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

F-ES Sitecore · Accepted Answer · 2018-03-13T00:11:00

Solution 1

You can't encrypt the file at the client. Well, you probably could but it's worthless as you'd need to expose your "secrets" allowing anyone to decrypt your data. If you want to avoid man in the middle attacks then use https, that's what it's there for.

Posted 13-Mar-18 0:11am

F-ES Sitecore

Comments

Member 12666574 13-Mar-18 6:20am

can you tell me how to use https with this code, because i have little knowledge with it

F-ES Sitecore 13-Mar-18 6:22am

Google how to obtain and apply an ssl certificate on your site, and from there you simply use https://yoursite/yourpage rather than http://yoursite/yourpage and the browser does the rest. The only code change you might need is to redirect people to the https version if they come to the http version.

Richard Deeming 13-Mar-18 10:33am

You can get a free SSL certificate from Let's Encrypt[^]. There's even a simple command-line utility[^] to run on the server which will get you up and running in a few minutes.