I have
asp.net code to encrypt and decrypt files using
Cryptography and Steganography to upload it to a server and return download it with the same manner. but asp.net code is run at server. how to make the encryption and decryption process executed at client side to avoid man in middle attack.
I don't have a problem with a code the code is work correctly but i want to make the encryption and decryption executed at client side.
What I have tried:
the following code is my asp.net code to encrypt at uploading:
I encrypt file using cryptography class
then hide the encrypted file with some header information into a cover image selected by the user using steganography class
protected void hidebtn_Click(object sender, EventArgs e)
{
if (fileBrowsebtn.HasFile && imageBrowsebtn.HasFile && encPass.Text != "")
{
string fileName = Path.GetFileNameWithoutExtension(fileBrowsebtn.PostedFile.FileName);
string fileExtension = Path.GetExtension(fileBrowsebtn.PostedFile.FileName);
string input = Server.MapPath("~/Files/") + fileName + fileExtension;
string output = Server.MapPath("~/Files/") + fileName + fileExtension + ".aes";
fileBrowsebtn.SaveAs(input);
FileInfo finfo = new FileInfo(input);
long fileSize = finfo.Length;
int fileNameSize = Path.GetFileNameWithoutExtension(output).Length;
Cryptography encryptor = new Cryptography();
byte[] fileContainer = encryptor.FileEncrypt(input, output, encPass.Text);
string Newpassword = encryptor.CreateRandomPassword(encPass.Text.Length);
byte[] Newpasswordbytes = System.Text.Encoding.UTF8.GetBytes(Newpassword);
byte[] RSAplain = Combine(encryptor.hashcode, Newpasswordbytes);
string pkpath = Server.MapPath("publickey.xml");
byte[] RSAcipher = encryptor.RSAEncryptData(RSAplain, pkpath);
byte[] header = new byte[3];
int fileLength = fileContainer.Length;
header[0] = (byte)((fileLength >> 16) & 0xff);
header[1] = (byte)((fileLength >> 8) & 0xff);
header[2] = (byte)(fileLength & 0xff);
byte[] bytestobehidden = Combine(header, fileContainer);
bytestobehidden = Combine(bytestobehidden, RSAcipher);
fileSize = bytestobehidden.Length;
string imgName = Path.GetFileName(imageBrowsebtn.PostedFile.FileName);
string imgPath = Server.MapPath("~/Images/") + imgName;
imageBrowsebtn.SaveAs(imgPath);
string stegimgpath = Server.MapPath("~/Images/") + fileName + "stego.bmp";
Steganography Steg = new Steganography(imgPath);
Bitmap stegImg = Steg.StegoLayer(fileSize, output, stegimgpath, bytestobehidden);
string stgimgname = Path.GetFileName(stegimgpath);
DUser dataowner = new DUser();
string constring = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Server.MapPath("StorageDB.mdb") + ";";
dataowner.addFile((fileName + fileExtension), stgimgname, "false", constring);
File.Delete(input);
File.Delete(output);
}
}
the following code is the extracting code before downloading :
First, i extract the data from the image
then decrypt it to get the original file
protected void extbtn_Click(object sender, EventArgs e)
{
if (fileList.SelectedIndex != -1 && decPass.Text != "")
{
string fileName = Path.GetFileNameWithoutExtension(fileList.SelectedItem.ToString());
string fileExtension = Path.GetExtension(fileList.SelectedItem.ToString());
string stgimname = Path.GetFileName(fileList.SelectedItem.Value);
string stgpath = Server.MapPath("~/Images/") + stgimname;
Steganography stg = new Steganography(stgpath);
string extFName = "";
byte[] extBytes = stg.ExtractLayer(out extFName);
int fileLength = (int)(extBytes[0] << 16) +
(int)(extBytes[1] << 8) +
(int)extBytes[2];
byte[] filebytes = new byte[fileLength];
byte[] RSACipher = new byte[extBytes.Length - fileLength - 3];
System.Array.Copy(extBytes, 3, filebytes, 0, fileLength);
System.Array.Copy(extBytes, fileLength + 3, RSACipher, 0, extBytes.Length - fileLength - 3);
Cryptography crypto = new Cryptography();
string prpath = Server.MapPath("privatekey.xml");
byte[] hashplusnewpass = crypto.RSADecryptData(RSACipher,prpath);
byte[] newpass = new byte[hashplusnewpass.Length - 32];
byte[] oldhash = new byte[32];
Array.Copy(hashplusnewpass, 0, oldhash, 0, 32);
Array.Copy(hashplusnewpass, 32, newpass, 0, newpass.Length);
string newpasswrd = System.Text.Encoding.UTF8.GetString(newpass);
Application["NewPass"] = newpasswrd;
string newpassfile = Server.MapPath("~/Files/") + "newpassword.txt";
string input = Server.MapPath("~/Files/") + "ext" + extFName;
string output = Server.MapPath("~/Files/") + "dec" + extFName;
File.WriteAllBytes(input, filebytes);
crypto.FileDecrypt(input, output, decPass.Text);
byte[] outfilebytes = File.ReadAllBytes(output);
byte[] curhashcode = SHA256.Create().ComputeHash(outfilebytes);
if (!CompareByteArrays(oldhash, curhashcode))
throw new CryptographicException("File Corrupted!");
else
{
Infolbl.Visible = true;
Infolbl.Text = "the data file is validated and The password for next session is generated";
}
Response.Clear();
Response.ContentType = fileList.SelectedItem.GetType().ToString();
Response.AppendHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(output));
Response.WriteFile(output);
Response.Flush();
File.Delete(input);
File.Delete(output);
Response.End();
}
}