---
source_files:
  - Common/DTS.Common.Security/Encryption.cs
generated_at: "2026-04-17T16:38:14.461744+00:00"
model: "zai-org/GLM-5-FP8"
schema_version: 1
sha256: "47baa7f78b6a693b"
---

# Documentation: DTS.Common.Security.Encryption

## 1. Purpose

This module provides symmetric AES encryption and decryption utilities for string data. It exists as a stateless helper class to encapsulate the complexity of cryptographic stream operations, allowing callers to encrypt plaintext strings into byte arrays and decrypt them back using a shared key and initialization vector (IV). It serves as a foundational security primitive within the `DTS.Common.Security` namespace.

## 2. Public Interface

### `public static byte[] EncryptStringToBytes(string plainText, byte[] key, byte[] iv)`

Encrypts a UTF-8 encoded string into a cipher byte array using AES symmetric encryption.

- **Parameters:**
  - `plainText` (string): The clear-text string to encrypt.
  - `key` (byte[]): The secret key for the symmetric algorithm.
  - `iv` (byte[]): The initialization vector for the symmetric algorithm.
- **Returns:** A byte array containing the encrypted cipher text.
- **Throws:** `ArgumentNullException` if any argument is `null` or has a length of zero.

### `public static string DecryptStringFromBytes(byte[] cipherText, byte[] key, byte[] iv)`

Decrypts a cipher byte array back into a UTF-8 encoded string using AES symmetric decryption.

- **Parameters:**
  - `cipherText` (byte[]): The encrypted byte array to decrypt.
  - `key` (byte[]): The secret key used during encryption.
  - `iv` (byte[]): The initialization vector used during encryption.
- **Returns:** The decrypted clear-text string.
- **Throws:** `ArgumentNullException` if any argument is `null` or has a length of zero.

## 3. Invariants

- **Null/Empty Checks:** All parameters (`plainText`/`cipherText`, `key`, `iv`) must be non-null and have a length greater than zero; otherwise, an `ArgumentNullException` is thrown immediately.
- **Key/IV Consistency:** The caller must provide the exact same `key` and `iv` byte arrays for decryption that were used for encryption; otherwise, decryption will fail or produce garbage output.
- **Encoding:** Text encoding is implicitly UTF-8 (default behavior of `StreamWriter` and `StreamReader` used internally).
- **Algorithm:** The implementation uses `AesCryptoServiceProvider` for the cryptographic transformation.

## 4. Dependencies

### Direct Dependencies (Imports)
- `System` - Core types, `ArgumentNullException`.
- `System.IO` - `MemoryStream`, `StreamWriter`, `StreamReader` for stream-based processing.
- `System.Security.Cryptography` - `AesCryptoServiceProvider`, `CryptoStream`.

### Consumers
- Unknown from source alone. This is a utility class likely consumed by other modules within the `DTS.Common