DP44/enriched-qwen3-coder-next/Common/DTS.Common.Security.md

source_files, generated_at, model, schema_version, sha256

source_files	generated_at	model	schema_version	sha256
Common/DTS.Common.Security/Encryption.cs	2026-04-16T14:14:38.025149+00:00	zai-org/GLM-5-FP8	1	2d41661347ec3dbc

Documentation: DTS.Common.Security.Encryption

1. Purpose

This module provides symmetric encryption and decryption utilities for string data within the DTS.Common.Security namespace. It exists to securely transform plaintext strings into byte arrays and vice versa using the Advanced Encryption Standard (AES) algorithm. It serves as a stateless wrapper around AesCryptoServiceProvider to facilitate data confidentiality.

2. Public Interface

Class: Encryption

Type: static

Method: EncryptStringToBytes

Signature: public static byte[] EncryptStringToBytes(string plainText, byte[] key, byte[] iv)

Encrypts a given string into an array of bytes using AES.

• Parameters:
  • plainText (string): The data to encrypt.
  • key (byte[]): The secret key for symmetric encryption.
  • iv (byte[]): The initialization vector.
• Returns: byte[] containing the encrypted data.
• Behavior: Validates inputs, initializes an AesCryptoServiceProvider, and writes the encrypted data to a MemoryStream using a CryptoStream.

Method: DecryptStringFromBytes

Signature: public static string DecryptStringFromBytes(byte[] cipherText, byte[] key, byte[] iv)

Decrypts a byte array back into a string using AES.

• Parameters:
  • cipherText (byte[]): The encrypted data.
  • key (byte[]): The secret key used for encryption.
  • iv (byte[]): The initialization vector used for encryption.
• Returns: string containing the decrypted plaintext.
• Behavior: Validates inputs, initializes an AesCryptoServiceProvider, and reads the decrypted data from a MemoryStream using a CryptoStream.

3. Invariants

• Null/Empty Checks: All parameters (plainText, key, iv, cipherText) must be non-null and have a length greater than 0. If these conditions are not met, an ArgumentNullException is thrown.
• Symmetric Keys: The key and iv provided to DecryptStringFromBytes must be identical to those used in EncryptStringToBytes to produce the original plaintext.
• Encoding: Text encoding relies on the default behavior of StreamWriter and StreamReader (typically UTF-8) wrapping the crypto streams.
• Algorithm: The encryption algorithm is implicitly set to the default mode and padding of AesCryptoServiceProvider (typically CBC mode with PKCS7 padding), as these properties are not explicitly set in the source.

4. Dependencies

• Internal Dependencies: None.
• External Dependencies:
  • System
  • System.IO (for MemoryStream, StreamReader, StreamWriter)
  • System.Security.Cryptography (for AesCryptoServiceProvider, CryptoStream)
  • System.Text (implicitly used by Stream readers/writers)

5. Gotchas

• Incorrect Exception Parameter Name: In both EncryptStringToBytes and DecryptStringFromBytes, the validation logic for the iv parameter throws an exception naming key instead:

  if (iv == null || iv.Length <= 0) throw new ArgumentNullException(nameof(key));
  

  This will mislead developers debugging null IV issues.
• Comment/Code Mismatch: The XML comments and inline comments refer to RijndaelManaged, but the actual code instantiates AesCryptoServiceProvider. While AES is a subset of Rijndael, the types are different. The variable name rijAlg is also misleading given the type.
• Implicit Crypto Settings: The code does not explicitly set the Mode (e.g., CBC, ECB) or Padding properties of the AesCryptoServiceProvider. It relies entirely on the framework's default values. This can be fragile if code is ported to environments with different defaults, though .NET defaults are consistent (CBC/PKCS7).
• Unused Imports: The file imports System.Collections.Generic, System.Linq, and System.Threading.Tasks, none of which are used in the provided implementation.