Documentation: DTS.Common.Security.Encryption

1. Purpose

The Encryption static class provides symmetric encryption and decryption utilities for the DTS system. It serves as a wrapper around the AesCryptoServiceProvider to securely convert plaintext strings into byte arrays and vice versa. This module centralizes AES encryption logic to ensure consistent cryptographic handling across the application.

2. Public Interface

`public static byte[] EncryptStringToBytes(string plainText, byte[] key, byte[] iv)`

Encrypts a specified plaintext string into an array of bytes using the AES algorithm.

Parameters:
- plainText (string): The text to encrypt.
- key (byte[]): The secret key for the symmetric algorithm.
- iv (byte[]): The initialization vector (IV) for the symmetric algorithm.
Returns: A byte array containing the encrypted data.
Exceptions: Throws ArgumentNullException if plainText, key, or iv are null or empty.

`public static string DecryptStringFromBytes(byte[] cipherText, byte[] key, byte[] iv)`

Decrypts a specified byte array back into a plaintext string using the AES algorithm.

Parameters:
- cipherText (byte[]): The byte array containing encrypted data.
- key (byte[]): The secret key used for encryption.
- iv (byte[]): The initialization vector used for encryption.
Returns: The decrypted plaintext string.
Exceptions: Throws ArgumentNullException if cipherText, key, or iv are null or empty.

3. Invariants

Null Checks: All input parameters (plainText, cipherText, key, iv) must be non-null and have a length greater than zero. Failure to meet this condition results in an ArgumentNullException.
Algorithm Consistency: Both methods utilize AesCryptoServiceProvider (AES). The key and IV provided to DecryptStringFromBytes must match those used in EncryptStringToBytes for decryption to succeed.
Stream Encoding: The implementation uses StreamWriter and StreamReader for stream transformations. The specific character encoding is not explicitly defined in the method signatures, relying on the default encoding of the underlying stream writer/reader (typically UTF-8).

4. Dependencies

Internal Dependencies: None identified within the provided source.
External Dependencies:
- System: For basic types and exceptions.
- System.IO: Used for MemoryStream, StreamWriter, and StreamReader to handle data flow during encryption/decryption.
- System.Security.Cryptography: Used for AesCryptoServiceProvider and CryptoStream to perform the cryptographic operations.
Unused Dependencies: The file imports System.Collections.Generic, System.Linq, System.Text, and System.Threading.Tasks, but none of these namespaces appear to be utilized in the current implementation.

5. Gotchas

Copy-Paste Error in Validation: In both EncryptStringToBytes and DecryptStringFromBytes, the validation check for the iv parameter throws an exception naming the key parameter instead.
- Source Reference: if (iv == null || iv.Length <= 0) throw new ArgumentNullException(nameof(key));
- This will report "key" as the null argument in the exception message when the iv is actually the invalid parameter, complicating debugging.
Variable Naming Mismatch: The AesCryptoServiceProvider instance is named rijAlg in both methods. This is likely a legacy artifact from a previous implementation using RijndaelManaged, which may cause confusion as the code now explicitly uses AES.
Key/IV Management: The class provides no mechanism for key or IV generation. Callers are responsible for generating and managing valid AES keys and IVs. Passing invalid key/IV lengths will cause the underlying AesCryptoServiceProvider to throw a CryptographicException, which is not caught by this wrapper.

4.1 KiB Raw Blame History