C# AES-256-CBC w/ PKCS7

1. using System;
2. using System.IO;
3. using System.Security.Cryptography;
4.  
5. // https://stackoverflow.com/a/2791259
6. // AES-256-CBC
7. public class Crypto {
8.  
9.     /*
10.        
11.         notes:
12.         - key size = 256 bits (32 bytes)
13.         - block/iv size = 128 bits (16 bytes)
14.  
15.     */
16.  
17.     private static void WriteBytes(byte[] bytes) {
18.         for (int i = 0; i < bytes.Length; i++) {
19.             byte b = bytes[i];
20.             Console.Write("0x" + b.ToString("x2"));
21.             bool last = i == bytes.Length - 1;
22.             Console.Write(last ? Environment.NewLine : ", ");
23.         }
24.     }
25.  
26.     // https://www.random.org/bytes/
27.     private static byte[] _salt = { 0x28, 0x7c, 0x6a, 0xa2, 0x2e, 0xa6, 0x46, 0x4b, 0x68, 0xef, 0x91, 0xec, 0x0e, 0x8c, 0x3e, 0x50 };
28.  
29.     public static string EncryptString(string plainText, string sharedSecret) {
30.         string outStr = null;
31.         RijndaelManaged algorithm = null;
32.         try {
33.             Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, _salt);
34.             algorithm = new RijndaelManaged();
35.             algorithm.Key = key.GetBytes(algorithm.KeySize / 8); // 32 bytes for a key
36.             ICryptoTransform encryptor = algorithm.CreateEncryptor(algorithm.Key, algorithm.IV);
37.             using (MemoryStream msEncrypt = new MemoryStream()) {
38.                 msEncrypt.Write(algorithm.IV, 0, algorithm.IV.Length);
39.                 using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
40.                     using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
41.                         swEncrypt.Write(plainText);
42.                 outStr = Convert.ToBase64String(msEncrypt.ToArray());
43.             }
44.         } finally {
45.             if (algorithm != null)
46.                 algorithm.Clear();
47.         }
48.         return outStr;
49.     }
50.  
51.     public static string DecryptString(string cipherText, string sharedSecret) {
52.         RijndaelManaged algorithm = null;
53.         string plaintext = null;
54.         try {
55.             Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, _salt);          
56.             byte[] bytes = Convert.FromBase64String(cipherText);
57.             using (MemoryStream msDecrypt = new MemoryStream(bytes)) {
58.                 algorithm = new RijndaelManaged();
59.                 algorithm.Key = key.GetBytes(algorithm.KeySize / 8);
60.                 algorithm.IV = DeriveIV(msDecrypt, algorithm.BlockSize / 8);
61.                 ICryptoTransform decryptor = algorithm.CreateDecryptor(algorithm.Key, algorithm.IV);
62.                 using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
63.                     using (StreamReader srDecrypt = new StreamReader(csDecrypt))
64.                         plaintext = srDecrypt.ReadToEnd();
65.             }
66.         } finally {
67.             if (algorithm != null)
68.                 algorithm.Clear();
69.         }
70.         return plaintext;
71.     }
72.  
73.     private static byte[] DeriveIV(Stream s, int length) {
74.         byte[] iv = new byte[length];
75.         if (s.Read(iv, 0, length) != length)
76.             throw new Exception("Failed to derive IV from stream.");
77.         return iv;
78.     }
79.  
80. }