BinaryFormatter Serialize DirectCast Class

  • Thread starter Thread starter JZ
  • Start date Start date
J

JZ

Hi,

I'm using a class and binary formatter to store data in files.

For example..

Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile, FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream), StuctureDataFile)
FileStream.Close()

How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?

I want to stop people creating their own data files.

Also, is there anyway I can provide extra security? For example, encryption?

Thanks in advance!!
 
Hi,

I'm using a class and binary formatter to store data in files.

For example..

Dim FPs As New StuctureDataFile()
Dim FileStream As Stream = File.Open(pfile, FileMode.Open)
Dim FileFormatter As New BinaryFormatter()
FPs = DirectCast(FileFormatter.Deserialize(FileStream), StuctureDataFile)
FileStream.Close()

How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?

I want to stop people creating their own data files.

Also, is there anyway I can provide extra security? For example, encryption?

Thanks in advance!!
Click to expand...

Sure, you can serialize to a MemoryStream, and then use one of the various
encryption classes in System.Security.Cryptography to encrypt the byte
array before writting it to the file... Obviously, the process would be
thre reverse to recover the data :)
 
JZ,
How secure is the the data file, is it easy for someone to re-create my
class by analysis the datafile?
Click to expand...
I'm not sure how easy it would be but you could open the file in VS.NET to
see how readable it is. You will notice that strings are immediately
readable, plus the Assembly, Class & Field names...

As Tom suggests you can use a System.Security.Cryptography.CryptoStream to
encrypt & decrypt the file.

You can chain the streams, so you don't need to use a MemoryStream per se.

Try something like:

Public Shared Sub Main()

Dim rijndael As New RijndaelManaged
rijndael.GenerateKey() ' create random key
rijndael.GenerateIV() ' create random initialization vector
Dim encryptor As ICryptoTransform =
rijndael.CreateEncryptor(rijndael.Key, rijndael.IV)
Dim decryptor As ICryptoTransform =
rijndael.CreateDecryptor(rijndael.Key, rijndael.IV)

Dim FPs As New StuctureDataFile
Encrypt("StuctureDataFile.bin", FPs, encryptor)
FPs = Decrypt("StuctureDataFile.bin", decryptor)

End Sub

Private Shared Sub Encrypt(ByVal path As String, ByVal fps As
StuctureDataFile, ByVal transform As ICryptoTransform)
Dim formatter As New BinaryFormatter
Dim output As Stream = File.Open(path, FileMode.Create)
Dim cryptoOutput As New CryptoStream(output, transform,
CryptoStreamMode.Write)
formatter.Serialize(cryptoOutput, fps)
cryptoOutput.FlushFinalBlock()
cryptoOutput.Close()
output.Close()
End Sub

Private Shared Function Decrypt(ByVal path As String, ByVal transform As
ICryptoTransform) As StuctureDataFile
Dim formatter As New BinaryFormatter
Dim input As Stream = File.Open(path, FileMode.Open)
Dim cryptoInput As New CryptoStream(input, transform,
CryptoStreamMode.Read)
Dim fps As StuctureDataFile =
DirectCast(formatter.Deserialize(cryptoInput), StuctureDataFile)
cryptoInput.Close()
input.Close()
Return fps
End Function


Note in the above I am using the Rijndael algorithm to encrypt & decrypt the
file. You can use other algorithms if you so choose, just remember to use
the exact same key & iv for decryption that you use for encryption! The
RijndaelManaged.GenerateKey & GenerateIV creates a random key &
initialization vector, good for testing, not good for production...

Hope this helps
Jay
 
JZ,
I'm not sure how easy it would be but you could open the file in VS.NET to
see how readable it is. You will notice that strings are immediately
readable, plus the Assembly, Class & Field names...

As Tom suggests you can use a System.Security.Cryptography.CryptoStream to
encrypt & decrypt the file.

You can chain the streams, so you don't need to use a MemoryStream per se.
Click to expand...

Dang it! I knew that was possible, but for some reason the memorystream
thing stuck in my head... Good one Jay.
 
Hi,

Is there any reason why this shouldn't work on Windows 98.

I have the code working fine on XP Pro.
But it has an error on 98 :
serializationexception 'type is not resolved'

I've tried a rebuild of my data files.

Any suggestions?
 
Hi,

Don't worry.
I fixed it, I'd chnaged my data strucure and hadn't realised.

Thanks
 
JZ,
Glad you got it to work!

Thanks for the follow up.

Jay
 
You must log in or register to reply here.

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Different Serialization Technique In .NET 0
Serialization 2
problem deserialization serialization 2
Serialization and BinaryFormatter version incompatibility exceptions 2
SerializationException thrown when deserializing: "Unable to findassembly" 2
Serialization problem 1
Serialize and deserialize 2
Serialization is not working 6

Back
Top