Microsoft & .NET.NETEncrypting a File Using .NET

Encrypting a File Using .NET content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Part of .NET’s security framework is cryptographic support, and the System.Security.Cryptography namespace is the library that supports cryptographic operations. This namespace supports encryption, digital signatures, random number generations, hashing, and secure encoding and decoding. It implements these operations using common cryptographic algorithms, namely RSA, DSA, Rijandel, Triple DES, RC2, MD5, and the SHA family (SHA1, 256, 384, and 512).

Tom Gutschmidt

One class within System.Security.Cryptography, CryptoStream, is provided to encrypt or decrypt content as it is streamed out into a file. Cryptostream defines a stream that links data to cryptographic transformations. Microsoft provides full code versions for implementing CryptoStream within C# or Visual Basic. Following their examples, encrypting a file using CryptoStream is straightforward.

First the System.Security.Cryptography needs to be included, and then a key for encryption or decryption needs to be created or declared. The key must be a constant, and contained within a class or module. There are also other restrictions based on which algorithm is being used.

In VB, these declarations look like this:

Imports System.Security.CryptograhyPrivate Const sSecretKey As String="Key"

And in C# they look like:

Using System.Security.Cryptography;private const string sSecretKey="Key";

After the declarations are made, create a method in the class file with three parameters. The three parameters should be the input file, the output file, and the secret key. In the Q series code examples, Microsoft uses the method EncryptFile, with the parameters sInputFile, sOutputFile, and sKey.

In VB:

Sub EncryptFile (ByVal sInputFilename As String,_ByVal sOutputFilename As String,_ByVal sKey As String)End Sub

And in C#:

static void EncryptFile(string sInputFilename,string sOutputFilenamestring sKey  

EncryptFile needs input and output FileStream objects to handle the reading and writing of the files to be encrypted.


Dim fsInput New FileStream As New FileStream(sInputFilename,_FileMode.Open, FileAccess.Read)Dim fsEncrypted As New FileStream(sOutputFilename,_FileMode.Create, FileAccess.Write)


FileStream fsInput = new FileStream(sInputFilename,FileMode.Open, FileAccess.Read);FileStream fsEncrypted = new FileStream(sOutputFilename,FileMode.Create, FileAccess.Write);

An instance of the service provider class needs to be declared, so that the method can call the appropriate algorithm.


Dim INSTANCE As New serviceprovider()


serviceprovider INSTANCE = new serviceprovider();

The Provider then needs to be given the secret key and an array of bytes. Create an instance of the CryptoStream class using the cryptographic provider to obtain an encryption object (CreateEncrypter) and the existing output FileStream object.


Dim cryptostream As New CryptoSream(fsEncrypted,_Instanceencrypt,_CryptoStreamMode.Write


ICryptoTransform instanceencrypt = instance.CreateEncryptor();CryptoStream scryptostream = new CryptoStream(fsEncrypted, desencrypt,CryptoStreamMide.Write);

Finally, implement the actual encryption. This happens by reading the input file, passing the file through the CryptoStream object, and writing it out to the output file. The CryptoStream object encrypts the write file with the key you provide when it passes through.


Dim bytearrayinput(fsInput.Length  1) As BytefsInput.Read(bytearrayinput, 0, bytearrayinput.Length)cryptostream.Write(bytearrayinput, 0, bytearrayinput.Length)


byte[] bytearrayinput = new byte[fsInput.Length -1];fsInput.Read(nytearrayinput, 0, bytearrayinput.Length);cryptostream.Write(bytearrayinput, 0, bytearrayinput.Length);

Of course, you will need a decrypting method in order to reverse the process. This is almost an identical method, except CreateDecryptor instead of CreateEncryptor is used; and the CryptoStream object will now be the stream source, instead of the stream destination.


  1. You can find full code snippets for using the CryptoStream class to encrypt and decrypt using DES within these Microsoft support Q series articles:
  2. MSDN .NET Framework Developers Guide on cryptographic services:
  3. MSDN’s System.Security.Cryptography library listing:

About the Author

Thomas Gutschmidt is a freelance writer, in Bellevue, Wash., who also works for Widevine Technologies.

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends & analysis

Latest Posts

Related Stories