Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

What's the best method of Encryption whilst using ProtoBuf?

Tags:

serialization

encryption

.net-2.0

protocol-buffers

compact-framework

I've migrated my database on my mobile device away from VistaDB because it's just too slow. I'm now using ProtoBuf instead to create a series of flat files on a Storage Card, the only issue is there's obviously no encryption.

Which encryption method works best with ProtoBuf? I'm basically serializing a collection of data entities to a file, then deserializing from the File back into my collections. I figure the best place to put the encryption would be in the FileStream on the read/write.

The data will contain NI numbers, names and addresses, so this has to be secure. Any idea anyone?

like image 759
djdd87 Avatar asked May 19 '09 09:05

djdd87

People also ask

Is Protobuf more efficient than JSON?

JSON is usually easier to debug (the serialized format is human-readable) and easier to work with (no need to define message types, compile them, install additional libraries, etc.). Protobuf, on the other hand, usually compresses data better and has built-in protocol documentation via the schema.

What is faster than Protobuf?

Cap'n Proto is an insanely fast data interchange format and capability-based RPC system. Think JSON, except binary. Or think Protocol Buffers, except faster. In fact, in benchmarks, Cap'n Proto is INFINITY TIMES faster than Protocol Buffers.

Should I use Protobuf or JSON?

Protobuf supports more data types than JSON. JSON is limited to certain python objects, and it cannot serialize every python object. Protobuf supports a wider range of data types when compared to JSON. For example, enumerations and methods are supported by Protobuf and not supported by JSON.

2 Answers

I think you're on the right track. You should just be able to do something like:

ICryptoTransform encryptor = ...
Stream encStream = new CryptoStream(outputFileStream, encryptor, CryptoStreamMode.Write);
Serializer.Serialize(encStream, obj);
encStream.FlushFinalBlock()
encStream.Close();

ICryptoTransform decryptor = ...
Stream decStream = new CryptoStream(inputputFileStream, decryptor, CryptoStreamMode.Read);
Serializer.Deserialize<Type>(decStream);
decStream.FlushFinalBlock()
decStream.Close();

For the basics of .NET's encryption framework (including how to get the ICryptoTransform objects, see other questions like What’s the best way to encrypt short strings in .NET?.

like image 80
Matthew Flaschen Avatar answered Sep 24 '22 08:09

Matthew Flaschen

Another option is to actually encrypt the entire folder where the data is stored by installing a system-wide file system filter. The advantages here are that:

  1. Your app code is agnostic to the encryption and the encryption will be done in native code.
  2. Since the encryption is done in native code, it's going to be faster
  3. Since the encryption is not inside managed code, it's a lot harder to reverse engineer and figure out your keys, salts, etc.

Of course the disadvantage (for those who don't write C anyway) is that you can't write it in C#.

like image 27
ctacke Avatar answered Sep 23 '22 08:09

ctacke
Sign in to Comment

Related questions

How-to Serialize/Unserialize a SimpleXML Object?
Can we deny a java object from serialization other than giving transient keyword
Serializing multiple DateTime properties in the same class using different formats for each one
Django Rest Framework receive primary key value in POST and return model object as nested serializer
Json and Xml serialization, what is better performance?
Using Jackson to (De)-serialize a Scala Case Class
Setting namespaces and prefixes in a Java DOM document
serialize a large array in PHP?
Why use the `transient` keyword in java? [duplicate]
Convert PHP array string into an array
Is there any point Unit testing serialization?
A dictionary that can save its elements accessed less often to a disk
Xml document signature not valid after deserialization from byte array
Cross-AppDomain call corrupts the runtime
how to serialize a form without jQuery? [duplicate]
Which guarantees do Scala's singletons have regarding serialization?
Deserialize random/unknown types with XmlSerializer [duplicate]
Derived class serialization without class tracking in Boost (C++)
How to serialize/deserialize Pandas DataFrame to and from ProtoBuf/Gzip in a RESTful Flask App?
Serialize Dictionary<TKey, TValue> to JSON with DataContractJsonSerializer

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!