EncryptedStream

Class Overview

Provides a stream that encrypts and decrypts data using an SslStream.

The EncryptedStream class allows you to wrap an existing stream to add encryption and decryption capabilities on top of an established SSL/TLS connection. This is typically used in network communication protocols where secure data transfer is required.

Constructors

• EncryptedStream(Stream innerStream, bool leaveInnerStreamOpen)
  Initializes a new instance of the EncryptedStream class with the specified inner stream and a value indicating whether to leave the inner stream open upon closing.
• EncryptedStream(Stream innerStream, bool leaveInnerStreamOpen, RemoteCertificateValidationCallback userCertificateValidationCallback)
  Initializes a new instance of the EncryptedStream class with the specified inner stream, a value indicating whether to leave the inner stream open upon closing, and a callback delegate for validating the remote certificate.

Properties

• CanRead : bool
  Gets a value indicating whether the stream supports reading.
• CanSeek : bool
  Gets a value indicating whether the stream supports seeking. Always returns false for EncryptedStream.
• CanTimeout : bool
  Gets a value indicating whether the stream supports timeouts.
• CanWrite : bool
  Gets a value indicating whether the stream supports writing.
• InnerStream : Stream
  Gets the underlying stream that was wrapped by this EncryptedStream.
• Length : long
  Gets the length of the stream. Always throws NotSupportedException for EncryptedStream.
• Position : long
  Gets or sets the position within the stream. Always throws NotSupportedException for EncryptedStream.
• ReadTimeout : int
  Gets or sets a value, in milliseconds, that determines how long the stream will attempt to read before timing out.
• WriteTimeout : int
  Gets or sets a value, in milliseconds, that determines how long the stream will attempt to write before timing out.

Methods

• AuthenticateAsClient(string targetHost)
  Authenticates the client side of the stream using the specified target host name.
• AuthenticateAsClient(string targetHost, System.Security.Cryptography.X509Certificates.X509CertificateCollection clientCertificates, System.Security.Cryptography.OidCollection acceptableProtocols, bool checkCertRevocation)
  Authenticates the client side of the stream using the specified target host name, client certificates, acceptable protocols, and revocation check setting.
• AuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, bool clientCertificateRequired, System.Security.Cryptography.OidCollection acceptableProtocols, bool checkCertRevocation)
  Authenticates the server side of the stream using the specified server certificate, whether client authentication is required, acceptable protocols, and revocation check setting.
• BeginAuthenticateAsClient(string targetHost, AsyncCallback callback, object state)
  Begins an asynchronous request to authenticate the client.
• BeginAuthenticateAsServer(System.Security.Cryptography.X509Certificates.X509Certificate serverCertificate, AsyncCallback callback, object state)
  Begins an asynchronous request to authenticate the server.
• Close()
  Closes the current stream and releases any resources associated with the current stream.
• Dispose()
  Releases all resources used by the EncryptedStream.
• EndAuthenticateAsClient(IAsyncResult asyncResult)
  Ends an asynchronous authentication request.
• EndAuthenticateAsServer(IAsyncResult asyncResult)
  Ends an asynchronous authentication request.
• Flush()
  Clears all buffers for the current stream and causes any buffered data to be written to the underlying device.
• Lock(long position, long length)
  Sets the current position within the stream to the specified value. Always throws NotSupportedException for EncryptedStream.
• Read(byte[] buffer, int offset, int count) : int
  Reads a sequence of bytes from the current stream and advances the position within the stream by the number of bytes read.
• Seek(long offset, SeekOrigin origin) : long
  Sets the current position within the stream to the specified value. Always throws NotSupportedException for EncryptedStream.
• SetLength(long value)
  Sets the length of the stream. Always throws NotSupportedException for EncryptedStream.
• Unlock(lockToken)
  Resumes the normal, asynchronous I/O operations. Always throws NotSupportedException for EncryptedStream.
• Write(byte[] buffer, int offset, int count)
  Writes a sequence of bytes to the current stream and advances the position within the stream by the number of bytes written.

See Also

• System.Net.Security Namespace
• Base Class Library

Example

The following code example demonstrates how to use EncryptedStream to wrap a TCP client's network stream for secure communication.

using System;
using System.Net.Sockets;
using System.Net.Security;
using System.Security.Cryptography.X509Certificates;
using System.IO;
using System.Text;

// This is a simplified example. Real-world SSL/TLS implementation
// requires careful certificate management and error handling.

public class SecureClient
{
    public static void ConnectAndCommunicate(string hostname, int port)
    {
        using (TcpClient client = new TcpClient())
        {
            try
            {
                client.Connect(hostname, port);
                using (NetworkStream stream = client.GetStream())
                {
                    // Use EncryptedStream to wrap the NetworkStream
                    // For client authentication, typically you don't provide client certs unless required by server
                    // targetHost should match the certificate's common name or subject alternative name
                    EncryptedStream encryptedStream = new EncryptedStream(stream, true);

                    // Authenticate as client. Null certificate means no client certificate is presented.
                    encryptedStream.AuthenticateAsClient(hostname);

                    // Now you can use encryptedStream for sending and receiving encrypted data
                    string messageToSend = "Hello, secure server!";
                    byte[] messageBytes = Encoding.ASCII.GetBytes(messageToSend);
                    encryptedStream.Write(messageBytes, 0, messageBytes.Length);
                    encryptedStream.Flush();
                    //Console.WriteLine($"Sent: {messageToSend}");

                    // Example: Reading response (simplified)
                    byte[] buffer = new byte[1024];
                    int bytesRead = encryptedStream.Read(buffer, 0, buffer.Length);
                    string response = Encoding.ASCII.GetString(buffer, 0, bytesRead);
                    //Console.WriteLine($"Received: {response}");
                }
            }
            catch (Exception ex)
            {
                //Console.Error.WriteLine($"An error occurred: {ex.Message}");
            }
        }
    }
}