CAT.NET Forum

Do i require a third party firewall for my server?

Sun, 29 Nov 2009 07:34:14 Z

I do not have any ports opened on my Windows Firewall. Do i still require to go for a third party firewall like Sonicwall? What advantage do i get if i go for a third party firewall?

VS 2008 SP1 and CAT.NET(1.1.1.9) as FxCop Rule problem

Thu, 26 Nov 2009 13:31:42 Z

Hello, I'm really new with this, and I couldn't find a solution.
This is the situation:

I've been trying to use CAT.NET, as an FxCop Rule.
I've done everything according to FAQ.rtf document, I've copied Microsoft.ACESec.CATNet.Core.dll file, and \Config and \Rules folder, to FxCop\Rules folder (in VS 2008 folder).
I'm able to see the rule (Interprocedural Dataflow Rules ) in Code Analysis rule list (Project->Properties), but when I try to run Code Analysis, I receive an error saying that Microsoft.ACESec.CATNet.Core.dll contains no FxCop Rules .

CA0053 :
Unable to load rule assembly 'C:\Program Files\Microsoft Visual Studio 9.0\Team Tools\Static Analysis Tools\FxCop\Rules\Microsoft.ACESec.CATNet.Core.dll': The assembly contains no FxCop rules.

Any suggestion (magic trick)??

Thanx, Laureano.

Event 7000

Sun, 22 Nov 2009 02:34:55 Z

I have received several of the following errors in the Event Viewer/Administrative Events:

"The Windows CardSpace service failed to start due to the following error:

The service did not respond to the start or control request in a timely fashion.

Log Name: System
Source: Service Control Manager Eventlog Provider
Event ID: 7000
Level: Error
User: N/A
OpCode: Info
Task Category: None
Key Words: Classic"

I have checked the Web and am not sure if my computer has been compromised. Would appreciate any help. Thanks!

I checked the Web and am not sure which applies. Can you tell me what this could mean?

How do you stop the "Publisher Cannot Be Verified" screen from popping up when your program is being installed?

Sat, 21 Nov 2009 19:51:23 Z

I don't want to change the settings on my computer. Is there something you do in Project > Publish?

Windows 7 antivirus

Fri, 20 Nov 2009 13:39:51 Z

I am about to install Windows 7, I have run my 2009 Norton internet security disc. Norton has flagged up that i dont have Malware/spyware cover.
Ive looked on the microsoft site for software but it says about Vista, which is what im running now, nothing about recommended spyware for 7
Do i have to pay for spyware protection.
What spyware would you reccomend, i spend a lot of time on the internet sometimes the sites see seem i bit iffy

emergency : my page is in attack

Wed, 18 Nov 2009 19:12:36 Z

hi friends some one are attacking my web site,he/she is requesting my site over and over ( his/her IP addrress seems changing randomly )..what can i do ? Thanks

gaining access to my computer by remote or hacking

Wed, 18 Nov 2009 14:09:29 Z

is there anyway i can look on my computer to see if anyone is trying to gain remote access or
access by any other means, i feel like someone is looking at my information and just checking out
what im looking at on my computer in general

Restart this forum

Sat, 14 Nov 2009 17:19:58 Z

Can we please shut this sub-forum down, and restart it under either .NET Development or the VSTS Code Analysis forum?

This forum has totally lost all usefulness due to people coming in and trashing it with questions completely unrelated to CAT.NET. So actual CAT.NET users don't have a good place to collaborate or find good information.

Can we just migrate this to a new forum, and move the CAT.NET related threads along with it so as not to lose any information?

Thanks,
Silvio

Digital Signature with two Hash

Tue, 10 Nov 2009 09:03:11 Z

I have to do Digital Signature for xml document.
In this case, there is difference with regular Digital Signature.
That is element <Reference> is two, and Transform of one of them is

<ds:Transform Algorithm="http://docs.oasis-open.org/wss/oasis-wss-SwAProfile-1.1#Attachment-Content-Signature-Transform" />

And, I guess, cannot use SignedXml Class because, this kind of alogrithm is not supported by .net Framework.
So, I will try to include Crypto Api directly then, extract Sha-1 DigestValue and get SignatureValue by PrivateKey encoding of that.
But I wonder, how to encrypt in this situation? (there are each TWO <Reference> in <SignedInfo> & DigestValue)

Secnarf

Mon, 09 Nov 2009 15:15:41 Z

I recently loaned my computer to a very computer-wise friend whom I no longer trust. I want to ensure that he cannot access any information etc that I have on my computer now or in the future.
Is there any way I which I can check if he has access to my computer from his own or any other computer?
I am not very computer literate myself.

How can I block other people on a LAN I am on from accessing my computer?

Sun, 08 Nov 2009 08:03:30 Z

Security software and using a router makes no difference. It's not my LAN.
I didn't set it up, I didn't sign up for it, and I never gave anyone permission to use my connection or access my computer. I'm not using a router. I've tried to get my ISP to help but they won't and I've tried everything I could do myself. I'm getting hacked by someone really vicious and it is ruining my life. I need some advice!

Thanx - MUCH

Please help me quick! I've discovered that everything I do goes directly to my internet history!

Sun, 08 Nov 2009 07:47:27 Z

Every time I open any file, be it documents, pictures or whatever it goes strait to my intertnet history. I don't want it there because I have a hacker and I think they will post or store it somewhere. I don't want it going online! I had a story I was writing once stolen this way. I tried turning off the file sharing but it's still happening.

Thanx, friends!

Security-hole in Vista Home Prem.?

Thu, 06 Aug 2009 10:34:27 Z

I was recently checking my security log and i found this:

It was logged on an account.

Topic:
Security ID: SYSTEM
Account name: KEVIN-PC $
Account Domain: WORKGROUP
Login ID: 0x3e7

Logon Type: 5

New login:
Security ID: SYSTEM
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Login ID: 0x3e7
Sign-GUID: (00000000-0000-0000-0000-000000000000)

Process information:
Process ID: 0x284
Process Name: C: \ Windows \ System32 \ services.exe

Network Information:
Name of workstation:
Address to the source network: --
Source Port: --

Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: negotiate
Transferred services: --
Package Name (NTLM only): --
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer where access was granted.

Subject field, enter the account on the local system which requested the logon. This is usually a service that the Server service, or a local process that Winlogon.exe or Services.exe.

Logon Type field indicates what type of credentials that were used. The most common types are 2 (interactive) and 3 (network).

The fields for the new sign indicates which account the new login was created from, ie the account that was logged on.

Network fields indicate where the remote login request came from. The name of the workstation is not always available, and the field can sometimes be empty.

The fields with authentication information provides detailed information about this specific logon request.
- Sign-GUID is a unique identifier that can be used to coordinate this event with a KDC event.
- Beamed services indicate which intermediate services have participated in this logon request.
- Package name indicates which under the protocol used among the NTLM protocols.

Is it a hacker that tryies to hack into my system?

IIS 7 certificates

Thu, 05 Nov 2009 07:50:24 Z

Hello!

I want to implement this on my site. I want to create certificate and then e-mail it to user. User then install this certificate and he can access site. Anyone without certificate can't access site. Can anyone tell me what is procedure to implement this for free :).

Thank you

Security Confusion

Tue, 03 Nov 2009 19:24:55 Z

I just DON'T at all understand this!
I have 2 virtual servers on the same machine. Same network, same domain (CTD). I'm working on a website using AJAX/ASP NET 3.5. I wanted to implement aspnet security and that is where all the issues popped up and I am unable to make anything work from an outside browser. If you can help please do so BUT please don't point me at any "great examples". I have tried at least a dozen of them and none of them work in my configuration. I need a more targeted description applied to my situation. I don't need a first select this from this menu, etc approach. I need a generalized explanation of WHY I'm doing WHAT. I am a fairly competent SQL developer with some experience in other languages. Here are the specifics;

Until I tried to implement security everything worked as I wanted. Since I was on a closed system behind a firewall not even on our corporate network. All my pages correctly loaded data from a SQL Server 2005 instance (CTDB) on a virtual server. I was using the sa account and password to connect to the database from pages on another virtual server WWW. I was working from an admin account in Visual Studio 2008 adm. I created a new page and used a plain login object and created a login/pass in the asp .net configuration tool from the website menu. The login which used the above configuration worked with no issues from Visual Studio. But when I tried to login to the web site outside of VS I entered my login/pass and then got an issue that login failed for sa. I had my net admin create a new user ID specifically for this and changed all the entries in web config and the database configuration to use the new login/pass. I tried again and got the same error FOR SA! But now I get it from Visual Studio AND outside browsers. To make a long story short this is where I now am. I've been trying to make this work for about a week and still can't get it to work. So my questions are these:

What is keeping the new login/pass from working? I can connect using RDC to the server and the SQL server using the new login.

How do I setup the ASPSQLNETPROVIDER to use a SQL database NOT the Access file on the website? Again, I have looked at a bunch of examples and NONE of them make any sense. Isn't there a straightforward example with out all kinds of Form based application. I want this to work from a website not a Forms application.

Is there a way to import my current users table from SQL server to the ASPNETSQLPROVIDER table(s)?

Thanks for any help and guidance that anyone can offer,

Joe B

Trojan downloader 32

Mon, 26 Oct 2009 15:30:11 Z

I have that trojan in mu laptop ,it stops my anti virus Kasperesky from working,and I tried to scan with security essential ,
but it stops in the middle of scanning,and shows a message code Ox80070005, can you help please

How to retrieve the password from active directory?

Mon, 26 Oct 2009 11:03:18 Z

I know that there is no way to get the password in plain text, because it is written in hashed form on AD, but is there a way to get the hashed password from active directory?

I need to validate user against the AD, and then add him to DB, so I need his password, and also I need to know the encryption method that AD uses, so I can encrypt password myself when validating password against DB alone.

Thanks.

DES Initialization Vector in C#

Sun, 25 Oct 2009 20:01:05 Z

I am trying to decrypt (using the DES algorithm) data that comes from a third party in C# code. There are plenty of examples here and elsewhere that have helped me out. The problem is that I don't know what to use for the 'initialization vector'. The initialization vector is required. I believe the third party uses CBC mode.

The third party supplied a tool for use on the command line (DES.EXE, which I believe is an out-of-the-box build of the libdes library v4.01) which only requires that you supply an encryption key. So, I can decrypt fine with the command line tool. However, I would rather not spawn a process to run the tool from my code.

My question is how do I generate/find that initialization vector. I am 99.9% sure it can be done from looking at other posts but I can't figure it out. I talked to the third party and they said they do not support that approach. In other words, they would not help me. Any help I can get here would be greatly appreciated.

Certificate Problem

Sat, 12 Sep 2009 05:48:36 Z

I have created a certificate having my windows mobile connected & added acertificate using Device Security Manager
& disconnected my device .
Then from my certificate mannager I deleted that certificate .
Now from next time when ever I am trying to connect my device it is asking me to install that cetificate.
Currently I don't have that certifcate & from my visual studio I can't connect to my device .Pls guide me .

portable execution file format

Tue, 20 Oct 2009 14:00:22 Z

Microsoft Windows follows an executable file format called the PE (Portable Executable) files. A typical virus / mal-code tries to alter the file and inject malicious code in the file so that it would run during the life time of the program. By studying the file format indicate how this may be averted or what mechanisms are in place already to avoid it. Furthermore what modifications / mechanism do you suggest which may make changes to on-disk executable difficult if not impossible.

virus

Sat, 19 Sep 2009 17:00:29 Z

My computer reciently atarted to display a virus warning telling me it was infected and now no mater what I try I can't stop it. what can I do?

Key cannot be null error

Wed, 30 Sep 2009 13:41:57 Z

When trying to run cat.net against any of our main projects, I get a key cannot be null error. It seems to work with are utility programs. I am not sure wether it is project size or has something to do with having multiple projects in the solution that reference each other, or code that is common in all our projects. Does anybody have any ideas? Thanks.

C:\Program Files\Microsoft\CAT.NET>catnetcmd /file:c:\soskbsource\nc_branch\proj
ects\soskb.main\bin\soskb.main.exe
Microsoft (R) Code Analysis Tool for .NET (CAT.NET) Version 1.1.1.9
Copyright (C) Microsoft Corporation. All rights reserved.

Running in 32-bit mode

9/30/2009 9:36:57 AM:Info : Starting analysis [1 modules]
9/30/2009 9:36:57 AM:Info : Analyzing module Soskb.Main...
Key cannot be null.
Parameter name: key

Unable to download patches from download.microsoft.com when it is replaced with IP address (IP address is obtained via nslookup)

Fri, 09 Oct 2009 02:04:36 Z

Hi all, i'm trying to set up a proxy server to allow pc in our internal network to download patches from download.microsoft.com. The proxy server is configured to translate URLs to IP address, e.g. www.microsoft.com to 207.46.192.254 and so on. Everything worked fine (from www.microsoft.com/technet/security/current.aspx) until the download part. If we replace download.microsoft.com with the nslookup IP address, we get a HTTP 400 error. For e.g., we can download a specific patch using http://download.microsoft.com/download/E/9/1/E9177048-A278-476F-8A1A-81C68AC24E7C/WindowsServer2003-KB967723-x86-ENU.exe , but when we use http:// 124.155.222.50 /download/E/9/1/E9177048-A278-476F-8A1A-81C68AC24E7C/WindowsServer2003-KB967723-x86-ENU.exe , we get a HTTP 400 error.

I think the problem lies with IP address for download.microsoft.com. The IP addresses that we found for download.microsoft.com are 124.155.222.50 and 124.155.222.65 (via nslookup). Can anyone enlighten me please?
Thanks so much in advance!

PS: I'm sorry if I posted on the wrong forum.

When will CAT.Net be production ready?

Fri, 09 Oct 2009 19:22:30 Z

When will this be out of CTP and be in either RC or Production ready? I want to leverage this in our daily build process but our security team is skeptical about using a security scan tool that is still in CTP.

Tom

Graphical User Interface: It was like playing a mmorg but for monitoring people surfing the internet!

Mon, 05 Oct 2009 14:17:05 Z

I have a question about the graphical user interface internet, the one that you punch in someones digital ID into the open field and it tunnels you directly into their house(computer). I was wondering if anyone has ever used it before or how you use it? There is the M.O.M avatar for all personal computers which is a middle aged female it looked like, with sometimes a avatar 50% in size reduction following her which is a teredo. The male avatars are server or domain controller computer's.

So if that rings a bell to anybody let me know and if you want to see screen shots and or other documentation send me a note!

hrm, The mousepen wont work in this field!

How does the Geneva implement the SSO with the passive STS?

Tue, 29 Sep 2009 01:20:13 Z

Hi

Now I am learning the WIF(Geneva), however I could not find any official paper that to say "How does the Geneva implement the SSO with the passive STS", I can guess something however I want to hear the official explain like a white paper.

Exe is not working after signing with SignTool

Thu, 24 Sep 2009 05:28:04 Z

Hello everyone,

I have created a Java application & bundled it in Jar file.
After that I have create exe with JSmooth & signed it. Its working perfectly fine. But now I want to switch from Jsmooth to Launch4j, this also creating exe like Jsmooth. The exe is working fine, but after signing with Signtool, its shows me error about INVALID Jar, so I think Signtool is not able to sign the exe created by launch4j. So what should I do ?

Please suggest me, I am using following batch file to sign the exe.

set File1=LM.exe

set TimeURL=http://timestamp.comodoca.com/authenticode
set StorePass=demo111

signtool.exe sign /f SignCode\LM.p12 /p %StorePass% /v /t %TimeURL% "%File1%"
signtool.exe verify /v /a "%File1%"

Thanks in advance,
Laxmilal Menaria

VB preventing software to be cracked

Sat, 19 Sep 2009 11:07:41 Z

dear all

We have a construction company and I am designing a program in Visual basics for it. This program is intended to be installed only on the computers in our office ( its not going to be distributed ). There is always a risk that one of our employees will take our software and distribute it . Is there anyway to prevent this. If not how can we make this as difficult as possible??

any help or references would be most appreciated.

Can i create a custom Folder under the program files directory on vista

Thu, 10 Sep 2009 16:02:32 Z

Hello everyone,
I have built an appliaction in c++ that must run in a user level to be able to retrieve some particular informations.
The problem is that i want this application to write to a folder under the program files directory.
Is it possible to customize the folder's security rights to solve this
The application must run on vista and xp.
Please help, thank you

I want to remove the fake program called Windows Protection suite for free of charge.

Sat, 29 Aug 2009 18:19:04 Z

I have this program called Windows protection Suite that has just appeared on my computer.I don't know how I got this program but it is causing proplems for my computer.It has slowed down speed wise ,and is interupting anything I do online.I need to remove this program.I have AVg but it hasn't helped remove this program.

Time of execution of RsaDecrypt by cmck.exe

Thu, 10 Sep 2009 06:08:57 Z

Dear All, I have one question. 
How long is period of execution of tests of this function by the cmck exec 
CardRsaDecrypt Positive module ?

Thank You.
Jarek

CAT.NET and Anti-XSS 3.0

Mon, 07 Sep 2009 02:28:50 Z

Might CAT.NET recognize the protection of the Anti-XSS Security Runtime Engine (SRE) module, some day ? Verifying that SRE is properly configured !

monitoring browsers

Wed, 29 Jul 2009 13:19:07 Z

What is the best way to monitor web pages beeing visited (when, for how long .. ) and web browsers' events, not only for Internet Explorer but also for other web browsers. Thanks in advance :)

Install updates for your computer

Sun, 09 Aug 2009 16:49:07 Z

Hiya,
I am not '.net' user.
Window update ask me to install the upate "Microsoft .NET Framework 3.5 Family Update (KB951847) X86"
Also it is saying 'Security' update!?!
I am just wondering... how .net framework 3.5 is related to my desktop security!?!
Is it something like... Marketing/ forcing the user to install .net framework and let their system die (make system slow)?
Can anyone help on this?

Thanks in advance.

-Visamal.

Need help in recovering my image files which are encrypted in Microsoft myprivate folder 1.0

Fri, 21 Aug 2009 16:41:29 Z

Hello, I have microsoft myprivate folder 1.0 installed in my old laptop. Due to virus attack, its Operating system got corrupted. Some how I have recovered all the important files. But I have very rare and important files saved in myprivate folder. I am able to copy and recover those to external HDD, but not able to open those files. Please tell me how to recover those files, they are very rare and important files. Please help me open those files. Please let me know any software to open those files. Please help me out.

How can I disable the "Security Warning" message box when add a CA to the current user's root CA store

Mon, 17 Aug 2009 02:34:28 Z

When using CertAddCertificateContextToStore to add a CA into “ROOT” CA store of Current User，that will pop up a security warning message box.

Is there any way to disable it?

There is a workaround of this issue， To write the CA into registry directly .

HKEY_CURRENT_USER\Software\Microsoft\SystemCertificates\Root\Certificates\36D786132AB6562784FAE4F72461A7BD1558131E.

The key {36D786132AB6562784FAE4F72461A7BD1558131E} is the thumbprint of this CA,while ,what its binary{Blob} value is? What's the relation between CA and the {Blob} value？

Thanks

Tiger

Why do I get different CAT.NET results in these similar cases?

Tue, 01 Sep 2009 17:43:43 Z

I think I might gain a lot more understanding of CAT.NET if someone could explain the difference in behavior for some similar pretty similar data flows:

I created a C# Web Application Project in VS2005 with a single Default.aspx page whose .cs file looks like this:

using System;
using System.Data;
using System.Data.SqlClient;

namespace CatSite
{
    public partial class _Default : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {
            string fooStr = Request["Foo"];
            SqlCommand cmd = new SqlCommand(fooStr);
        }

        static string IndirectlyUntaint(string s)
        {
            return UntaintTools.UntaintTools.UntaintString(s);
        }
    }

}

namespace UntaintTools
{
    public class UntaintTools
    {
        public static string UntaintString(string s)
        {
            return s;
        }
    }
}

If I run the Sql Injection ruleset on this website, it picks up a problem originating in fooStr, which makes sense. Similarly, if I use the following Page_Load instead:

        protected void Page_Load(object sender, EventArgs e)
        {
            string barStr = Request["Bar"];
            SqlCommand cmd2 = new SqlCommand(UntaintTools.UntaintTools.UntaintString(barStr));
        }

then it reports a sql vulnerability originating with barStr, which also makes sense.

However, if I use this Page_load:

        protected void Page_Load(object sender, EventArgs e)
        {
            string bazStr = Request["Baz"];
            SqlCommand cmd3 = new SqlCommand(IndirectlyUntaint(bazStr));  
        }

then no sql vulnerability is reported. I know CAT.NET is going to have some false negatives, but is there an easy-to-comprehend reason why this would be one of them? Is calling a method via a second method different in some critical way from calling a method directly?

Help clarify how the CAT.NET BuiltinFilters work?

Tue, 01 Sep 2009 17:11:35 Z

I really like how you can open up C:\Program Files\microsoft\CAT.NET\Rules and inspect the rules that CAT.NET is using, and even modify them. As I've tried to modify the default rulesets slightly to produce fewer false positives with my codebase, though, I've realized that things aren't quite as intuitive as they first appeared. As such, I'm wondering if we could get some clarification on how Filters work. Here are some particular questions:

The PrimitiveReturnTypes filter is declared like so:

		<!-- Ignore data flow paths that have primitive return types -->
		<BuiltinFilter name="PrimitiveReturnTypes" description="Primitive Data Type">
			<Action>Ignore</Action>
		</BuiltinFilter>

I understand what it might mean for a method to have a primitive return type (e.g. a method that returns an int, string, bool, etc.), but I'm not sure I understand what it would mean for a data flow path to have a primitive return type. Are there any example? One thing that surprised me was that disabling this filter didn't seem to change the number of potential vulnerabilities detected in my application. It would be nice if you could ultimately document which particular types count as primitive too.

The DatabaseQueryResult filter is declared like this:

		<!-- By default, we ignore data flow paths that contain data that is
		     retrieved from the database.  This is because we cannot assume the format
			  of the schema or the type of data queried.
		  -->
		<BuiltinFilter name="DatabaseQueryResult" description="Ignore results from DB queries">
			<Action>Ignore</Action>
		</BuiltinFilter>

This filter is enabled in the SqlInjection.xml ruleset by default, and yet I get a number of results in my sql injection error report where the source vector is listed as "Database". Does this make sense? It looks to me like if this filter were enabled, that would get rid of all vector=Database hits in the error report.

The CallToMethod filter looks like this:

		<BuiltinFilter name="CallToMethod" description="Parameterized SQL">
			<Arguments>
				<Argument>System.Data.SqlClient</Argument>
				<Argument>SqlParameter</Argument>
				<Argument>.ctor</Argument>
			</Arguments>
			<Action>Ignore</Action>
		</BuiltinFilter>

It looks like the Arguments to CallToMethod are supposed to be namespace, class, and method. Can you confirm this? If a class has overloaded methods (i.e. methods with the same name but different signatures), how are you supposed to specify which overload you want? Is the filer supposed to apply equally to all overloads? Are there any tricks here? For example, are there any circumstances under which a method you instructed CAT.NET to ignore would nonetheless show up in one of the dataflow paths in your final vulnerability report?

credential provider (32 vs 64 bit)

Thu, 27 Aug 2009 16:22:49 Z

Can a credential provider built as a 32 bit app execute without modification on a windows vista/7.0 64 bit platform?

thanks
dmm

decryption of file but runtime error

Wed, 26 Aug 2009 16:50:52 Z

m having problem wid dis code....it is giving error at run time dat stream is not writabl....plz help
using System;

using System.Collections.Generic;

using System.Text;

using System.IO;

using System.Security.Cryptography;

namespace DataEncryption

{

    class Program

    {

        static void Main(string[] args)
        {
            Console.Write("Source:");
            String input = Console.ReadLine();


            Console.Write("Destination:- C:\\encryp.txt ");
            Console.Write("Destination:- C:\\decryp.txt ");


            string encryp = @"C:\encryp.txt";
            // step1: Create the stream objects

            FileStream inputStream = new FileStream(input, FileMode.Open, FileAccess.Read);

            FileStream outputStream = new FileStream(encryp, FileMode.OpenOrCreate, FileAccess.Write);

            //step2: Create the symmetric algorithm object

            SymmetricAlgorithm myAlgo = new RijndaelManaged();

            //step3: Specify the key

            myAlgo.GenerateKey();

            //Read the unencrypted data

            byte[] fileData = new byte[inputStream.Length];

            inputStream.Read(fileData, 0, (int)inputStream.Length);

            //step4: Create the ICrypto transform object

            ICryptoTransform encryptor = myAlgo.CreateEncryptor();

            //step5: Create the CryptoStream object

            CryptoStream encryptStream = new CryptoStream(outputStream, encryptor, CryptoStreamMode.Write);

            //step6: Write the contents to the crypto stream

            encryptStream.Write(fileData, 0, fileData.Length);

            encryptStream.Close();

            inputStream.Close();

            outputStream.Close();


            //decryption


                string decryp = @"c:\decryp.txt";
                // step1: Create the stream objects

                FileStream deinputStream = new FileStream(encryp, FileMode.Open, FileAccess.Read);

                FileStream deoutputStream = new FileStream(decryp, FileMode.OpenOrCreate, FileAccess.Write);
                //step2: Create the symmetric algorithm object

                //SymmetricAlgorithm myAlgo1 = new RijndaelManaged();
                //step3: Specify the key

               myAlgo.GenerateKey();


                //Read the encrypted data
               byte[] fileData1 = new byte[deinputStream.Length];
                deinputStream.Read(fileData1, 0, (int)deinputStream.Length);
                //step4: Create the ICrypto transform object

                ICryptoTransform dncryptor = myAlgo.CreateDecryptor();
                //step5: Create the CryptoStream object

                CryptoStream dncryptStream = new CryptoStream(deinputStream, dncryptor, CryptoStreamMode.Write);

                //step6: Write the contents to the crypto stream

                dncryptStream.Write(fileData1, 0, fileData1.Length);
                //dncryptStream.Write(fileData1, 0, fileData1.Length);

                dncryptStream.Close();
                deinputStream.Close();
                deoutputStream.Close();
                Console.ReadKey();

        }
    }

}