locked
When upload a pdf file with encryption, I get problems as following RRS feed

  • Question

  • User-786564416 posted
    • I have a FileUpload control with multiple attachments (5 files):
    <asp:FileUpload ID="AttachmentsSelecter" runat="server" onchange="IsFileSelected()"  
    Width="495px" BorderColor="Black" BorderStyle="Solid" Height="35px" BackColor="White" BorderWidth="2px" style="font-size: 22px; font-family: 'sakkal Majalla';            -moz-border-radius: 15px;-webkit-border-radius: 15px;border-radius: 15px;" 
    cssclass="FileUploadStyle" AllowMultiple="True" />
    
    
    
    • The Uploading process is done by looping through each attached file as following:
    Public Sub UploadAttachments(ByVal StorageUnit As Integer)
            Dim CharString = "ABCDEF"
            Dim i As Integer = 0
            Dim ServerPathPF As String = TDClass.GetTheServerStoragePath(StorageUnit)
            For Each postedFile As HttpPostedFile In AttachmentsSelecter.PostedFiles
    
                Dim fileName As String = Path.GetFileName(postedFile.FileName)
    
                Dim TheSelectedFileSourcePath As String = postedFile.FileName
                Dim DotPos As Integer = InStr(TheSelectedFileSourcePath, ".")
                Dim FileExtension As String = TheSelectedFileSourcePath.Substring(DotPos, Len(TheSelectedFileSourcePath) - DotPos)
                TheAttachedFileServerPath = ServerPathPF & LetterIDPublic & CharString(i) & "." & FileExtension
    
                
                TheAttachedFileServerPathEncrypted = ServerPathPF & LetterIDPublic & CharString(i) & "_enc" & "." & FileExtension
                
                If System.IO.File.Exists(TheAttachedFileServerPath) = True Then
                    System.IO.File.Delete(TheAttachedFileServerPath)
                End If
                postedFile.SaveAs(TheAttachedFileServerPath)
                
                Me.Encrypt(TheAttachedFileServerPath, TheAttachedFileServerPathEncrypted)
    
                'Download the Encrypted File.
                Response.ContentType = postedFile.ContentType
                Response.Clear()
                Response.AppendHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(TheAttachedFileServerPathEncrypted))
                Response.WriteFile(TheAttachedFileServerPathEncrypted)
                Response.Flush()
    
    
                'Delete the original (input) and the encrypted (output) file.
    
                File.Delete(TheAttachedFileServerPath)
                File.Delete(TheAttachedFileServerPathEncrypted)
    
                Response.End()
                
    
                i = i + 1
            Next
        End Sub

    The "AttachedFileServerPath" variable is the full path of the filename to be uploaded with its extension, including the storage location.

    The "AttachedFileServerPathEncrypted" variable is the full path of the filename to be uploaded (with encryption) with its extension, including the storage location.

    • The process of encrypting the file:
     Private Sub Encrypt(inputFilePath As String, outputfilePath As String)
    
            Dim EncryptionKey As String = "MAKV2SPBNI99212"
            Using encryptor As Aes = Aes.Create()
    
                Dim pdb As New Rfc2898DeriveBytes(EncryptionKey, New Byte() {&H49, &H76, &H61, &H6E, &H20, &H4D, &H65, &H64, &H76, &H65, &H64, &H65, &H76})
    
                encryptor.Key = pdb.GetBytes(32)
                encryptor.IV = pdb.GetBytes(16)
    
                Using fs As New FileStream(outputfilePath, FileMode.Create)
                    Using cs As New CryptoStream(fs, encryptor.CreateEncryptor(), CryptoStreamMode.Write)
                        Using fsInput As New FileStream(inputFilePath, FileMode.Open)
                            Dim data As Integer
                            While (Assign(data, fsInput.ReadByte())) <> -1
                                cs.WriteByte(CByte(data))
                            End While
                        End Using
                    End Using
                End Using
    
            End Using
    
        End Sub
    
        Private Shared Function Assign(Of T)(ByRef source As T, ByVal value As T) As T
            source = value
            Return value
        End Function
    • Once I perform the uploading with encryption as what given above, I got the following problems:
      1. Instead of storing the encrypted file at the designated location as specified in the "AttachedFileServerPathEncrypted", A popup window is shown with message of "What should do with this file (2018-1069-100A_enc.pdf): Open with Adobe Acrobat Document, Save file".
      2. When opening the above supposed encrypted file, A message shown with "Adobe Reader Couldn't open 2018-1069-100A_enc.pdf" because it is either not a supported file type or because the file has been damages.
    • Please have a look to these screen shots:
      1. First image:
      2. Second Image

    • SO WHY THIS PROBLEMS APPEARED? IS THE CODE I WROTE FRO ENCRYPTION IS ACCURATE AND VALID?
    Wednesday, October 10, 2018 8:08 PM

All replies

  • User475983607 posted

    The common approach is simply implementing SSL/TLS (HTTPS).  The code you've shown uploads a pdf, encrypts the pdf, then sends the encrypted pdf back to the client with a pdf extension.  Of course the pdf viewer can't open the file it's encrypted!

    Wednesday, October 10, 2018 8:35 PM
  • User409696431 posted

    Your code is doing exactly what you are telling it to:

     Me.Encrypt(TheAttachedFileServerPath, TheAttachedFileServerPathEncrypted)
    
                'Download the Encrypted File.
                Response.ContentType = postedFile.ContentType
                Response.Clear()
                Response.AppendHeader("Content-Disposition", "attachment; filename=" + Path.GetFileName(TheAttachedFileServerPathEncrypted))
                Response.WriteFile(TheAttachedFileServerPathEncrypted)
                Response.Flush()
    
    
                'Delete the original (input) and the encrypted (output) file.
    
                File.Delete(TheAttachedFileServerPath)
                File.Delete(TheAttachedFileServerPathEncrypted)
    

    You encrypt the file you have uploaded, download it, then delete both the encrypted and non-encrypted file from the server.

    Since you are downloading an encrypted file, of course is is not a valid PDF and Adobe Reader can't read it.

    What is your actual intent?  Your title says "upload with encryption", but, to be clear, you are uploading a file to the server, then you are encrypting it on the server.

    Thursday, October 11, 2018 2:02 AM