Encryption API for C# SDK
PubNub C# SDK includes message and file encryption. This page explains how to configure the CryptoModule and how to encrypt and decrypt data. The SDK supports 128-bit Advanced Encryption Standard (AES) and 256-bit AES in Cipher Block Chaining (CBC) mode (AES-CBC).
For general SDK configuration and initialization, refer to the Configuration page.
Configuration
CryptoModule configuration
To configure the CryptoModule to encrypt all messages/files, you can use the following methods in the C# SDK:
Your client can decrypt content produced by either CryptoModule or legacy cipherKey-based encryption. This allows the client to read historical messages and messages from older clients while you encrypt new messages with the stronger AES-256-CBC cipher.
Older SDK versions
Apps built using the SDK versions lower than 6.18.0 will not be able to decrypt data encrypted using the 256-bit AES-CBC cipher. Update your clients or encrypt data using the legacy algorithm.
SDK initialization required
Before you use encryption methods, ensure your PubNub client is configured with publish/subscribe keys and a user ID. See the Configuration guide for setup instructions.
Relationship between CryptoModule and cipherKey
The CryptoModule supersedes the cipherKey parameter, providing stronger security and more flexibility. If you pass cipherKey to an API call while CryptoModule is configured, the call uses legacy AES-128 encryption and ignores CryptoModule for that operation. For partial encryption, create a separate CryptoModule instance and use it only where needed.
Encryption methods
Encrypt
Use this function to encrypt data.
Deprecated
The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the CryptoModule and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the CryptoModule configuration and the legacy encryption with 128-bit cipher key entropy is used.
Method(s)
To encrypt the data you can use the following method(s) in C# SDK.
pubnub.Encrypt(inputString, cipherKey)
| Parameter | Description |
|---|---|
inputString *Type: String | The data to encrypt. |
cipherKeyType: String | Cipher key to use for encryption. |
Sample code
Encrypt part of message
Encrypt file
Use this function to encrypt file content.
Deprecated
The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the CryptoModule and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the CryptoModule configuration and the legacy encryption with 128-bit cipher key entropy is used.
Method(s)
To encrypt the file you can use the following method(s) in C# SDK.
pubnub.EncryptFile(sourceFile, destinationFile)
pubnub.EncryptFile(sourceFile, destinationFile, cipherKey)
| Parameter | Description |
|---|---|
sourceFile *Type: String | File to be encrypted. |
destinationFile *Type: String | Path of the encrypted file to be saved. |
cipherKeyType: | CryptoModule from PubNub config will be used. For more information, refer to Crypto module configuration. This parameter is deprecated and will be removed in a future version. Please use the CryptoModule from PubNub config instead. |
byte[] outputBytes = pubnub.EncryptFile(sourceBytes) byte[] outputBytes = pubnub.EncryptFile(sourceBytes, cipherKey)
| Parameter | Description |
|---|---|
sourceBytes *Type: byte[] | byte array of the file. |
cipherKeyType: String | Cipher key to use for encryption. If provided, the legacy encryption with 128-bit cipher key entropy is used. If not provided, the CryptoModule from PubNub config will be used. For more information, refer to Crypto module configuration. |
Sample code
Decryption methods
Decrypt
Use this function to decrypt data.
Deprecated
The cipherKey parameter in this method is deprecated. We recommend that you configure a separate instance of the CryptoModule and use it for partial encryption.
If you pass cipherKey as an argument, it overrides the CryptoModule configuration and the legacy encryption with 128-bit cipher key entropy is used.
Method(s)
To decrypt the data you can use the following method(s) in C# SDK.
pubnub.Decrypt(inputString, cipherKey)
| Parameter | Description |
|---|---|
inputString *Type: String | The data to decrypt. |
cipherKeyType: | This parameter is deprecated and will be removed in a future version. Please use the CryptoModule from PubNub config instead. |
Sample code
Decrypt part of message
Decrypt file
Use this function to decrypt file content.
Method(s)
To decrypt the file you can use the following method(s) in C# SDK.
pubnub.DecryptFile(sourceFile, destinationFile); pubnub.DecryptFile(sourceFile, destinationFile, cipherKey);
| Parameter | Description |
|---|---|
sourceFile *Type: String | File to be decrypted. |
destinationFile *Type: String | Path of the decrypted file to be saved. |
cipherKeyType: String | Cipher key to use for decryption. If provided, the legacy encryption with 128-bit cipher key entropy is used. If not provided, the CryptoModule from PubNub config will be used. For more information, refer to Crypto module configuration. |
byte[] outputBytes = pubnub.DecryptFile(sourceBytes) byte[] outputBytes = pubnub.DecryptFile(sourceBytes, cipherKey)
| Parameter | Description |
|---|---|
sourceBytes *Type: byte[] | byte array of the file. |
cipherKeyType: String | Cipher key to use for decryption. If provided, the legacy encryption with 128-bit cipher key entropy is used. If not provided, the CryptoModule from PubNub config will be used. For more information, refer to Crypto module configuration. |
Sample code