How Do I Encrypt Passwords?

Note: As of the 2012 R1 version released in April 2012, this process is rendered obsolete by the Encrypt Test Step Property.

PROBLEM

Currently Test Studio does not have a built-in feature for encrypting passwords. While we have had a few customers request this feature, we just haven't had the time yet to implement it.

SOLUTION

Using encrypted passwords in code is not very difficult however. There are just two steps involved:

  1. Use some third party utility to create an encrypted password.
  2. Use that encrypted password in a coded step that
    1. Decrypts it
    2. Sets the text of the password input box with the decrypted text

 

Attached is a Visual Studio solution that contains two projects:

  1. String Encryptor is a simple Windows Form application that you can use to encrypt a plain text string into an encrypted string. String Encryptor uses the AES algorithm for data encryptions.
  2. TestProject1 is a sample Web test that decrypts an encrypted password string and sets a password field with the now plain text password. The coded step is where the real magic happens for the Web test.

 

The UI for String Encryptor is basic:

 

String encryptor GUI

 

When the program starts, it generates a random Key and Initialization Vector, as required by the AES algorithm to work properly, and displays them in the respective input boxes. Different keys and initialization vectors will generate different encrypted strings for the same plain text string. It is important to remember that the same key and initialization vector must be used to correctly decrypt the encrypted string.

 

You enter any string to be encrypted into the Plain text input box then click Encrypt to encrypt it. The program takes the plain text along with the Key and an Initialization Vector to encrypt the text and displays the encrypted string in the Encrypted text box. To verify the string can be properly decrypted, click Decrypt to decrypt the encrypted string back into plain text.

 

To use the encrypted string, put the encrypted string, key, and initialization vector into a coded step and call decryptStringFromBytes_AesManaged to retrieve the plain text string. Once you have obtained the plain text string, you can do anything with it you need, such as setting the text of an input password field. The coded step in the attached sample looks like this:

 

[CodedStep(@"Set 'PassPassword' text to 'password here'")]
public void WebAiiTest1_CodedStep()
{
    // This is the password "my super secret password" in encrypted form.
    string txtEncrypted = "aÄïÑ>,V??ëE¢?Ó?d?rÄB¡s¾Ò?9µ[a¿??";
    string txtKey = "G7iN>mZ7SYk5Yo58v`>H<adVlIrGAxVv";
    string txtIV = "cG8j4hChrXHkucxs";
 
    #region Decrypt the password
    byte[] encrypted = new byte[txtEncrypted.Length];
    for (int i = 0; i < txtEncrypted.Length; i++)
    {
        encrypted[i] = (byte)txtEncrypted[i];
    }
 
    byte[] key = new byte[txtKey.Length];
    for (int i = 0; i < txtKey.Length; i++)
    {
        key[i] = (byte)txtKey[i];
    }
 
    byte[] iv = new byte[txtIV.Length];
    for (int i = 0; i < txtIV.Length; i++)
    {
        iv[i] = (byte)txtIV[i];
    }
 
    string plain_text_password = decryptStringFromBytes_AesManaged(encrypted, key, iv);
    #endregion
 
    // Set 'PassPassword' text to 'password here'
    Pages.WelcomeToFacebook.PassPassword.Text = plain_text_password;
}
 

The decryptStringFromBytes_AesManaged function is defined as follows:

 

static string decryptStringFromBytes_AesManaged(byte[] cipherText, byte[] Key, byte[] IV)
{
    // Check arguments.
    if (cipherText == null || cipherText.Length <= 0)
        throw new ArgumentNullException("cipherText");
    if (Key == null || Key.Length <= 0)
        throw new ArgumentNullException("Key");
    if (IV == null || IV.Length <= 0)
        throw new ArgumentNullException("Key");
 
    // Declare the streams used to decrypt to an in memory array of bytes.
    MemoryStream msDecrypt = null;
    CryptoStream csDecrypt = null;
    StreamReader srDecrypt = null;
 
    // Declare the AesCryptoServiceProvider object used to decrypt the data.
    AesCryptoServiceProvider AesManagedAlg = null;
  
    // Declare the string used to hold the decrypted text.
    string plaintext = null;
 
    try
    {
        // Create an AesCryptoServiceProvider object with the specified key and IV.
        AesManagedAlg = new AesCryptoServiceProvider();
        AesManagedAlg.Key = Key;
        AesManagedAlg.IV = IV;
 
        // Create a decrytor to perform the stream transform.
        ICryptoTransform decryptor = AesManagedAlg.CreateDecryptor(AesManagedAlg.Key, AesManagedAlg.IV);
 
        // Create the streams used for decryption.
        msDecrypt = new MemoryStream(cipherText);
        csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read);
        srDecrypt = new StreamReader(csDecrypt);
 
        // Read the decrypted bytes from the decrypting stream and place them in a string.
        plaintext = srDecrypt.ReadToEnd();
    }
    finally
    {
        // Clean things up.
 
        // Close the streams.
        if (srDecrypt != null)
            srDecrypt.Close();
        if (csDecrypt != null)
            csDecrypt.Close();
        if (msDecrypt != null)
            msDecrypt.Close();
 
        // Clear the AesCryptoServiceProvider object.
        if (AesManagedAlg != null)
            AesManagedAlg.Clear();
    }
    return plaintext;
}
 

You will also need to add the followng using statements at the top of your file:

 

using System.IO;
using System.Security.Cryptography;
 

Download the attached sample and test with it. You will find a precompiled copy of String Encryptor in the StringEncryptor\StringEncryptor\bin\Debug folder.

 

Files:

StringEncryptor.zip