C# Encryption check

[Vai]

Hi,
I would appreciate it if someone could look over my code to see if it looks secure (to make sure I haven’t done anything too stupid )

Encrypt.cs
Decrypt.cs
EncryptedObject.cs
FileEncryption.cs

I can upload the full project if you want to see it in use.
Any suggestions or criticisms are welcome

 

[Vai]

Security vulnerabilities tend to lie either in the cryptosystem (i.e. the algorithms used – the part that has already been implemented in the .NET Framework), or in the overall use of the encrypted data by the cryptographic system (e.g. storage policies and communication protocols). There's not much to go on there because all you've done is used a few pre-implemented algorithms to encrypt some arbitrary data

One suggestion I could make, though, is that you make use of using blocks when dealing with IDisposable objects, such as streams.

Thanks, so far I am just using it to encrypt an object storing data (like a list) then storing the serialized EncryptedObject to the disk. The password would always be entered manually into a textbox in a form then sent to the function.
I can't see anyway to secure the data or password when it is held in memory (SecureString seems like a real pain/impossible to use for most situations)

It was just making sure what I have done is reasonably secure. Like if encrypting serialized objects might be a bad idea, or (like I have seen in some tutorials) generating the IV from the password. Or using PasswordDerivedBytes instead of Rfc2898DeriveBytes.

However I didn't realise you could have multiple using statements for one scope, that is really nice