I do not usually work with encryption but I need to use AES-GCM algorythm in C# with 128-bit blocks and 256-bit key.
I already read many articles about it but I can't find a valid solution.
Maybe:
https://github.com/lukemerrett/Bouncy-Castle-AES-GCM-Encryption / BouncyCastle
or
https://blogs.msdn.microsoft.com/shawnfa/2009/03/17/authenticated-symmetric-encryption-in-net/
Can be valid solutions? Is there something already present in the Framework?
Is it possible to implement the same solution in ASP.NET 2.0? (I found: https://msdn.microsoft.com/it-it/library/system.security.cryptography.rijndaelmanaged(v=vs.110).aspx)
Related
I tried to search stackoverflow for an answer to this particular question but couldn't find a good answer.
The BouncyCastle API offers a ton of different encryption algorithms for .NET. In this case I have to select an encryption algorithm for the following use case:
Encrypting several thousand short strings for storage in an unencrypted file, typical length 10-30 characters.
Encryption needs to be only moderately secure, all strings will be encrypted with the same key but a different initialization vector. Things like authorization (like in AES-GCM) are not needed.
Which encryption algorithm is both fastest and straightforward to apply for encrypting and decrypting such a set of several thousand small strings? I will store the encrypted data of each string as BASE64 in the file.
Thank you for your advice!
That processor still has AES-NI, so using that through the AES.Create seems most logical. A higher end solution would be to create CTR mode out of ECB (and cache the key streams).
Otherwise you are looking for a fast stream cipher in software. You could check if Salsa20 is working for you. Unfortunately that's the only eStream-compatible cipher that I can find in Bouncy Castle for C#.
Note that you may want to look into multi-threading and I would certainly check if it is possible to use sequential nonce when using a stream cipher, as generating a 128 bit random value for each encryption seems wasteful.
I've been tasked with adding in a system that allows my company to encrypt files so that we can send them to a third party and they can run some operations on our data. The third party has given me a public key in this format,
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v2.0.18 (Darwin)
mQGiBFU1gfQRBACekfIt7mSynzBi0C2hIbvWM6mMh80ypw8NNvdCpOIfSwLVavej
YIESXe5yLGzWUoTnHALa5JHLJ2C3faeDHRBikXRESycRHz0itz3L/mlyIPLo7T1n
4zr2wUL+h0ZEmuhLeVBD+yLKzy68suEWXCcTkeh71vYG1r77RFJLtQHIfwCgu9DW
uJC8IHzXMrspotFIb0XF/VsD/iqdfRgdu7CkvUflwQsT66CmZcyfkkZkWpHXZoov
GP3ZCVKPfGEZqlThwuqgBCBbtsyZFSSmF8m5qjL/Dtz+t3/fxxTo1lXRr9P4f4Pl
n3OYQh+iOs1Z+7nnAZ4mulU1eRPYUY21e+UwKi+hd1Qe1ADOaH/9JVS8nrodePCO
qBFvBACXKEWpP937fZv1hGdqZ2OUM44RIf0PGbQwyG8a+DsksJgd0oY+sb5nTaB/
CgsEFgIDAQIeAQIXgAAKCRDEcHC8uF0CrVnTAJwLdvuBjv/Z8lySVZS7jInljU9y
sACdEtxmspV/GH7EDY0KtIydy3Vn8/eIXgQQEQgABgUCVTWCPAAKCRArjD/JWo9s
KvwNAP9CkZgMGn98wwMAixW5tIVA+J5kvdxnleg/wrR9xHsFYQD+KMraOkHSk10p
1EckgFK6LTuVqMvUoK9Gvr8v0rrHucW5Ag0EVTWB9BAIAP12dtlu0EuQ4s78ZWhM
cDJmpqot5FbMecPF20V5LsDFYbLGylEPPFFxNhwsc/l0Rlvg7auH2fcLSZf5hEp9
NsBhgWD532CAim9bFYF1s2bbjlZ7jUQD/Dt+9j1d9YrgCkF2/9er7RyfYwsRlVDQ
1nRCFLoQWLqisoILG65oloVtjNg6xftyLaLb6UuluW8dRM7q/9EvE0xPAX1ukc33
iGDWeMUR0JHyuM1QiN4IhOHKjP6Oqy+lJWtgoCQmxPJ2+Qj6b34wtsfD9vh3xLef
68ReXEOlfQ01tv6hQCrK/ZdvPLk38kVnwPOEJl/Hgj5eiVM3ioOlmBQoXKSpXyXI
wMKnovOEqJ2btp39XNpjjcV80RZiAJyAhNz2EynZk15QhOnabo9gdsiaMpBZdSdc
gDHowOXsWxzaVESs+SwJf/N2fa3j1UTDxCKkq5TOofvOfyPAYYASstmPw1v7xIcV
zn2nkKfBk1EnFM5PfwQAfXKUTx6BrZmITwQYEQgADwUCVTWB9AIbDAUJAsfqAAAK
CRDEcHC8uF0CrTI6AJ4oAZ2y4Pcahp+SRSNSW7Nijqdv2QCgnJ2EauQgU+rSyHyy
lkp3zJGdJTU=
=k/9l
-----END PGP PUBLIC KEY BLOCK-----
Can I stick this text string directly into say the RSACryptoServiceProvider class in C# as the public key? Or is there more to it than that? I haven't worked with PGP before, and I'm trying to know what I need to do in order to get data encrypted using this key.
Although OpenPGP takes advantage of RSA and other standard algorithms, you cannot use the default C# RSACryptoServiceProvider. RSA is only one possible algorithm for OpenPGP, and furthermore you need some symmetric encryption algorithm like AES (which would also be available). But there are further problems: you'd need to implement a generator for the OpenPGP message format, and OpenPGP defined its own cipher mode. Implementing all this on your own will not only be a hassle involving incompatibilities (an incomplete list exists in the RFC, but also has lots of ways to include security issues (and a bunch of further interesting attacks have been proposed and mitigated with existing implementations like GnuPG).
If you want to use OpenPGP from C#, in the end it boils down to following alternatives:
use GnuPG through GPGME (but the wrapper still seems to be in alpha state),
use BouncyCastle which has native implementations of several cryptographic protocols including OpenPGP for both C# and Java, but the C#-implementation seems to be less wide-spread and is not as capable,
SharpPrivacy is another implementation, but seems dead
interface the GnuPG command line directly
All of those have advantages and disadvantages. Probably BouncyCastle will be the best way to go, if it does not support the required features, you'll probably have to drop calling command GnuPG on the command line.
There seems to be a C# library for this on GitHub but it is a few years old. I am sure it can point you in the right direction if you want to implement your own PGP encryption.
https://github.com/da2ce7/SharpPrivacy
There is also a codeproject article about it but it is quite old and references a site that seems to not be up any more. Here is a link to that one for reference as well
http://www.codeproject.com/Articles/4284/SharpPrivacy-OpenPGP-for-C
.
I have some question about implementation Multi-Prime RSA (More than 2 prime) in .NET
Is it possible to generate RSA key with Multi-Prime enabled using RSACryptoServiceProvider()?
Just reading [this article]:http://www.codeproject.com/Articles/10877/Public-Key-RSA-Encryption-in-C-NET but it use a standard RSA with 2 prime.
If I want to do Multi-Prime what should I do?
Thank you
I haven't seen any example of multi prime RSA in C#. The main place to look is of course key pair generation, if you cannot perform multi-prime generation then you cannot use multi-prime RSA. I've checked this on Bouncy Castle as well, and I don't see any RSA-MP key pair generation parameters.
So you either have to find an external library or you have to program it yourself. Note that RSA-MP is not standardized by NIST or specified in a universally recognized standard (such as RFC, PKCS#1) so that's a pretty good reason not to adopt it. Many runtimes only contain well recognized algorithms + a set of older algorithms, using NIST/FIPS as starting point.
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
Simple 2 way encryption for C#
I want to encrypt data in my C# program, but want to be able to decrypt it later. Does anyone know of any library or tool that I can download that will enable me to do that?
Take a look at the System.Security.Cryptography namespace. There's, for example, the TripleDESCryptoServiceProvider.
You can use Microsoft Enterprise Library there is an encryption block in it
If you take a look at the System.Security.Cryptography namespace in the documentation then you'll find classes for most of the common cryptographic systems.
There are two types of algorithm:
Public key (e.g. RSA) - you encrypt with a public key and then decrypt with a private key.
Symmetric key (e.g. AES, DES) - encryption and decryption is performed with the same key.
Which one to choose depends mainly on your situation. Symmetric key algorithms are typically used for encrypting data because they're faster, but that poses the problem of exchanging the key securely. If you can manually configure the endpoints of communication with the same key, then great. If not then you can either use public key to encrypt everything or - as is used in SSL, etc. - add in a handshake phase where the keys are exchanged via public key cryptography.
There is a built in class for Cryptography
System.Security.Cryptography.RSACryptoServiceProvider
Please check this link RSACryptoServiceProvider
After reading this post regarding the use ECC to implement the hashing using aa private key I set about trying to find an implementation of ECDH and came across BoucyCastle.
Unfortunately documentation is minimal (as in zerow!) and I'm unsure what I'm about to accomplish is completely correct/valid.
We want to simply hash 4 strings which will be the users registration information (Name, Company, their company ID and their account ID which are both 12 characters long) which will then compute a serial they can use to activate our software.
I have generated a key pair using PUTTYGEN.exe but I cannot workout how to apply this with BouncyCastle, which class can I use to get started? Are there any examples out there?
So far I've concatenated the information and computed a MD5 hash of it (using the .NET classes) I cannot use the new VISTA enhanced API functions as we target XP still - .NET 3.5.
Anyone have any ideas?
I think .NET has the RSACryptoServiceProvider class which is a full RSA implementation.
There's sample code for your particular application here:
http://www.codeproject.com/KB/security/xmldsiglic.aspx
In this example they use MS's sn.exe tool to create the key.
So far I've concatenated the information and computed a MD5 hash of it (using the .NET classes).....
That statement in itself worries me. MD5 is seriously crackable - not just theoretically but practically. Please, please don't use MD5 for secure hashing. Use SHA-256 or SHA-512 and here's why
Also the post you linked is not quite true - yes symmetric algorithms use the same key to encrypt/decrypt but public/private key is not a magic bullet.
1) Public/private key is slow
2) Most publicc/private algorithms just encrypt the symmetric key and then use symmetric encryption for the data because it's much faster
The point is that a good hashing algorithm is non-reversible and hence very difficult to crack so is perfectly fine for your purposes. However, I'd suggest using a SALT, which is a cryptographically random number to add to your user data then hash that data as it makes your data much safer against dictionary attacks ( where hackers use well know terms and variants to crack passwords )