I am having some issues using RFC2898DeriveBytes. Here is the situation: I am creating a public/private key pair using RSACryptoProvider and I use Rfc2898 to encrypt the private key file. I am using the following code for encryption:
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(frm2.txtPassphrase.Text, saltbyte);
// Encrypt the data.
TripleDES encAlg = TripleDES.Create();
encAlg.Key = key.GetBytes(16);
// Create the streams used for encryption.
byte[] encrypted;
using (FileStream fsEncrypt = new FileStream(#"D:\test.xml", FileMode.Create, System.IO.FileAccess.Write))
{
using (CryptoStream csEncrypt = new CryptoStream(fsEncrypt, encAlg.CreateEncryptor(), CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(privateKeyXml);
}
}
}
This is for decryption:
TripleDES decAlg = TripleDES.Create();
Rfc2898DeriveBytes key1 = new Rfc2898DeriveBytes(frm1.txtPassphrase.Text, saltbyte);
decAlg.Key = key1.GetBytes(16);
// Create the streams used for decryption.
using (FileStream fsDecrypt = new FileStream(#"D:\test.xml", FileMode.Open, System.IO.FileAccess.Read))
{
using (CryptoStream csDecrypt = new CryptoStream(fsDecrypt, decAlg.CreateDecryptor(), CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
decPrivateKeyXml = srDecrypt.ReadToEnd();
}
}
}
Now the problem is that when I get the decPrivateKeyXml, all except the first few words come out correct. The first few words are just scrambled:
"�� ���dalue><Modulus>u9N+amIgXTw1zzJ+bxXoKaaGwCVFeXkKvdx0vhd24X7vvcJpnkA6gFgOeypbTTGm3if1QM/lyLN3qoprBkHJKDo7ldzj5a4L2Xb1tP1yUyNDban/KzkzsGK0h3fLO8UxRE6cHIB5cyEUmgmkjpFoXzz7DovUrZh3Z3qV20AHZLs=</Modulus><Exponent>AQAB</Exponent><P>5pCr4yPtn8ZyZskIpFM9pgZI1BUBIJYYhnYPywrMTj1smsQGuCswXNrcKsGvF6c9KrrXFF69AgbzcAsQwI449Q==</P><Q>0IvXoP8uELT/v8lG5R0YmvrgTfVQNJp8n8PT7J1dN3dsCDUHa+rK2Q4XSehFHT8XQgiENICkYg6xsdJqXXxY7w==</Q><DP>KwpSrAIm966J6JoanOJVHcsKiVyqazTZuzAK3rJTVT+uKG3zeynEy3CnrOufDeFQT8u1Hr5YtioqA35tUCS8iQ==</DP><DQ>UXZOxJTpaZ1KSaBWESlMcz2MYOdybRnrlHzqS4Ms5n2/tXUBcSZGFoNqlXQli0cZzrGE8v1NOQCEaPHImrv4AQ==</DQ><InverseQ>rX3TlQMreZvjm+fNS5UK90tj/KQQAlP0u5xxgEAUVfr8ZE/hsSOcB0MuXPyeGExRyRiBdSUsj64BHOVPH9+mcw==</InverseQ><D>H04JtNtz/3YolccZsZQaJM7/iIjtwmg9NRXIU2J/yueoN51ukxSra3bBux99JimPYVmRk+LSrpfS6xa07c8LIqMaC6nFQCVF6yJH3sHuDuL7Hob2dVZ+egyjeCVu8vyn1R4/SAZ4AaWtmc8c0Zt3hSvdDMCtN61HWegFmugvRkk=</D></RSAKeyValue>"
I don't know what is wrong with the code....
.NET uses a random IV for CBC encryption. You need to store this IV with the ciphertext and initialize your decryptor with it. Normally the IV is prefixed to the ciphertext.
Related
I'm trying to encrypt & decrypt some data using AES. But i'm only getting garbled output. What am I doing wrong?
static void Test()
{
byte[] myFileBytes; // Will contain encrypted data. First the IV, then the ciphertext.
var myPassword = "helloworld";
var dataToEncrypt = "this is a test";
// STEP 1: Encrypt some data:
byte[] key;
using (var sha256 = SHA256.Create())
key = sha256.ComputeHash(Encoding.UTF8.GetBytes(myPassword));
using (var myFileStream = new MemoryStream())
using (var aes = System.Security.Cryptography.Aes.Create())
{
aes.Key = key;
myFileStream.Write(aes.IV); // Use the default created by AES, which is presumably non-pseudo random
using (var cryptoStream = new CryptoStream(myFileStream, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
cryptoStream.Write(Encoding.UTF8.GetBytes(dataToEncrypt));
cryptoStream.Flush();
myFileBytes = myFileStream.ToArray(); // We are done!
} // Disposing CryptoStream disposes the underlying MemoryStream
}
// STEP 2: Decrypt it to verify that it works
using (var aes = System.Security.Cryptography.Aes.Create())
{
using (var myFileStream = new MemoryStream(myFileBytes))
{
var iv = new byte[aes.IV.Length];
myFileStream.Read(iv, 0, iv.Length);
using (var cryptoStream = new CryptoStream(myFileStream, aes.CreateEncryptor(key, iv), CryptoStreamMode.Read))
using (var copyStream = new MemoryStream())
{
cryptoStream.CopyTo(copyStream);
var decrypted = Encoding.UTF8.GetString(copyStream.ToArray());
Debug.Assert(dataToEncrypt == decrypted); // Fails!
}
}
}
}
I would take a look at the example in the documentation and compare to your code.
Notably when decrypting you are using aes.CreateEncryptor(key, iv). It should probably be aes.CreateDecryptor(key, iv).
The example from the docs also inputs the key and IV when calling CreateEncryptor, but I'm not sure if that is required or not.
You should probably not use sha256 to generate the key from a password. The correct way would be a key derivation algorithm. For example Rfc2898DeriveBytes
I've been trying to understand encryption/decryption code of TripleDES for some days. And I have seen many codes in the google, and the code shown below is one of them.
static void Main(string[] args)
{
string original = "Here is some data to encrypt!";
TripleDESCryptoServiceProvider myTripleDES = new TripleDESCryptoServiceProvider();
byte[] encrypted = EncryptStringToBytes(original, myTripleDES.Key, myTripleDES.IV);
string encrypt = Convert.ToBase64String(encrypted);
string roundtrip = DecryptStringFromBytes(encrypted, myTripleDES.Key, myTripleDES.IV);
Console.WriteLine("encryted: {0}", encrypt);
Console.WriteLine("Round Trip: {0}", roundtrip);
Console.ReadLine();
}
static byte[] EncryptStringToBytes(string plainText, byte[] Key, byte[] IV)
{
byte[] encrypted;
using (TripleDESCryptoServiceProvider tdsAlg = new TripleDESCryptoServiceProvider())
{
tdsAlg.Key = Key;
tdsAlg.IV = IV;
ICryptoTransform encryptor = tdsAlg.CreateEncryptor(tdsAlg.Key, tdsAlg.IV);
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
return encrypted;
}
static string DecryptStringFromBytes(byte[] cipherText, byte[] Key, byte[] IV)
{
string plaintext = null;
using (TripleDESCryptoServiceProvider tdsAlg = new TripleDESCryptoServiceProvider())
{
tdsAlg.Key = Key;
tdsAlg.IV = IV;
ICryptoTransform decryptor = tdsAlg.CreateDecryptor(tdsAlg.Key, tdsAlg.IV);
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
There is no error in the code. I works fine. But strangely I noticed that the plainText is never been encoded. There is no line like Encoding.Unicode.GetBytes(plainText); or Encoding.UTF8.GetBytes(plainText); or similar like that. So, my question is , how does (in the code) the plainText which is a string gets converted to the encrypted byte? Is there any work done inside the streams? If thats so then where and how? As far as I understood there is no such line in between the streams that converts the string to byte. So , How does the overall code is working without this basic transformation?
Update:
Is this code really a valid code?
You are sending the plaintext to the encryption stream in the line swEncrypt.Write(plaintext). This does the byte conversion.
The StreamWriter is doing the encoding. The constructor being used specifies UTF-8 encoding:
This constructor creates a StreamWriter with UTF-8 encoding without a
Byte-Order Mark (BOM)
the other links are not being useful to me.
i am encrypting string before saving in mysql database.that is working fine.but when i want to retrieve, its giving me length of data to encrypt is invalid error.
before my encryption requirement, i was using datatype of varchar size 500.now im using varbinary of size 800.can any1 advise me on the size too?
encryption method:
public static byte[] encryptStringToBytes(string plainText)
{
byte[] encrypted;
//create an Rijndael object
using (Rijndael rijAlg = Rijndael.Create())
{
//create a decrytor to perform the stream transform.
ICryptoTransform encryptor = rijAlg.CreateEncryptor(rijAlg.Key, rijAlg.IV);
//create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
return encrypted;
}
decryption method:
public static string decryptStringFromBytes(byte[] cipherText)
{
string plaintext = null;
//create an Rijndael object
using (Rijndael rijAlg = Rijndael.Create())
{
//create a decrytor to perform the stream transform.
ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, rijAlg.IV);
//create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
//read the decrypted bytes from the decrypting stream and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
retrieving from resultset
using (Rijndael myRijndael = Rijndael.Create())
{
temp5 = EncryptDecrypt.decryptStringFromBytes((byte[])reader.GetValue(reader.GetOrdinal("Body")));
}
You are not controlling key and IV in any way. This is kind of a problem... :) It results in your encryption being a random scrambling of the data because key and IV are randomly initialized by the framework.
Use the same key and IV for decryption as you are using them for encryption. Why do you think the database has to do with the problem? It hasn't and there is not evidence for that.
Please suggest me where i need to update/refactor the code to get rid of exception. I am getting exception while I try to decrypt the encrypted string using following code.
Following line is throwing exception
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
public string EncryptAuthenticationTokenAes(string plainText)
{
byte[] encrypted;
// Create an AesManaged object
// with the specified key and IV.
using (AesManaged aesAlg = new AesManaged())
{
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
aesAlg.Padding = PaddingMode.None;
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
// Return the encrypted bytes from the memory stream.
return Convert.ToBase64String(encrypted);
}
public string DecryptPasswordAes(string encryptedString)
{
//Convert cipher text back to byte array
byte[] cipherText = Convert.FromBase64String(encryptedString);
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an AesManaged object
// with the specified key and IV.
using (AesManaged aesAlg = new AesManaged())
{
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
aesAlg.Padding = PaddingMode.None;
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
Pretty standard bug when using CryptoStream, you forgot to force it to encrypt the last bytes of the stream. It keeps bytes in an internal buffer until enough of them arrive to emit a block. You must force the last few bytes out. Fix:
using (var msEncrypt = new MemoryStream())
using (var csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
using (var swEncrypt = new StreamWriter(csEncrypt)) {
swEncrypt.Write(plainText);
csEncrypt.FlushFinalBlock();
encrypted = msEncrypt.ToArray();
}
You got the exception when decrypting it because encrypted is missing the final padding. The real problem is caused by the using statement, you wouldn't have this problem if you waited obtaining the encrypted bytes until after the CryptoStream is closed. But that doesn't work well because the using statement on the StreamWriter also closes the CryptoStream and the MemoryStream. Explicitly using FlushFinalBlock() is the best workaround.
I'd like to be able to encrypt / decrypt data as it's streamed to/from disk.
I know I could write my own Stream and implement the encryption there, but I'd rather not risk doing it wrong. Is there a library that works in a similar way to the following code?
byte[] encryptionKey = ;
byte[] initVector = ;
var fileStream = new FileStream(filePath, FileMode.CreateNew, FileAccess.Write);
var encryptionStream = new AesEncryptionStream(fileStream, initVector, encryptionKey);
var gzStream = new GZipStream(encryptionStream, CompressionMode.Compress);
var writer = new BinaryWriter(gzStream);
You're looking for the RijndaelManaged and CryptoStream classes:
var aes = new RijndaelManaged { Key = ..., IV = ... };
using (var encryptor = aes.CreateEncryptor())
using (var cryptoStream = new CryptoStream(gzStream, encryptor, CryptoStreamMode.Write))
using (var writer = new BinaryWriter(cryptoStream)) {
...
}