My situation: I'm rewriting a server in C# which was written in C++ for learning purposes. At some point the client will send a password to the server which is encrypted. They used the Rijndael encryption for the password.
You can find the original encryption class here:
Rijndael.h: https://github.com/astorks/FlyFF/blob/master/Source/_Common/Rijndael.h
Rijndael.cpp: https://github.com/astorks/FlyFF/blob/master/Source/_Common/Rijndael.cpp#L926
As you can see in the .cpp-file, they use this key and IV:
char const* CRijndael::sm_chain0 = "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0";
char szDefaultKey[32] = "dldhsvmflvm";
Here's the part, where they actually decrypt the password in the original server (https://github.com/astorks/FlyFF/blob/master/Source/CERTIFIER/DPCertifier.cpp#L256)
// MAX_PASSWORD is actually 42. So 16*42 = 672 byte
char szEnc[ 16 * MAX_PASSWORD ] = {0, };
char szDec[ 16 * MAX_PASSWORD ] = {0, };
ar.Read( szEnc, 16 * MAX_PASSWORD );
g_xRijndael->ResetChain();
g_xRijndael->Decrypt( szEnc, szDec, 16 * MAX_PASSWORD, CRijndael::CBC );
Now i'm at the part where i correctly get the packet from the client and where i need to decrypt the password. My current C# code doesn't decrypt the data correctly and i can't figure out why. This is my code:
public static class Rijndael
{
private static ICryptoTransform decryptor { get; set; }
private static RijndaelManaged rijndael { get; set; }
public static void Init()
{
byte[] decryptKey = Encoding.ASCII.GetBytes("dldhsvmflvm").Concat(Enumerable.Repeat((byte)0, 21).ToArray()).ToArray();
byte[] decryptIV = Enumerable.Repeat((byte)0, 16).ToArray();
// I've tried BlockSize 128 and 256. It actually should be 128 since it's 16 on the original server (16 * 8 = 128)
rijndael = new RijndaelManaged() { Padding = PaddingMode.Zeros, Mode = CipherMode.CBC, KeySize = 256, BlockSize = 128, Key = decryptKey, IV = decryptIV };
decryptor = rijndael.CreateDecryptor(decryptKey, decryptIV);
}
public static string decrypt(byte[] data)
{
string password = null;
using (MemoryStream ms = new MemoryStream(data))
using (CryptoStream cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Read))
using (StreamReader sr = new StreamReader(cs))
password = sr.ReadToEnd();
return password;
}
}
They picked 32 bytes at the serverside but only filled them with 11 characters: dldhsvmflvm. That's why i fill the other 21 bytes with 0.
32*8 = 256 Bit = KeySize
I get an error when i would use a IV like byte[32] and fill it with 0. It said smth like the IV doesn't fit to the blocksize. That's why it has 16 bytes now and is filled with 0. Could this be the problem and if so, how could i fix it?
Besides that, i have no idea what could went wrong. Hopefully you can save my day, Stackoverflow. :)
As xanatos said i've added 5 Zeros instead instead of 21, because they key should only be 16 bytes instead of 32 bytes.
It's working without problems now. Thanks to everyone!
Related
I am trying to convert the following php code to C#:
$m_params = urlencode(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,$key, json_encode($arParams), MCRYPT_MODE_ECB)));
What the documentation says:
m_params : A JSON array of data of
additional parameters
encrypted using the
Rijindael-256 algorithm and
encoded using a base64
algorithm.
What I've assumed?
Step 1: Create an array of params i.e. $arParams
For php its declared like:
$arParams = array(
'success_url' => 'http://google.com/new_success_url',
'fail_url' => 'http://google.com/new_fail_url',
'status_url' => 'http://google.com/new_status_url',
);
For C# I've declared it like this:
var additional_params = new object[]
{
new {"http://google.com/new_success_url"},
new {"http://google.com/new_fail_url"},
new {"http://google.com/new_status_url"},
};
Step 2: Encode to JSON string, I've used JsonConvert.SerializeObject(additional_params);
Step 3: Encrypt the result using RIJNDAEL-256 Algorithm using ECB (I've used CBC as well)
Step 4: Encode the result using base64. I've used Convert.ToBase64String(encrypted);
Step 5: Url encode the result. I've used HttpUtility.UrlEncode(base64String, Encoding.UTF8);
Step 6: Save the result in m_params
My current code looks like this:
var additional_params = new object[]
{
new {"http://google.com/new_success_url"},
new {"http://google.com/new_fail_url"},
new {"http://google.com/new_status_url"},
};
string m_params ="";
//converting to Json object additional params
var jsonEncoded = JsonConvert.SerializeObject(additional_params);
try
{
string original = jsonEncoded;
// Create a new instance of the RijndaelManaged
// class. This generates a new key and initialization
// vector (IV).
using (RijndaelManaged myRijndael = new RijndaelManaged())
{
var final_Key = CreateMD5(payeer.m_key + payeer.m_orderid);
var rfc = CreateKey(final_Key);
// Encrypt the string to an array of bytes.
byte[] encrypted = EncryptStringToBytes(original, rfc[0], rfc[1]);
var base64String = Convert.ToBase64String(encrypted);
m_params = HttpUtility.UrlEncode(base64String, Encoding.UTF8);
// Decrypt the bytes to a string.
string roundtrip = DecryptStringFromBytes(encrypted, rfc[0], rfc[1]);
//Display the original data and the decrypted data.
Console.WriteLine("Original: {0}", original);
Console.WriteLine("Round Trip: {0}", roundtrip);
}
static byte[] EncryptStringToBytes(string plainText, byte[] Key, byte[] IV)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("IV");
byte[] encrypted;
// Create an RijndaelManaged object
// with the specified key and IV.
using (RijndaelManaged rijAlg = new RijndaelManaged())
{
rijAlg.Key = Key;
rijAlg.IV = IV;
rijAlg.Mode = CipherMode.ECB;
// rijAlg.KeySize = 256;
rijAlg.BlockSize = 256;
rijAlg.Padding = PaddingMode.PKCS7;
// Create an encryptor to perform the stream transform.
ICryptoTransform encryptor = rijAlg.CreateEncryptor(rijAlg.Key, rijAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
// Return the encrypted bytes from the memory stream.
return encrypted;
}
public static string CreateMD5(string input)
{
// Use input string to calculate MD5 hash
using (System.Security.Cryptography.MD5 md5 = System.Security.Cryptography.MD5.Create())
{
byte[] inputBytes = System.Text.Encoding.ASCII.GetBytes(input);
byte[] hashBytes = md5.ComputeHash(inputBytes);
// Convert the byte array to hexadecimal string
StringBuilder sb = new StringBuilder();
for (int i = 0; i < hashBytes.Length; i++)
{
sb.Append(hashBytes[i].ToString("X2"));
}
return sb.ToString();
}
}
public static dynamic CreateKey(string password)
{
var salt = new byte[] { 1, 2, 23, 234, 37, 48, 134, 63, 248, 4 };
const int Iterations = 9872;
using (var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt, Iterations))
{
var key = rfc2898DeriveBytes.GetBytes(32);
var IV = rfc2898DeriveBytes.GetBytes(16);
dynamic[] arr = new dynamic[2];
arr[0] = key;
arr[1] = IV;
return arr;
}
}
Its not giving the same output. Am I missing something??
As mentioned in President James K. Polk's comment, Rijndael with a block size of 256 bits is only supported in the .NET Framework, not in .NET Core. You did not specify the version you are running, but since you use a block size of 256 bits in the posted code (rijAlg.BlockSize = 256;), I assume you are running .NET Framework (otherwise, you need to apply a third party library that supports Rijndael with a block size of 256 bits, such as BouncyCastle/C#).
Both codes use a different padding. mcrypt applies Zero padding by default, the C# code explicitly uses PKCS7 padding (which is also the C# default). So that the C# code provides the same result as the PHP code, it is necessary to switch to Zero padding in the C# code (it should be noted that Zero padding is unreliable, unlike PKCS7 padding).
When additional_params is instantiated (which, by the way, does not compile on my machine), the variable names are missing, so they are also missing in the serialization. An anonymous type could be used instead. Also, note that json_encode() escapes the slash (/) by default, i.e. converts it to a \/, which has to be done manually in the C# code, e.g. with Replace("/", "\\/"). One possible implementation of the JSON serialization is:
using Newtonsoft.Json;
...
var additionalParams = new
{
success_url = "http://google.com/new_success_url",
fail_url = "http://google.com/new_fail_url",
status_url = "http://google.com/new_status_url"
};
string jsonEncoded = JsonConvert.SerializeObject(additionalParams).Replace("/", "\\/");
In the PHP code, the key is derived from a password using the MD5 digest. By default, md5() returns the result as a hexadecimal string, which converts the 16 bytes hash into a 32 bytes value that is applied as the key, so that AES-256 is used. PHP represents the hexadecimal digits with lowercase letters, which must also be implemented accordingly in the C# code, e.g.:
using System;
using System.Text;
using System.Security.Cryptography;
...
MD5 md5 = MD5.Create();
string password = "My password"; // test password
byte[] passwordHash = md5.ComputeHash(Encoding.UTF8.GetBytes(password));
string passwordHashHex = BitConverter.ToString(passwordHash).Replace("-", "").ToLower(); // convert byte array to lowercase hex string as in PHP
byte[] key = Encoding.UTF8.GetBytes(passwordHashHex);
where the conversion of the byte array to the hexadecimal string is done with BitConverter, see here.
A possible implementation for the encryption is:
using System;
using System.IO;
using System.Web;
using System.Text;
using System.Security.Cryptography;
...
byte[] encrypted = null;
using (RijndaelManaged rijndael = new RijndaelManaged())
{
rijndael.Key = key;
rijndael.Mode = CipherMode.ECB; // default: CBC
rijndael.BlockSize = 256; // default: 128
rijndael.Padding = PaddingMode.Zeros; // default: PKCS7
ICryptoTransform encryptor = rijndael.CreateEncryptor(rijndael.Key, null);
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
swEncrypt.Write(jsonEncoded);
}
encrypted = msEncrypt.ToArray();
}
}
}
string base64String = Convert.ToBase64String(encrypted);
string m_params = HttpUtility.UrlEncode(base64String, Encoding.UTF8);
Console.WriteLine(m_params);
where this code with the used test password gives the following result:
C3pldgsLDSqfG28cbt%2fv0uiBNQT6cWn86iRwg%2bv2blTzR7Lsnra%2b2Ok35Ex9f9UbG%2bjhKgITUQ8kO3DrIrWUQWirzYzwGBucHNRThADf60rGUIBDdjZ2kOIhDVXUzlMsZtBvYIgFoIqFJXCbhZq9GGnKtABUOa5pcmIYeUn%2b%2fqG1mdtJenP5vt8n0eTxsAd6CFc1%2bguR0wZx%2fEZAMsBBRw%3d%3d
in accordance with the result of the following PHP code:
$key = md5('My password'); // test password
$arParams = array(
'success_url' => 'http://google.com/new_success_url',
'fail_url' => 'http://google.com/new_fail_url',
'status_url' => 'http://google.com/new_status_url',
);
$m_params = urlencode(base64_encode(mcrypt_encrypt(MCRYPT_RIJNDAEL_256,$key, json_encode($arParams), MCRYPT_MODE_ECB)));
print($m_params . "\n");
Note that C# uses lowercase letters for the url encoding, while PHP uses uppercase letters, which represents the same url encoding, see RFC 3986, sec. 2.1. If the C# code should nevertheless also apply uppercase letters for the url encoding, this can easily be achieved using regular expressions, see e.g. here.
A few remarks regarding security:
The PHP code applies the insecure ECB mode. For security reasons, a mode with an IV should be used, e.g. CBC or GCM. The latter provides implicit authenticated encryption. The IV is randomly generated for each encryption, is not secret and is sent to the recipient along with the ciphertext (usually prepended).
MD5 as a key derivation function (KDF) is also insecure. Here, a reliable KDF should be used, e.g. PBKDF2.
In addition, using the hexadecimal string as the key weakens the same, since each byte is reduced to the 16 values of the hexadecimal number system. More secure is the use of the binary data generated by the KDF, so that each byte can take 256 different values.
mcrypt is deprecated. A possible alternative is openssl.
I have a document that is saying to Encrypted string using AES256. According to my document with two value 10002:1486703720424 AND HashKey: hpIw4SgN)TxJdoQj=GKo)p83$uHePgoF it will generate the result 1ltQFLRGNif73uCNzi0YEvBqLKiRgx6fWsk5e/GcTQc= but when i try to generate the result it is generating 6SKbqJAxbBrg4eU7r/B8gJoJEPg+KjMvGL5L7bfykUU= from my code. Can you please tell what i am doing mistakes. This is the first time when i doing encryption so i am little bit confuse to find the my mistakes.
string getHashKey1 = EncryptText("10002:1486703720424", "hpIw4SgN)TxJdoQj=GKo)p83$uHePgoF");
public string EncryptText(string input, string password)
{
string result = "";
try
{
// Get the bytes of the string
byte[] bytesToBeEncrypted = Encoding.UTF8.GetBytes(input);
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
// Hash the password with SHA256
passwordBytes = SHA256.Create().ComputeHash(passwordBytes);
byte[] bytesEncrypted = AES_Encrypt(bytesToBeEncrypted, passwordBytes);
result = Convert.ToBase64String(bytesEncrypted);
}
catch (Exception ex)
{
ErrorLog errLog = new ErrorLog();
errLog.LogsWrite(ex, Path.GetDirectoryName(Application.ExecutablePath));
}
return result;
}
public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes)
{
byte[] encryptedBytes = null;
try
{
// Set your salt here, change it to meet your flavor:
// The salt bytes must be at least 8 bytes.
byte[] saltBytes = new byte[] { 1, 2, 23, 234, 37, 48, 134, 63, 248, 4 };
using (MemoryStream ms = new MemoryStream())
{
using (RijndaelManaged AES = new RijndaelManaged())
{
AES.KeySize = 256;
AES.BlockSize = 128;
var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
AES.Key = key.GetBytes(AES.KeySize / 8);
AES.IV = key.GetBytes(AES.BlockSize / 8);
AES.Mode = CipherMode.CBC;
using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
cs.Close();
}
encryptedBytes = ms.ToArray();
}
}
}
catch (Exception ex)
{
ErrorLog errLog = new ErrorLog();
errLog.LogsWrite(ex, Path.GetDirectoryName(Application.ExecutablePath));
}
return encryptedBytes;
}
Found... They are using ECB as the cypher mode, so no IV. I won't comment on the "security" of this. The padding seems to be PKCS7 (the default of AES). The password is used "as is", simply encoded in UTF8 (or perhaps even ASCII) (so it must be 32 bytes long).
public static string EncryptText(string input, string password)
{
// Get the bytes of the string
byte[] bytesToBeEncrypted = Encoding.UTF8.GetBytes(input);
byte[] passwordBytes = Encoding.UTF8.GetBytes(password);
byte[] bytesEncrypted = AES_Encrypt(bytesToBeEncrypted, passwordBytes);
string result = Convert.ToBase64String(bytesEncrypted);
return result;
}
public static byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes)
{
using (MemoryStream ms = new MemoryStream())
{
using (Aes aes = Aes.Create())
{
aes.Key = passwordBytes;
aes.Mode = CipherMode.ECB;
// "zero" IV
aes.IV = new byte[16];
using (var cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
cs.Close();
}
}
byte[] encryptedBytes = ms.ToArray();
return encryptedBytes;
}
}
#LukePark correctly made a tirade about this answer that is useful for the OP but useless in the greater world. I'll bold the correctly word. For this reason I'll explain what is "wrong" on the specification given to A. Goutam and what a "correct" specification must always contain.
A specification for encryption should always contain: the algorithm used (AES for example), the key size (if you say AES256 then clearly it is 256 bits), the block mode (CBC, ECB etc). Many block modes (CBC for example) require an IV vector. ECB has a lower security than other block modes (see for example https://crypto.stackexchange.com/questions/225/should-i-use-ecb-or-cbc-encryption-mode-for-my-block-cipher). If the IV is necessary, then the specification must contain it (or explain how it should be generated). The specification must contain the padding that should be used. The Padding.None should be used only if the data to be encrypted can be exactly subdivided in encryption blocks (so for example, with AES, PaddingMode.None is good only if the data is 16, 32, 64, 96, ... bytes). PaddingMode.Zeros is good only for text (and I wouldn't use it, because it will add '\0' at the end of the text). The other padding modes are good.
Often the key isn't used "as is", because for example it is a string. The specification should contain how the encryption key must be derived from the string key. SHA256 on the key is a weak solution. Normally a good solution is using a strong key derivation function, like Rfc2898DeriveBytes. If this function is used, the specification must contain the number of iteration and other informations about using Rfc2898DeriveBytes or similar functions. Clearly what encoding should be used for the key (and for the data to be encrypted, if it is a text) must be included (UTF8 is always a good idea).
I'll add that a good specification should contain some test cases. At least one test case should be of length smaller than the encryption block and at least one test case must be of length greater than the encryption block but smaller than two encryption blocks (or > 2 and < 3... some complete blocks and one non-complete block). In this way you are testing both the PaddingMode and the CipherMode (note the should/must: by testing something bigger than an encryption block plus an incomplete block you are already testing everything)
when i am passing normal alphabet to my encrypt and decrypt function then it is working as expected but when i am passing alphanumeric text to encrypt and decrypt function then it is not working.
say when i pass encrypt("test1") or decrypt("test1") then it is not working. specially decrypt not working with alphanumeric case.
i want to restructure my encrypt and decrypt function as a result whatever value i pass the function can work. suppose i may pass alpha numeric data with special character. so plerase see the code and come with rectified version.
a small wrapper around encrypt/decrypt
private string encrypt(string message)
{
EncryptClass.EncryptClass ec = new EncryptClass.EncryptClass();
string encryStr = ec.custEncrypt(message);
return encryStr;
}
private string decrypt(string message)
{
EncryptClass.EncryptClass ec = new EncryptClass.EncryptClass();
string decryptStr = message;
return ec.custDecrypt(decryptStr);
}
full code for encrypt ans decrypt
public class EncryptClass
{
DESCryptoServiceProvider rj;
byte[] key = new byte[] { 11, 9, 3, 4, 1, 8, 12, 7 };
byte[] IV = new byte[] { 1, 8, 7, 16, 1, 9, 0, 3 };
public EncryptClass()
{
//
// TODO: Add constructor logic here
//
rj = new DESCryptoServiceProvider();
}
// for encryption
public string custEncrypt(string message)
{
//create a memory stream
MemoryStream ciphertextmem = new MemoryStream();
//create a crypto stream in write mode
CryptoStream crystm = new CryptoStream(ciphertextmem, rj.CreateEncryptor(key, IV), CryptoStreamMode.Write);
//Encode the passed plain text string into Unicode byte stream
Byte[] plaintextbyte = new UnicodeEncoding().GetBytes(message);
//Write the plaintext byte stream to CryptoStream
crystm.Write(plaintextbyte, 0, plaintextbyte.Length);
//don't forget to close the stream
crystm.Close();
//Extract the ciphertext byte stream and close the MemoryStream
Byte[] ciphertextbyte = ciphertextmem.ToArray();
ciphertextmem.Close();
//Encode the ciphertext byte into Unicode string
string ciphertext = new UnicodeEncoding().GetString(ciphertextbyte);
return ciphertext;
//return "encry " + message;
}
// for decryption
public string custDecrypt(string message)
{
//Create a memory stream from which CryptoStream will read the cipher text
MemoryStream ciphertextmem = new MemoryStream(new UnicodeEncoding().GetBytes(message));
//Create a CryptoStream in Read Mode; initialise with the Rijndael's Decryptor ICryptoTransform
CryptoStream crystm = new CryptoStream(ciphertextmem, rj.CreateDecryptor(key, IV), CryptoStreamMode.Read);
//Create a temporary memory stream to which we will copy the
//plaintext byte array from CryptoStream
MemoryStream plaintextmem = new MemoryStream();
do
{
//Create a byte array into which we will read the plaintext
//from CryptoStream
Byte[] buf = new Byte[100];
//read the plaintext from CryptoStream
int actualbytesread = crystm.Read(buf, 0, 100);
//if we have reached the end of stream quit the loop
if (0 == actualbytesread)
break;
//copy the plaintext byte array to MemoryStream
plaintextmem.Write(buf, 0, actualbytesread);
} while (true);
//don't forget to close the streams
crystm.Close();
ciphertextmem.Close();
//Extract the plaintext byte stream and close the MemoryStream
Byte[] plaintextbyte = plaintextmem.ToArray();
plaintextmem.Close();
//Encode the plaintext byte into Unicode string
string plaintext = new UnicodeEncoding().GetString(plaintextbyte);
return plaintext;
//return "decry "+ message;
}
}
please see my code and rectified area as a result it should work if i pass only text or if i pass text with numeric data or alphanumeric with special character.
looking for help.
There are much simpler ways to do that, and there are several serious flaws in your implementation:
Using the same IV and a static key is not much protection at all
The result cannot be expressed as a text string, which may be the core problem making the round trip
You can use a CryptoStream but unless you are outputting to a stream, it just over complicates matters.
I tried to just mend your code, but in the end it was easier to just start fresh:
public class EncryptClass
{
const int hashCount = 21569;
public static string EncryptString(string message, string pass)
{
using (RijndaelManaged rij = new RijndaelManaged())
{
rij.GenerateIV();
rij.Key = HashPassword(pass);
using (ICryptoTransform cryptor = rij.CreateEncryptor())
{
var data = Encoding.Unicode.GetBytes(message);
var buff = cryptor.TransformFinalBlock(data, 0, data.Length);
// concat to the IV for the other side
// crypto data is binary - use Base64 for text encoding
return Convert.ToBase64String(rij.IV.Concat(buff).ToArray());
}
}
}
private static byte[] HashPassword(string thePW)
{
// originally from RNGCryptoServiceProvider.GetRandomBytes
byte[] salt = new byte[] { 96, 248, 204, 72, 177, 214, 251, 82, 174,
90, 82, 90, 111, 76, 146, 172 };
using (var hasher = new Rfc2898DeriveBytes(thePW, salt, hashCount))
{
return hasher.GetBytes(32);
}
}
This uses RijndaelManaged as the crypto provider. As you can see, it is pretty simple. Some key points:
The methods are static
A new IV is generated each time.
The resulting crypto output is concatenated to the IV, so it will be available to the Decryptor. If you were encrypting to a file stream, write them IV bytes to the naked FileStream
This version hashes the password using PBKDF, some initially random salt and a large number of iterations
Since it is just a string, TransformFinalBlock is all you need to encrypt it
The result is encoded as Base64
I'm not sure why you used Unicode encoding, so I left that in. Decrypting is just as easy:
public static string DecryptString(string crypted, string pass)
{
byte[] data = Convert.FromBase64String(crypted);
using (RijndaelManaged rij = new RijndaelManaged())
{
int size = (int)(rij.BlockSize / 8);
byte[] iv = new byte[size];
// copy the iv to the array
Array.Copy(data, 0, iv, 0, size);
rij.IV = iv;
rij.Key = HashPassword(pass);
using (ICryptoTransform cryptor = rij.CreateDecryptor())
{
var buff = cryptor.TransformFinalBlock(data, size, data.Length - size);
return Encoding.Unicode.GetString(buff);
}
}
}
After converting the Base64 string back to bytes, the IV is fetched from the byte array, and TransformFinalBlock is given the offsets into the array to account for the IV. Usage and testing:
string msg = "This is some text 123 1 87 45";
string crypto = EncryptClass.EncryptString(msg, "I Like Pi");
Console.WriteLine(crypto);
string retVal = EncryptClass.DecryptString(crypto, "I Like Pi");
Console.WriteLine(retVal);
Results:
mIfpIkTVC7mI5R1hlIIpVs63N/j4LN+p2pGPuo90eEPWvW+sqSiBIDjto1+E1p0umdI1hDnkxa2droAbuAFwPzuNK3gABrFjsNpi6FXwGOw=
This is some text 123 1 87 45
The top line is the Base64 form of the encrypted data; the second is the decryption output.
I am trying to solve an encryption issue I am having between php and c#.
I have encrypted data using the following php and openssl operation.
$encrypt_method = "AES-256-CBC";
$secret_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
$secret_iv = 'XXXXXXXXXXXXXXXX';
$key = hash ('sha256', $secret_key);
$iv = substr (hash ('sha256', $secret_iv), 0, 16);
$output = openssl_encrypt ($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode ($output);
I have tried a couple of methods in C# to decrypt but this is what I am trying now.
public string Encrypt_Decrypt(string action, string value) {
string secretKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
string secretIV = "XXXXXXXXXXXXXXXX";
string key = Hash(secretKey);
string iv = Hash(secretIV).Substring(0,16);
string retValue = "";
if (action == "encrypt") {
retValue = EncryptString(value, key, iv);
}
else if (action == "decrypt") {
retValue = DecryptString(value, key, iv);
}
}
// Hash to match php hash function
public static string Hash(string unhashedString) {
return BitConverter.ToString(new SHA256CryptoServiceProvider().ComputeHash(Encoding.Default.GetBytes(unhashedString))).Replace("-", String.Empty).ToLower();
}
public static string DecryptString(string cipherData, string keyString, string ivString) {
byte[] key = Encoding.UTF8.GetBytes(keyString);
Console.WriteLine(key.Length);
byte[] iv = Encoding.UTF8.GetBytes(ivString);
Console.WriteLine(iv.Length);
byte[] cipherCrypt = Convert.FromBase64String(cipherData);
for (int i = 0; i < cipherCrypt.Length; i++) {
Console.Write(cipherCrypt[i] + " ");
}
try {
RijndaelManaged crypto = new RijndaelManaged();
crypto.Key = key;
crypto.IV = iv;
crypto.Mode = CipherMode.CBC;
crypto.KeySize = 256;
crypto.BlockSize = 128;
crypto.Padding = PaddingMode.None;
ICryptoTransform decryptor = crypto.CreateDecryptor(crypto.Key, crypto.IV);
using (MemoryStream memStream = new MemoryStream(cipherCrypt)) {
using (CryptoStream cryptoStream = new CryptoStream(memStream, decryptor, CryptoStreamMode.Read)) {
using (StreamReader streamReader = new StreamReader(cryptoStream)) {
return streamReader.ReadToEnd();
}
}
}
}
catch (CryptographicException e) {
Console.WriteLine("A Cryptographic error occurred: {0}", e.Message);
return null;
}
}
I have tried a couple different encoding types when getting the byte[] for the operation.
I keep getting the following error:
Specified key is not a valid size for this algorithm.
Not sure what I am missing. Any help is appreciated.
Also, I already read through this and tried what the solution suggestion recommended. I got the same resulting error.
UPDATE - 01
I have updated the code here to reflect the code I have changed.
The key length is 32,
The iv length is 16,
The data coming in at "cipherData" is length 32,
When "cipherData" goes through "FromBase64String(cipherData)" it comes out as a 24 byte array. This is causing an issue for the decryptor which wants a 32 byte array.
There are obviously problems with the key size. The code between PHP and C# seem to match. The problem seems to be that the code is wrong in both cases.
Let's see how long the key actually is:
Start with a 32 byte key (non-encoded).
Hash the key with SHA-256: 32 bytes (non-encoded).
Encode to hex (integrated into PHP's hash() function by default): 64 bytes.
AES only supports the following key sizes: 16, 24 and 32 bytes. openssl_encrypt() will only use the first 32 bytes of the hex key silently. So, you need to use the first 32 bytes in C#.
Note that openssl_encrypt() takes an options argument which denotes that the output is Base64 when OPENSSL_RAW_DATA is not set. It means that the PHP output was encoded twice with Base64. So you need to decode it twice in C#.
I have been given a card pan which is encrypted by a third party. they have used java to encrypt the pan using a key of 48 characters.
Using an online tool i can get the same result as they are seeing. but in code i am getting an "Specified key is not a valid size for this algorithm." error message.
Can you please advise how i can get round this issue?
code snippet below
private void button1_Click(object sender, EventArgs e)
{
byte[] Results;
UTF8Encoding UTF8 = new UTF8Encoding();
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
byte[] TDESKey = UTF8Encoding.UTF8.GetBytes(key.Text);
TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
TDESAlgorithm.IV = new byte[TDESAlgorithm.BlockSize / 8];
TDESAlgorithm.Key = TDESKey;
TDESAlgorithm.Mode = CipherMode.ECB;
TDESAlgorithm.Padding = PaddingMode.PKCS7;
byte[] DataToDecrypt = Convert.FromBase64String(decrypt.Text);
try
{
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length);
}
finally
{
TDESAlgorithm.Clear();
}
decryptedText.Text = UTF8.GetString(Results);
}
code used to Encrypt below
public static String encryptData(String toEncrypt, byte[] sharedKeyBytes){
byte[] encrypted = new byte[0];
try {
DESedeKeySpec keySpec = new DESedeKeySpec(sharedKeyBytes);
SecretKey key = SecretKeyFactory.getInstance(ALGORITHM_DESEDE).generateSecret(keySpec);
Cipher encrypter = Cipher.getInstance(TRANSFORMSATION_DESEDE_PADDED);
encrypter.init(Cipher.ENCRYPT_MODE, key);
byte[] input = toEncrypt.getBytes(UTF_8);
encrypted = encrypter.doFinal(input);
} catch (Exception e) {
throw new CryptoException("Exception caught when encrypting", e);
}
return new String(Base64.encodeBase64(encrypted));
}
This is the equivalent i need to produce in c#. this code works in java
public static String decryptTripleDES(String toDecrypt, byte[] customerSharedKeyBytes){
byte[] decrypted = new byte[0];
System.out.println(customerSharedKeyBytes.length);
try {
byte[] decodedValue = Base64.decodeBase64(toDecrypt.getBytes(UTF_8));
DESedeKeySpec keySpec = new DESedeKeySpec(customerSharedKeyBytes);
SecretKey key = SecretKeyFactory.getInstance(ALGORITHM_DESEDE).generateSecret(keySpec);
Cipher decrypter = Cipher.getInstance(TRANSFORMSATION_DESEDE_PADDED);
decrypter.init(Cipher.DECRYPT_MODE, key);
decrypted = decrypter.doFinal(decodedValue);
} catch (Exception e) {
throw new CryptoException("Exception caught when decrypting", e);
}
return new String(decrypted);
}
Please advise on how to best get round this issue.
thanks
A Triple DES key is 24 bytes long, which is 48 hexadecimal characters.
I suspect you need to hex-decode your string to get the key rather than taking the bytes of the string.
Thanks for your responses,
It turns out as outlined above the 3DES key needs to be 24 bytes long. I took the first 24 characters of the key and converted into the key bytes and assigned that to the 3DES key. This then worked as expected. It appears Java is forgiving compared to c# which is a bit odd. although the third party uses the 48 character key , it seems the algorithm will discard anything beyond the first 24 characters in Java BUT will not complaint or throw a run time error.
Thanks again for the responses