I found this code in a website
private void EncryptFile(string inputFile)
{
string password = #"myKey123"; // Your Key Here
UnicodeEncoding UE = new UnicodeEncoding();
byte[] key = UE.GetBytes(password);
string cryptFile = inputFile + ".enc";
FileStream fsCrypt = new FileStream(cryptFile, FileMode.Create);
RijndaelManaged RMCrypto = new RijndaelManaged();
CryptoStream cs = new CryptoStream(fsCrypt,
RMCrypto.CreateEncryptor(key, key),
CryptoStreamMode.Write);
FileStream fsIn = new FileStream(inputFile, FileMode.Open);
int data;
while ((data = fsIn.ReadByte()) != -1)
cs.WriteByte((byte)data);
fsIn.Close();
cs.Close();
fsCrypt.Close();
}
I have two problems with it. First one is the password part. I have a function which generates random strings:
public string CreatePassword(int length)
{
const string valid = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890*!=?&/";
StringBuilder res = new StringBuilder();
Random rnd = new Random();
while (0 < length--){
res.Append(valid[rnd.Next(valid.Length)]);
}
return res.ToString();
}
When I edit the code like this:
string password = CreatePassword(8);
It works. But when I increase the password size (like 10) I get this error:
An unhandled exception of type 'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll
Is there way to increase password lenght? Or can we consider it safe with 8 lenght?
Other question:
my output file is inputFile + ".enc" When I delete ".enc" Part I got "this file using by another process" error. How can write encrypted one to original one?
RijndaelManaged has rules. Below command used for preparing algorithm:
RMCrypto.CreateEncryptor(key, key)
First param is secret key and it must be 128, 192, or 256 bits. Second param is IV. In given example, key and IV used as same. Password text convert to byte with unicode so it is length 16 byte = 128 bit. So if you use different size then rule you get error.
You can check below article much better:
Encrypting & Decrypting a String in C#
Related
I am trying to solve an encryption issue I am having between php and c#.
I have encrypted data using the following php and openssl operation.
$encrypt_method = "AES-256-CBC";
$secret_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX';
$secret_iv = 'XXXXXXXXXXXXXXXX';
$key = hash ('sha256', $secret_key);
$iv = substr (hash ('sha256', $secret_iv), 0, 16);
$output = openssl_encrypt ($string, $encrypt_method, $key, 0, $iv);
$output = base64_encode ($output);
I have tried a couple of methods in C# to decrypt but this is what I am trying now.
public string Encrypt_Decrypt(string action, string value) {
string secretKey = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX";
string secretIV = "XXXXXXXXXXXXXXXX";
string key = Hash(secretKey);
string iv = Hash(secretIV).Substring(0,16);
string retValue = "";
if (action == "encrypt") {
retValue = EncryptString(value, key, iv);
}
else if (action == "decrypt") {
retValue = DecryptString(value, key, iv);
}
}
// Hash to match php hash function
public static string Hash(string unhashedString) {
return BitConverter.ToString(new SHA256CryptoServiceProvider().ComputeHash(Encoding.Default.GetBytes(unhashedString))).Replace("-", String.Empty).ToLower();
}
public static string DecryptString(string cipherData, string keyString, string ivString) {
byte[] key = Encoding.UTF8.GetBytes(keyString);
Console.WriteLine(key.Length);
byte[] iv = Encoding.UTF8.GetBytes(ivString);
Console.WriteLine(iv.Length);
byte[] cipherCrypt = Convert.FromBase64String(cipherData);
for (int i = 0; i < cipherCrypt.Length; i++) {
Console.Write(cipherCrypt[i] + " ");
}
try {
RijndaelManaged crypto = new RijndaelManaged();
crypto.Key = key;
crypto.IV = iv;
crypto.Mode = CipherMode.CBC;
crypto.KeySize = 256;
crypto.BlockSize = 128;
crypto.Padding = PaddingMode.None;
ICryptoTransform decryptor = crypto.CreateDecryptor(crypto.Key, crypto.IV);
using (MemoryStream memStream = new MemoryStream(cipherCrypt)) {
using (CryptoStream cryptoStream = new CryptoStream(memStream, decryptor, CryptoStreamMode.Read)) {
using (StreamReader streamReader = new StreamReader(cryptoStream)) {
return streamReader.ReadToEnd();
}
}
}
}
catch (CryptographicException e) {
Console.WriteLine("A Cryptographic error occurred: {0}", e.Message);
return null;
}
}
I have tried a couple different encoding types when getting the byte[] for the operation.
I keep getting the following error:
Specified key is not a valid size for this algorithm.
Not sure what I am missing. Any help is appreciated.
Also, I already read through this and tried what the solution suggestion recommended. I got the same resulting error.
UPDATE - 01
I have updated the code here to reflect the code I have changed.
The key length is 32,
The iv length is 16,
The data coming in at "cipherData" is length 32,
When "cipherData" goes through "FromBase64String(cipherData)" it comes out as a 24 byte array. This is causing an issue for the decryptor which wants a 32 byte array.
There are obviously problems with the key size. The code between PHP and C# seem to match. The problem seems to be that the code is wrong in both cases.
Let's see how long the key actually is:
Start with a 32 byte key (non-encoded).
Hash the key with SHA-256: 32 bytes (non-encoded).
Encode to hex (integrated into PHP's hash() function by default): 64 bytes.
AES only supports the following key sizes: 16, 24 and 32 bytes. openssl_encrypt() will only use the first 32 bytes of the hex key silently. So, you need to use the first 32 bytes in C#.
Note that openssl_encrypt() takes an options argument which denotes that the output is Base64 when OPENSSL_RAW_DATA is not set. It means that the PHP output was encoded twice with Base64. So you need to decode it twice in C#.
I have the following code:
private void EncryptFile(string inputFile, string outputFile, string pass)
{
try
{
string password = #pass;
UnicodeEncoding UE = new UnicodeEncoding();
byte[] key = UE.GetBytes(password);
byte[] iv = new byte[128];
for(int i =0; i < iv.Length; i++)
{
iv[i] = Convert.ToByte(true);
}
string cryptFile = outputFile;
FileStream fsCrypt = new FileStream(cryptFile, FileMode.Create);
RijndaelManaged RMCrypto = new RijndaelManaged();
MessageBox.Show(RMCrypto.BlockSize + "\n" + iv.Length);
CryptoStream cs = new CryptoStream(fsCrypt,
RMCrypto.CreateEncryptor(key, iv),
CryptoStreamMode.Write);
FileStream fsIn = new FileStream(inputFile, FileMode.Open);
int data;
while ((data = fsIn.ReadByte()) != -1)
cs.WriteByte((byte)data);
fsIn.Close();
cs.Close();
fsCrypt.Close();
}
catch(Exception ex)
{
//MessageBox.Show("Encryption failed!", "Error");
MessageBox.Show(ex.Message);
}
}
But have a problem with the IV size. Using a simple message box I found that (probably) the block size is 128. So, I set the IV to a 128 bytes array full of "1" values to test. The first message box confirms the blocksize and the IV array length are both 128. However, I get an exception saying Specified initialization vector (IV) does not match the block size for this algorithm.
Why is this and how to fix the issue?
AES block size is 128 bits. Not bytes. Bits.
The winner of the AES contest, Rijndael, supports block and key sizes of 128, 192, and 256 bits, but in AES the block size is always 128 bits. The extra block sizes were not adopted by the AES standard
I have an existing zip file, I want to use AESManaged class to encrypt it, but I don't find where I can set the password to the zip file in that class. After researching, I found some libaries such as 'DotNetZip' can complete the task. But my file is already a .zip, I needn't to compress again, I only want to encrypt it. Anyone can help me to use AESManaged class to ahieve the purpose?
Thanks
I don't know if this is what your are looking for but I created a code that encrypts any file.
Here's the code for the encrypter:
private void EncryptFile(string inputFile, string outputFile)
{
string password = #"yourPWhere";
UnicodeEncoding UE = new UnicodeEncoding();
byte[] key = CreateKey(password);
string cryptFile = outputFile;
FileStream fsCrypt = new FileStream(cryptFile, FileMode.Create);
RijndaelManaged RMCrypto = new RijndaelManaged();
IV = CreateIV(password_mTxtBx.Text);
CryptoStream cs = new CryptoStream(fsCrypt,
RMCrypto.CreateEncryptor(key,IV),
CryptoStreamMode.Write);
FileStream fsIn = new FileStream(inputFile, FileMode.Open);
int data;
while ((data = fsIn.ReadByte()) != -1)
cs.WriteByte((byte)data);
fsIn.Close();
cs.Close();
fsCrypt.Close();
}
Here's the code for the decrypter:
private void DecryptFile(string inputFile, string outputFile)
{
string password = #"yourPWhere";
UnicodeEncoding UE = new UnicodeEncoding();
byte[] key = CreateKey(password);
FileStream fsCrypt = new FileStream(inputFile, FileMode.Open);
RijndaelManaged RMCrypto = new RijndaelManaged();
IV = CreateIV(password_mTxtBx.Text);
CryptoStream cs = new CryptoStream(fsCrypt,
RMCrypto.CreateDecryptor(key, IV),
CryptoStreamMode.Read);
FileStream fsOut = new FileStream(outputFile.Remove(outputFile.Length - 4), FileMode.Create);
int data;
while ((data = cs.ReadByte()) != -1)
fsOut.WriteByte((byte)data);
fsOut.Close();
cs.Close();
fsCrypt.Close();
}
I saw a similar code on codeproject a few months ago. So it's not directly my work.
Credits go to the author.
Updated with password-based key derivation (PBKDF2):
private static int saltLengthLimit = 32;
private static byte[] GetSalt(int maximumSaltLength)
{
var salt = new byte[maximumSaltLength];
using (var random = new RNGCryptoServiceProvider())
{
random.GetNonZeroBytes(salt);
}
return salt;
}
public static byte[] CreateKey(string password)
{
var salt = GetSalt(10);
int iterationCount = 20000; // Nowadays you should use at least 10.000 iterations
using (var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt, iterationCount))
return rfc2898DeriveBytes.GetBytes(16);
}
Creator for the IV (created from Password):
public byte[] CreateIV(string password)
{
var salt = GetSalt(9);
const int Iterations = 325;
using (var rfc2898DeriveBytes = new Rfc2898DeriveBytes(password, salt, Iterations))
return rfc2898DeriveBytes.GetBytes(16);
}
The byte length of the key is in my case 128bit(!) = 16 bytes (128/8), but you can use any other length supported by Rijndael (Key: 128, 192, 256 bit = 16, 24, 32 bytes).
The IV is always 16 bytes!
If you want to use a password in your original zip file when uncompressing, then you will need to re-compress the files and add a password when doing so.
This link from the dotnetzip library documentation shows an easy way to zip with password encryption using that library.
Additional note about security:
Don't use the zip 2.0 encryption method if you care at all about encryption security as it is quite flawed. Instead use the AES 256-bit encryption.
Here is some example code(pulled directly from the link above) showing an implementation of the AES 256-bit encryption using the dotnetzip library with default level compression:
using (ZipFile zip = new ZipFile())
{
zip.AddFile("ReadMe.txt"); // no password for this one
zip.Password= "Cool.Hand.Luke!";
zip.Encryption= EncryptionAlgorithm.WinZipAes256;
zip.AddFile("Rawdata-2008-12-18.csv");
zip.Save("Backup-AES-Encrypted.zip");
}
Edit: added clarification about original zip file
Edit 2: added code
You can use DotNetZip (Ionic zip) as you mentioned, which supports setting password, providing zero level of compression:
using (ZipFile zip = new ZipFile())
{
zip.CompressionLevel = Ionic.Zlib.CompressionLevel.None;
zip.AddFile(#"MyMusic\Messiah-01.mp3");
zip.Save(ZipFileToCreate);
}
So there's no overhead (compressing already compressed file) you just setting the password.
I am encryption/decryption some plain text using following code.
private static string EncryptionKey = "##$%^&*()2343";
private static byte[] Salt = Encoding.ASCII.GetBytes(EncryptionKey.Length.ToString());
public static string EncryptIt(string Input)
{
RijndaelManaged Cipher = new RijndaelManaged();
byte[] TextByteArray = Encoding.Unicode.GetBytes(Input);
PasswordDeriveBytes Key = new PasswordDeriveBytes(EncryptionKey, Salt);
using (ICryptoTransform Transform = Cipher.CreateEncryptor(Key.GetBytes(32), Key.GetBytes(16)))
{
using (MemoryStream MS = new MemoryStream())
{
using (CryptoStream CS = new CryptoStream(MS, Transform, CryptoStreamMode.Write))
{
CS.Write(TextByteArray, 0, TextByteArray.Length);
CS.FlushFinalBlock();
return Convert.ToBase64String(MS.ToArray());
}
}
}
}
public static string DecryptIt(string Input)
{
RijndaelManaged Cipher = new RijndaelManaged();
byte[] EncryptedByteArray = Convert.FromBase64String(Input);
PasswordDeriveBytes Key = new PasswordDeriveBytes(EncryptionKey, Salt);
using (ICryptoTransform Transform = Cipher.CreateDecryptor(Key.GetBytes(32), Key.GetBytes(16)))
{
using (MemoryStream MS = new MemoryStream(EncryptedByteArray))
{
using (CryptoStream cryptoStream = new CryptoStream(MS, Transform, CryptoStreamMode.Read))
{
byte[] TransformedText = new byte[EncryptedByteArray.Length];
int Count = cryptoStream.Read(TransformedText, 0, TransformedText.Length);
return Encoding.Unicode.GetString(TransformedText, 0, Count);
}
}
}
}
In most of the cases, this code works fine. However in some cases when I try to decrypt the encrypted text, I get following exception when byte[] EncryptedByteArray = Convert.FromBase64String(Input) is called in DecryptIt methods.
The input is not a valid Base-64 string as it contains a non-base 64 character, more than two padding characters, or a non-white space character among the padding characters.
Any idea what could be causing this exception. What I am finding more puzzling is that why this excpetion is not thrown on every cases and only few cases.
EDIT :
Sample Input to DecryptIt method that throws exception is below. Please note that I have changed the value of EncryptionKey variable in my sample above.
oaOQ6qWWDwWby3C04N7HJAiqQgILBifqdHq4OQ5KDDRA3F2ZlBITu31a8mJJQ8sKn4g3vODFEJbigtNZozv6ockAdsDChhHwaaLL4l8MJPKbV1EiUE3rL30y+xHz/S1a8mJJQ8sKn4g3vODFEJbigtNZozv6ockAdsDChhHwaaLL4l8MJPKbV1EiUE3rL30y+oz/eR9OzXn+3Lepo0tRqH5BsfvEtJ/IcqRu3gJiIBTMAM0TmVxa2EZSj2mn6jZlgvlOEFCWzNKS3R9OzXn+In1br14venJmpApXyt930khz35UE5BtWn3Fq7jyer6mY2l60P/cI4z
Your sample deconverts perfectly with 2 extra '=' at the end.
So somewhere they are lost in transport.
The ecrypted text is sent via email in a http link.
So that involves both URL and HTML encoding? Plenty of room for an error.
Run a test with a small string ending in ==.
I have a PHP program that encrypts a PDF file into .xxx file this output is being read by a C# program that decrypts this .xxx file back into PDF file.
My problem is that when I open the file decrypted by C# , the PDF reader tells me that the file is corrupted .. when I encrypt plain text in PHP and decrypt on C# I got the file I encrypted .. so the problem is appearing only in PDF files or in other words it appears in BINARY files
any suggestions ?!
Notes:
In PHP I use mcrypt extension Rijndael algorithm CBC PKCS7 padding (padding is done manually)
In C# I use RijndaelManaged class to encrypt and decrypt data
Edit:
Here is encryption method that I use in PHP:
function encrypt($key, $iv, $text) {
ini_set ( 'memory_limit', '-1' );
$mcrypt_cipher = MCRYPT_RIJNDAEL_256;
$mcrypt_mode = MCRYPT_MODE_CBC;
$text=addpadding($text,mcrypt_get_block_size($mcrypt_cipher,'cbc'));
$encrypted = rtrim ( mcrypt_encrypt ( $mcrypt_cipher, $key, $text, $mcrypt_mode, $iv ), "\0" );
$encrypted = base64_encode ( $encrypted );
return $encrypted;
}
And here is the decryption method in C#:
public static string DecryptString(string message, string KeyString, string IVString)
{
byte[] Key = Encoding.UTF8.GetBytes(KeyString);
byte[] IV = Encoding.UTF8.GetBytes(IVString);
string decrypted = null;
RijndaelManaged rj = new RijndaelManaged();
rj.BlockSize = 256;
rj.Key = Key;
rj.IV = IV;
rj.Mode = CipherMode.CBC;
rj.Padding = PaddingMode.PKCS7;
try
{
MemoryStream ms = new MemoryStream();
//Encoding enc = new UTF8Encoding();
byte[] messageBytes = Convert.FromBase64String(message);
using (CryptoStream cs = new CryptoStream(ms, rj.CreateDecryptor(Key, IV), CryptoStreamMode.Write))
{
//byte[] messageBytes = enc.GetBytes(message);
cs.Write(messageBytes, 0, messageBytes.Length);
cs.Close();
}
byte[] encoded = ms.ToArray();
decrypted = Encoding.UTF8.GetString(encoded);
ms.Close();
}
catch (Exception e)
{
MessageBox.Show("An error occurred:"+ e.Message);
}
finally
{
rj.Clear();
}
return decrypted;
}
and here is how I call the decrypt in C# and how I write output:
string Key = cryptography.MD5("X-Ware" + cryptography.MD5("123"));
string IV = cryptography.MD5("XWare");
string decrypted = cryptography.DecryptString(contents, Key, IV);
string outputFilename = cryptography.MD5(OFD.FileName) + ".tmp";
StreamWriter sw = new StreamWriter("C:\\Windows\\Temp\\" + outputFilename, false, Encoding.UTF8);
BinaryWriter bw = new BinaryWriter(sw.BaseStream, Encoding.UTF8);
//sw.Write(decrypted);
bw.Write(decrypted);
sw.Close();
bw.Close();
I think the problem is that you treat the binary PDF data as text on both the PHP and the C# side.
decrypted = Encoding.UTF8.GetString(encoded);
makes no sense if encoded represents binary data. You should probably skip this step and define your DecryptString() as returning byte[]. And then rename it too.
If you do want it as a string you might have better luck with ASCII or ANSI encoding:
decrypted = Encoding.ASCII.GetString(encoded);
but the error may already be happening on the PHP side, I can't tell.
Additional, I just noted:
StreamWriter sw = new StreamWriter("C:\\Windows\\Temp\\" + outputFilename,
false, Encoding.UTF8);
BinaryWriter bw = new BinaryWriter(sw.BaseStream, Encoding.UTF8);
This is a very over-complicated way to create a BinaryWriter. The Encoding will not be used. And
bw.Write(decrypted);
This will write the string with a length-prefix, that certainly will make your PDF invalid.
When you keep the return of Decrypt as string, use
File.WriteAllText("C:\\Windows\\Temp\\" + outputFilename, decrypted);
And when you return it as byte[] (recommended), use
File.WriteAllBytes("C:\\Windows\\Temp\\" + outputFilename, decrypted);