I'm using encrypt(string,key) and decrypt(string,key) for encryption in ColdFusion. Now what I would like to do is to encrypt in ColdFusion, but decrypt in asp.net C#. Can someone show me how to do this?
If this is my ColdFusion code:
encrypt("hello","abcdefgh")
decrypt(".....","abcdefgh"
What would the equivalent code in asp.net look like? Thank You.
According to Coldfusion's documentation,
The Standard Edition of ColdFusion installs a cryptography library with the following algorithms:
CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default).
Unless you implement the CF decryption algorithm in C#, you can't decrypt it. You would have to specify a different encryption algorithm, like 3DES, in order to decrypt it.
As Josh pointed out, if you do not specify an algorithm CF uses the default algorithm cfmx_compat. Unlike the standard algorithms such as AES, Blowfish, etcetera there is no library for it in .NET. To decrypt the value in C#, the .NET side would need to use a custom class. ( See here for my C# port of Railo's cfmx_compat class . )
That said, I would recommend against using cfmx_compat simply because it is a very weak algorithm. It is only included in CF for backward compatibility. You are much better off using one of the stronger algorithms like AES, Blowfish, etcetera in ColdFusion. Since those algorithms are standard, interoperability with C# (or any other language) will be much easier. See the links Al posted in the comments above for some examples.
Related
I need a c# application use encryption algorithms to encrypt/decrypt strings
such as DES,SDES,RC5..
I don't need an implementation for them I just need to use them in c#
I'm new in this field and need help
thanx
Find the urls below for DSE,SDES,RC5:
http://www.codeproject.com/Articles/19538/Encrypt-Decrypt-String-using-DES-in-C
http://www.codeproject.com/Articles/91628/Simplified-version-of-the-DES-Data-Encryption-Stan
http://www.codeproject.com/Articles/22518/Encryption-with-RC-Algorithm
Try taking a look at the System.Security.Cryptography namespace on MSDN - cryptography tasks and here MSDN - cryptography namespace. These should get you started with encrypting and decrypting strings, not sure if it covers all the algo's you are after.
I'm desperately looking for a .NET (C#) code equivalent of PHP's "openssl_seal" (http://php.net/manual/en/function.openssl-seal.php) functionality. A few hours of googling around, trying out OpenSSL and BouncyCastle .NET APIs didn't turn up much or I'm not tackling it all from the right direction.
My understanding is that PHP "openssl_seal" command does the following (this is a quote from their site):
Generates a random key (128 bit)
Encrypts the data symmetrically with RC4 using the random key
Encrypts the random key itself with RSA using the public key/certificate
Returns the encrypted data and the encrypted key.
Which is all fine and dandy but leaves a lot of room for interpretation and subtle innacuracies. Matching the results from both PHP and C# via trial-and-error is a daunting prospect (also the key is "random" so that won't even work) :) Has anyone been actually able to successfully accomplish replicating "openssl_seal" mechanism via C#?
My rant on the solution for this nugget: http://geekswithblogs.net/Strenium/archive/2013/01/27/converting-phprsquos-ldquoopenssl_sealrdquo-and-ldquoopenssl_openrdquo-into-.net.aspx
http://phpseclib.sourceforge.net/interop.html
That might help. Click on PHP Bindings / openssl_seal() / openssl_open(). Then click on phpseclib under "Seal" with.
What you said sounds pretty accurate. You encrypt the RC4 key using PKCS1 padding.
Good luck!
I'm looking at sending encrypted data between a Silverlight client and a native code (C++) server using WCF. I was looking at using the AesManaged class to encrypt data the client sends back to the server, but was wondering about the decryption. There is an assumption that if the AesManaged class is implemented against the AES specification it should be cross-compatible with any C++ AES library, but given experience with Microsoft's (and other vendors') "interpretations" of specifications previously I felt I should confirm it if possible.
I plan on building a prototype but I was hoping for an answer from someone who has experience in this area already. Using C++/CLI or C# for access to the AesManaged class isn't an option as I'm dealing with legacy code that I am adding functionality to.
All I can tell you is that it was good to ask; I cannot speak as to this specific interop, but I was trying to communicate with a piece of legacy software that used an older native implementation called AesLib, and I was trying to use AesCryptoServiceProvider. They wouldn't talk to each other, apparently because AesLib either uses a mode without an IV, or has a static or deterministic IV that I couldn't discover.
If you can get and reference the AES implementation that the native server is using, and implement an ICryptoServiceProvider-compatible wrapper around it, that would probably be the best guarantee that your message arrives intact (though this may cause its own problems). Otherwise, I would make sure I had all discoverable information about this implementation so I could configure AesManaged the same way. You'll need, at the very least, the key, IV, block size and mode.
I had successfully used C# AesManaged together with PHP's AES implementation long time ago (in Silverlight 2 Beta), so it is certainly possible.
However, you might want to study things like IV, paddings, block sizes and modes carefully to make sure settings for AES match.
I need to encrypt bytecode to send over a connection to a webservice, preferably using a GUID as a key. I have done a bit of research and found several classes developed for a similar purpose, but haven't been able to turn up much that is built into the Windows libraries.
My question is: Is there something built in to C# that performs this task? If there is not, I would very much appreciate any suggestions as to implementation.
Edit: After reading this post When would I choose AesCryptoServiceProvider over AesManaged or RijndaelManaged?
I am going with AESCryptoServiceProvider.
You should check out the System.Security.Cryptography namespace.
It's not clear whether you're in a position to choose which algorithm etc to use, but you might consider one of the following symmetric algorithms:
AES: AesManaged or AesCryptoServiceProvider
Rijndael: RijndaelManaged
Triple DES: TripleDESCryptoServiceProvider
There are also implementations of DES and RC2, but I would probably ignore them unless you're forced to use them.
I need to encrypt a byte array in VB6 and decrypt it in C# (NET 2.0). And viceversa (C# to VB6).
In C# I used RijndaelManaged class. In VB6 I used free pieces of from Internet. The best seems to be http://www.frez.co.uk/freecode.htm#rijndael
But the two implementations generate different outputs starting from the same input :(
Perhaps it's a problem with the IV vector in RijndaelManaged ... I don't understand...
Any solution / experience using Rijndael / AES between VB6 and NET ? Or TripleDes....
thank you
UPDATE: IMPORTANT: The machine where vb6 app runs, has not NET framework. So I cannot use Interop and/or a NET wrapper class exposed as COM. :(
You could use interop from .NET to call the C# implementation from VB6. That way both sides would be using the same library.
Here's some additional info: http://msdn.microsoft.com/en-us/library/hfzzah2c(vs.71).aspx
I just grabbed SlowAES, a Javascript implementation of AES, and embedded it into a Windows Script Component, which makes it accessible via COM. I was then able to call into the component from COM clients. I didn't try VB6 because i don't have Visual Studio 6. But for the COM clients I tried, I found the encryption to be completely compatible with .NET and the RijndaelManaged() class, when I use the same key, IV, mode, and keysize.
SlowAES is sort of limited; i didn't see an ECB mode for example. But the stuff I tested is compatible with .NET.
The source for the WSC file is available. That source also includes a RFC2898-compliant PBKDF2 usable from VB6. So you can set the key from a password. It is compatible with the Rfc2898DeriveBytes class in .NET.
See also, a related question.
Maybe I'll give you some informations regarding IV.
Initialization Vector is a clear-text sent data that should be generated randomly for each encryption to make stereotype headers attack harder or imposible to perform. Of course both encrypter and decrypter MUST have same value set.
Also there are some modes in which encryption and decryption may run. Have a look at this page: Wikipedia: Block cipher modes of operation. You should also ensure that this mode is same for both of them.
VbCorLib now supports cryptography, included Rijndael.
It's free and .NET-like. Link: http://vbcorlib.blogspot.com/
If you can do a simple C to C# conversion here is a nice solution. It works great with VB6/php and C. Have a look at Encryption for C++, Visual Basic, php using PC1.