AES encryption with BouncyCastle: AESEngine, AESFastEngine OR AESLightEngine? - c#

I want to port this simple JAVA example...
AES Encryption/Decryption with Bouncycastle Example in J2ME
...to C# and have the two following 3 questions:
As I understand, the JAVA example uses AESEngine for encryption/decryption operations. What is the difference between AESEngine and AESFastEngine and AESLightEngine? Unfortunately I don't understand the information given in the documentation: http://www.bouncycastle.org/docs/docs1.6/index.html
I want to use a new encryption-key for every file I encrypt. Which block cipher modes of operation should I use: AES.CBC, AES.CFB, AES.ECB OR AES.OFB http://www.bouncycastle.org/docs/docs1.6/index.html
Is my assumption correct that in my case I don't have to use an iv / salt (which means I have to use a static iv?) since I use AES.KeyGen128() for key generation and use it only once?
http://www.bouncycastle.org/docs/docs1.6/index.html
Hope my questions do not cause too much confusion ;-) I but I appreciate every answer, clarification or feedback you can give me.
Mike

My reading of the doc says that the AESEngine, FastEngine and LightEngine all take different tradeoffs of memory versus speed. You would have to test it yourself to determine if those tradeoffs are even relevant in your scenario.
you will need to read up on the various AES modes. Different modes have different strengths and attributes, which may be more or less applicable or desirable depending on your scenario. So the answer to your question is "it depends."
no. you will need an IV. As far as the salt, it is usually employed with the passphrase to generate the actual encryption key and the IV, often via PKBDF2. That is outside the realm of AES, but it is a typical usage.
Finally you didn't ask, but.... why are you porting that code to C#? .NET has AES encryption built-in. You don't need to port anything, you can just use the .NET base class library. Just ensure you use the same keysize and mode, and make sure your key+iv is the same on each side, and the .NET BCL AES classes will interoperate with the BouncyCastle stuff for J2ME.

Related

How to encrypt variable length text in PHP and C#?

For a game I am currently making I am in need of encrypting a variable length string (this could be a short as 10 characters or a full XML document) in C# and then sending this to a PHP script which decrypts and processes the information. I am unfortunately completely in the dark when it comes to cryptography and am having trouble finding something that can suite my needs in this case. Is there a library which can do this kind of variable length encryption across multiple platforms such as this?
AES, sometimes called Rijndael, might be a choice for you. It's a standard created by the National Institute of Standards and Technology, an agency of the US government.
It's available in PHP using the mcrypt extension, and there seems to be a managed library built in to the .Net framework. See this previous SO question for more on C#'s implementation. I know little about C# and .Net, but the answer there has 23 votes, so is likely to be on to something. (Edit: #Fun Mun Pieng's answer contains a reference to AES itself, and might be more up to date or otherwise useful than the post I linked.)
AES is a block cypher, meaning that it operates best on lengths of text of a specific set of lengths. There are multiple operation modes and padding schemes that you'll want to read up on and select. If you use the same operation mode and padding on both sides, you should have perfect interoperability.
Keep in mind that AES is a symmetric cypher. This means that the same key is used to both encrypt and decrypt. It might not be the best choice for you. If your users gain access to the key, the encryption becomes worthless.
Public-key cryptography might be a better choice for you. It uses two keys instead of one. Data encrypted using the public key can only be decrypted by the private key. This means that you don't need to worry too much about the public key falling into the wrong hands, as no data can actually be decrypted about it. It may allow troublesome users to still craft legit-looking messages, though.
PHP's best option for public-key cryptography is the standard OpenSSL extension, which uses the industry standard RSA system. A quick look at Google suggests that there's also native .Net support for RSA as well. Like AES, you may need to worry about modes of operation or padding, but again you should get complete interoperation by using the same methodology on both sides. The one possible annoyance will be initial key creation, and how each side wants to store private and public keys.
For the C# part, you could use the System.Security.Cryptography namespace. Eg:
System.Security.Cryptography.Aes aes = System.Security.Cryptography.Aes.Create();
System.Security.Cryptography.ICryptoTransform enc = aes.CreateEncryptor();
// byte[] input;
// byte[] output = new output[512]
int size = enc.TransformBlock(input, 0, input.Length, output, 0);
I have no idea how to do it for the PHP end, but I'm sure you can find a way to decrypt from standard algorithms such as DES, AES, RSA. And remember to pass the key.
For your case, I guess asymmetric encryption is more suitable.

Is data encrypted in Silverlight decryptable using C++?

I'm looking at sending encrypted data between a Silverlight client and a native code (C++) server using WCF. I was looking at using the AesManaged class to encrypt data the client sends back to the server, but was wondering about the decryption. There is an assumption that if the AesManaged class is implemented against the AES specification it should be cross-compatible with any C++ AES library, but given experience with Microsoft's (and other vendors') "interpretations" of specifications previously I felt I should confirm it if possible.
I plan on building a prototype but I was hoping for an answer from someone who has experience in this area already. Using C++/CLI or C# for access to the AesManaged class isn't an option as I'm dealing with legacy code that I am adding functionality to.
All I can tell you is that it was good to ask; I cannot speak as to this specific interop, but I was trying to communicate with a piece of legacy software that used an older native implementation called AesLib, and I was trying to use AesCryptoServiceProvider. They wouldn't talk to each other, apparently because AesLib either uses a mode without an IV, or has a static or deterministic IV that I couldn't discover.
If you can get and reference the AES implementation that the native server is using, and implement an ICryptoServiceProvider-compatible wrapper around it, that would probably be the best guarantee that your message arrives intact (though this may cause its own problems). Otherwise, I would make sure I had all discoverable information about this implementation so I could configure AesManaged the same way. You'll need, at the very least, the key, IV, block size and mode.
I had successfully used C# AesManaged together with PHP's AES implementation long time ago (in Silverlight 2 Beta), so it is certainly possible.
However, you might want to study things like IV, paddings, block sizes and modes carefully to make sure settings for AES match.

Is there a .NET class to handle encryption?

I need to encrypt bytecode to send over a connection to a webservice, preferably using a GUID as a key. I have done a bit of research and found several classes developed for a similar purpose, but haven't been able to turn up much that is built into the Windows libraries.
My question is: Is there something built in to C# that performs this task? If there is not, I would very much appreciate any suggestions as to implementation.
Edit: After reading this post When would I choose AesCryptoServiceProvider over AesManaged or RijndaelManaged?
I am going with AESCryptoServiceProvider.
You should check out the System.Security.Cryptography namespace.
It's not clear whether you're in a position to choose which algorithm etc to use, but you might consider one of the following symmetric algorithms:
AES: AesManaged or AesCryptoServiceProvider
Rijndael: RijndaelManaged
Triple DES: TripleDESCryptoServiceProvider
There are also implementations of DES and RC2, but I would probably ignore them unless you're forced to use them.

encryption and decryption

i want to encrypt string in java and decrypt the same string in C# and vice versa .how to do it .and which is best encryption method
Thanks
aswan
You need to go with a standard encryption method. The algorithm used will be secure, the result will be portable and there are libraries for many platforms. 3-DES or AES would be good choices.
The word "best" is different things to different people, and strongly influence the choices available to you.
If speed is extremely important to you, then just add one to every character value, send it, and subtract one again. In other words send "ABC" as "BCD".
AES is supported in the .NET framework in the Rijndael class, you can find the documentation on MSDN http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndael.aspx. When encrypting a string you will want to make sure that the way you choose your key is a secure method, and make sure it is stored in a secure place as well. In any encryption scheme the weakest link is the key.

Rijndael / AES from C# to VB6

I need to encrypt a byte array in VB6 and decrypt it in C# (NET 2.0). And viceversa (C# to VB6).
In C# I used RijndaelManaged class. In VB6 I used free pieces of from Internet. The best seems to be http://www.frez.co.uk/freecode.htm#rijndael
But the two implementations generate different outputs starting from the same input :(
Perhaps it's a problem with the IV vector in RijndaelManaged ... I don't understand...
Any solution / experience using Rijndael / AES between VB6 and NET ? Or TripleDes....
thank you
UPDATE: IMPORTANT: The machine where vb6 app runs, has not NET framework. So I cannot use Interop and/or a NET wrapper class exposed as COM. :(
You could use interop from .NET to call the C# implementation from VB6. That way both sides would be using the same library.
Here's some additional info: http://msdn.microsoft.com/en-us/library/hfzzah2c(vs.71).aspx
I just grabbed SlowAES, a Javascript implementation of AES, and embedded it into a Windows Script Component, which makes it accessible via COM. I was then able to call into the component from COM clients. I didn't try VB6 because i don't have Visual Studio 6. But for the COM clients I tried, I found the encryption to be completely compatible with .NET and the RijndaelManaged() class, when I use the same key, IV, mode, and keysize.
SlowAES is sort of limited; i didn't see an ECB mode for example. But the stuff I tested is compatible with .NET.
The source for the WSC file is available. That source also includes a RFC2898-compliant PBKDF2 usable from VB6. So you can set the key from a password. It is compatible with the Rfc2898DeriveBytes class in .NET.
See also, a related question.
Maybe I'll give you some informations regarding IV.
Initialization Vector is a clear-text sent data that should be generated randomly for each encryption to make stereotype headers attack harder or imposible to perform. Of course both encrypter and decrypter MUST have same value set.
Also there are some modes in which encryption and decryption may run. Have a look at this page: Wikipedia: Block cipher modes of operation. You should also ensure that this mode is same for both of them.
VbCorLib now supports cryptography, included Rijndael.
It's free and .NET-like. Link: http://vbcorlib.blogspot.com/
If you can do a simple C to C# conversion here is a nice solution. It works great with VB6/php and C. Have a look at Encryption for C++, Visual Basic, php using PC1.

Categories

Resources