I'm looking at sending encrypted data between a Silverlight client and a native code (C++) server using WCF. I was looking at using the AesManaged class to encrypt data the client sends back to the server, but was wondering about the decryption. There is an assumption that if the AesManaged class is implemented against the AES specification it should be cross-compatible with any C++ AES library, but given experience with Microsoft's (and other vendors') "interpretations" of specifications previously I felt I should confirm it if possible.
I plan on building a prototype but I was hoping for an answer from someone who has experience in this area already. Using C++/CLI or C# for access to the AesManaged class isn't an option as I'm dealing with legacy code that I am adding functionality to.
All I can tell you is that it was good to ask; I cannot speak as to this specific interop, but I was trying to communicate with a piece of legacy software that used an older native implementation called AesLib, and I was trying to use AesCryptoServiceProvider. They wouldn't talk to each other, apparently because AesLib either uses a mode without an IV, or has a static or deterministic IV that I couldn't discover.
If you can get and reference the AES implementation that the native server is using, and implement an ICryptoServiceProvider-compatible wrapper around it, that would probably be the best guarantee that your message arrives intact (though this may cause its own problems). Otherwise, I would make sure I had all discoverable information about this implementation so I could configure AesManaged the same way. You'll need, at the very least, the key, IV, block size and mode.
I had successfully used C# AesManaged together with PHP's AES implementation long time ago (in Silverlight 2 Beta), so it is certainly possible.
However, you might want to study things like IV, paddings, block sizes and modes carefully to make sure settings for AES match.
Related
I've got a question regarding C#.
I am currently working on a medical software product, and one of the important things is to make sure that the patient's data is encrypted. I got two questions regarding this:
1.) How secure is the Microsoft .NET implementation of AES (Rijndael) from System.Security.Cryptography? Does it have any known security flaws, or am I fine just using the MS implementation? (note, I know the basic background of how these algorithms work, but I am not really that deep into it to get an idea of how it works).
2.) Since the data is stored on the same PC as the application, how hard is it to get information from a C# application? Assuming I have somewhere in the code
string encrypPassword = "ThisIsMyPassword";
string encryptedString = EncryptString(ClearString, encrypPassword);
// save encryptedString to harddrive
I know that an attacker could just go down to the assemble code, and at that point there is nothing at all I can do against this (the system has to be able to encrypt / decrypt the data), but is there like a shortcut for C# to get the encrypPassword, since it is managed, or does something like this still require you to go down to the assemble code?
If you have a fixed password compiled into your app, then you don't need to care about the security of AES and known security faults because your data is simply not secure. A sufficiently knowledgable person with access to the PC will be able to decrypt all the data.
And locating a fixed password usually doesn't require any programming knowledge. A good hex editor will do in most case. You don't even need to know what programming language was used.
If your data is used by a single user, then you can tie the password for the patient data to his or her Windows password (or account). Windows provides some specific functions for that. See http://msdn.microsoft.com/en-us/library/aa302402.aspx for how to access it from .NET.
In answer to the first part of your original question - the native Windows implementation of AES is NIST certified to be FIPS 140-2 compliant. Access to the certified implementation is limited to:
Using the Windows Crypto API
Using the CAPICOM com wrapper to the Windows Crypto API
Using the .Net AesCryptoServiceProvider class in the System.Security.Cryptography namespace (this class did not become available until .Net Framework 3.5)
That being said, the implementation in the RijndaelManaged class is the same, it just has not been thru the NIST certification process (this process is very long and very expensive).
The Aes algorithm is very secure (military grade encryption - especially the 256 bit key variant).
The biggest concern (agreeing with the posters above) is keeping your encryption password embedded in the application in plain text.
To store your password data you could use SecureString class from System.Security namespace.
Most decent obfuscators will encrypt the strings from your code before storing them in the assembly's strings section, and inject a method to decrypt them before use. These techniques have also long since been reverse engineered by disassemblers.
Realistically, there is almost no way to really safely store a string in any programming language. Someone can pretty much always either find the string, or reverse engineer your logic used to build it. The best thing you can do is stow down the attacker long enough to make it not worth their time and effort.
In your case, I would probably store the password encrypted in the app (as in, encrypt it yourself manually outside your app, and copy/paste it in). Possibly split it into parts so it isn't stored as a single string. Then put it back together and unencrypt it at runtime, then at runtime store it in a SecureString. Also invest in a good obfuscator, as it will help mask your unencryption logic (which will become the weak link in the security).
I want to port this simple JAVA example...
AES Encryption/Decryption with Bouncycastle Example in J2ME
...to C# and have the two following 3 questions:
As I understand, the JAVA example uses AESEngine for encryption/decryption operations. What is the difference between AESEngine and AESFastEngine and AESLightEngine? Unfortunately I don't understand the information given in the documentation: http://www.bouncycastle.org/docs/docs1.6/index.html
I want to use a new encryption-key for every file I encrypt. Which block cipher modes of operation should I use: AES.CBC, AES.CFB, AES.ECB OR AES.OFB http://www.bouncycastle.org/docs/docs1.6/index.html
Is my assumption correct that in my case I don't have to use an iv / salt (which means I have to use a static iv?) since I use AES.KeyGen128() for key generation and use it only once?
http://www.bouncycastle.org/docs/docs1.6/index.html
Hope my questions do not cause too much confusion ;-) I but I appreciate every answer, clarification or feedback you can give me.
Mike
My reading of the doc says that the AESEngine, FastEngine and LightEngine all take different tradeoffs of memory versus speed. You would have to test it yourself to determine if those tradeoffs are even relevant in your scenario.
you will need to read up on the various AES modes. Different modes have different strengths and attributes, which may be more or less applicable or desirable depending on your scenario. So the answer to your question is "it depends."
no. you will need an IV. As far as the salt, it is usually employed with the passphrase to generate the actual encryption key and the IV, often via PKBDF2. That is outside the realm of AES, but it is a typical usage.
Finally you didn't ask, but.... why are you porting that code to C#? .NET has AES encryption built-in. You don't need to port anything, you can just use the .NET base class library. Just ensure you use the same keysize and mode, and make sure your key+iv is the same on each side, and the .NET BCL AES classes will interoperate with the BouncyCastle stuff for J2ME.
For a game I am currently making I am in need of encrypting a variable length string (this could be a short as 10 characters or a full XML document) in C# and then sending this to a PHP script which decrypts and processes the information. I am unfortunately completely in the dark when it comes to cryptography and am having trouble finding something that can suite my needs in this case. Is there a library which can do this kind of variable length encryption across multiple platforms such as this?
AES, sometimes called Rijndael, might be a choice for you. It's a standard created by the National Institute of Standards and Technology, an agency of the US government.
It's available in PHP using the mcrypt extension, and there seems to be a managed library built in to the .Net framework. See this previous SO question for more on C#'s implementation. I know little about C# and .Net, but the answer there has 23 votes, so is likely to be on to something. (Edit: #Fun Mun Pieng's answer contains a reference to AES itself, and might be more up to date or otherwise useful than the post I linked.)
AES is a block cypher, meaning that it operates best on lengths of text of a specific set of lengths. There are multiple operation modes and padding schemes that you'll want to read up on and select. If you use the same operation mode and padding on both sides, you should have perfect interoperability.
Keep in mind that AES is a symmetric cypher. This means that the same key is used to both encrypt and decrypt. It might not be the best choice for you. If your users gain access to the key, the encryption becomes worthless.
Public-key cryptography might be a better choice for you. It uses two keys instead of one. Data encrypted using the public key can only be decrypted by the private key. This means that you don't need to worry too much about the public key falling into the wrong hands, as no data can actually be decrypted about it. It may allow troublesome users to still craft legit-looking messages, though.
PHP's best option for public-key cryptography is the standard OpenSSL extension, which uses the industry standard RSA system. A quick look at Google suggests that there's also native .Net support for RSA as well. Like AES, you may need to worry about modes of operation or padding, but again you should get complete interoperation by using the same methodology on both sides. The one possible annoyance will be initial key creation, and how each side wants to store private and public keys.
For the C# part, you could use the System.Security.Cryptography namespace. Eg:
System.Security.Cryptography.Aes aes = System.Security.Cryptography.Aes.Create();
System.Security.Cryptography.ICryptoTransform enc = aes.CreateEncryptor();
// byte[] input;
// byte[] output = new output[512]
int size = enc.TransformBlock(input, 0, input.Length, output, 0);
I have no idea how to do it for the PHP end, but I'm sure you can find a way to decrypt from standard algorithms such as DES, AES, RSA. And remember to pass the key.
For your case, I guess asymmetric encryption is more suitable.
I need to encrypt bytecode to send over a connection to a webservice, preferably using a GUID as a key. I have done a bit of research and found several classes developed for a similar purpose, but haven't been able to turn up much that is built into the Windows libraries.
My question is: Is there something built in to C# that performs this task? If there is not, I would very much appreciate any suggestions as to implementation.
Edit: After reading this post When would I choose AesCryptoServiceProvider over AesManaged or RijndaelManaged?
I am going with AESCryptoServiceProvider.
You should check out the System.Security.Cryptography namespace.
It's not clear whether you're in a position to choose which algorithm etc to use, but you might consider one of the following symmetric algorithms:
AES: AesManaged or AesCryptoServiceProvider
Rijndael: RijndaelManaged
Triple DES: TripleDESCryptoServiceProvider
There are also implementations of DES and RC2, but I would probably ignore them unless you're forced to use them.
I need to encrypt a byte array in VB6 and decrypt it in C# (NET 2.0). And viceversa (C# to VB6).
In C# I used RijndaelManaged class. In VB6 I used free pieces of from Internet. The best seems to be http://www.frez.co.uk/freecode.htm#rijndael
But the two implementations generate different outputs starting from the same input :(
Perhaps it's a problem with the IV vector in RijndaelManaged ... I don't understand...
Any solution / experience using Rijndael / AES between VB6 and NET ? Or TripleDes....
thank you
UPDATE: IMPORTANT: The machine where vb6 app runs, has not NET framework. So I cannot use Interop and/or a NET wrapper class exposed as COM. :(
You could use interop from .NET to call the C# implementation from VB6. That way both sides would be using the same library.
Here's some additional info: http://msdn.microsoft.com/en-us/library/hfzzah2c(vs.71).aspx
I just grabbed SlowAES, a Javascript implementation of AES, and embedded it into a Windows Script Component, which makes it accessible via COM. I was then able to call into the component from COM clients. I didn't try VB6 because i don't have Visual Studio 6. But for the COM clients I tried, I found the encryption to be completely compatible with .NET and the RijndaelManaged() class, when I use the same key, IV, mode, and keysize.
SlowAES is sort of limited; i didn't see an ECB mode for example. But the stuff I tested is compatible with .NET.
The source for the WSC file is available. That source also includes a RFC2898-compliant PBKDF2 usable from VB6. So you can set the key from a password. It is compatible with the Rfc2898DeriveBytes class in .NET.
See also, a related question.
Maybe I'll give you some informations regarding IV.
Initialization Vector is a clear-text sent data that should be generated randomly for each encryption to make stereotype headers attack harder or imposible to perform. Of course both encrypter and decrypter MUST have same value set.
Also there are some modes in which encryption and decryption may run. Have a look at this page: Wikipedia: Block cipher modes of operation. You should also ensure that this mode is same for both of them.
VbCorLib now supports cryptography, included Rijndael.
It's free and .NET-like. Link: http://vbcorlib.blogspot.com/
If you can do a simple C to C# conversion here is a nice solution. It works great with VB6/php and C. Have a look at Encryption for C++, Visual Basic, php using PC1.