Is it possible to use AES in XTC mode in C# (.net 3.5)? It doesn't seem to be in the CipherMode enumeration. I cannot seem to find any implementations of it on the web.
EDIT: Since I couldn't find a .net implementation, I wrote one: https://bitbucket.org/garethl/xtssharp
I have since written a C# implementation of XTS mode (using the built in AES cipher in .net), and released it under a BSD license. You can find it here: https://bitbucket.org/garethl/xtssharp
Here is the link to a site which gives a C code to download which implements C and XTS. I did not test it. You can wrap C code to C#.
Related
I'm using encrypt(string,key) and decrypt(string,key) for encryption in ColdFusion. Now what I would like to do is to encrypt in ColdFusion, but decrypt in asp.net C#. Can someone show me how to do this?
If this is my ColdFusion code:
encrypt("hello","abcdefgh")
decrypt(".....","abcdefgh"
What would the equivalent code in asp.net look like? Thank You.
According to Coldfusion's documentation,
The Standard Edition of ColdFusion installs a cryptography library with the following algorithms:
CFMX_COMPAT: the algorithm used in ColdFusion MX and prior releases. This algorithm is the least secure option (default).
Unless you implement the CF decryption algorithm in C#, you can't decrypt it. You would have to specify a different encryption algorithm, like 3DES, in order to decrypt it.
As Josh pointed out, if you do not specify an algorithm CF uses the default algorithm cfmx_compat. Unlike the standard algorithms such as AES, Blowfish, etcetera there is no library for it in .NET. To decrypt the value in C#, the .NET side would need to use a custom class. ( See here for my C# port of Railo's cfmx_compat class . )
That said, I would recommend against using cfmx_compat simply because it is a very weak algorithm. It is only included in CF for backward compatibility. You are much better off using one of the stronger algorithms like AES, Blowfish, etcetera in ColdFusion. Since those algorithms are standard, interoperability with C# (or any other language) will be much easier. See the links Al posted in the comments above for some examples.
My work needs the full triple DES MAC function in .NET (as as defined in [ISO 9797-1] as MAC Algorithm 1 with output transformation 1, without truncation, and with triple DES taking the place of the block cipher)
My problem is that I don't know how to implement this algorithm in C#.NET
Is there any suggestion (or code snippet) that would helps me implementing it (.NET Class and method)
Thanks in advance!
Best regards,
Hai-Binh LE
The .Net Library already contains an implementation of the TripleDES Message Authenticator Code algorithm.
You can find the documentation and example here.
You didn't mention which version of the .net framework you were using, incidentally, so I've assumed 3.5 here.
I've read about scrypt and some of its advantages over the bcrypt hashing algorithm in certain circumstances.
Anyhow, it seems scrypt isn't as widely used yet. Has anyone seen so far a .NET implementation of it (favored in C#)?
Finally I found an implementation of scrypt in C# in the CryptSharp library.
The library is open source and uses the ISC license.
CryptSharp
Version History
1.2.0 January 23, 2011:
The SCrypt KDF is now supported as CryptSharp.Utility.SCrypt.
Added djb's Salsa20, required by SCrypt.
In case, like me, you came to this question via a quick google (came up as the top link) you can now download SCrypt as a Nuget package into your project.
PM> Install-Package Scrypt.NET
Use as follows:
ScryptEncoder encoder = new ScryptEncoder();
string hashsedPassword = encoder.Encode("mypassword");
and comparing
ScryptEncoder encoder = new ScryptEncoder();
bool areEquals = encoder.Compare("mypassword", hashedPassword);
Github link here
There's a new implementation of SCrypt for .NET here: https://github.com/replicon/Replicon.Cryptography.SCrypt
Unlike CryptoSharp, which is a great library, this one is implemented as a packaged wrapper around a native library. This allows it to use native-level instructions (like SSE2) to improve the performance of the implementation quite a bit.
The downside is that it has to contain native compiled assemblies, detect the right one to use, unpackage it, and then load it. That means it's not ideal for all environments, but it works great where it works.
Where can I find API documentation for TComponent, TObject, TList, etc.? I am converting some C++ code that was written using C++ builder into C#. I'm having trouble finding related documentation for these classes in order to find a C# equivalent.
Use the official online reference. The link is directly to the index - just look up types and functions there as needed.
I need to encrypt a byte array in VB6 and decrypt it in C# (NET 2.0). And viceversa (C# to VB6).
In C# I used RijndaelManaged class. In VB6 I used free pieces of from Internet. The best seems to be http://www.frez.co.uk/freecode.htm#rijndael
But the two implementations generate different outputs starting from the same input :(
Perhaps it's a problem with the IV vector in RijndaelManaged ... I don't understand...
Any solution / experience using Rijndael / AES between VB6 and NET ? Or TripleDes....
thank you
UPDATE: IMPORTANT: The machine where vb6 app runs, has not NET framework. So I cannot use Interop and/or a NET wrapper class exposed as COM. :(
You could use interop from .NET to call the C# implementation from VB6. That way both sides would be using the same library.
Here's some additional info: http://msdn.microsoft.com/en-us/library/hfzzah2c(vs.71).aspx
I just grabbed SlowAES, a Javascript implementation of AES, and embedded it into a Windows Script Component, which makes it accessible via COM. I was then able to call into the component from COM clients. I didn't try VB6 because i don't have Visual Studio 6. But for the COM clients I tried, I found the encryption to be completely compatible with .NET and the RijndaelManaged() class, when I use the same key, IV, mode, and keysize.
SlowAES is sort of limited; i didn't see an ECB mode for example. But the stuff I tested is compatible with .NET.
The source for the WSC file is available. That source also includes a RFC2898-compliant PBKDF2 usable from VB6. So you can set the key from a password. It is compatible with the Rfc2898DeriveBytes class in .NET.
See also, a related question.
Maybe I'll give you some informations regarding IV.
Initialization Vector is a clear-text sent data that should be generated randomly for each encryption to make stereotype headers attack harder or imposible to perform. Of course both encrypter and decrypter MUST have same value set.
Also there are some modes in which encryption and decryption may run. Have a look at this page: Wikipedia: Block cipher modes of operation. You should also ensure that this mode is same for both of them.
VbCorLib now supports cryptography, included Rijndael.
It's free and .NET-like. Link: http://vbcorlib.blogspot.com/
If you can do a simple C to C# conversion here is a nice solution. It works great with VB6/php and C. Have a look at Encryption for C++, Visual Basic, php using PC1.