Re: TripleDES encryption problem

From: Michael Giagnocavo [MVP] (mggUNSPAM_at_Atrevido.net)
Date: 07/21/03 

Date: Mon, 21 Jul 2003 09:06:23 -0600

ASCII is only a 7-bit encoding, and your key uses the full 8-bit space
of each byte. Thus, writing your key to ASCII results in some data
being messed up.

-mike
MVP

"c duden" <cduden@hotmail.com> wrote in message
news:u2oVr2lTDHA.2460@TK2MSFTNGP10.phx.gbl...
> Ok, I figured out a workaround -- changed everything to use
UnicodeEncoding
> instead of ASCIIEncoding and it now works. BUT does anyone have any
insight
> into why this will fail when you use ASCII encoding? I know that in
C# all
> strings are Unicode Byte Arrays but why would the conversion not
work
> correctly using the Crypto providers?
>
> Thanks
>
>
> "c duden" <cduden@hotmail.com> wrote in message
> news:uJQgkqlTDHA.3088@TK2MSFTNGP10.phx.gbl...
> > Found something interesting that narrows the scope of the problem
> somewhat.
> >
> > Here are a set of methods (one set of many I have tried):
> >
> > public static byte[] DesEncrypt(byte[] data, string hashString)
> > {
> > //byte[] data = ASCIIEncoding.ASCII.GetBytes(stringToEncrypt);
> > byte[] m_bDESKey = ASCIIEncoding.ASCII.GetBytes(hashString);
> > byte[] m_bDESIV = ASCIIEncoding.ASCII.GetBytes(hashString);
> > MemoryStream ms = new MemoryStream(4096);
> > DES des = new DESCryptoServiceProvider() ;
> > CryptoStream encStream = new CryptoStream(ms,
> > des.CreateEncryptor(m_bDESKey, m_bDESIV),
> > CryptoStreamMode.Write);
> > encStream.Write(data,0,data.Length);
> > encStream.FlushFinalBlock();
> > //calculate the length of the encrypted data
> > byte[] bResult = new byte[ms.Position];
> > ms.Position = 0;
> > ms.Read(bResult, 0, bResult.Length) ;
> > encStream.Close();
> > return bResult;
> > }
> > public static byte[] DesDecrypt ( byte[] data, string hashString )
> > {
> > //byte[] data = ASCIIEncoding.ASCII.GetBytes(stringToDeCrypt);
> > byte[] m_bDESKey = ASCIIEncoding.ASCII.GetBytes(hashString);
> > byte[] m_bDESIV = ASCIIEncoding.ASCII.GetBytes(hashString);
> > MemoryStream ms = new MemoryStream(data.Length);
> > DES des = new DESCryptoServiceProvider() ;
> > CryptoStream encStream = new CryptoStream(ms,
> > des.CreateDecryptor(m_bDESKey, m_bDESIV),
> > CryptoStreamMode.Read);
> > ms.Write(data,0,data.Length);
> > ms.Position = 0;
> > string strResult = new StreamReader(encStream).ReadToEnd();
> > encStream.Close();
> > return ASCIIEncoding.ASCII.GetBytes(strResult);
> > }
> >
> > Doing the following works:
> > byte[] data = System.Text.ASCIIEncoding.ASCII.GetBytes("Hello my
friend");
> > byte[] encrypted =
> >
NFS.Architecture.Security.TextEncryption.DesEncrypt(data,"password");
> > byte[] decrypted =
> >
NFS.Architecture.Security.TextEncryption.DesDecrypt(encrypted,"passwor
d");
> >
> > Response.Write(encrypted);
> > Response.Write("<BR>");
> > Response.Write(decrypted);
> >
> > But the following Does not work:
> >
> > byte[] data = System.Text.ASCIIEncoding.ASCII.GetBytes("Hello my
friend");
> > byte[] encrypted =
> >
NFS.Architecture.Security.TextEncryption.DesEncrypt(data,"password");
> > string encryptedStr =
> System.Text.ASCIIEncoding.ASCII.GetString(encrypted);
> > byte[] reencrypted =
> System.Text.ASCIIEncoding.ASCII.GetBytes(encryptedStr);
> > byte[] decrypted =
> >
>
NFS.Architecture.Security.TextEncryption.DesDecrypt(reencrypted,"passw
ord");
> > System.Text.ASCIIEncoding enc = new System.Text.ASCIIEncoding();
> > Response.Write(enc.GetString(encrypted));
> > Response.Write("<BR>");
> > Response.Write(enc.GetString(decrypted));
> >
> > Somehow converting the output of DesEncrypt to a string and then
> converting
> > that string back to a byte array caused the decryption method to
bomb with
> a
> > "Bad Data" error.
> >
> > Anyone have any ideas?
> >
> >
> > "c duden" <cduden@hotmail.com> wrote in message
> > news:uQEHlrkTDHA.2188@TK2MSFTNGP10.phx.gbl...
> > > I am attempting to encrypt some text and be able to decrypt it
at a
> later
> > > time. I have two methods to do this:
> > >
> > > public static Byte[] EncryptText(string textToEncrypt, string
> > > encryptionHash)
> > > {
> > > Byte[] bytearrayinput =
> > >
StringAndByteManipulation.ConvertStringToByteArray(textToEncrypt);
> > > //DES instance
> > > System.Security.Cryptography.TripleDESCryptoServiceProvider
des =
> new
> > > TripleDESCryptoServiceProvider();
> > > // use the default SHA-1 hash algorithm
> > > string pws = encryptionHash;
> > > System.Security.Cryptography.PasswordDeriveBytes db = new
> > > System.Security.Cryptography.PasswordDeriveBytes(pws,new
byte[0]);
> > > byte[] prndKey= db.GetBytes(16);
> > > byte[] IV = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09,
> > 0x10,
> > > 0x11, 0x12, 0x13, 0x14, 0x15, 0x16}; // from the example in MS
> > > documentation.
> > > System.IO.MemoryStream ms = new System.IO.MemoryStream();
> > > //Create Crypto Stream that transforms text stream using
Triple DES
> > > encryption
> > > CryptoStream cryptostream = new
> > >
CryptoStream(ms,des.CreateEncryptor(prndKey,IV),CryptoStreamMode.Write
);
> > > cryptostream.Write(bytearrayinput,0,bytearrayinput.Length);
> > >
> > > System.IO.StreamWriter sw = new
> System.IO.StreamWriter(cryptostream);
> > > sw.Write(bytearrayinput);
> > > Byte[] mBytes = new Byte[ms.Length-1];
> > > ms.Position = 0;
> > > ms.Read(mBytes,0,mBytes.Length);
> > > cryptostream.Close();
> > > ms.Close();
> > > return mBytes;
> > > }
> > >
> > > public static string DeCryptText(Byte[] textToDecrypt, string
> > > encryptionHash)
> > > {
> > > Byte[] bytearrayinput = textToDecrypt;
> > > //DES instance
> > > System.Security.Cryptography.TripleDESCryptoServiceProvider
des =
> new
> > > TripleDESCryptoServiceProvider();
> > > string pws = encryptionHash;
> > > System.Security.Cryptography.PasswordDeriveBytes db = new
> > > System.Security.Cryptography.PasswordDeriveBytes(pws,new
byte[0]);
> > > byte[] prndKey= db.GetBytes(16);
> > > byte[] IV = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
0x09,
> > 0x10,
> > > 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
> > > System.IO.MemoryStream ms = new
> > System.IO.MemoryStream(bytearrayinput);
> > > //Create Crypto Stream that transforms text stream using
Triple DES
> > > encryption
> > > CryptoStream cryptostream = new
> > >
CryptoStream(ms,des.CreateDecryptor(prndKey,IV),CryptoStreamMode.Read)
;
> > > System.IO.StreamReader SR = new
> > > System.IO.StreamReader(cryptostream,System.Text.Encoding.ASCII);
> > > return SR.ReadToEnd();
> > > }
> > >
> > > I have tried this about half a hundred ways with the same
results :
> > > It chokes on
> > > SR.ReadToEnd(); when atttepting to Decrypt the data that was
encrypted
> by
> > > EncryptText(..)
> > >
> > > Length of the data to decrypt is invalid.
> > > Description: An unhandled exception occurred during the
execution of the
> > > current web request. Please review the stack trace for more
information
> > > about the error and where it originated in the code.
> > >
> > > Exception Details:
System.Security.Cryptography.CryptographicException:
> > > Length of the data to decrypt is invalid.
> > >
> > >
> > > Can someone explain what is going on and what I am doing wrong.
In
> > looking
> > > for insight into this I have seen allot of newsgroup posts where
people
> > had
> > > the same problem but no answers.
> > >
> > > Thanks,
> > > CMD
> > >
> > >
> >
> >
>
>

Relevant Pages

  • Re: Unicode to ASCII string conversion
    ... files can be ANSI, ASCII, UTF7, UTF8, EBCDIC, UTF16 and many other ... > to string conversion and explicitly no bytearray, ... >> If you need an ASCII file, then use a ASCII encoding. ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Pre-information on Unicode in Delphi 2008
    ... Well IMO this is one case where Delphi isn't doing strong typing, there should be a warning there and a requirement for an explicit cast. ... Converting from Ansi to Wide while assuming the Ansi is using the system_locale is just an assumption, and in the Delphi IDE itself, that can results in string corruption when editing DFMs, and before you ask, yes there are QCs on the subject:) ... AnsiString have no particular encoding at all, assuming *any* encoding for automagic conversion is going to result in hard-to-track cases of data ...
    (borland.public.delphi.non-technical)
  • Re: Writing extended ascii characters to text file.
    ... so in order to get real ASCII codes you should use the GetBytes ... method of an Encoding instance configured for the ASCII encoding (as far as ... again, you've got bytes, not characters. ... > string line; ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: string to ascii on line feed
    ... first published ASCII as a standard in 1963. ... refer to multiple things, one of which might be "The encoding Java uses when we ask for the 'ASCII' encoding." ... Conceptually, we have a string in memory, and we wish to store that string to disk, using a specific encoding. ... Now when we say "Encoding FOO is n bits", what we usually mean is either "the encoding uses n bits per character to represent a given string" or the less restrictive "*on average*, the encoding uses n bits per character to represent a given string". ...
    (comp.lang.java.programmer)
  • Re: Bug in StreamReader.ReadLine()? It reads special chars wrong...
    ... > I compare this string to a string in an Access DB (btw, ... The same thing happens with chars ... ASCII is a 7-bit encoding and has no 'Ñ'. ...
    (microsoft.public.dotnet.languages.csharp)
Quantcast