Re: TripleDES encryption problem

From: c duden (cduden_at_hotmail.com)
Date: 07/23/03

Next message: Platino: "Get NT Logged User in Stored Procedure"
Previous message: Michael Giagnocavo [MVP]: "Re: TripleDES encryption problem"
In reply to: Michael Giagnocavo [MVP]: "Re: TripleDES encryption problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 22 Jul 2003 22:41:32 -0700

Converting to and from Base64String was the ticket. Thanks much, appreciate
the help.

"Michael Giagnocavo [MVP]" <mggUNSPAM@Atrevido.net> wrote in message
news:ekqc$8MUDHA.2088@TK2MSFTNGP10.phx.gbl...
> Store as a varchar or char, and use Base64 (Convert.ToBase64String) to
> get your byte[] to an easily managed string.
> -mike
> MVP
>
> "c duden" <cduden@hotmail.com> wrote in message
> news:eiP1yjKUDHA.2128@TK2MSFTNGP12.phx.gbl...
> > Ok, Michael that makes perfect sense when you put it that way.
> Follow up
> > question then -- with the Unicode working verison I insert that
> encrypted
> > data into a field in SQL2k -- (nvarchar -- supposed to be able to
> handle
> > Unicode values) but when I pull it out it can't unencode it -- fails
> with
> > "bad data" error. Is SQL doing something in the translation?
> >
> >
> > "Michael Giagnocavo [MVP]" <mggUNSPAM@Atrevido.net> wrote in message
> > news:%23sBwxo5TDHA.3132@tk2msftngp13.phx.gbl...
> > > ASCII is only a 7-bit encoding, and your key uses the full 8-bit
> space
> > > of each byte. Thus, writing your key to ASCII results in some
> data
> > > being messed up.
> > >
> > > -mike
> > > MVP
> > >
> > > "c duden" <cduden@hotmail.com> wrote in message
> > > news:u2oVr2lTDHA.2460@TK2MSFTNGP10.phx.gbl...
> > > > Ok, I figured out a workaround -- changed everything to use
> > > UnicodeEncoding
> > > > instead of ASCIIEncoding and it now works. BUT does anyone have
> any
> > > insight
> > > > into why this will fail when you use ASCII encoding? I know
> that in
> > > C# all
> > > > strings are Unicode Byte Arrays but why would the conversion not
> > > work
> > > > correctly using the Crypto providers?
> > > >
> > > > Thanks
> > > >
> > > >
> > > > "c duden" <cduden@hotmail.com> wrote in message
> > > > news:uJQgkqlTDHA.3088@TK2MSFTNGP10.phx.gbl...
> > > > > Found something interesting that narrows the scope of the
> problem
> > > > somewhat.
> > > > >
> > > > > Here are a set of methods (one set of many I have tried):
> > > > >
> > > > > public static byte[] DesEncrypt(byte[] data, string
> hashString)
> > > > > {
> > > > > //byte[] data = ASCIIEncoding.ASCII.GetBytes(stringToEncrypt);
> > > > > byte[] m_bDESKey = ASCIIEncoding.ASCII.GetBytes(hashString);
> > > > > byte[] m_bDESIV = ASCIIEncoding.ASCII.GetBytes(hashString);
> > > > > MemoryStream ms = new MemoryStream(4096);
> > > > > DES des = new DESCryptoServiceProvider() ;
> > > > > CryptoStream encStream = new CryptoStream(ms,
> > > > > des.CreateEncryptor(m_bDESKey, m_bDESIV),
> > > > > CryptoStreamMode.Write);
> > > > > encStream.Write(data,0,data.Length);
> > > > > encStream.FlushFinalBlock();
> > > > > //calculate the length of the encrypted data
> > > > > byte[] bResult = new byte[ms.Position];
> > > > > ms.Position = 0;
> > > > > ms.Read(bResult, 0, bResult.Length) ;
> > > > > encStream.Close();
> > > > > return bResult;
> > > > > }
> > > > > public static byte[] DesDecrypt ( byte[] data, string
> hashString )
> > > > > {
> > > > > //byte[] data = ASCIIEncoding.ASCII.GetBytes(stringToDeCrypt);
> > > > > byte[] m_bDESKey = ASCIIEncoding.ASCII.GetBytes(hashString);
> > > > > byte[] m_bDESIV = ASCIIEncoding.ASCII.GetBytes(hashString);
> > > > > MemoryStream ms = new MemoryStream(data.Length);
> > > > > DES des = new DESCryptoServiceProvider() ;
> > > > > CryptoStream encStream = new CryptoStream(ms,
> > > > > des.CreateDecryptor(m_bDESKey, m_bDESIV),
> > > > > CryptoStreamMode.Read);
> > > > > ms.Write(data,0,data.Length);
> > > > > ms.Position = 0;
> > > > > string strResult = new StreamReader(encStream).ReadToEnd();
> > > > > encStream.Close();
> > > > > return ASCIIEncoding.ASCII.GetBytes(strResult);
> > > > > }
> > > > >
> > > > > Doing the following works:
> > > > > byte[] data = System.Text.ASCIIEncoding.ASCII.GetBytes("Hello
> my
> > > friend");
> > > > > byte[] encrypted =
> > > > >
> > >
> NFS.Architecture.Security.TextEncryption.DesEncrypt(data,"password");
> > > > > byte[] decrypted =
> > > > >
> > >
> NFS.Architecture.Security.TextEncryption.DesDecrypt(encrypted,"passwor
> > > d");
> > > > >
> > > > > Response.Write(encrypted);
> > > > > Response.Write("<BR>");
> > > > > Response.Write(decrypted);
> > > > >
> > > > > But the following Does not work:
> > > > >
> > > > > byte[] data = System.Text.ASCIIEncoding.ASCII.GetBytes("Hello
> my
> > > friend");
> > > > > byte[] encrypted =
> > > > >
> > >
> NFS.Architecture.Security.TextEncryption.DesEncrypt(data,"password");
> > > > > string encryptedStr =
> > > > System.Text.ASCIIEncoding.ASCII.GetString(encrypted);
> > > > > byte[] reencrypted =
> > > > System.Text.ASCIIEncoding.ASCII.GetBytes(encryptedStr);
> > > > > byte[] decrypted =
> > > > >
> > > >
> > >
> NFS.Architecture.Security.TextEncryption.DesDecrypt(reencrypted,"passw
> > > ord");
> > > > > System.Text.ASCIIEncoding enc = new
> System.Text.ASCIIEncoding();
> > > > > Response.Write(enc.GetString(encrypted));
> > > > > Response.Write("<BR>");
> > > > > Response.Write(enc.GetString(decrypted));
> > > > >
> > > > > Somehow converting the output of DesEncrypt to a string and
> then
> > > > converting
> > > > > that string back to a byte array caused the decryption method
> to
> > > bomb with
> > > > a
> > > > > "Bad Data" error.
> > > > >
> > > > > Anyone have any ideas?
> > > > >
> > > > >
> > > > > "c duden" <cduden@hotmail.com> wrote in message
> > > > > news:uQEHlrkTDHA.2188@TK2MSFTNGP10.phx.gbl...
> > > > > > I am attempting to encrypt some text and be able to decrypt
> it
> > > at a
> > > > later
> > > > > > time. I have two methods to do this:
> > > > > >
> > > > > > public static Byte[] EncryptText(string textToEncrypt,
> string
> > > > > > encryptionHash)
> > > > > > {
> > > > > > Byte[] bytearrayinput =
> > > > > >
> > > StringAndByteManipulation.ConvertStringToByteArray(textToEncrypt);
> > > > > > //DES instance
> > > > > >
> System.Security.Cryptography.TripleDESCryptoServiceProvider
> > > des =
> > > > new
> > > > > > TripleDESCryptoServiceProvider();
> > > > > > // use the default SHA-1 hash algorithm
> > > > > > string pws = encryptionHash;
> > > > > > System.Security.Cryptography.PasswordDeriveBytes db =
> new
> > > > > > System.Security.Cryptography.PasswordDeriveBytes(pws,new
> > > byte[0]);
> > > > > > byte[] prndKey= db.GetBytes(16);
> > > > > > byte[] IV = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> 0x08,
> > > 0x09,
> > > > > 0x10,
> > > > > > 0x11, 0x12, 0x13, 0x14, 0x15, 0x16}; // from the example in
> MS
> > > > > > documentation.
> > > > > > System.IO.MemoryStream ms = new
> System.IO.MemoryStream();
> > > > > > //Create Crypto Stream that transforms text stream using
> > > Triple DES
> > > > > > encryption
> > > > > > CryptoStream cryptostream = new
> > > > > >
> > >
> CryptoStream(ms,des.CreateEncryptor(prndKey,IV),CryptoStreamMode.Write
> > > );
> > > > > >
> cryptostream.Write(bytearrayinput,0,bytearrayinput.Length);
> > > > > >
> > > > > > System.IO.StreamWriter sw = new
> > > > System.IO.StreamWriter(cryptostream);
> > > > > > sw.Write(bytearrayinput);
> > > > > > Byte[] mBytes = new Byte[ms.Length-1];
> > > > > > ms.Position = 0;
> > > > > > ms.Read(mBytes,0,mBytes.Length);
> > > > > > cryptostream.Close();
> > > > > > ms.Close();
> > > > > > return mBytes;
> > > > > > }
> > > > > >
> > > > > > public static string DeCryptText(Byte[] textToDecrypt,
> string
> > > > > > encryptionHash)
> > > > > > {
> > > > > > Byte[] bytearrayinput = textToDecrypt;
> > > > > > //DES instance
> > > > > >
> System.Security.Cryptography.TripleDESCryptoServiceProvider
> > > des =
> > > > new
> > > > > > TripleDESCryptoServiceProvider();
> > > > > > string pws = encryptionHash;
> > > > > > System.Security.Cryptography.PasswordDeriveBytes db =
> new
> > > > > > System.Security.Cryptography.PasswordDeriveBytes(pws,new
> > > byte[0]);
> > > > > > byte[] prndKey= db.GetBytes(16);
> > > > > > byte[] IV = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
> 0x08,
> > > 0x09,
> > > > > 0x10,
> > > > > > 0x11, 0x12, 0x13, 0x14, 0x15, 0x16};
> > > > > > System.IO.MemoryStream ms = new
> > > > > System.IO.MemoryStream(bytearrayinput);
> > > > > > //Create Crypto Stream that transforms text stream using
> > > Triple DES
> > > > > > encryption
> > > > > > CryptoStream cryptostream = new
> > > > > >
> > >
> CryptoStream(ms,des.CreateDecryptor(prndKey,IV),CryptoStreamMode.Read)
> > > ;
> > > > > > System.IO.StreamReader SR = new
> > > > > >
> System.IO.StreamReader(cryptostream,System.Text.Encoding.ASCII);
> > > > > > return SR.ReadToEnd();
> > > > > > }
> > > > > >
> > > > > > I have tried this about half a hundred ways with the same
> > > results :
> > > > > > It chokes on
> > > > > > SR.ReadToEnd(); when atttepting to Decrypt the data that was
> > > encrypted
> > > > by
> > > > > > EncryptText(..)
> > > > > >
> > > > > > Length of the data to decrypt is invalid.
> > > > > > Description: An unhandled exception occurred during the
> > > execution of the
> > > > > > current web request. Please review the stack trace for more
> > > information
> > > > > > about the error and where it originated in the code.
> > > > > >
> > > > > > Exception Details:
> > > System.Security.Cryptography.CryptographicException:
> > > > > > Length of the data to decrypt is invalid.
> > > > > >
> > > > > >
> > > > > > Can someone explain what is going on and what I am doing
> wrong.
> > > In
> > > > > looking
> > > > > > for insight into this I have seen allot of newsgroup posts
> where
> > > people
> > > > > had
> > > > > > the same problem but no answers.
> > > > > >
> > > > > > Thanks,
> > > > > > CMD
> > > > > >
> > > > > >
> > > > >
> > > > >
> > > >
> > > >
> > >
> > >
> >
> >
>
>

Next message: Platino: "Get NT Logged User in Stored Procedure"
Previous message: Michael Giagnocavo [MVP]: "Re: TripleDES encryption problem"
In reply to: Michael Giagnocavo [MVP]: "Re: TripleDES encryption problem"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: TripleDES encryption problem
... get your byteto an easily managed string. ... Michael that makes perfect sense when you put it that way. ... >> Triple DES ...
(microsoft.public.dotnet.security)
Re: Clarett Cut By Broncos
... >> Michael wrote: ... >>> The Broncos are flush with backs. ... >> he was 4th string, behind Ron Dayne, and NEVER played in presesason, ... >> nursing a little hamstring injury. ...
(rec.sport.football.college)
Re: Forms Auth with AD Native Mode
... Here's the bulk of my LDAPAuthentication class. ... private string _filterattribute; ... >> Michael, ...
(microsoft.public.dotnet.framework.aspnet.security)
Re: SHA-1 broken
... it's a string - and it can only be the inverse of one, ... >> going to make it exponentially harder to crack by composing. ... >> You'd really have to get a new algorithm. ...
(Bugtraq)
Re: Gesucht SQL String =?ISO-8859-15?Q?f=FCr_CSV_Liste_aeh?= =?ISO-8859-15?Q?nlich_D
... Hallo Michael, ... Folgenden SQL String versuche ich abzusetzen: ... Access verwendet für Datumsangaben das gleiche Format ... Verwende einen OleDbParameter vom Typ DbTimeStamp und übergib ein DateTime ...
(microsoft.public.de.german.entwickler.dotnet.datenbank)