Re: Can't get basic encryption to work
- From: "Joe Kaplan" <joseph.e.kaplan@xxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 6 Mar 2007 21:27:25 -0600
I somehow missed that you were the same person. :) No worries.
The important thing I was trying to get across was in regards to the
initialization vector, IV, not the key. The key is a secret. You can
derive it from a password or generate a random one or whatever, but with
symmetric encryption, both sides must have the secret and guard it.
With the IV, that should be new and random every time you encrypt, but it is
not a secret. It is exchanged with the encrypted data.
Once you get this down, moving on to asymmetric is a reasonable idea.
Symmetric encryption is one of the fundamental building blocks of asymmetric
encryption, so it makes sense to understand it well.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services Programming"
http://www.directoryprogramming.net
--
"DXRick" <DXRick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:E4E32CD3-B602-44B6-B888-BEF029699770@xxxxxxxxxxxxxxxx
I was trying to learn symmetric encryption where the client and server
would
be able to derive the same symmetric key from shared data of some sort. I
was using the password to derive the key, but it dawned on me that if I
did
that and, and sent the encrypted name and password to the server, that the
server would have to know what the password was to decrypt the data (a
catch-22). So, I decided just to use hard coded values for now to see if
I
could get the encryption and decryption to work.
I am doing what you suggested before and learn one piece at a time. I am
going to play with asymmetric now. Maybe I will end up using asymmetric
encryption for the client and server to share the data that will be given
to
the Rfc2898DeriveBytes object on both ends that will be used to generate
the
key and IV.
Then I need to understand hashing and digital signing better.
So, that is why I asked the question a while ago about what system an
intranet or internet client/server app would use to pass data back and
forth.
The first data sent is the name a password of a user to either create a
new
account or retrieve their current account. Then I need to ensure that the
account data (currently being sent as a class object) is encrypted before
being sent back and forth.
I guess you could say I am trying to learn A, B, and C, before attempting
to
see how they all might fit together to create a secure app. In this
thread I
couldn't even get A to work!
Thanks!!
"Joe Kaplan" wrote:
This is basically fine. Sometimes it is a good idea to be more explicit
about the encoding method that is used to convert the string to binary in
the stream, as this can cause headaches. In your case, you are probably
fine since you are wrapping with StreamWriter/StreamReader and that uses
UTF8 by default on both ends.
Also, if you convert the encrypted data to string, make sure you use
Base64.
Another thing to be aware of is proper usage of IV. It is supposed to be
random and should be different each time. It is not a secret though like
the key. As such, you generally want to generate a new IV with each
encryption and store the IV you used with the encrypted data so that you
can
recover the IV that was used when you go to decrypt. One way that people
often do this is to generate new random IV and append it to the beginning
of
the array of encrypted data. If you know how long it is (which you
should),
then you just pull off the first X bytes as IV before doing the
encryption.
Using a static IV, an "all 0" IV or an IV that is the same as the key all
undermine what the IV is used for (which is to help ensure that the same
input will produce different encrypted output each time and will thus
make
your data harder to plaintext attack).
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"DXRick" <DXRick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D506FB89-4530-49A7-AB96-9CD3F2F4CE26@xxxxxxxxxxxxxxxx
Thanks both of you. I was doing that BEFORE the write command, and was
then
getting a padding error exception in the decryption routine. Now, the
encryption and decryption both work.
So, here is my final code (the stuff above it is the same):
mStream = new MemoryStream();
cStream = new CryptoStream(mStream, encryptor, CryptoStreamMode.Write);
sWriter = new StreamWriter(cStream);
sWriter.Flush();
sWriter.Write(dataToEncrypt);
sWriter.Flush();
cStream.FlushFinalBlock();
this.encryptedData = mStream.ToArray();
Thanks!
"Joe Kaplan" wrote:
You should always call FlushFinalBlock when working with block ciphers
(which AES/Rjindael is one of). Block ciphers need to add padding to
data
to make the final output be an even block size, so they need to know
when
you are done adding data.
Joe K.
--
Joe Kaplan-MS MVP Directory Services Programming
Co-author of "The .NET Developer's Guide to Directory Services
Programming"
http://www.directoryprogramming.net
--
"DXRick" <DXRick@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:10F02053-2B27-4D99-A518-5AC9C4355861@xxxxxxxxxxxxxxxx
Where did you add those? If I try to close the writer before the
sWriter.Write() command I get an exception that it cannot write to a
closed
stream.
If I just include this command, I will get a 16 byte array in
hookie:
cStream.FlushFinalBlock();
I have no clue why that would be needed.
Thanks.
"Dominick Baier" wrote:
adding an
sWriter.Flush();
sWriter.Close();
works for me...
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
Those did not work.
This:
int sttr = (int)mStream.Length;
give me a 0 length. The MemoryStream is not being used?
Thanks.
"Dominick Baier" wrote:
just some ideas:
try to flush the streamwriter first...
if that doesn't help, try to position the memstream to the
beginning
(using
..Seek)
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications
(http://www.microsoft.com/mspress/books/9989.asp)
I am just trying to encrypt some data and am pretty much
copying
the
code that the MSDN docs have for the RijndaelManaged class:
RijndaelManaged cryptAlg = null;
MemoryStream mStream = null;
CryptoStream cStream = null;
StreamWriter sWriter = null;
try
{
cryptAlg = new RijndaelManaged();
ICryptoTransform encryptor =
cryptAlg.CreateEncryptor(cryptAlg.Key,
cryptAlg.IV);
mStream = new MemoryStream();
cStream = new CryptoStream(mStream, encryptor,
CryptoStreamMode.Write);
sWriter = new StreamWriter(cStream);
sWriter.Write(dataToEncrypt); // encrypt a string
byte[] hookie = mStream.ToArray(); ***GETTING NOTHING HERE***
}
The MemoryStream mStream has nothing in it after this. The
Length
is
0 and I get no data from it. Since I just copied the code from
the
MSDN example, I can't figure out what is wrong. I am just
doing
this
in a console app right now. So nothing fancy here.
Please help!
Thanks!
.
- Follow-Ups:
- Re: Can't get basic encryption to work
- From: DXRick
- Re: Can't get basic encryption to work
- References:
- Re: Can't get basic encryption to work
- From: Dominick Baier
- Re: Can't get basic encryption to work
- From: Dominick Baier
- Re: Can't get basic encryption to work
- From: DXRick
- Re: Can't get basic encryption to work
- From: Joe Kaplan
- Re: Can't get basic encryption to work
- From: DXRick
- Re: Can't get basic encryption to work
- From: Joe Kaplan
- Re: Can't get basic encryption to work
- From: DXRick
- Re: Can't get basic encryption to work
- Prev by Date: Re: Can't get basic encryption to work
- Next by Date: Re: Can't get basic encryption to work
- Previous by thread: Re: Can't get basic encryption to work
- Next by thread: Re: Can't get basic encryption to work
- Index(es):
Relevant Pages
|
