Re: Rijndael .Net Managed Class VS Rijndael Win32 C++ (MFC) Class



leonard.guillaume@xxxxxxxxx wrote:
Hi,

I'm having an hard time with Rijndael encryption. Before elaborating
more on the problem, let me explain to what I have to do.

------------------------------------------------------------------------------------
A. A client on a remote computer is running on Win9x or NT a Win32 C++
(MFC to be more specific) client. This client is connected to a remote
server and many web services, which are XML SOAP based. The client
receives Rijndael encrypted information from each services and has to
decode it. It can also sends informations to the server but that
information has to be crypted into Rijndael. The class I've included in
my MFC project is from George Anescu from The Code Project. The class
is encrypting and decrypting fine
(http://www.codeproject.com/cpp/aes.asp).

B. On the side of the server, there are few webservices in VB.Net and
C#. Bottom line, the server is running everything on the .Net
framework, so managed classes. In order to crypt and decrypt the
informations, it uses the managed class
System.Security.Cryptography.RijndaelManaged from .Net Framework. So on
the server side, the encryption is very easy since it's running on
..Net.
------------------------------------------------------------------------------------

Ok now that you got a big picture of the situation, I can elaborate
more. And by the way, sorry for my bad english (!!). Basically, my
Rijndael Win32 Class on my client can't decrypt what the server is
crypting. I don't know if it's because the Rijndael class on .Net is
managed, but my client won't decrypt anything. And vice versa, my
server can't decrypt my client encrypted informations.

Is there evidence that they're using the same key? With the same byte order?


From what I know, .Net is using one more parameter for its crypting
class, the initialization vector. To be honest, I don't know what the
IV is. But I sure know it's not in any Win32 Rijndael I've seen so far.

That side is apparently using a "mode" of encryption that uses an initialization vector. It would be a good idea to find out what modes are, which mode the one side is using, and decide whether to use that mode for both sides. Decryption must use the same mode, key and initialization vector as was used during encryption. Commonly used modes are CBC, CTR, OFB, and a few others. See, for example, http://en.wikipedia.org/wiki/OFB.

--Mike Amling
.



Relevant Pages

  • Rijndael .Net Managed Class VS Rijndael Win32 C++ (MFC) Class
    ... I'm having an hard time with Rijndael encryption. ... A client on a remote computer is running on Win9x or NT a Win32 C++ ... server and many web services, ...
    (sci.crypt)
  • Re: Socket Server with Encryption help
    ... Before the client ... Authentication protocols are fiercely difficult to get right. ... by Needham and Schroeder "Using encryption for authentication in large ... Client connects into Server and Server accepts the connection. ...
    (microsoft.public.dotnet.security)
  • Re: Auto-update protocol
    ... to transfer even with a single client and no interference. ... shared secret/public key is the only way to do the encryption. ... successfully decryption is the authentication. ... you can get using a generic farm server, but TFTP does not have any ...
    (comp.arch.embedded)
  • Question on client/server application
    ... (one will act as a simple TCP server and the other will be a simple ... TCP client). ... What is the simplest way for me to implement a secure connection ... There are plenty of encryption libraries out ...
    (comp.lang.pascal.delphi.misc)
  • RE: Implementing RSACryptoServiceProvider *and* JavaScript
    ... JavaScript: hashing, synchronous encryption, and asynchronous ... This will enable me to ensure security between the client ... Send these back to the server. ...
    (microsoft.public.dotnet.framework.aspnet.security)