Re: Rijndael .Net Managed Class VS Rijndael Win32 C++ (MFC) Class



leonard.guillaume@xxxxxxxxx wrote:
Hi,

I'm having an hard time with Rijndael encryption. Before elaborating
more on the problem, let me explain to what I have to do.

------------------------------------------------------------------------------------
A. A client on a remote computer is running on Win9x or NT a Win32 C++
(MFC to be more specific) client. This client is connected to a remote
server and many web services, which are XML SOAP based. The client
receives Rijndael encrypted information from each services and has to
decode it. It can also sends informations to the server but that
information has to be crypted into Rijndael. The class I've included in
my MFC project is from George Anescu from The Code Project. The class
is encrypting and decrypting fine
(http://www.codeproject.com/cpp/aes.asp).

B. On the side of the server, there are few webservices in VB.Net and
C#. Bottom line, the server is running everything on the .Net
framework, so managed classes. In order to crypt and decrypt the
informations, it uses the managed class
System.Security.Cryptography.RijndaelManaged from .Net Framework. So on
the server side, the encryption is very easy since it's running on
..Net.
------------------------------------------------------------------------------------

Ok now that you got a big picture of the situation, I can elaborate
more. And by the way, sorry for my bad english (!!). Basically, my
Rijndael Win32 Class on my client can't decrypt what the server is
crypting. I don't know if it's because the Rijndael class on .Net is
managed, but my client won't decrypt anything. And vice versa, my
server can't decrypt my client encrypted informations.

Is there evidence that they're using the same key? With the same byte order?


From what I know, .Net is using one more parameter for its crypting
class, the initialization vector. To be honest, I don't know what the
IV is. But I sure know it's not in any Win32 Rijndael I've seen so far.

That side is apparently using a "mode" of encryption that uses an initialization vector. It would be a good idea to find out what modes are, which mode the one side is using, and decide whether to use that mode for both sides. Decryption must use the same mode, key and initialization vector as was used during encryption. Commonly used modes are CBC, CTR, OFB, and a few others. See, for example, http://en.wikipedia.org/wiki/OFB.

--Mike Amling
.