 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / May 2008Encrypt / Sign ? Not really sure
Ok I need to put a small amount of inforamtion on a public server. This information should be encoded so as to make it less than easily read by a human. I need a program I write to be able to access this info and decrypt it. This information needs to be checkable as having been created by me and not messed with by someone else. I remember learning about Public-Private Key encryption at Uni (Some 8-10 years ago - it all made some kind of sense then.) I remember that once a private and public key are created, they act more or less like the ying and yang of each other. Given an encryption algorithm, if you use 1 key to encrypt then the other is the key to the decryption. So I thought I'd encrypt my data using my private key and then have my program decrypt it with my public key. I found RSACryptoServiceProvider and set to work creating the following code: ------------------------------------------------------------- Imports System Imports System.Security.Cryptography Imports System.Text Public Class Cryptography Private Shared mPublicKey As String Private Shared mPrivateKey As String ' This function used only once to generate the Constants above Public Shared Sub GenerateKeys() Dim RSA As RSACryptoServiceProvider = New RSACryptoServiceProvider() mPublicKey = RSA.ToXmlString(False) ' gets the public key mPrivateKey = RSA.ToXmlString(True) ' gets the private key End Sub ' This function should work but throws a runtime error talking about bad data Public Shared Sub TestKeys() Call GenerateKeys() Dim StartString As String = "Hello EveryBody" Debug.Print(String.Format("Start String:'{0}'", StartString)) Dim EncryptedString As String = EncryptString(StartString, mPrivateKey) Dim EndString As String = DecryptString(EncryptedString, mPublicKey) Debug.Print(String.Format("End String:'{0}'", EndString)) End Sub ' Utility Funcs Private Shared Function EncryptString(ByVal StringToEncode As String, ByVal KeyInfo As String) As String Dim RSAEncoder As New RSACryptoServiceProvider() RSAEncoder.FromXmlString(KeyInfo) Dim DecodedBytes As Byte() = Encoding.Unicode.GetBytes(StringToEncode) Dim EncodedBytes As Byte() = RSAEncoder.Encrypt(DecodedBytes, False) Return Convert.ToBase64String(EncodedBytes) End Function Private Shared Function DecryptString(ByVal EncodedString As String, ByVal KeyInfo As String) As String Dim RSADecoder As New RSACryptoServiceProvider() RSADecoder.FromXmlString(KeyInfo) Dim EncodedBytes As Byte() = Convert.FromBase64String(EncodedString) Dim DecodedBytes As Byte() = RSADecoder.Decrypt(EncodedBytes, False) Return Encoding.Unicode.GetString(DecodedBytes) End Function End Class ------------------------------------------------------------- However I seem to get a "Bad Data" Cryptographic Exception Can some one tell me where I'm going wrong? Any help gratefully recieved. Thanks -- Ror I didn't read your code thoroughly, but I think you're dealing with a conceptual error here. Asymmetric encryption is generally used when you want others to be able to send you stuff that only you can read. Hence you ENCRYPT with your public key (the one you give out) and you DECRYPT with the private key (the one only you know). However, you sound like you want to be the only one with either key (only you can send, only you can receive). In that case, you may be better off with symmetric encryption which uses the same key for both encryption and decryption. It's easier to manage (half the keys) and runs faster. If switching keys doesn't do the trick, I have some test bench code that might help should you need it. > Ok > I need to put a small amount of inforamtion on a public server. [quoted text clipped - 71 lines] > > Thanks Hello Mark, > I didn't read your code thoroughly, but I think you're dealing with a > conceptual error here. [quoted text clipped - 12 lines] > If switching keys doesn't do the trick, I have some test bench code > that might help should you need it. Ok thanks Mark that helps. I understand that I have been using the keys the wrong way around. I think this stems from my desire to only have one key in the public and to transmit the data over public internet. I would like to use Public-Private key encryption as I do not want someone who cracks my program to have the ability to create messages. To encrypt my end and decrypt at the site of my program (in the wild), I have to use the public key at my end and allow my program to use the private key to recieve. This leaves me in the strange position of having to keep my public key private and publisize my private key. (very wierd indeed) My problem with this is that the Key XML that I need to supply my program with in order to use the private key, also includes the details needed to Create message, ie the public key ToXMLString(False) - Gives public key only. ToXMLString(True) - Gives public and Private key details. Is there not a way to export only the private key. I have tried manually eliminating the Exponent and Modulus components of the XML but the resultant xml is not importable for decryption. And further ideas? -- Ror > Hello Mark, > [quoted text clipped - 42 lines] > > And further ideas? OK, some thoughts in no particular order that may help. - One of the problems with .Net applications is that, being that intermediate byte-code stuff, it is inherently easy to reverse-engineer. There is no way to absolutely hide an encryption key in a .Net assembly. You can make it pretty darn hard to find though, rather than shipping the XML as a data file along with the application, make it an embedded resource and get a StreamReader like so (sorry about the formatting): myAssembly = System.Reflection.Assembly.GetExecutingAssembly() s = New StreamReader( myAssembly.GetManifestResourceStream(myAssembly.GetName().Name & "." & ResourceName)) - Most applications I develop that require encryption have a default encryption setup used only for encrypting and decrypting keys. I then have a mechanism for loading new encryption keys as needed. So maybe you could change the encryption keys periodically? - Use digital signatures. In this case, there's a "magic cookie" inside the encrypted data file that is itself a product of encryption that's hard to forge and the application can use to verify the data is from you and not the Evil Mr. X. Look in the System.Security.Cryptography.DSA namespace. - Get "Programming .Net Security" by Adam Freeman & Allen Jones, available at O'Reilly Press. It tells everything I've forgotten about encryption and then some. I think that about sums up my wisdom on the topic unless you need that test code. Good luck. Hello Mark, > OK, some thoughts in no particular order that may help. > [quoted text clipped - 27 lines] > I think that about sums up my wisdom on the topic unless you need that > test code. Good luck. Thanks very much. I think I will end up using a combination of encryption and signing to meet my needs. Thanks again -- Rory Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.