 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / .NET Framework / Security / February 2005Need help decrypting
Hello, I'm wondering if somebody can help me figure out how to decrypt data. I seem to be able to encrypt data but have not been able to decrypt the very data that I've encrypted. I know it's because I'm just not understanding the whole process but I'm obviously just not getting it. Here's the encryption function I'm using: Private Sub Encryptpwd() Dim cdk As PasswordDeriveBytes = New PasswordDeriveBytes("passwd", Nothing) Dim iv() As Byte = {0, 0, 0, 0, 0, 0, 0, 0} Dim key() As Byte = cdk.CryptDeriveKey("RC2", "SHA1", 128, iv) Console.WriteLine(key.Length * 8) ' Set up an RC2 object to encrypt with the derived key Dim rc2 As RC2CryptoServiceProvider = New RC2CryptoServiceProvider rc2.Key = key Dim b() As Byte = {21, 22, 23, 24, 25, 26, 27, 28} rc2.IV = b Dim plaintext() As Byte = Encoding.UTF8.GetBytes("iiMap") Dim ms As New MemoryStream Dim cs As CryptoStream = New CryptoStream(ms, rc2.CreateEncryptor(), _ CryptoStreamMode.Write) cs.Write(plaintext, 0, plaintext.Length) cs.Close() Dim result() As Byte = ms.ToArray() Dim asc As New ASCIIEncoding txtResult.Text = asc.GetString(result) ms.Close() End Sub When I try to decrypt the text that's in txtResult.Text, my result is always and empty string: Private Sub Decryptpwd() Dim cdk As PasswordDeriveBytes = New PasswordDeriveBytes("pa[]ss!!wo//dd", Nothing) Dim iv() As Byte = {0, 0, 0, 0, 0, 0, 0, 0} Dim key() As Byte = cdk.CryptDeriveKey("RC2", "SHA1", 128, iv) Console.WriteLine(key.Length * 8) ' Set up an RC2 object to encrypt with the derived key Dim rc2 As RC2CryptoServiceProvider = New RC2CryptoServiceProvider rc2.Key = key Dim b() As Byte = {21, 22, 23, 24, 25, 26, 27, 28} rc2.IV = b Dim plaintext() As Byte = Encoding.UTF8.GetBytes(txtResult.Text) Dim ms As New MemoryStream Dim cs As CryptoStream = New CryptoStream(ms, rc2.CreateDecryptor(), _ CryptoStreamMode.Write) cs.Write(plaintext, 0, plaintext.Length) Dim result(plaintext.Length - 1) As Byte ms.Read(result, 0, result.Length - 1) Dim asc As New ASCIIEncoding txtDecrypt.Text = asc.GetString(result) cs.Close() ms.Close() End Sub I would very much appreciate someone setting me straight on this issue. Thanks in advance Steve Just a brief look (not checking anyting else): in your encrypt function you derive bytes from "passwd" password, while in your decrypt function you use "pa[]ss!!wo//dd". -Valery. http://www.harper.no/valery > Hello, > I'm wondering if somebody can help me figure out how to decrypt data. I [quoted text clipped - 63 lines] > Thanks in advance > Steve Also, there is a weird mix of ASCII and UTF8 in there that is asking for trouble it seems. - Typically, if you have unicode strings (which you do in .NET) you want to encrypt them, you want to use Unicode or UTF8 encodings to convert them into byte arrays for encryption. Using ASCII may cause data loss. - When you decypt encrypted data into a byte array and that data represents a string, you MUST use the same encoding you used to create the original byte array when you encrypted. UTF8 in -> UTF8 out; Unicode in -> Unicode out. - If you have a byte array of arbitrary data (the result of encryption, a hash or other random number generator) and you want to store that as a string, you must use a string format that is designed to hold arbitrary binary data. Base64 is the normal way to do that (Convert.ToBase64String). Trying to store random binary data as a string using ASCII, UTF8 or Unicode encodings is likely to produce poor results. I think paying attention to all of those will help make this more successful. Also, not reinventing the wheel is good. Here's a sample from an MS employee that might help: http://www.dotnetthis.com/Articles/Crypto.htm There are many other samples out there as well. Joe K. > Just a brief look (not checking anyting else): in your encrypt function > you derive bytes from "passwd" password, while in your decrypt function [quoted text clipped - 72 lines] >> Thanks in advance >> Steve Okay, so if it really is a password that is stored in an xml file and I encrypt that password file and store that result, isn't that just an ascii string? My goal here was to store an encrypted password in an xml file and then decrypt that on application load up. Is that perhaps not the best approach for this need? Perhaps I need to store the encrypted password in a binary file??? Is that maybe what you are saying? Steve "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote > Also, there is a weird mix of ASCII and UTF8 in there that is asking for > trouble it seems. [quoted text clipped - 84 lines] > >> Dim ms As New MemoryStream > >> Dim cs As CryptoStream = New CryptoStream(ms, rc2.CreateDecryptor(), > >> _ > >> CryptoStreamMode.Write) [quoted text clipped - 10 lines] > >> Thanks in advance > >> Steve I'm just saying that you can't take any old byte array and convert that to a string using ASCII and expect to have a usable string. ASCII is only 7 bits, not 8, and some low characters are unprintable. To convert an arbitrary byte array into a string, you need to use something like Base64. the actual string will be ASCII because it only uses ASCII characters, but you can then take that same Base64 string and convert it back into a byte array with no loss (using Convert.FromBase64String). If you tried that using ASCII encoding, you lop of the 8th bit of each byte, so there is no way you will be able to convert that back into the same byte array. Thus: Plain text as string -> byte array using UTF8 encrypted byte array -> string using Base64 Then Base64 -> encrypted data byte array using Base64 decrypted byte array -> original string using UTF8 Using this methodology, you'll be sure to round trip all of your data without losing anything and get it back in its original format. Best yet though, just use Ivan's sample that I linked to. Joe K. > Okay, so if it really is a password that is stored in an xml file and I > encrypt that password file and store that result, isn't that just an ascii [quoted text clipped - 125 lines] >> >> Thanks in advance >> >> Steve Thanks Joe, I'll try that. I appreciate it. Steve "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplan@removethis.accenture.com> wrote > I'm just saying that you can't take any old byte array and convert that to a > string using ASCII and expect to have a usable string. ASCII is only 7 [quoted text clipped - 104 lines] > > rc2.CreateEncryptor(), > >> >> _ CryptoStreamMode.Write) > >> >> cs.Write(plaintext, 0, plaintext.Length) > >> >> cs.Close() [quoted text clipped - 22 lines] > >> >> rc2.IV = b > >> >> Dim plaintext() As Byte = Encoding.UTF8.GetBytes(txtResult.Text) > >> >> Dim ms As New MemoryStream > >> >> Dim cs As CryptoStream = New CryptoStream(ms, > > rc2.CreateDecryptor(), > >> >> _ CryptoStreamMode.Write) > >> >> cs.Write(plaintext, 0, plaintext.Length) > >> >> Dim result(plaintext.Length - 1) As Byte [quoted text clipped - 9 lines] > >> >> Thanks in advance > >> >> Steve I'm so sorry, I changed the password in Encrypt just before I posted. Consider that the same in both decrypt and encrypt Steve > Hello, > I'm wondering if somebody can help me figure out how to decrypt data. I seem [quoted text clipped - 59 lines] > Thanks in advance > Steve Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.