Secure(ish) encryption/decryption algorithms in vb.net using a string as a key

Question

Is there a way to encrypt/decrypt text (string form) in VB.net using another string as a key? Meaning, if one user encrypts using this key, the other user needs to decrypt using the same key?

I do NOT mean public and private key encryption or anything of the sort.

Can someone help me build two subs for these?

If not, what is the second best way to encrypt/decrypt data without public/private keys?

I want to make a simple way to send messages securely.

Thanks for the help!

Answer 1

The code snips below encrypts/decrypts a data string with a password using a simple xor math statement (exclusive or).

'datain = data to be encrypted
 'password is string to encrypt datain
 '
 'passwprd pointer to start
 kep= 0
 'len of data to be encrypted
 d = Len(datain$) 
 'ddataout$ is encrypted string
 dataout$=""
 For n = 1 To d
    kep=kep+1                   : 'point to password location
    i$ = Mid(password$, kep, 1) : 'get character from password
    p = Asc(i$)                 : 'convert character to integer
    x$= Mid(datain$,n,1)        : 'get character from datain
    h = Asc(x$)                 : 'convert character to integer
    f = h Xor p                 : 'xor the two values and put result in integer
    o$ = Chr(f)                 : 'convert integer back to character
    dataout$ = dataout$ + o$
    If kep = Len(password$) Then
        kep = 0                 : 'reset password pointer to first character
    End If
Next n
' output string dataout$ contains encrypted data

 'dataout = data to be dencrypted
 'password is string to dencrypt datain
 '
 'passwprd pointer set to start
 kep= 0
 'len of data to be encrypted
 d = Len(dataout$) 
 'ddataout$ is encrypted string
 datain$=""
 For n = 1 To d
    kep=kep+1                   : ' point to password location
    i$ = Mid(password$, kep, 1) : 'get character from password
    p = Asc(i$)                 : ' convert character to integer
    x$= Mid(dataout$,n,1)       : ' get character from dataout
    h = Asc(x$)                 : 'convert character to integer
    f = h Xor p                 :' xor the two values and put result in integer
    o$ = Chr(f)                 :' convert integer back to character
    datain$ = datain$ + o$      : ' built datain string
    If kep = Len(password$) Then
        kep = 0                 : 'reset password pointer to first character
    End If
Next n
'output string datain$ contains decrypted data

Answer 2

As described in the previous answer, a symmetric algorithm (where a single secret key is used to encrypt and decrypt) could work. I happen to have on hand a usage of the DES algorithm. This encrypt routine returns the output of the encrypting process (and the decrypt has as input) a base64 encoded string rather than a byte array (which is the 'natural' output of the framework encryption classes).

Private key() As Byte = {}
Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}
Private Const EncryptionKey As String = "abcdefgh"
Public Function Decrypt(ByVal stringToDecrypt As String) As String
    Try
        Dim inputByteArray(stringToDecrypt.Length) As Byte
        key = System.Text.Encoding.UTF8.GetBytes(Left(EncryptionKey, 8))
        Dim des As New DESCryptoServiceProvider
        inputByteArray = Convert.FromBase64String(stringToDecrypt)
        Dim ms As New MemoryStream
        Dim cs As New CryptoStream(ms, des.CreateDecryptor(key, IV), CryptoStreamMode.Write)
        cs.Write(inputByteArray, 0, inputByteArray.Length)
        cs.FlushFinalBlock()
        Dim encoding As System.Text.Encoding = System.Text.Encoding.UTF8
        Return encoding.GetString(ms.ToArray())
    Catch ex As Exception
        'oops - add your exception logic
    End Try
End Function

Public Function Encrypt(ByVal stringToEncrypt As String) As String
    Try
        key = System.Text.Encoding.UTF8.GetBytes(Left(EncryptionKey, 8))
        Dim des As New DESCryptoServiceProvider
        Dim inputByteArray() As Byte = Encoding.UTF8.GetBytes(stringToEncrypt)
        Dim ms As New MemoryStream
        Dim cs As New CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write)
        cs.Write(inputByteArray, 0, inputByteArray.Length)
        cs.FlushFinalBlock()
        Return Convert.ToBase64String(ms.ToArray())
    Catch ex As Exception
        'oops - add your exception logic
    End Try
End Function

Edited to add:
Here are the Imports that I have in that module:

Imports System
Imports System.IO
Imports System.Xml
Imports System.Text
Imports System.Security.Cryptography

A DES key is 56 bits in length (just short of 8 bytes or characters). In a "big picture", that's not considered very secure these days (see this Wikipedia article on key sizes), but as you described 'secure-ish', perhaps that's ok. If you do need a more secure encryption, you should investigate using one of the more secure algorithms.

The encryption key in the above routines is in the private constant EncryptionKey. Change that value to your desired key. Or you can implement your own key management (input from file, ask the user, etc).

Not sure why Left and Convert would be broke. Left is a member of Microsoft.VisualBasic.Strings and Convert is a member of System.

I highly recommend that you read the articles linked to by Remus Rusanu, as well as the further articles linked from those. They will provide you with much background on encryption in the framework classes.

Answer 3

The MSDN has several samples on how to encrypt and decrypt data witha symmetric key (which is what you want). The simplest to use is a CryptoStream, you can build the crypto stream on top of a ordinary memory stream or file stream, write into the crypto stream and the encrypted data is written into the memory/file stream, and to decrypt you attach the crypt stream to the encrypted string (memory stream) or file stream and read the decrypted data from the crypto stream: Encrypting Data and Decrypting Data.

Another sample is the one on the SymmetricAlgorithm Example which shows the basic use of a symmetric key, w/o the beenfit of a stream helper.