Reputation: 322
How can I use my own Key to encrypt data using ECDiffieHellmanCng
My task is to encrypt data using the Elliptic Curve Cryptography in .Net (specific from client), I tried using the sample from Microsoft but it seems to generate its own key everytime.
I need to use my own key for this process, like creating a password "S3curEChaNNel_01?" and converting it to byte then use as a key, but i cant find a way to do this.
Using alice As New ECDiffieHellmanCng()
Dim abData() As Byte
Dim Str = txtKey.Text 'custom password
abData = System.Text.Encoding.Default.GetBytes(Str)
Str = System.Text.Encoding.Default.GetString(abData)
Dim bobPublicKey() As Byte
Dim bobKey() As Byte
Dim bob As New ECDiffieHellmanCng()
bob.KeyDerivationFunction = ECDiffieHellmanKeyDerivationFunction.Hash
bob.HashAlgorithm = CngAlgorithm.Sha256
bobPublicKey = bob.PublicKey.ToByteArray()
bob.HmacKey = abData
bobKey = bob.DeriveKeyMaterial(CngKey.Create(CngAlgorithm.Sha256))
'at this line i get an exception, "The requested operation is not supported."
'Dim aliceKey As Byte() = alice.DeriveKeyMaterial(CngKey.Create(CngAlgorithm.Sha256))
Dim encryptedMessage As Byte() = Nothing
Dim iv As Byte() = Nothing
txtOutput.Text = ByteArrayToString(Encrypt(bobKey, txtPlainStr.Text, encryptedMessage, iv))
End Using
Upvotes: 0
Views: 247
Answers (1)
Reputation: 1933
You are mixing two different things together.
When you want your own password, the person you're sending the encrypted data with such password, must know the password in order decrypt it. But you can not send the password, because the MITM could catch it.
That's why you use Diffie - Hellman.
Basically, Diffie - Hellman outputs only a number, but this number can't be used as the encryption key, because it's to weak.
Now here is where KDF (Key Derivation Function) comes in. For example PBKDF2. It takes password and salt as parameters and outputs derived key which is used to encrypt and decrypt the data you want to send.
So you take the exchanged number, pass it as a password to the KDF. As salt you can use Alice's or Bob's IP for example.
The KDF will produce the same strong password on both sides to encrypt and decrypt the data.
Hopefully it makes sense.
Upvotes: 1
Related Questions
- How can I encrypt data using a public key from ECC X509 certificate in .net framework on windows?
- Securing encryption keys in C#
- How to create a persisted AesCng key or TripleDesCng Key In C#.NET?
- Creating My Symmetric Key in C#
- Encrypt and decrypt with MachineKey in C#
- How to encrypt data with RSA private key in C#
- How to store encryption key .NET
- ECDiffieHellmanCng Implementation And Mechanism
- How to Export Private Key For ECDiffieHellmanCng
- C# using already created AES key