CODEWITHSUNDEEP
c#asp.netkeyencryption-symmetric
SilverLight
SilverLight

Reputation: 20468

Decoding And Encoding Strings - HardCoded KEY for Symmetric Algorithms

i wrote the below class for encoding and decoding string data (Symmetric Algorithm With One Key): 

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Text;
using System.Security.Cryptography;
using System.IO;

namespace MyProject.Classes
{
    public static class SymmetricEncryption
    {
        private const string MyKey = "bla bla bla";

        private static string _AlgorithmName;
        public static string AlgorithmName
        {
            get { return _AlgorithmName; }
            set { _AlgorithmName = value; }
        }

        public static string EncryptData(string ClearData)
        {
            // Convert string ClearData to byte array
            byte[] ClearData_byte_Array = Encoding.UTF8.GetBytes(ClearData);

            // Now Create The Algorithm
            SymmetricAlgorithm Algorithm = SymmetricAlgorithm.Create(AlgorithmName);
            Algorithm.Key = Encoding.UTF8.GetBytes(MyKey);

            // Encrypt information
            MemoryStream Target = new MemoryStream();

            // Append IV
            Algorithm.GenerateIV();
            Target.Write(Algorithm.IV, 0, Algorithm.IV.Length);

            // Encrypt Clear Data
            CryptoStream cs = new CryptoStream(Target, Algorithm.CreateEncryptor(), CryptoStreamMode.Write);
            cs.Write(ClearData_byte_Array, 0, ClearData_byte_Array.Length);
            cs.FlushFinalBlock();

            // Output
            byte[] Target_byte_Array = Target.ToArray();
            string Target_string = Convert.ToBase64String(Target_byte_Array);
            return Target_string;
        }

        public static string DecryptData(string EncryptedData)
        {
            byte[] EncryptedData_byte_Array = Convert.FromBase64String(EncryptedData);

            // Now Create The Algorithm
            SymmetricAlgorithm Algorithm = SymmetricAlgorithm.Create(AlgorithmName);
            Algorithm.Key = Encoding.UTF8.GetBytes(MyKey);

            // Decrypt information
            MemoryStream Target = new MemoryStream();

            // Read IV
            int ReadPos = 0;
            byte[] IV = new byte[Algorithm.IV.Length];
            Array.Copy(EncryptedData_byte_Array, IV, IV.Length);
            Algorithm.IV = IV;
            ReadPos += Algorithm.IV.Length;

            // Decrypt Encrypted Data
            CryptoStream cs = new CryptoStream(Target, Algorithm.CreateDecryptor(), CryptoStreamMode.Write);
            cs.Write(EncryptedData_byte_Array, ReadPos, EncryptedData_byte_Array.Length - ReadPos);
            cs.FlushFinalBlock();

            // Output
            byte[] Target_byte_Array = Target.ToArray();
            string Target_string = Encoding.UTF8.GetString(Target_byte_Array);
            return Target_string;
        }


    }
}

and usage like below : 

protected void Page_Load(object sender, EventArgs e)
{
    SymmetricEncryptionUtility.AlgorithmName = "TripleDES";
    Response.Write(SymmetricEncryptionUtility.EncryptData("1234-4567-8910-2345"));
}

i have some problem about MyKey -> how can we have hard coded key for Symmetric Algorithms and use it in the upper class ?

the upper codes ERROR is like below :

    Server Error in '/' Application.

    Specified key is not a valid size for this algorithm. 
    Description: An unhandled exception occurred during the

execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. 

    Exception Details:

System.Security.Cryptography.CryptographicException: Specified key is not a valid size for this algorithm.

how can i fix this error ?

thanks in advance

Upvotes: 1

Views: 6507

Answers (2)

Jono
Jono

Reputation: 2054

You can use System.Security.Cryptography.Rfc2898DeriveBytes to securely generate the correct number of bytes for your key based on a string password and byte[] salt:

var helper = new Rfc2898DeriveBytes(password, salt);
algorithm.Key = helper.GetBytes(algorithm.KeySize / 8);

For more information about Rfc2898DeriveBytes and how to use it, check out its page on MSDN.

Upvotes: 4

svick
svick

Reputation: 244777

Read the error and look at the documentation for TripleDES.Key:

This algorithm supports key lengths from 128 bits to 192 bits in increments of 64 bits.

That means for example

private const string MyKey = "bla bla bla blah";

would work.

You didn't ask about this, but I'm not sure creating this class as static is a good idea. If you used it from two different places in your code, it could result in unexpected results, because AlgorithmName is static.

Also, I don't think it makes sense to have a constant key but variable algorithm, especially since different algorithms require keys of different lengths.

Upvotes: 1

Related Questions