| Groups | Blog | Home |
asp.net security : TripleDES Encryption issue
I'm new to using this part of the framework, so I'm hoping I've done
something obviously stupid, which someone will be able to point out in an obvious manner. Most of the samples I've seen involved encrypting and decrypting to and from a file, but that's not what I want. I want to be able to insert a string into an encryption function which outputs that encrypted string, which could then be sent into a decryption function and spit out the original string. As you might expect, ultimately, I want to be able to put this string into a database table. Anyways, I set up a simple test page where I enter a string in a textbox, and then run it through an encrypt, then decrypt, function, and print out to some labels to make sure it is doing it correctly. The encrypt part seems to work (at least the function doesn't fail), but the decrypt function fails, with an error saying that the length of the encrypted string is invalid. Here are the functions: ************************************************************** public static string Encrypt(string StringToEncrypt){ string EncryptedString; UTF8Encoding utf8encoder = new UTF8Encoding(); byte[] inputInBytes = utf8encoder.GetBytes(StringToEncrypt); TripleDESCryptoServiceProvider tdesProvider = new TripleDESCryptoServiceProvider(); ICryptoTransform cryptoTransform = tdesProvider.CreateEncryptor(tdeskey, tdesIV); MemoryStream encryptedStream = new MemoryStream(); CryptoStream cryptStream = new CryptoStream(encryptedStream, cryptoTransform, CryptoStreamMode.Write); cryptStream.Write(inputInBytes, 0, inputInBytes.Length); cryptStream.FlushFinalBlock(); encryptedStream.Position = 0; byte[] result = new byte[encryptedStream.Length - 1]; encryptedStream.Read(result, 0, (int)(encryptedStream.Length - 1)); cryptStream.Close(); UTF8Encoding myutf = new UTF8Encoding(); EncryptedString = myutf.GetString(result); return EncryptedString; }//end Encrypt public static string Decrypt(string StringToDecrypt){ string DecryptedString; UTF8Encoding utf8encoder = new UTF8Encoding(); byte[] inputInBytes = utf8encoder.GetBytes(StringToDecrypt); TripleDESCryptoServiceProvider tdesProvider = new TripleDESCryptoServiceProvider(); ICryptoTransform cryptoTransform = tdesProvider.CreateDecryptor(tdeskey, tdesIV); MemoryStream decryptedStream = new MemoryStream(); CryptoStream cryptStream = new CryptoStream(decryptedStream, cryptoTransform, CryptoStreamMode.Write); cryptStream.Write(inputInBytes, 0, (inputInBytes.Length)); cryptStream.FlushFinalBlock(); decryptedStream.Position = 0; byte[] result = new byte[decryptedStream.Length - 1]; decryptedStream.Read(result, 0, (int)(decryptedStream.Length - 1)); cryptStream.Close(); DecryptedString = result.ToString(); return DecryptedString; }//end Decrypt ************************************************************************ cryptStream.FlushFinalBlock() in the decrypt function is what fails. Any ideas would be greatly welcomed. jdn kingcrim@earthlink.net
Change the stream type. The encryption samples use a file stream, but any
type of stream can be used to encrypt/decrypt. I have seen plenty of samples with strings, as well as files, but you are correct that many of the samples are file based. Hope this helps. -- Gregory A. Beamer MPV; MCP: +I, SE, SD, DBA ********************************************************************** Think outside the box! ********************************************************************** [quoted text, click to view] "jdn" <kingcrim@earthlink.net> wrote in message news:uAMyKjEdDHA.904@TK2MSFTNGP11.phx.gbl... > I'm new to using this part of the framework, so I'm hoping I've done > something obviously stupid, which someone will be able to point out in > an obvious manner. > > Most of the samples I've seen involved encrypting and decrypting to and > from a file, but that's not what I want. I want to be able to insert a > string into an encryption function which outputs that encrypted string, > which could then be sent into a decryption function and spit out the > original string. > > As you might expect, ultimately, I want to be able to put this string > into a database table. > > Anyways, I set up a simple test page where I enter a string in a > textbox, and then run it through an encrypt, then decrypt, function, and > print out to some labels to make sure it is doing it correctly. > > The encrypt part seems to work (at least the function doesn't fail), but > the decrypt function fails, with an error saying that the length of the > encrypted string is invalid. Here are the functions: > > ************************************************************** > > public static string Encrypt(string StringToEncrypt){ > string EncryptedString; > UTF8Encoding utf8encoder = new UTF8Encoding(); > byte[] inputInBytes = utf8encoder.GetBytes(StringToEncrypt); > TripleDESCryptoServiceProvider tdesProvider = new > TripleDESCryptoServiceProvider(); > ICryptoTransform cryptoTransform = > tdesProvider.CreateEncryptor(tdeskey, tdesIV); > MemoryStream encryptedStream = new MemoryStream(); > CryptoStream cryptStream = new CryptoStream(encryptedStream, > cryptoTransform, CryptoStreamMode.Write); > > cryptStream.Write(inputInBytes, 0, inputInBytes.Length); > cryptStream.FlushFinalBlock(); > encryptedStream.Position = 0; > > byte[] result = new byte[encryptedStream.Length - 1]; > encryptedStream.Read(result, 0, (int)(encryptedStream.Length - 1)); > cryptStream.Close(); > > UTF8Encoding myutf = new UTF8Encoding(); > EncryptedString = myutf.GetString(result); > return EncryptedString; > }//end Encrypt > > public static string Decrypt(string StringToDecrypt){ > string DecryptedString; > > > UTF8Encoding utf8encoder = new UTF8Encoding(); > byte[] inputInBytes = utf8encoder.GetBytes(StringToDecrypt); > TripleDESCryptoServiceProvider tdesProvider = new > TripleDESCryptoServiceProvider(); > ICryptoTransform cryptoTransform = > tdesProvider.CreateDecryptor(tdeskey, tdesIV); > MemoryStream decryptedStream = new MemoryStream(); > CryptoStream cryptStream = new CryptoStream(decryptedStream, > cryptoTransform, CryptoStreamMode.Write); > > cryptStream.Write(inputInBytes, 0, (inputInBytes.Length)); > cryptStream.FlushFinalBlock(); > decryptedStream.Position = 0; > > byte[] result = new byte[decryptedStream.Length - 1]; > decryptedStream.Read(result, 0, (int)(decryptedStream.Length - 1)); > cryptStream.Close(); > > DecryptedString = result.ToString(); > > return DecryptedString; > }//end Decrypt > > ************************************************************************ > > cryptStream.FlushFinalBlock() in the decrypt function is what fails. > > Any ideas would be greatly welcomed. > > jdn > kingcrim@earthlink.net >
[quoted text, click to view]
Cowboy (Gregory A Beamer) wrote: > Change the stream type. The encryption samples use a file stream, but any > type of stream can be used to encrypt/decrypt. I have seen plenty of samples > with strings, as well as files, but you are correct that many of the samples > are file based. > > Hope this helps. > Change the stream type to what? Thanks. jdn
[quoted text, click to view]
Cowboy (Gregory A Beamer) wrote: > Change the stream type. The encryption samples use a file stream, but any > type of stream can be used to encrypt/decrypt. I have seen plenty of samples > with strings, as well as files, but you are correct that many of the samples > are file based. > > Hope this helps. > Why would changing the stream type fix the issue? It seems to have to do with how the decrypt function is written or maybe with how the encrypt function writes the string. jdn
Hi Jdn,
I replied the following post in the microsoft.public.dotnet.framework.aspnet group. It is the same issue as this thread. Please check it when you have time. "TripleDES Encryption issue" If I have misunderstood your concern, please feel free to let me know. Best regards, Jacob Yang Microsoft Online Partner Support <MCSD> Get Secure! ¨C www.microsoft.com/security This posting is provided "as is" with no warranties and confers no rights.
There are several kinds of streams, IO streams, memory streams, XML =
streams.. etc.. so if you are dealing with a filestream - then you will = only really be able to read/write from a file.. if you want to = read/write to a variable, you likely need a MemoryStream or some = equivalent.. [quoted text, click to view] "jdn" <kingcrim@earthlink.net> wrote in message = news:uTuNAWYdDHA.2932@tk2msftngp13.phx.gbl... Cowboy (Gregory A Beamer) wrote: > Change the stream type. The encryption samples use a file stream, but = any > type of stream can be used to encrypt/decrypt. I have seen plenty of = samples > with strings, as well as files, but you are correct that many of the = samples > are file based. >=20 > Hope this helps. >=20 Why would changing the stream type fix the issue? It seems to have to=20 do with how the decrypt function is written or maybe with how the=20 encrypt function writes the string. jdn
[quoted text, click to view]
Drebin wrote: > There are several kinds of streams, IO streams, memory streams, XML streams.. etc.. so if you are dealing with a filestream - then you will only really be able to read/write from a file.. if you want to read/write to a variable, you likely need a MemoryStream or some equivalent.. > > > "jdn" <kingcrim@earthlink.net> wrote in message news:uTuNAWYdDHA.2932@tk2msftngp13.phx.gbl... > Cowboy (Gregory A Beamer) wrote: > > >>Change the stream type. The encryption samples use a file stream, but any >>type of stream can be used to encrypt/decrypt. I have seen plenty of samples >>with strings, as well as files, but you are correct that many of the samples >>are file based. >> >>Hope this helps. >> > > > > Why would changing the stream type fix the issue? It seems to have to > do with how the decrypt function is written or maybe with how the > encrypt function writes the string. > > jdn > No, I know that. Since I am trying to Encrypt and Decrypt using MemoryStream and CryptoStream both places, I don't see how changing that will solve the issue. Though maybe I'm missing something.
Don't see what you're looking for? Try a search.
|
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
December 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
November 2007
December 2007
January 2008
February 2008
March 2008
April 2008
May 2008
June 2008
| home · blog · groups | Questions? Comments? Contact the dn |