You can use the same encrypter instance, as this is just the functionality
working on the CryptoStream objects. The cryptoCtream objecs however,
contains the actual data being encrypted/decrypted.
Hence - do NOT use the same cryptostream object for each message you have in
your array or list. Create a new CryptoStream object for each message to
encrypt.
And do remember to call close (or a using statement) on the cryptostream
object.
--
rgds.
/Claus Konrad
[quoted text, click to view] "Roy Chastain" wrote:
> The example code in the RijndaelManaged class documentation has the
> following
>
> RijndaelManaged myRijndael = new RijndaelManaged ();
> ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, IV);
> MemoryStream msEncrypt = new MemoryStream();
> CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor,
> CryptoStreamMode.Write);
> toEncrypt = textConverter.GetBytes(original);
> csEncrypt.Write(toEncrypt, 0, toEncrypt.Length);
> csEncrypt.FlushFinalBlock();
> encrypted = msEncrypt.ToArray();
>
> This code is straight forward, but there is a piece of missing
> information.
>
> If I am encrypting multiple messages to a single destination and each
> of these messages are being encrypted with the same key and IV, the I
> BELIEVE that I should use the same instance of RijndaelManaged for
> each message and leave Mode set to ChipherMode.CBC (the default).
>
> I would also ASSUME that I would use the same instance of the
> Encryptor for each message.
>
> What I do not have an idea on is
> 1) - if I should use the same instance of the CryptoStream for each
> message or create a new CryptoStream for each message.
> 2) - if I can use the same instance of RijndaelManaged for encoding
> and decoding to/from the same destination. (Not to worry about data
> volume issues. Key management will be performed independently.)
>
> Thanks
>
>
>
>
> ------------------------------
> Roy Chastain
> SOHO Technology Solutions, LLC
you should also NEVER reuse the IV!
---
Dominick Baier, DevelopMentor
http://www.leastprivilege.com [quoted text, click to view] > You can use the same encrypter instance, as this is just the
> functionality working on the CryptoStream objects. The cryptoCtream
> objecs however, contains the actual data being encrypted/decrypted.
>
> Hence - do NOT use the same cryptostream object for each message you
> have in
> your array or list. Create a new CryptoStream object for each message
> to
> encrypt.
> And do remember to call close (or a using statement) on the
> cryptostream
> object.
> "Roy Chastain" wrote:
>
>> The example code in the RijndaelManaged class documentation has the
>> following
>>
>> RijndaelManaged myRijndael = new RijndaelManaged ();
>> ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, IV);
>> MemoryStream msEncrypt = new MemoryStream();
>> CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor,
>> CryptoStreamMode.Write);
>> toEncrypt = textConverter.GetBytes(original);
>> csEncrypt.Write(toEncrypt, 0, toEncrypt.Length);
>> csEncrypt.FlushFinalBlock();
>> encrypted = msEncrypt.ToArray();
>> This code is straight forward, but there is a piece of missing
>> information.
>>
>> If I am encrypting multiple messages to a single destination and each
>> of these messages are being encrypted with the same key and IV, the I
>> BELIEVE that I should use the same instance of RijndaelManaged for
>> each message and leave Mode set to ChipherMode.CBC (the default).
>>
>> I would also ASSUME that I would use the same instance of the
>> Encryptor for each message.
>>
>> What I do not have an idea on is
>> 1) - if I should use the same instance of the CryptoStream for each
>> message or create a new CryptoStream for each message.
>> 2) - if I can use the same instance of RijndaelManaged for encoding
>> and decoding to/from the same destination. (Not to worry about data
>> volume issues. Key management will be performed independently.)
>> Thanks
>>
>> ------------------------------
>> Roy Chastain
>> SOHO Technology Solutions, LL
I have a similar problem:
- I know I should not reuse the IV.
- I have by some means established a session and an AES key/IV pair on
client and server.
- Over the course of several minutes/hours/days the client will send many
messages of differing length over this session to the server and the server
should respond, all encrypted.
- Using a stream more cipher (AES-CBC) this should theoretically be OK, as
the IV is only used/set once at the beginning of the session and the future
key stream is generated from the sent data.
- Now how is this done practically in dotnet? Which object instance (the
Rijndael alg, the transfor, or the CryptoStream, or...) is maintaining the
keystream state?
- If I close the CryptoStream, as has been suggested, I need to open a new
one for the next message (n+). How do I ensure that it doesn't restart the
key stream with the initial IV, but with the state after sending the n
previous messages?
- If I don't close the CryptoStream, how do get around the "cryptoStream
receiver blocks waiting for data that never arrives" problem/bug frequently
asked about in newsgroups? The answers there don't seem to address the
problem of continuing with an existing key stream.
Thanks for your help.
