|
|
You're in the
visual studio .net enterprise tools
group:Encrypting a Web.Config value using Microsoft Enterprise Library-J
visual studio .net enterprise tools:
I put methods like these in my Utils class. Easy way to encrypt strings or
byte[]: /// <summary> /// Use AES to encrypt data string. The output string is the encrypted bytes as a base64 string. /// The same password must be used to decrypt the string. /// </summary> /// <param name="data">Clear string to encrypt.</param> /// <param name="password">Password used to encrypt the string.</param> /// <returns>Encrypted result as Base64 string.</returns> public static string EncryptData(string data, string password) { if ( data == null ) throw new ArgumentNullException("data"); if ( password == null ) throw new ArgumentNullException("password"); byte[] encBytes = EncryptData(Encoding.UTF8.GetBytes(data), password, PaddingMode.ISO10126); return Convert.ToBase64String(encBytes); } /// <summary> /// Decrypt the data string to the original string. The data must be the base64 string /// returned from the EncryptData method. /// </summary> /// <param name="data">Encrypted data generated from EncryptData method.</param> /// <param name="password">Password used to decrypt the string.</param> /// <returns>Decrypted string.</returns> public static string DecryptData(string data, string password) { if ( data == null ) throw new ArgumentNullException("data"); if ( password == null ) throw new ArgumentNullException("password"); byte[] encBytes = Convert.FromBase64String(data); byte[] decBytes = DecryptData(encBytes, password, PaddingMode.ISO10126); return Encoding.UTF8.GetString(decBytes); } public static byte[] EncryptData(byte[] data, string password, PaddingMode paddingMode) { if ( data == null || data.Length == 0 ) throw new ArgumentNullException("data"); if ( password == null ) throw new ArgumentNullException("password"); PasswordDeriveBytes pdb = new PasswordDeriveBytes(password, Encoding.UTF8.GetBytes("Salt")); RijndaelManaged rm = new RijndaelManaged(); rm.Padding = paddingMode; ICryptoTransform encryptor = rm.CreateEncryptor(pdb.GetBytes(16), pdb.GetBytes(16)); using ( MemoryStream msEncrypt = new MemoryStream() ) using ( CryptoStream encStream = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write) ) { encStream.Write(data, 0, data.Length); encStream.FlushFinalBlock(); return msEncrypt.ToArray(); } } public static byte[] DecryptData(byte[] data, string password, PaddingMode paddingMode) { if ( data == null || data.Length == 0 ) throw new ArgumentNullException("data"); if ( password == null ) throw new ArgumentNullException("password"); PasswordDeriveBytes pdb = new PasswordDeriveBytes(password, Encoding.UTF8.GetBytes("Salt")); RijndaelManaged rm = new RijndaelManaged(); rm.Padding = paddingMode; ICryptoTransform decryptor = rm.CreateDecryptor(pdb.GetBytes(16), pdb.GetBytes(16)); using ( MemoryStream msDecrypt = new MemoryStream(data) ) using ( CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read) ) { // Decrypted bytes will always be less then encrypted bytes, so len of encrypted data will be big enouph for buffer. byte[] fromEncrypt = new byte[data.Length]; // Read as many bytes as possible. int read = csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length); if ( read < fromEncrypt.Length ) { // Return a byte array of proper size. byte[] clearBytes = new byte[read]; Buffer.BlockCopy(fromEncrypt, 0, clearBytes, 0, read); return clearBytes; } return fromEncrypt; } } -- William Stacey [MVP] [quoted text, click to view] "Patrick" <questions@newsgroup.nospam> wrote in message news:2863A9DC-B695-4F8A-83C8-131A2B8723AD@microsoft.com... >I tried using the "Crytography Application Block Quick Start" to encrypt > (getting it the App.Config to point to my own > securityCryptographyconfiguration.config) to encrypt the password into > something like > XVgnl8i//tBn4t3QGMl02TDtqCtMN/0ER/LKe1Burvy/oODQ7N1U9asm2jlOyqUx > > I tried to decrypt it in as follows: > String password = System.Text.Encoding.Unicode.GetString( > Cryptographer.DecryptSymmetric("symprovider", > System.Text.Encoding.Unicode.GetBytes > (ConfigurationSettings.AppSettings["ADQuerySysUserPassword"]))); > > Unfortunately: > the code throws the following exception: > ystem.Security.Cryptography.CryptographicException: PKCS7 padding is > invalid > and cannot be removed. > at > System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] > inputBuffer, Int32 inputOffset, Int32 inputCount) > at System.Security.Cryptography.CryptoStream.FlushFinalBlock() > at System.Security.Cryptography.CryptoStream.Close() > at > Microsoft.Practices.EnterpriseLibrary.Common.Cryptography.SymmetricCryptographer.Transform(ICryptoTransform > transform, Byte[] buffer) > at > Microsoft.Practices.EnterpriseLibrary.Common.Cryptography.SymmetricCryptographer.Decrypt(Byte[] > encryptedText) > at > Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.SymmetricAlgorithmProvider.Decrypt(Byte[] > ciphertext) > at > Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Cryptographer.DecryptSymmetric(String > symmetricInstance, Byte[] ciphertext, ConfigurationContext context) > > Why? and how do I resolve? > > "Patrick" wrote: > >> The Data EDRA is execellent in allowing Connection String to be >> encrypted, >> but as yet I could not find any example of how to encrypt the following >> entry: >> <appSettings> >> <add key="SpecialPassword" value="aPasswordIwantEncrypted" /> >> </appSettings> >> >> How could I do this? I already have >> securitycryptographyconfiguration.config and the encryption .key file >> setup >> (when I set up my Data EDRA to encrypt connection sting password). >> >>
The Data EDRA is execellent in allowing Connection String to be encrypted,
but as yet I could not find any example of how to encrypt the following entry: <appSettings> <add key="SpecialPassword" value="aPasswordIwantEncrypted" /> </appSettings> How could I do this? I already have securitycryptographyconfiguration.config and the encryption .key file setup (when I set up my Data EDRA to encrypt connection sting password).
I tried using the "Crytography Application Block Quick Start" to encrypt
(getting it the App.Config to point to my own securityCryptographyconfiguration.config) to encrypt the password into something like XVgnl8i//tBn4t3QGMl02TDtqCtMN/0ER/LKe1Burvy/oODQ7N1U9asm2jlOyqUx I tried to decrypt it in as follows: String password = System.Text.Encoding.Unicode.GetString( Cryptographer.DecryptSymmetric("symprovider", System.Text.Encoding.Unicode.GetBytes (ConfigurationSettings.AppSettings["ADQuerySysUserPassword"]))); Unfortunately: the code throws the following exception: ystem.Security.Cryptography.CryptographicException: PKCS7 padding is invalid and cannot be removed. at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount) at System.Security.Cryptography.CryptoStream.FlushFinalBlock() at System.Security.Cryptography.CryptoStream.Close() at Microsoft.Practices.EnterpriseLibrary.Common.Cryptography.SymmetricCryptographer.Transform(ICryptoTransform transform, Byte[] buffer) at Microsoft.Practices.EnterpriseLibrary.Common.Cryptography.SymmetricCryptographer.Decrypt(Byte[] encryptedText) at Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.SymmetricAlgorithmProvider.Decrypt(Byte[] ciphertext) at Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Cryptographer.DecryptSymmetric(String symmetricInstance, Byte[] ciphertext, ConfigurationContext context) Why? and how do I resolve? [quoted text, click to view] "Patrick" wrote:
> The Data EDRA is execellent in allowing Connection String to be encrypted, > but as yet I could not find any example of how to encrypt the following entry: > <appSettings> > <add key="SpecialPassword" value="aPasswordIwantEncrypted" /> > </appSettings> > > How could I do this? I already have > securitycryptographyconfiguration.config and the encryption .key file setup > (when I set up my Data EDRA to encrypt connection sting password). >
Thanks for the code William, but I am quite interested to know what is wrong
with my original 1 line code. It is simply built on the Microsoft Cryptography EDRA quick start example! Something wrong with the getbyte method, perhaps?? [quoted text, click to view] "William Stacey [MVP]" wrote:
> I put methods like these in my Utils class. Easy way to encrypt strings or > byte[]: > > /// <summary> > /// Use AES to encrypt data string. The output string is the > encrypted bytes as a base64 string. > /// The same password must be used to decrypt the string. > /// </summary> > /// <param name="data">Clear string to encrypt.</param> > /// <param name="password">Password used to encrypt the > string.</param> > /// <returns>Encrypted result as Base64 string.</returns> > public static string EncryptData(string data, string password) > { > if ( data == null ) > throw new ArgumentNullException("data"); > if ( password == null ) > throw new ArgumentNullException("password"); > > byte[] encBytes = EncryptData(Encoding.UTF8.GetBytes(data), > password, PaddingMode.ISO10126); > return Convert.ToBase64String(encBytes); > } > > /// <summary> > /// Decrypt the data string to the original string. The data must > be the base64 string > /// returned from the EncryptData method. > /// </summary> > /// <param name="data">Encrypted data generated from EncryptData > method.</param> > /// <param name="password">Password used to decrypt the > string.</param> > /// <returns>Decrypted string.</returns> > public static string DecryptData(string data, string password) > { > if ( data == null ) > throw new ArgumentNullException("data"); > if ( password == null ) > throw new ArgumentNullException("password"); > > byte[] encBytes = Convert.FromBase64String(data); > byte[] decBytes = DecryptData(encBytes, password, > PaddingMode.ISO10126); > return Encoding.UTF8.GetString(decBytes); > } > > public static byte[] EncryptData(byte[] data, string password, > PaddingMode paddingMode) > { > if ( data == null || data.Length == 0 ) > throw new ArgumentNullException("data"); > if ( password == null ) > throw new ArgumentNullException("password"); > > PasswordDeriveBytes pdb = new PasswordDeriveBytes(password, > Encoding.UTF8.GetBytes("Salt")); > RijndaelManaged rm = new RijndaelManaged(); > rm.Padding = paddingMode; > ICryptoTransform encryptor = > rm.CreateEncryptor(pdb.GetBytes(16), pdb.GetBytes(16)); > > using ( MemoryStream msEncrypt = new MemoryStream() ) > using ( CryptoStream encStream = new CryptoStream(msEncrypt, > encryptor, CryptoStreamMode.Write) ) > { > encStream.Write(data, 0, data.Length); > encStream.FlushFinalBlock(); > return msEncrypt.ToArray(); > } > } > > public static byte[] DecryptData(byte[] data, string password, > PaddingMode paddingMode) > { > if ( data == null || data.Length == 0 ) > throw new ArgumentNullException("data"); > if ( password == null ) > throw new ArgumentNullException("password"); > > PasswordDeriveBytes pdb = new PasswordDeriveBytes(password, > Encoding.UTF8.GetBytes("Salt")); > RijndaelManaged rm = new RijndaelManaged(); > rm.Padding = paddingMode; > ICryptoTransform decryptor = > rm.CreateDecryptor(pdb.GetBytes(16), pdb.GetBytes(16)); > > using ( MemoryStream msDecrypt = new MemoryStream(data) ) > using ( CryptoStream csDecrypt = new CryptoStream(msDecrypt, > decryptor, CryptoStreamMode.Read) ) > { > // Decrypted bytes will always be less then encrypted bytes, > so len of encrypted data will be big enouph for buffer. > byte[] fromEncrypt = new byte[data.Length]; > > // Read as many bytes as possible. > int read = csDecrypt.Read(fromEncrypt, 0, > fromEncrypt.Length); > if ( read < fromEncrypt.Length ) > { > // Return a byte array of proper size. > byte[] clearBytes = new byte[read]; > Buffer.BlockCopy(fromEncrypt, 0, clearBytes, 0, read); > return clearBytes; > } > return fromEncrypt; > } > } > > -- > William Stacey [MVP] > > "Patrick" <questions@newsgroup.nospam> wrote in message > news:2863A9DC-B695-4F8A-83C8-131A2B8723AD@microsoft.com... > >I tried using the "Crytography Application Block Quick Start" to encrypt > > (getting it the App.Config to point to my own > > securityCryptographyconfiguration.config) to encrypt the password into > > something like > > XVgnl8i//tBn4t3QGMl02TDtqCtMN/0ER/LKe1Burvy/oODQ7N1U9asm2jlOyqUx > > > > I tried to decrypt it in as follows: > > String password = System.Text.Encoding.Unicode.GetString( > > Cryptographer.DecryptSymmetric("symprovider", > > System.Text.Encoding.Unicode.GetBytes > > (ConfigurationSettings.AppSettings["ADQuerySysUserPassword"]))); > > > > Unfortunately: > > the code throws the following exception: > > ystem.Security.Cryptography.CryptographicException: PKCS7 padding is > > invalid > > and cannot be removed. > > at > > System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] > > inputBuffer, Int32 inputOffset, Int32 inputCount) > > at System.Security.Cryptography.CryptoStream.FlushFinalBlock() > > at System.Security.Cryptography.CryptoStream.Close() > > at > > Microsoft.Practices.EnterpriseLibrary.Common.Cryptography.SymmetricCryptographer.Transform(ICryptoTransform > > transform, Byte[] buffer) > > at > > Microsoft.Practices.EnterpriseLibrary.Common.Cryptography.SymmetricCryptographer.Decrypt(Byte[] > > encryptedText) > > at > > Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.SymmetricAlgorithmProvider.Decrypt(Byte[] > > ciphertext) > > at > > Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Cryptographer.DecryptSymmetric(String > > symmetricInstance, Byte[] ciphertext, ConfigurationContext context) > > > > Why? and how do I resolve? > > > > "Patrick" wrote: > > > >> The Data EDRA is execellent in allowing Connection String to be > >> encrypted,
Hi Patrick
Our support engineer Steven Cheng had already posted a response to your latest question in the thread of microsoft.public.dotnet.framework newsgroup, please check it there. Thanks for your understanding! Best regards, Gary Chang Microsoft Community Support -------------------- Get Secure! ¡§C www.microsoft.com/security Register to Access MSDN Managed Newsgroups! http://support.microsoft.com/default.aspx?scid=/servicedesks/msdn/nospam.asp &SD=msdn This posting is provided "AS IS" with no warranties, and confers no rights.
Don't see what you're looking for? Try a search.
|
June 2003
July 2003
August 2003
September 2003
October 2003
November 2003
December 2003
January 2004
February 2004
March 2004
April 2004
May 2004
June 2004
July 2004
August 2004
September 2004
October 2004
November 2004
December 2004
January 2005
February 2005
March 2005
April 2005
May 2005
June 2005
July 2005
August 2005
September 2005
October 2005
November 2005
December 2005
January 2006
February 2006
March 2006
April 2006
May 2006
June 2006
July 2006
August 2006
September 2006
October 2006
November 2006
January 2007
February 2007
March 2007
April 2007
May 2007
June 2007
July 2007
August 2007
September 2007
October 2007
| home · blog · groups | Questions? Comments? Contact the dn |