locked
AES Encryption and Key, IV correct usage RRS feed

  • Question

  • Hi,

    My scenario is like this: I've to transfer a small amount of data which I need to transfer over web in some encrypted manner to ensure security. So, I've a client application(WP application) which consumes a web service written in WCF  using SOAP. I am generating a encrypted key using AES encryption. Now, since I need to consume that service in WP environment therefore I've to use Rfc2898DeriveBytes(since that is the supported class to obtain derivedbytes) to get key and IV. Code is given below:

    static void GetDeriveBytes(out byte[] byteKey, out byte[] byteIV)
    		{
    			string sKey = "Te$t";
    			Rfc2898DeriveBytes rdb = new Rfc2898DeriveBytes(sKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x63, 0x73 });
    			byteKey = rdb.GetBytes(32);
    			byteIV = rdb.GetBytes(16);
    		}

    Method for Encrypting a string: 

    static string EncryptString_Aes(string plainText)
    		{
    			byte[] Key, IV, encrypted;
    			GetDeriveBytes(out Key, out IV);
    
    			using (AesManaged aesAlg = new AesManaged())
    			{
    				aesAlg.Key = Key;
    				aesAlg.IV = IV;
    
    				// Create a decrytor to perform the stream transform.
    				ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
    
    				// Create the streams used for encryption.
    				using (MemoryStream msEncrypt = new MemoryStream())
    				{
    					using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
    					{
    						using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
    						{
    							//Write all data to the stream.
    
    							swEncrypt.Write(plainText);
    						}
    						encrypted = msEncrypt.ToArray();
    					}
    				}
    			}
    			return Convert.ToBase64String(encrypted);
    		}

    Code for Decryption Method:

    static string DecryptString_Aes(string sCipherText)
    		{
    			byte[] Key, IV;
    			GetDeriveBytes(out Key, out IV);
    			byte[] cipherText;
    			cipherText = Convert.FromBase64String(sCipherText);
    			string plaintext = null;
    
    			using (AesManaged aesAlg = new AesManaged())
    			{
    				aesAlg.Key = Key;
    				aesAlg.IV = IV;
    
    				// Create a decrytor to perform the stream transform.
    				ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
    
    				// Create the streams used for decryption.
    				using (MemoryStream msDecrypt = new MemoryStream(cipherText))
    				{
    					using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
    					{
    						using (StreamReader srDecrypt = new StreamReader(csDecrypt))
    						{
    							// Read the decrypted bytes from the decrypting stream
    							// and place them in a string.
    							plaintext = srDecrypt.ReadToEnd();
    						}
    					}
    				}
    			}
    			return plaintext;
    		}

    My WCF also uses the same methods for encryption and Decryption. 

    Now, the problem is when I deploy my WCF service and I try to decrypt a encrypted(encrypted in WP application) string inside WCF it throws an exception. It says padding is not correct. 

    So, I figured it out the reason for this was that the byteKey and byteIV generated from GetDeriveBytes method in WCF is different from what I received from my WP application. 

    So, the question is, do I need to transfer (over the net to my WCF service) wp generated byteKey and byteIV to correctly decrypt my encryption ?

    I've also noticed that if I do it within the same system i.e. running service locally and consuming locally it works fine (like consume it from some local silverlight application). That means it generate the same byteKey and byteIV

    This is the first time I am trying some encryption mechanism. So, wondering what is the correct way to do handle such situation. 

    Thanks for every one time and help in advance. 

    Thanks and Regards

    Nishant Rana

    • Moved by CoolDadTx Wednesday, August 1, 2012 1:47 PM Not IDE related (From:Visual C# IDE)
    • Moved by Bob Shen Friday, August 3, 2012 9:46 AM (From:Visual C# General)
    Wednesday, August 1, 2012 6:11 AM

Answers

All replies

  • Hi nishantcop

    Thank you for visiting the MSDN forum. I’m afraid that it is not the correct forum about this issue. I am moving your question to the moderator forum ("Where is the forum for..?"). The owner of the forum will direct you to a right forum. Thanks for your understanding.


    Bob Shen [MSFT]
    MSDN Community Support | Feedback to us

    Friday, August 3, 2012 9:46 AM
  • Thanks Bob for moving it. 
    Saturday, August 4, 2012 3:28 AM
  • WPF? WCF? Would that be the forum topic?

    Thanks!


    Ed Price (a.k.a User Ed), SQL Server Experience Program Manager (Blog, Twitter, Wiki)

    Saturday, August 4, 2012 3:31 AM
  • I believe WPF  definitely a place to ask this question. WCF might be the one. Since this thing is more related to cryptography and transferring data using WCF service. 
    Sunday, August 5, 2012 2:19 AM
  • I believe WPF  definitely a place to ask this question. WCF might be the one. Since this thing is more related to cryptography and transferring data using WCF service. 

    Okay. Ask here: http://social.msdn.microsoft.com/forums/en-US/wpf/threads/

    Thanks!


    Ed Price (a.k.a User Ed), SQL Server Experience Program Manager (Blog, Twitter, Wiki)

    Sunday, August 5, 2012 6:06 AM