I've got a string I want to encrypt, and I want to do so in a way that a "classic" ASP application and an ASP.NET 2.0 application can decrypt it. What's the best way to do it?
I've been scouring the web for different solutions. I've looked at using DPAPI, but it's per-machine, so that's out. Too much work to encrypt it on every single server. I've also considered encrypting the value in the web.config, but "classic" ASP won't be able to read it.
Any other ideas out there?
Thanks in advance!
You can try to use Chilcat Crypt component in a form of an activex dll for the classic asp page and decrypt the string with the .NET System.Security.Cryptography libraries. In both cases you can use AES/Rinjdael or other encryption algorithm.
The old standard of using the Cryptography API COM dll a.k.a. capicom.dll is something you could use. It's not the most strait forward thing I've ever used but it's pretty well documented and it's installed on 99% of the microsoft boxes out there. You can find information on it at http://msdn.microsoft.com/en-us/library/ms995332.aspx. If you write everything in classic asp, then porting it and using PIvoke api in .net to use the same logic should be fairly easy.
I ran into this one on our site which uses ASP & VB.NET. Also, in-house utility programs are written in C#, VB6 & VB.NET. All of the programs needed to be able to exchange encrypted data.
To handle this problem I wrote a VB6 & VBScript encryption routine which I converted to .NET. It allows me to have identical data across the platforms. The encryption & hashing that I selected were RC4 and MD5. Both of which were considerably enhanced with multiple features, such as the MD5 is a salted version and the RC4 contains a CRC check and an option for double encrypting using multiple passkeys.
The base code for the MD5 and RC4 is easily available and they both convert easily.
Have you considered creating an ASP.NET Web Service to do the encryption for you? You can then call the web service over SSL from your classic ASP application and then us the same back-end library from your ASP.NET application to do the decryption.