tags:

views:

2107

answers:

3

Hi,

How do I go about performing AES encryption on a GUID?

On the clients computer we will store a GUID and their public key, and our internal servers will have the private key and their guid.

Is this all the necessary inputs to generate the AES encryption?

+6  A: 

AES is a symmetric encryption algorithm (encrypt and decrypt key is the same). If you are talking about public and private keys, you want an asymmetric encryption algorithm such as RSA.

Mitch Wheat
Methinks he's using PKI for client-server interaction and needs to store the associated public and private keys. Although not exactly standard practice in this situation, AES is a reasonable way to protect the PKI keys.
Adam Liss
A: 
   public static string
   Encrypt (string originalString)
   {
      if (string.IsNullOrEmpty (originalString))
      {
         throw new ArgumentNullException (
            "originalString",
            "The string which needs to be encrypted can not be null.");
      }

      using (var  cryptoProvider = new RijndaelManaged ())
      using (var  memoryStream = new MemoryStream ())
      using (var  cryptoStream = new CryptoStream (
         memoryStream,
         cryptoProvider.CreateEncryptor (rgbKey, rgbIV),
         CryptoStreamMode.Write))
      using (var  writer = new StreamWriter (cryptoStream))
      {
         writer.Write (originalString);
         writer.Flush ();
         cryptoStream.FlushFinalBlock ();
         writer.Flush ();
         return Convert.ToBase64String (memoryStream.GetBuffer (), 0, (int) memoryStream.Length);
      }
   }

   public static string
   Decrypt (string cryptedString)
   {
      if (string.IsNullOrEmpty (cryptedString))
      {
         throw new ArgumentNullException (
            "cryptedString",
            "The string which needs to be decrypted can not be null.");
      }

      using (var  cryptoProvider = new RijndaelManaged ())
      using (var  memoryStream = new MemoryStream (
              Convert.FromBase64String (cryptedString)))
      using (var  cryptoStream = new CryptoStream (
         memoryStream,
         cryptoProvider.CreateDecryptor (rgbKey, rgbIV),
         CryptoStreamMode.Read))
      using (var  reader = new StreamReader (cryptoStream))
      {
         return reader.ReadToEnd ();
      }
   }

   private static byte []  rgbKey = ASCIIEncoding.ASCII.GetBytes ("Ni=9OE=$i+62eprIuDr@ewOu5I9r34Ro"); // change to your own secure key
   private static byte []  rgbIV = ASCIIEncoding.ASCII.GetBytes ("to$eO_e!maI*o3ut"); // change to your own secure initialization vector
Jesse C. Slicer
What's the default CipherMode?
Tom Ritter
Cipher-Block Chaining. As far as I can tell, this is the default for all SymmetricAlgorithm descendants.
Jesse C. Slicer
+1  A: 

You can encrypt anything that can be represented as a stream of bytes. The only ingredient missing from the "recipe" in your question is the encryption key:

void encrypt(char *plaintext, char *key, char *crypt)
{
  // Encrypt plaintext with the key, returning the result in crypt.

}

Notes:

  • Using PKI (public/private keys), each participant typically maintains its own private key in a secure manner and freely distributes its public key. Messages are encrypted using the public key of the recipient and decrypted by each recipient with the private key. From the phrasing of the question, it's not apparent that you're using this model.

  • Jesse provides a good example for demonstration purposes. Just remember that you probably do not want to hard-code keys in your production application..

Adam Liss
Agreed - if your code leaves your secure boundaries (i.e. your managed server), you should be looking at a public key infrastructure solution. If it is completely contained, store your keys in a database so that if the server with the code is compromised, you're still in the clear.
Jesse C. Slicer
But you _don't_ want to be in the clear -- that's why we're encrypting in the first place! :-)
Adam Liss