ansaurus

Question

How to use 'System.Security.Cryptography.AesManaged' to encrypt a byte[] ?

Answer 1

+3 A:

Simple encrypting and decrypting data in C#.

Edit: For passwords, I would recommend using SHA-2 hash instead of doing a two-way encryption, unless you really need to recover the original password. Normally you just need the fact that someone knew the password, not the password itself.

eed3si9n 2009-06-09 01:39:56

Looks good, but what's an IV ? I thought i'd just need a 16-byte key?

Chris 2009-06-09 01:47:29

http://en.wikipedia.org/wiki/Initialization_vector. You can increase the strength if you put random stuff in there, but you could use zeros too.

eed3si9n 2009-06-09 01:55:27

I need the passwords to pass them on to another service.

Chris 2009-06-09 03:32:42

Answer 2

+4 A:

EDIT: Noticed eed3si9n's edit... I agree, symmetric encryption is a bad choice for passwords. Use hashes (and not MD5) instead. Here's a very complete example.

A simple example:

byte[] clear = GetCleartext();
HashAlgorithm sha2 = SHA256CryptoServiceProvider.Create();
byte[] hashed = sha2.ComputeHash(clear);

To validate a correct password, you would run the same computation over the provided password, and compare the result to the hash you have in your database.

It's good practice to add salt (random data) to the cleartext to avoid rainbow table attacks. Basically, append a known randomly-generated value, unique to that user, to the cleartext before hashing.

Michael Petrotta 2009-06-09 01:57:26

And a clarification: the salt value needs to be kept along with the hash for the later comparisons. And generate a new salt every time the user changes the password.

devstuff 2009-06-09 03:12:33

I need the passwords to pass them on to another service.

Chris 2009-06-09 03:32:32

Answer 3

+3 A:

Here's what i did in the end, inspired by (an older version of) michael's answer:

private string Encrypt(string input)
{
  return Convert.ToBase64String(Encrypt(Encoding.UTF8.GetBytes(input)));
}
private byte[] Encrypt(byte[] input)
{
  PasswordDeriveBytes pdb = new PasswordDeriveBytes("hjiweykaksd", new byte[] { 0x43, 0x87, 0x23, 0x72, 0x45, 0x56, 0x68, 0x14, 0x62, 0x84 });
  MemoryStream ms = new MemoryStream();
  Aes aes = new AesManaged();
  aes.Key = pdb.GetBytes(aes.KeySize / 8);
  aes.IV = pdb.GetBytes(aes.BlockSize / 8);
  CryptoStream cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write);
  cs.Write(input, 0, input.Length);
  cs.Close();
  return ms.ToArray();
}
private string Decrypt(string input)
{
  return Encoding.UTF8.GetString(Decrypt(Convert.FromBase64String(input)));
}
private byte[] Decrypt(byte[] input)
{
  PasswordDeriveBytes pdb = new PasswordDeriveBytes("hjiweykaksd", new byte[] { 0x43, 0x87, 0x23, 0x72, 0x45, 0x56, 0x68, 0x14, 0x62, 0x84 });
  MemoryStream ms = new MemoryStream();
  Aes aes = new AesManaged();
  aes.Key = pdb.GetBytes(aes.KeySize / 8);
  aes.IV = pdb.GetBytes(aes.BlockSize / 8);
  CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write);
  cs.Write(input, 0, input.Length);
  cs.Close();
  return ms.ToArray();
}

Chris 2009-06-09 03:31:38

ansaurus

tags:

views:

answers:

How to use 'System.Security.Cryptography.AesManaged' to encrypt a byte[] ?

related questions