开发者

C# 3des encryption, how to know when it fails?

I am using this code to encryp/decrypt strings between c# and php:

class encryption
{
    public string SimpleTripleDes(string Data)
    {
        byte[] key = Encoding.ASCII.GetBytes("passwordDR0wSS@P6660juht");
        byte[] iv = Encoding.ASCII.GetBytes("password");
        byte[] data = Encoding.ASCII.GetBytes(Data);
        byte[] enc = new byte[0];
        TripleDES tdes = TripleDES.Create();
        tdes.IV = iv;
        tdes.Key = key;
        tdes.Mode = CipherMode.CBC;
        tdes.Padding = PaddingMode.Zeros;
        ICryptoTransform ict = tdes.CreateEncryptor();
        enc = ict.TransformFinalBlock(data, 0, data.Length);
        return ByteArrayToString(enc);
    }

    public string SimpleTripleDesDecrypt(string Data)
    {
        byte[] key = Encoding.ASCII.GetBytes("passwordDR0wS开发者_运维知识库S@P6660juht");
        byte[] iv = Encoding.ASCII.GetBytes("password");
        byte[] data = StringToByteArray(Data);
        byte[] enc = new byte[0];
        TripleDES tdes = TripleDES.Create();
        tdes.IV = iv;
        tdes.Key = key;
        tdes.Mode = CipherMode.CBC;
        tdes.Padding = PaddingMode.Zeros;
        ICryptoTransform ict = tdes.CreateDecryptor();
        enc = ict.TransformFinalBlock(data, 0, data.Length);
        return Encoding.ASCII.GetString(enc);
    }

    public static string ByteArrayToString(byte[] ba)
    {
        string hex = BitConverter.ToString(ba);
        return hex.Replace("-", "");
    }

    public static byte[] StringToByteArray(String hex)
    {
        int NumberChars = hex.Length;
        byte[] bytes = new byte[NumberChars / 2];
        for (int i = 0; i < NumberChars; i += 2)
            bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
        return bytes;
    }
}

Now what I'd like to do is to know when the decryption failed, when it fails it show me a messagebox with this text:

Could not find any recognizable digits

I could just compare that to the decrypted string bu, will this "error" text be the same on all computers even if they .net lib is from another language?


'Decryption failed' could mean many things.

  1. You decrypt engine TransformFinalBlock() throws exception because you supplied invalid key or IV
  2. You supplied valid but incorrect IV - this can be taken care of because you know their correct values and how they are protected.
  3. you supplied correct key, IV but wrong cyphertext (or tampered).

1 is algorithimic failure and can be handled.

For 2 and 3 unfortunately without comparing decrypted text with orignal plaintext it's difficult to know whether 'decryption failed,' unless you introduce some additional measures for tamper-checks - hashing is the one answer for that. In both cases result could be inconsistent.

Tamper detection is unlikely in both stream ciphers and block ciphers, because these are not designed for this purpose. You have to use a combination of ctyptographic techniques to create a reselient infrastructure.

If you have a .NET library, designed to give a specific message, it doesnot matter what language (I am assuming you're talking about a CLS compliant language, C#, VB.NET etc.) it was written in and what computer it runs on, the behaviour ought to be consistent.

EDIT: Block ciphers always add padding to your plaintext irrespective of chaining technique used to get the next full block size before encryption. Decryption should remove padding, but you might expect a string terminated with one or more nulls. Be wary of this and consider maintaining length of your data.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜