WebApp Sec mailing list archives
Re: What problem have this Rijndael(.NET&PHP) code?
From: "Scott C. Sanchez" <scottsanchez () gmail com>
Date: Fri, 15 Dec 2006 10:08:50 -0500
Maybe this URL will help? It's a working example and some tips for encryption/decryption between .net and php http://programmin.prim8.net/archives/25-PHP-and-DotNet-encryption.html Good luck! Scott C. Sanchez, CISSP On 12/14/06, 김영일 <zero12a () naver com> wrote:
Dear, web security Professionals.
I have a AES problem.
I want to send confidential data.
STEP is bottom...
* STEP
1. Encrypt confidential-data by C#.NET.
2. Send encrypted data on HTTP(80) protocol.
2. Decrypt encyrpted data by PHP & mcrypt(2.4.x)
I want to decrypt data. but, Result data(decrypted data) don't same input data.
What's problem?. My code is a bottom.
---------------------PHPinfo() & Decrypt/Encrypt Function-----------------------------------
* PHPinfo() mcrypt
Version: >=2.4.x
Supported ciphers : cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake
blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes
Supported modes : cbc cfb ctr ecb ncfb nofb ofb stream
* C#.NET Encrypt function
private string EncryptString(string InputText, string Password)
{
RijndaelManaged RijndaelCipher = new RijndaelManaged();
RijndaelCipher.Mode = CipherMode.ECB;
byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);
byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);
ICryptoTransform Encryptor = RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16));
MemoryStream memoryStream = new MemoryStream();
CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor, CryptoStreamMode.Write);
cryptoStream.Write(PlainText, 0, PlainText.Length);
cryptoStream.FlushFinalBlock();
byte[] CipherBytes = memoryStream.ToArray();
memoryStream.Close();
cryptoStream.Close();
string EncryptedData = Convert.ToBase64String(CipherBytes);
return EncryptedData;
}
* PHP(mcrypt) Decrypt function
function decrypt($decrypt,$key) {
$decoded = base64_decode($decrypt);
$iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), strlen($key));
$decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv);
return $decrypted;
}
-------------------------------------------
Young-il Kim, CISA/CISSP/OCP
Korean, http://cafe.naver.com/WebHack
zero12a () naver com, zero12a () dreamwiz com
------------------------------------------------------------------------
새로운 기부 문화의 씨앗, 해피빈
http://happybean.naver.com
Current thread:
- What problem have this Rijndael(.NET&PHP) code? 김영일 (Dec 15)
- Re: What problem have this Rijndael(.NET&PHP) code? Peter Conrad (Dec 18)
- Message not available
- Re: What problem have this Rijndael(.NET&PHP) code? Scott C. Sanchez (Dec 18)
- Re: What problem have this Rijndael(.NET&PHP) code? Jamie Riden (Dec 18)