472,982 Members | 1,822 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 472,982 software developers and data experts.

Same encryption codes cannot decrypt password from .NET 1.0 to 2.0

Hi all,

I have an encryption class that encrypts and decrypts password using
TripleDESCryptoServiceProvider. It was written originally in framework
1.0 and been working fine. And those passwords are stored in my SQL
server.

Now I need to migrate my application to framework 2.0. I use this same
class with framework 2.0 library to decrypt the passwords from database
(of course, they were encrypted in 1.0) but getting "Bad Data"
exception. The wierd thing is that, in 2.0 environment, it can encrypt
a new password and decrypt it back without any problem. It just cannot
decrypt the ones which were encrypted in 1.0.

Anyone experienced this problem before? Any ideas will be very
appreciated!!

Hans

I am also attaching the class as follows:
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

namespace test
{
/// <summary>
/// Summary description for EncryptionManager.
/// </summary>
public class EncryptionManager
{
public const int Encryption = 0;
public const int Decryption = 1;

private EncryptionManager()
{
}

public static string Encrypt(string toEncrypt, string key)
{
UnicodeEncoding encoder = new UnicodeEncoding();
return encoder.GetString(ParseBytes(encoder.GetBytes(toEn crypt),
key, Encryption));
}

public static string Decrypt(string toDecrypt, string key)
{
UnicodeEncoding encoder = new UnicodeEncoding();
return encoder.GetString(ParseBytes(encoder.GetBytes(toDe crypt),
key, Decryption));
}
private static byte[] ParseBytes (byte[] data, string key, int
direction)
{
TripleDES des = new TripleDESCryptoServiceProvider() ;
des.IV = new byte[8];

//init stream to write / read data
MemoryStream memStream = new MemoryStream();

PasswordDeriveBytes derivedBytes = new PasswordDeriveBytes(key, new
byte[0]);
des.Key = derivedBytes.CryptDeriveKey("RC2", "MD5", 128, new
byte[8]);

//set transform according to direction
ICryptoTransform transform;

if (direction == Encryption)
{
transform = des.CreateEncryptor();
}
else
{
transform = des.CreateDecryptor();
}

CryptoStream cryptoStream = new CryptoStream (memStream,
transform,
CryptoStreamMode.Write);

cryptoStream.Write (data, 0, data.Length);
cryptoStream.FlushFinalBlock();

//get the length of the encrypted data...
byte[] encodedResult = new byte[memStream.Length];
memStream.Position = 0;
memStream.Read(encodedResult, 0, encodedResult.Length);

memStream.Close();
cryptoStream.Close();

return encodedResult;
}

public static string GenerateKey()
{
UnicodeEncoding encoder = new UnicodeEncoding();
TripleDES des = new TripleDESCryptoServiceProvider();
return encoder.GetString(des.Key);
}
}

}

Dec 16 '05 #1
4 2529
<ho****@yahoo.com> wrote:
I have an encryption class that encrypts and decrypts password using
TripleDESCryptoServiceProvider. It was written originally in framework
1.0 and been working fine. And those passwords are stored in my SQL
server.

Now I need to migrate my application to framework 2.0. I use this same
class with framework 2.0 library to decrypt the passwords from database
(of course, they were encrypted in 1.0) but getting "Bad Data"
exception. The wierd thing is that, in 2.0 environment, it can encrypt
a new password and decrypt it back without any problem. It just cannot
decrypt the ones which were encrypted in 1.0.

Anyone experienced this problem before? Any ideas will be very
appreciated!!


<snip>

I've seen the same problem, but haven't investigated it much - I'll try
to look into it further soon...

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Dec 17 '05 #2
Jon,

Thanks for taking time looking into this. Let me know if you find out
anything.

Hans

Dec 20 '05 #3
<ho****@yahoo.com> wrote:
I have an encryption class that encrypts and decrypts password using
TripleDESCryptoServiceProvider. It was written originally in framework
1.0 and been working fine. And those passwords are stored in my SQL
server.


<snip>

Looking at it to start with - you really shouldn't be assuming that the
bytes which come back from encryption are a valid Unicode string. I
would suggest base64 encoding/decoding to convert between byte arrays
and "normal" text. It's unrelated to the problem you're seeing (I
believe) but is something to watch out for.

It's also worth using a "using" statement to close streams, so they end
up being closed even if an exception occurs.

Finally, don't use Stream.Read without checking the return value -
there's no guarantee it will read everything you want it to. See
http://www.pobox.com/~skeet/csharp/readbinary.html for more details.
When you're using a MemoryStream, however, you can just call ToArray to
get the bytes.

I'll post an "improved" version of your code when I've modified the
current version. As I say, it won't solve the problem, but it should
make it more obvious that there *is* a problem unrelated to the above
:)

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Dec 20 '05 #4
<ho****@yahoo.com> wrote:

<snip>

Hmm. I've modified your code appropriately, but I can't get either your
original code or the modified code to fail (encrypting with 1.1 and
decrypting with 2.0). Could you provide some sample data which it fails
with?
using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

public class EncryptionManager
{
SymmetricAlgorithm provider;

public EncryptionManager()
{
provider = new TripleDESCryptoServiceProvider();
provider.IV = new byte[8];
byte[] key = new byte[provider.KeySize/8];
for (int i=0; i < key.Length; i++)
{
key[i] = (byte) i;
}
provider.Key = key;
}

public string Encrypt(string toEncrypt)
{
byte[] rawInput = Encoding.UTF8.GetBytes(toEncrypt);
byte[] rawOutput = Encrypt (rawInput);
return Convert.ToBase64String(rawOutput);
}

public string Decrypt(string toDecrypt)
{
byte[] rawInput = Convert.FromBase64String(toDecrypt);
byte[] rawOutput = Decrypt (rawInput);
return Encoding.UTF8.GetString(rawOutput);
}

public byte[] Encrypt (byte[] toEncrypt)
{
return Transform(provider.CreateEncryptor(), toEncrypt);
}

public byte[] Decrypt (byte[] toDecrypt)
{
return Transform(provider.CreateDecryptor(), toDecrypt);
}

byte[] Transform (ICryptoTransform transform, byte[] data)
{
using (MemoryStream memoryStream = new MemoryStream())
{
using (CryptoStream cryptoStream = new CryptoStream
(memoryStream, transform, CryptoStreamMode.Write))
{
cryptoStream.Write(data, 0, data.Length);
cryptoStream.FlushFinalBlock();
}
return memoryStream.ToArray();
}
}

static void Main(string[] args)
{
EncryptionManager manager = new EncryptionManager();

if (args.Length==1)
{
Console.WriteLine (manager.Decrypt(args[0]));
}
else
{
Console.WriteLine (manager.Encrypt ("Test"));
}
}
}

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too
Dec 20 '05 #5

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
by: Chris | last post by:
Hello all. I'm currently working on a new site that encompasses the registration of members. The registration is taking place through PHP interaction with MySQL. The site is just going to be...
4
by: drs | last post by:
Hi, I need to send secure data over an insecure network. To that end, I am needing to encrypt serialized data and then decrypt it. Is there a builtin way to do this in Python? MD5, SHA, etc...
12
by: Peter Young | last post by:
I'm looking for ideas on encrypting form data. For example, if a user enters a password, I would like to encrypt it before it gets posted, then decrypt it server-side. The obvious answer for a...
5
by: TomB | last post by:
Anyone know of an example/tutorial for encrypting a binary file? I'm able to encrypt/decrypt simple text files, but anything more complicated craps out. Thanks TomB
4
by: Mark R. Dawson | last post by:
Hi all, I have a configuration file that is storing sensative data, like db passwords etc. I want to encrypt the file so that people can not see the contents. What are the standard practices for...
7
by: Steven Cliff | last post by:
I have started to use the new Enterprise Library (Jan 06) and have set up a skeleton project using the DAAB. This all seems to work fine apart from when I come to secure the app.config file via...
25
by: eggie5 | last post by:
I have a form where a user can change his password, but I'm confused on how to prevent this from being transmitted in plain text. Well, I know how not to transmit it in plain text - use any type...
8
by: manmit.walia | last post by:
Hello Everyone, Long time ago, I posted a small problem I had about converting a VB6 program to C#. Well with the help with everyone I got it converted. But I overlooked something and don't...
2
by: olafinsbraaten | last post by:
I am using column-level encryption (ENCRYPT_CHAR, DECRYPT_CHAR) to protect selected columns in DB2 LUW v.9.1 and v.9.5 on Linux. The ultimate goal is to support the requirements put forward in...
0
by: lllomh | last post by:
Define the method first this.state = { buttonBackgroundColor: 'green', isBlinking: false, // A new status is added to identify whether the button is blinking or not } autoStart=()=>{
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 4 Oct 2023 starting at 18:00 UK time (6PM UTC+1) and finishing at about 19:15 (7.15PM) The start time is equivalent to 19:00 (7PM) in Central...
0
by: Aliciasmith | last post by:
In an age dominated by smartphones, having a mobile app for your business is no longer an option; it's a necessity. Whether you're a startup or an established enterprise, finding the right mobile app...
2
by: giovanniandrean | last post by:
The energy model is structured as follows and uses excel sheets to give input data: 1-Utility.py contains all the functions needed to calculate the variables and other minor things (mentions...
3
NeoPa
by: NeoPa | last post by:
Introduction For this article I'll be using a very simple database which has Form (clsForm) & Report (clsReport) classes that simply handle making the calling Form invisible until the Form, or all...
1
by: Teri B | last post by:
Hi, I have created a sub-form Roles. In my course form the user selects the roles assigned to the course. 0ne-to-many. One course many roles. Then I created a report based on the Course form and...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 1 Nov 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM) Please note that the UK and Europe revert to winter time on...
3
by: nia12 | last post by:
Hi there, I am very new to Access so apologies if any of this is obvious/not clear. I am creating a data collection tool for health care employees to complete. It consists of a number of...
0
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.