TripleDESCryptoServiceProvider

Alex wrote:

I am using TripleDESCryptoServiceProvider to encrypt a value in the
querystring and my only concern is whether will the ampersand character
appear in an encrypted string.

Using POST is not an option so I really need help on this.

Encryption doesn't create strings, it creates binary data. How you
encode that binary data is up to you. If you use base16 (i.e. hex) you
certainly won't get any ampersands. If you use base64, you could use a
non-standard set of characters which are websafe, although I seem to
remember it's only *just* possible. How large is the encrypted value?
If it's small, using hex is probably the simplest solution.

Jon

Hi Jon,

I guess I am using Base64 encoding (ToBase64String and FromBase64String).
How do I use Base16?

The data to encrypt is email address so it should be small.

Thanks,
Yong Teck

"Jon Skeet [C# MVP]" wrote:

Alex wrote:

I am using TripleDESCryptoServiceProvider to encrypt a value in the
querystring and my only concern is whether will the ampersand character
appear in an encrypted string.

Using POST is not an option so I really need help on this.

Encryption doesn't create strings, it creates binary data. How you
encode that binary data is up to you. If you use base16 (i.e. hex) you
certainly won't get any ampersands. If you use base64, you could use a
non-standard set of characters which are websafe, although I seem to
remember it's only *just* possible. How large is the encrypted value?
If it's small, using hex is probably the simplest solution.

Jon

Hi Jon,

I guess I am using Base64 (ToBase64String and FromBase64String). How do I
use Base16? The data to encrypt is email address so it should be small.

Thanks,
Alex

"Jon Skeet [C# MVP]" wrote:

Alex wrote:

I am using TripleDESCryptoServiceProvider to encrypt a value in the
querystring and my only concern is whether will the ampersand character
appear in an encrypted string.

Using POST is not an option so I really need help on this.

Encryption doesn't create strings, it creates binary data. How you
encode that binary data is up to you. If you use base16 (i.e. hex) you
certainly won't get any ampersands. If you use base64, you could use a
non-standard set of characters which are websafe, although I seem to
remember it's only *just* possible. How large is the encrypted value?
If it's small, using hex is probably the simplest solution.

Jon

Alex wrote:

I guess I am using Base64 (ToBase64String and FromBase64String). How do I
use Base16? The data to encrypt is email address so it should be small.

Here's some code I wrote a while ago to convert *from* a hex string.
Converting *to* a hex string is just a case of using a StringBuilder
and appending each byte with the appropriate format (which I forget
off-hand, but it's probably x2 or something like that).

static int ParseHexDigit(char c)
{
if (c >= '0' && c <= '9')
{
return c-'0';
}
if (c >= 'a' && c <= 'f')
{
return c-'a'+10;
}
if (c >= 'A' && c <= 'F')
{
return c-'A'+10;
}
throw new ArgumentException ("Invalid hex character");
}

public static string ParseHex(string hex)
{
char[] result = new char[hex.Length/2];
int hexIndex=0;
for (int i=0; i < result.Length; i++)
{
result[i] = (char)(ParseHexDigit(hex[hexIndex++])*16+
ParseHexDigit(hex[hexIndex++]));

}
return new string (result);
}

Jon

Thanks for Jon's informative inputs.

Hi Alex,

Since your concern here is to avoid those URL sensitive chars in your
querystring value(encrypted through 3DES CSP), I think you can also
consider performing UrlEncoding on the encrypted querystring value(even if
you're using BASE64 convertion). And the HttpUtility.UrlEncode method just
help perform url encoding on a give string(which will replace any chars
which are not allowed in url with escaped values)

#HttpUtility.UrlEncode Method (String)
http://msdn2.microsoft.com/en-us/library/4fkewx0t.aspx

Hope this also helps some.

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

Hello Alex,

How are you doing on this issue? Have you got any further progress or does
my last reply also helps a little? If you still have any problems or there
is anything else we can help ,please don't hesitate to post here.

Regards,

Steven Cheng
Microsoft MSDN Online Support Lead
==================================================

When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.

==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)