473,386 Members | 1,733 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > c# / c sharp > questions > using rijndaelmanaged

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Using RijndaelManaged

I need to store some password on a text file. I was trying to use
some kind of encryption to encrypt the password from plain text. I
found the code below off the web, which works great.

But the problem is, I need to specify both the "password" (which is an
encryption key I assume) and the salt. What will be the best way to
generate and store them? Right now I just hard code the key and salt,
but I am concerned about the security.

public static String Encrypt(String data, String password)
{
if (data == null)
throw new ArgumentNullException("data");
if (password == null)
throw new ArgumentNullException("password");
byte[] encBytes =
EncryptData(Encoding.UTF8.GetBytes(data), password,
PaddingMode.ISO10126);
return Convert.ToBase64String(encBytes);

}

public static byte[] EncryptData(byte[] data, String password,
PaddingMode paddingMode)
{
if (data == null || data.Length == 0)
throw new ArgumentNullException("data");
if (password == null)
throw new ArgumentNullException("password");
PasswordDeriveBytes pdb = new
PasswordDeriveBytes(password, Encoding.UTF8.GetBytes("Salt"));
RijndaelManaged rm = new RijndaelManaged();
rm.Padding = paddingMode;
ICryptoTransform encryptor =
rm.CreateEncryptor(pdb.GetBytes(16), pdb.GetBytes(16));
using (MemoryStream msEncrypt = new MemoryStream())
using (CryptoStream encStream = new
CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
encStream.Write(data, 0, data.Length);
encStream.FlushFinalBlock();
return msEncrypt.ToArray();
}
}

May 14 '07 #1
3 12432
On 14 May 2007 12:27:48 -0700, melon <el*****@gmail.comwrote:
>I need to store some password on a text file.
Not a good idea if you can possible avoid it. If the password is for
your own application then you may only need to store a hash of the
password, rather than the password itself. If the password is for
entry into another application then you do have to store it.
>I was trying to use some kind of encryption to encrypt the password
from plain text. I found the code below off the web, which works great.

But the problem is, I need to specify both the "password" (which is an
encryption key I assume) and the salt.
If you are encrypting something then you will need a key to encrypt
and decrypt it - that is indeed what "password" is. Salt is just a
random string, though at first glance it looks more like an
Initialisation Vector (IV) than salt.

http://en.wikipedia.org/wiki/Initialization_vector

http://en.wikipedia.org/wiki/Salt_(cryptography)
>What will be the best way to
generate and store them? Right now I just hard code the key and salt,
but I am concerned about the security.
As you have noticed, there is an infinite regress of keys to decrypt
keys to decrypt keys... One solution is System.Security.SecureString.
It is not perfect, but it does store you password in encrypted form
without getting into an infinite regress. The major issue is getting
your password back out again if you need it, you have to use something
like Marshal.SecureStringToBSTR and unmanaged memory to extract the
password.

rossum
>
public static String Encrypt(String data, String password)
{
if (data == null)
throw new ArgumentNullException("data");
if (password == null)
throw new ArgumentNullException("password");
byte[] encBytes =
EncryptData(Encoding.UTF8.GetBytes(data), password,
PaddingMode.ISO10126);
return Convert.ToBase64String(encBytes);

}

public static byte[] EncryptData(byte[] data, String password,
PaddingMode paddingMode)
{
if (data == null || data.Length == 0)
throw new ArgumentNullException("data");
if (password == null)
throw new ArgumentNullException("password");
PasswordDeriveBytes pdb = new
PasswordDeriveBytes(password, Encoding.UTF8.GetBytes("Salt"));
RijndaelManaged rm = new RijndaelManaged();
rm.Padding = paddingMode;
ICryptoTransform encryptor =
rm.CreateEncryptor(pdb.GetBytes(16), pdb.GetBytes(16));
using (MemoryStream msEncrypt = new MemoryStream())
using (CryptoStream encStream = new
CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
encStream.Write(data, 0, data.Length);
encStream.FlushFinalBlock();
return msEncrypt.ToArray();
}
}
May 15 '07 #2
melon wrote:
I need to store some password on a text file. I was trying to use
some kind of encryption to encrypt the password from plain text. I
found the code below off the web, which works great.

But the problem is, I need to specify both the "password" (which is an
encryption key I assume) and the salt. What will be the best way to
generate and store them? Right now I just hard code the key and salt,
but I am concerned about the security.
I think you can live with the fixed salt. The core problem is
the password.

The .NET EXE can be decompiled and a hardcoded password be
revealed in 10 seconds.

The simplest solution is to have the user enter the password.

Arne
May 19 '07 #3
rossum wrote:
Salt is just a
random string, though at first glance it looks more like an
Initialisation Vector (IV) than salt.
> PasswordDeriveBytes pdb = new
PasswordDeriveBytes(password, Encoding.UTF8.GetBytes("Salt"));
> ICryptoTransform encryptor =
rm.CreateEncryptor(pdb.GetBytes(16), pdb.GetBytes(16));
No.

bytes = f(password, salt)
key = bytes
iv = bytes

Arne

May 19 '07 #4
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
Encryption using X509Certificate
by: rawCoder | last post by:
Hi All, I have a *.cer file, a public key of some one and I want to encrypt some thing using this public key. Can someone point me to a sample code for Encrypting some file using...
.NET Framework
1
error using ICallbackEventHandler in ASP.Net 2.0
by: Mike | last post by:
When trying to compile (using Visual Web Developer 2005 Express Beta; frameworkv2.0.50215 ) the source code below I get errors (listed below due to the use of ICallBackEventHandler. Ultimately I...
.NET Framework
10
using declaration question
by: Christopher Benson-Manica | last post by:
Why can't I use a class destructor in a using declaration: using MyClass::~MyClass; ? -- Christopher Benson-Manica | I *should* know what I'm talking about - if I ataru(at)cyberspace.org ...
C / C++
17
is "using namespace std" good style?
by: beliavsky | last post by:
Many of my C++ programs have the line using namespace std; but the "Accelerated C++" book of Koenig and Moo has many examples where the library names are included one at a time, for example ...
C / C++
8
Is 'using namespace std;' valid without 'namespace std {};' first?
by: Petter Reinholdtsen | last post by:
I ran into a problem on HP-UX 11.00 the other day, where it refused to compile a program using 'using namespace std;' at the top. The reason seem to be that the compiler refuses to accept 'using...
C / C++
14
Correct usage of "using" with standard templates
by: john.burton.email | last post by:
I've done some extensive searching and can't seem to find an answer to this - Is it correct to using "using" with templates, for example: using std::vector; Or do I need to specify the type...
C / C++
0
Tough security question using System.Security.Cryptography.RijndaelManaged.
by: Andrzej | last post by:
Hi, I have to figure out why we have a problem with special characters in encrypted usernames and passwords. Case: Username: r&bgeorge Password: tigger
C# / C Sharp
1
Error using configSource attribute.
by: Abhi | last post by:
I am using Cryptography application block and am trying to use configSource attribute to keep the config file as separate file. my Application configuration file has following entry ...
C# / C Sharp
3
Encrypt and Decrypt a file using .NET 2.0?
by: JDeats | last post by:
I have some .NET 1.1 code that utilizes this technique for encrypting and decrypting a file. http://support.microsoft.com/kb/307010 In .NET 2.0 this approach is not fully supported (a .NET 2.0...
C# / C Sharp
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!