I am trying to re-create this openssl command in C#:
openssl enc –e –aes-256-cbc –k SecretPhrase1234 –in profile.xml –out profile.cfg
This encrypted file will then be loaded by a device and the process is described as this:
A lower case –k precedes the secret key, which can be any plain text phrase and is used to generate a random 64-bit salt. Then, in combination with the secret specified with the –k argument, it derives a random 128-bit initial vector, and the actual 256-bit encryption key.
So, in my C# application I need to create a random 64 bit salt using my "SecretPhrase1234". Then I need to derive a 128 bit IV and a 256 bit key. The device already has the secret phrase loaded onto it.
Here is my code:
AesManaged aes = new AesManaged();
// Encrypt the string to an array of bytes.
aes.KeySize = 256;
aes.BlockSize = 128;
aes.Mode = CipherMode.CBC;
Rfc2898DeriveBytes rfc = new Rfc2898DeriveBytes("SecretPhrase1234", 8);
byte[] SALT = rfc.Salt;
PasswordDeriveBytes pdb = new PasswordDeriveBytes("SecretPhrase1234", SALT);
byte[] IV = rfc.GetBytes(aes.BlockSize/8);
//The next line doesn't work
byte[] KEY = pdb.CryptDeriveKey("AES", "SHA1", aes.KeySize, IV);
aes.Key = KEY;
aes.IV = IV;
byte[] encrypted = AESEncryption.EncryptStringToBytes(plainConfig,
aes.Key, aes.IV);
tw.WriteLine(Encoding.ASCII.GetString(encrypted));
tw.Close();
