I was given the requirement to implement RC2 encryption/decryption in an Asp.Net site. There is some data that needs to be shared with other systems securely and this is the encryption method already in use. I have tried a number of different approaches to this but all the implementations have default key lengths which can't be changed even though the algorithm allows variable key lengths (http://en.wikipedia.org/wiki/RC2).
I'm looking to find out if I have overlooked something in my analysis or if there is a better option you could recommend.
.Net Approach
My first approach was to try and use the .NET RC2CryptoServiceProvider. This won't work because the key length is limited.
http://msdn.microsoft.com/en-us/library/system.security.cryptography.rc2.keysize.aspx
"This algorithm supports key lengths from 40 bits to 1024 bits in increments of 8 bits, but the RC2CryptoServiceProvider implementation only supports key lengths from 40 bits to 128 bits in increments of 8 bits."
OpenSSL.Net Approach
There is a .NET wrapper of OpenSSL that I tried using. http://sourceforge.net/projects/openssl-net/
It worked fine but it only appears to support the default encryption functions and there is no way to change key length that I have found.
Cipher ciph = Cipher.RC2_CBC;
ciph.KeyLength = 20; // <---- Keylength cannot be assigned to it is readonly
CipherContext RC2 = new CipherContext(ciph);
Call OpenSSL Directly
I also tried calling OpenSSL through the command line by creating a process and grabbing the output. I ran into the same problem which is that the built in functions don't allow variable key lengths.
http://www.openssl.org/docs/apps/enc.html
The enc program only supports a fixed number of algorithms with certain parameters. So if, for example, you want to use RC2 with a 76 bit key or RC4 with an 84 bit key you can't use this program.
