-1

Is it possible to modify triple DES so as not to include forward and backward slashes when encrypting/decrypting?

I had this actionlink on mvc which works without encryption however when I tried to encrypt the id passed to the controller method, the id was being encrypted and included some forward slashes (/vO5Ppr4+Phzx+lHD4Jp6JubZlYXK0Az9OA9J8urf+MJFw62c3Y0Q/Q==) thus I am getting a 404 not found and the controller method is not being called.

MVC ActionLink:

<span> | </span> @Html.ActionLink("Student Rights", "StudentRights","Threads", new { id = CommonLayer.Securities.Encryption.EncryptTripleDES(item.ID) }, null)

Encryption Method:

private static byte[] KEY_192 = 
        {
            111,21,12,65,21,12,2,1,
            5,30,34,78,98,1,32,122,
            123,124,125,126,212,212,213,214
        };

    private static byte[] IV_192 = 
        {
            1,2,3,4,5,12,13,14,
            13,14,15,13,17,21,22,23,
            24,25,121,122,122,123,124,124
        };

    /// <summary>
    /// Encrypt using TripleDES
    /// </summary>
    /// <param name="vl">String to Encrypt</param>
    /// <returns>Encrypted String</returns>
    public static String EncryptTripleDES(String vl)
    {
        if (vl != "")
        { 
            TripleDESCryptoServiceProvider cryptoprovider = new TripleDESCryptoServiceProvider();
            MemoryStream ms = new MemoryStream();
            CryptoStream cs = new CryptoStream(ms, cryptoprovider.CreateEncryptor(KEY_192, IV_192), CryptoStreamMode.Write);
            StreamWriter sw = new StreamWriter(cs);
            sw.Write(vl);
            sw.Flush();
            cs.FlushFinalBlock();
            ms.Flush();
            return Convert.ToBase64String(ms.GetBuffer(), 0, (int)ms.Length);
        } 
        return "";
    } 

    /// <summary>
    /// Decrypt using TripleDES
    /// </summary>
    /// <param name="vl">String to Decrypt</param>
    /// <returns>Decrypted String</returns>
    public static String DecryptTripleDES(String vl)
    { 
        if (vl != "")
        { 
            TripleDESCryptoServiceProvider cryptoprovider = new TripleDESCryptoServiceProvider();
            Byte[] buffer = Convert.FromBase64String(vl);
            MemoryStream ms = new MemoryStream(buffer);
            CryptoStream cs = new CryptoStream(ms, cryptoprovider.CreateDecryptor(KEY_192, IV_192), CryptoStreamMode.Read);
            StreamReader sw = new StreamReader(cs);
            return sw.ReadToEnd();
        } 
        return "";
    }
rikket
  • 2,357
  • 7
  • 46
  • 74
  • This question has nothing to do with encryption at all. This is about how to put a string with slashes into a URL with ASP.NET MVC. – usr May 25 '14 at 13:04
  • possible duplicate of [Need an Encryption/decryption method does not have a '/' in the encrypted string](http://stackoverflow.com/questions/15109313/need-an-encryption-decryption-method-does-not-have-a-in-the-encrypted-string) – CodesInChaos May 25 '14 at 17:02

3 Answers3

2

That's not the output of 3DES, that's Base 64 encoding of random (looking) binary data.

You can simply (raw) URL-encode the result or you can replace the character by any other. Check the Base 64 page on Wikipedia for ideas. Try and keep to common standards, such a replacing the + with -, and replacing / with _ as standardized by RFC 4648.

You may also want to remove the = characters at the end. This works if your base 64 library can decode such base 64, otherwise you can simply append them again until you got a string that has a multiple of 4 base 64 characters.

Community
  • 1
  • 1
Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
2

Like owlstead suggests, use the url safe Base64 encoding described in RFC 4648.

My implementation produces a bit much garbage, but for short strings it shouldn't matter much as long as you don't call this a million times a second.

public static string ToUrlSafeBase64(byte[] bytes)
{
    return Convert.ToBase64String(bytes).Replace('+', '-').Replace('/', '_').Replace("=","");
}

public static byte[] FromUrlSafeBase64(string s)
{
    while (s.Length % 4 != 0)
        s += "=";
    s = s.Replace('-', '+').Replace('_', '/');
    return Convert.FromBase64String(s);
}

Used as:

var str = ToUrlSafeBase64(bytes);

var bytes = FromUrlSafeBase64(str);
CodesInChaos
  • 106,488
  • 23
  • 218
  • 262
0

the following functions worked on another post why-is-base64-encode-adding-a-slash-in-the-result

function mybase64_encode($s) {
    return str_replace(array('+', '/'), array(',', '-'), base64_encode($s));
}


function mybase64_decode($s) {
    return base64_decode(str_replace(array(',', '-'), array('+', '/'), $s));
}
Community
  • 1
  • 1
keiv.fly
  • 3,343
  • 4
  • 26
  • 45
  • how can I apply this to my method? – rikket May 25 '14 at 13:00
  • 2
    It's not a good idea to think of *yet* another encoding, better to use RFC 4648 encoding instead. – Maarten Bodewes May 25 '14 at 13:03
  • 1
    The functions are written in PHP. you need to change them to c#. Actually they mean that you replace '+' with ',' and '/' with '-' which are valid in urls. And then replace back when you do decode. Convert.ToBase64String is base64encode and Convert.FromBase64String is base64decode. Currently do not have time to write them in C#. – keiv.fly May 25 '14 at 13:05
  • @keiv.fly That plagiarism complaint is ridiculous. Owlstead's suggestion of using the url safe alphabet from 4648 is the standard solution to the problem. You can assume he was already familiar with that approach and didn't get it from your post. And before you accuse me of plagiarism as well, check my answer to [Need an Encryption/decryption method does not have a '/' in the encrypted string](http://stackoverflow.com/a/15109539/445517) which is over a year old. – CodesInChaos May 25 '14 at 17:04
  • Besides that, all that, I did not even downvote. I thought the answer was close enough, and practical to use, however not standards compliant. – Maarten Bodewes May 25 '14 at 19:17
  • @CodesInChaos Not true, I almost never ever have to deal with encoding/decoding issues with regards to [tag:cryptography] and [tag:encryption] :P – Maarten Bodewes May 25 '14 at 19:22
  • @owlstead Sorry, I thought you downvoted me. If you did not downvote me than its ok. Sorry again. – keiv.fly May 25 '14 at 19:42