6

I have a question regarding the encryption: basically in my web application I've used Enterprise Library 5.0 where they had a block for cryptography, so basically in the configuration tool provided by them I've registered a block and generated a key. This basically adds few lines in the web config, so that later in web application i can do the following:

Cryptographer.EncryptSymmetric("RijndaelManaged", text);
Cryptographer.DecryptSymmetric("RijndaelManaged", text);

This would automatically encrypt and decrypt correctly, withouth any issues.

Now I've a following problem, we are moving from Enterprise Library 5.0 to Enterprise Library 6.0 and in the new version they've removed the Cryptography block and instead they advise to use .Net cryptography.

So instead I decided to use Rijndael .Net class to replace this lines with custom code. I've used this topic as a reference (Encrypt and decrypt a string) but with RijndaelManaged to create it, but i'm a bit confused, how about the key ... because some data is already encrypted how to get and use the same key to be able to decrypt the data and use it ...?

I opened the configuration manager of the version 5.0 to see the key but can i use it or not?

Can anyone elaborate me on this one?

Community
  • 1
  • 1
Alnedru
  • 2,573
  • 9
  • 50
  • 88
  • 1
    In EntLib5 the key is stored in a key file which is protected by DPAPI (user or machine mode). You would have to read it in and unprotect it using `ProtectedData.Unprotect()`. Also, note that the first 4 characters in the key file are a version number and not part of the key. Depending on your app, you might want to think about a one time migration to decrypt using your old scheme and then encrypting using the new approach (depending on how similar to EntLib the new approach is). – Randy Levy Dec 23 '14 at 06:43
  • Also, you might want to download the EntLib 5 source to see what is going on internally: http://www.nuget.org/packages/EnterpriseLibrary.Source/ – Randy Levy Dec 23 '14 at 06:44
  • 1
    For other people dealing with legacy code like this. The IV is likely stored as part of the encrypted data, the first 16 bytes to be precise. So when you decrypt you can take it from there, and the data is the rest of the bytes. – Leo Muller Oct 10 '18 at 10:12

1 Answers1

1

how to get and use the same key to be able to decrypt the data and use it ...?

One of the idea of crypto cyphers is that they are independent of the implementing technology. You can encrypt data with .NET and decrypt it with Java or whatever. All you need to do can be summarised as:

  • Have the key. In symmetric crypto, the same key is used for both encryption and decryption processes
  • Have configuration values (such as IV or initialisation vector, length of the cypher block, type of the encryption, hash function used, name of the cypher, etc)

Given you have those two, you can encrypt/decrypt in any technology (with a bit of pain to get it going first, mostly spent searching for correct key or configuration)

I opened the configuration manager of the version 5.0 to see the key but can i use it or not?

Not familiar with config manager, but you must extract the key from somewhere. Be sure to get it in the right format - you need raw binary format. If it is saved in a file, it could be encrypted with say Windows DP API, or could be stored in Base64 format.

oleksii
  • 35,458
  • 16
  • 93
  • 163
  • IV this value is also required for the RijndaelManaged? I mean if for example you initiate it and you do not set th IV, will it be null or it will have some random value which will be then used to encrypt? For the key yes I think i have it in hexadecimale form, but i totally have no idea about IV. the enterprise library they encrypted using this method but that is it, nothing about the IV and how they did it exactly .... – Alnedru Dec 12 '14 at 10:50
  • AFAIK most cyphers use IVs. One can ultimately derive plain text message if none or the same IV is used ([more here](http://crypto.stackexchange.com/a/734)) throughout without ever changing. I suspect EntLib didn't use IV, try running decryption without setting IV and see if you get meaningful result back. – oleksii Dec 12 '14 at 12:26