3

We have a .NET application that needs to pass some data over to a Java app. We are wanting to give it some simple encryption, M.C. Hawking wont be hacking in but it needs to not be plain text.

I found some great Java code that lets me encrypt/decrypt using AES. What I am hoping to find is the matching peice of this for C# that will let me Encrypt a string that will be decryptable with my Java routine.

Here is my java class:

class SimpleProtector
{    
   private final String ALGORITHM = "AES";    
   private final byte[] keyValue = new byte[] { 'T', 'h', 'i', 's', 'I', 's', 'A', 'S', 'e', 'c', 'r', 'e', 't', 'K', 'e', 'y' };     
   public String encrypt(String valueToEnc) throws Exception
   {        
      Key key = generateKey();        
      Cipher c = Cipher.getInstance(ALGORITHM);        
      c.init(Cipher.ENCRYPT_MODE, key);        
      byte[] encValue = c.doFinal(valueToEnc.getBytes());        
      String encryptedValue = new BASE64Encoder().encode(encValue);        
      return encryptedValue;
   }    

   public String decrypt(String encryptedValue) throws Exception
   {        
      Key key = generateKey();        
      Cipher c = Cipher.getInstance(ALGORITHM);        
      c.init(Cipher.DECRYPT_MODE, key);        
      byte[] decordedValue = new BASE64Decoder().decodeBuffer(encryptedValue);       
      byte[] decValue = c.doFinal(decordedValue);        
      String decryptedValue = new String(decValue);        
      return decryptedValue;    
   }    

   private Key generateKey() throws Exception
   {        
      Key key = new SecretKeySpec(keyValue, ALGORITHM);        
      return key;    
   }
}

Thanks for any tips!

SwDevMan81
  • 48,814
  • 22
  • 151
  • 184
Cameron McBride
  • 6,779
  • 11
  • 40
  • 52
  • 1
    Protip: Never use text directly as encryption/decryption keys. That reduces the search space drastically (also, reusing the same symmetric key makes it easier to recover). Instead, use PBKDF2 or the like to convert it into much more suitable key material. Bonus points, use a real key management protocol like what OpenPGP has; that way you ensure that no two messages use the same session key, you can revoke public keys at will, etc. – C. K. Young Sep 03 '10 at 01:45

3 Answers3

2

See answers to this question: Using AES encryption in C#

Community
  • 1
  • 1
Graham Perks
  • 23,007
  • 8
  • 61
  • 83
2

we can do the encrypt/decrypt in c# and the other in java without using any other third party api. Please go to the link given below, its pretty easy. http://zenu.wordpress.com/2011/09/21/aes-128bit-cross-platform-java-and-c-encryption-compatibility/

Syam Kumar
  • 21
  • 1
  • Thanks, this worked for me, although I changed it to use different values for key and IV, as suggested in one of the comments. – RenniePet Sep 05 '13 at 02:44
1

The only way I have found to encrypt/decrypt in Java and then have C# do the other is to use bouncy castle's API (http://www.bouncycastle.org/documentation.html).

If you want to encrypt and make it harder to break, your best bet is to zip it first, then encrypt, as you then are encrypting something that looks more random.

For a discussion of using AES in C# and Java you can look at this message: http://forums.sun.com/thread.jspa?threadID=603209

You will want to use BouncyCastle to also serialize/deserialize the encryption key, and for security you may want to use RSA to have it encrypted by one side and decrypted by the other language, again using BouncyCastle to serialize/deserialize the key.

James Black
  • 41,583
  • 10
  • 86
  • 166