-1

Here is the code from Java:

public static String encrypt(String strToEncrypt)
{
    try
    {
        String secretKey = "1234567890123456";
        DESKeySpec keySpec = new DESKeySpec(secretKey.getBytes("UTF8"));
        SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
        SecretKey key = keyFactory.generateSecret(keySpec);
        BASE64Encoder base64encoder = new BASE64Encoder();
        byte[] cleartext = strToEncrypt.getBytes("UTF8");
        Cipher cipher = Cipher.getInstance("DES");
        cipher.init(Cipher.ENCRYPT_MODE, key);
        String encrypted = base64encoder.encode(cipher.doFinal(cleartext));
        return encrypted;

    }
    catch (Exception e)
    {
        return e.getMessage();
    }
}

How can I decrypt it in C#? Tried the solution:

Encrypt in java and Decrypt in C# For AES 256 bit

but it didn't work.

Community
  • 1
  • 1
Mike
  • 95
  • 1
  • 2
  • 10
  • 6
    Can you be more specific about what didn't work when you tried the linked question? – Richard SP. May 10 '16 at 09:10
  • I always get it decrypted like: "g:�\0�\td��Y\\符O����\rL��W�wHm�>f�\au����%��0��\ .........." or get the error message that the key length is wrong. – Mike May 10 '16 at 09:21

1 Answers1

2

Fundamntally, it is impossible to reliably decrypt that output base on the code you have provided as you do not provide the Initialisation Vector (IV) to you Cipher.Init call. As such, a random IV is used.

The following code might work when the above problem is corrected. You'll need to replace null with the correct IV.

public static string Decrypt(string encrypted)
{
    string secretKey = "1234567890123456";
    byte[] keyBytes = Encoding.UTF8.GetBytes(secretKey);
    byte[] ivBytes = null;

    DESCryptoServiceProvider csp = new DESCryptoServiceProvider();
    ICryptoTransform dec = csp.CreateDecryptor(keyBytes, ivBytes);

    byte[] cipherText = Encoding.UTF8.GetBytes(encrypted);
    string plainText = null;

    using (MemoryStream ms = new MemoryStream(cipherText, false))
    {
        ms.Position = 0;
        using (CryptoStream cryptStrm = new CryptoStream(ms, dec, CryptoStreamMode.Read))
        {
            StreamReader rdr = new StreamReader(cryptStrm);
                plainText = rdr.ReadToEnd();
        }
    }

    return plainText;
}

There are a lot of security concerns with what you are doing though (and equally as many in the code I have provided). If this is not a hobby/understanding project, I recommend you reconsider your security design:

  • You shouldn't store keys in code
  • You shouldn't store sensitive information in string objects
  • you should overwrite sensitive information as soon as you no longer need it with 0s or other non-sensitive data
  • You shouldn't be using DES - it is no longer secure
  • In C# you can use SecureString to reduce exposure of sensitive information (however, it is more difficult to get data out of this)
  • Idealy, encryption/decryption code should be done in a non-virtualised language due to virtual machines being able to move data around without telling you and can therefore leave traces of sensitive information lying around in memory
  • ...
Richard SP.
  • 497
  • 6
  • 15