AES256 uses 256 bits key which is exactly 32 bytes of data, in terms of ASCII characters its 32 characters. And it is mostly system generated keys. I'm developing a project that encrypts a Plain text file using AES Class in C#. In this project there is a window form that asks the user to provide key. Is there a way to encrypt the Plain text using the User Provided key?
Asked
Active
Viewed 540 times
0
-
1Why wouldn't there be? – CodeCaster Aug 11 '16 at 09:00
-
Possible duplicate of [C# Example of AES256 encryption using System.Security.Cryptography.Aes](http://stackoverflow.com/questions/7400884/c-sharp-example-of-aes256-encryption-using-system-security-cryptography-aes) – active92 Aug 11 '16 at 09:04
1 Answers
2
You should not ask the user for the key. You should ask the user for a password phrase and then use one of the industry standards key derivation algorithms to generate the key from the password phrase, like PBKDF2. .Net provides support for this with Rfc2898DeriveBytes class. See the example in the link for how to use it. Also, make sure you generate a good Initialization Vector and prepend it to the encrypted file.
You should never mix system generated keys with user provided password phrases. If you generate keys, then you must have a key exchange protocol in place, eg. TLS.
Please spend some time to document yourself about basic crypto. The Handbook is a good starting read (and free). Don't release Yet Another Broken Crypto product...
Maarten Bodewes
- 90,524
- 13
- 150
- 263
Remus Rusanu
- 288,378
- 40
- 442
- 569