How to define an AES key (a byte array) in both C# and Java in a "cut-n-paste-able" way

Question

As part of a project I'm working on i need to encrypt some data with AES in C#-code and decrypt it in Java. Since security isn't a top priority (this is just a proof of concept) we are ok with the key being stored in the code as a property in some class.

The question then is: since java and C# bytes are different, how do i store the key in both languages in a cut-n-pasteable way?

This is how i do now:

Java:

// aesKeyBytes.length = 32
private static byte[] aesKeyBytes = new byte[]{  5, -67, 39 ... ,57, 120 }

C#:

private static byte[] KeyBytes() {
    var sbytes = new sbyte[] { 5, -67, 39 ... ,57, 120 }
    };
    return = sbytes
        .Select(sb => unchecked((byte) sb))
        .ToArray();
}

Is this a correct way to do it? Is an sbyte semantically the same as a Java byte and will an unchecked conversion of an sbyte get the correct corresponding byte for my key?

score 1 · Answer 1 · edited May 23 '17 at 12:19

1

I'd go with having the source contain the base64 version of the key, then using Convert.FromBase64String (C#), and whatever its Java equivalent is (although according to this there isn't one in the standard libraries...), to get the byte array.

edited May 23 '17 at 12:19

Community

1
1

answered May 23 '11 at 15:13

AakashM

62,551
17
151
186

This seems like the pragmatic choice that I think I'm going to go with. – Mattias Bengtsson May 23 '11 at 15:15

score 0 · Answer 2 · edited May 23 '17 at 11:55

0

Use a Rfc2898 implementation to generate bytes from a copy-and-paste-able password versus managing raw bytes.

.NET offers Rfc2898DeriveBytes.

The Java standard libraries don't include a Rfc2898 implementation, but there are many open implementations. See:

edited May 23 '17 at 11:55

Community

1
1

answered May 23 '11 at 15:04

Corbin March

25,526
6
73
100

How to define an AES key (a byte array) in both C# and Java in a "cut-n-paste-able" way

2 Answers2