0

I am looking for a way to encrypt and decrypt 12 digits text by 32 characters long key. The cipher must be of fixed length (32 or less). Is it possible?

Thanks in advance

Parth Patel
  • 307
  • 1
  • 6
  • 19
  • 2
    It is possible! But that needs some initial trial from you. What code have you written already? – Kangkan Oct 07 '11 at 12:22
  • What type of encryption do you want to use? There are several different algorithms (http://msdn.microsoft.com/en-us/library/system.security.cryptography.symmetricalgorithm.aspx). The cipher length is easily configurable for all of them. – SwDevMan81 Oct 07 '11 at 12:26
  • Take a look at the following article - http://stackoverflow.com/questions/845623/whats-the-best-way-to-encrypt-short-strings-in-net you also must realize that if the 12 characters is a password that simply is NOT long enough and should be padded and then encrypted. – Security Hound Oct 07 '11 at 12:28
  • @Ramhound: The plaintext has 12 characters. The key has 32. – Dennis Oct 07 '11 at 12:52

1 Answers1

1

Of course. With a good block cipher (like AES), you can choose between encrypting text as a block (the output will be a 32 character block) and you'll have 256 bit encryption or XORing the text with an encrypted nonce (the output will be a 12 byte ciphertext) and you'll have 96 bit encryption.

Just googling for AES and C# should come up with a ready-to-use implementation. Be sure to use a proper nonce (in some contexts also called initialization vector).

To use a hash for your purposes (see comments on this answer), proceed as follows:

Hashing:

  1. Compute HASH = hash(FROM_DATE + TO_DATE + SECRET).

  2. Output FROM_DATE + TO_DATE + HASH.

+ denotes concenation and SECRET is only known to you.

If using only capitals and numbers, it should be at least 25 characters long.

Verification:

  1. Split string into FROM_DATE + TO_DATE and HASH.

  2. Verify that HASH = hash(FROM_DATE + TO_DATE + SECRET)

SHA-256 should work quite well for this.

Community
  • 1
  • 1
Dennis
  • 14,264
  • 2
  • 48
  • 57
  • Would it create cipher with length of exact 32 characters? Moreover, will all the characters be among capital letter or digit? – Parth Patel Oct 07 '11 at 12:44
  • AES comes for 128, 192 and 256 bit keys. When encrypting the text (previously XORed with an initialization vector for security) with a 256 bit key, the ciphertext will have exactly 32 characters, (almost) randomly distributed among all 256 ASCII characters. – Dennis Oct 07 '11 at 12:51
  • Well, I want cipher with only capital letters and digits (which I am going to use as product key). And I cannot use 1-way decryption using hash as I am attaching validation dates (from and to date) in plain text and need to decrypt cipher upon application startup. Any suggestion? – Parth Patel Oct 07 '11 at 13:00
  • Capital letters and numbers are 36 characters. Cuts them down to 32, use 128 bits, and convert from 8 bit characters to base 32. It will work, but you could also use hash. I'll edit my answer to show you how. – Dennis Oct 07 '11 at 13:12
  • Dennis, the way you suggested was exactly what I have implemented right now. But client don't want from and to date to be exposed (though it's ridiculous as validity should always be visible to user!). So, I cannot even implement that method :-( – Parth Patel Oct 07 '11 at 13:37
  • Ridiculous indeed... Well, just use the 128 bit encryption and output the result as hexadecimal (A-Z and 0-9). Exactly 32 characters needed. – Dennis Oct 07 '11 at 13:47