We're migrating a COM application (VB6) that uses the Crypto API to
encrypt data using RC4 (128 bit keys, MD5 hash) and stores it in a
database. I need to decrypt this data in .NET and I cannot use
PINVOKE or any other unmanaged code.
Of course, RC4 is not supported in the .NET Framework.
I have attempted to use some open-source RC4 implementations to
decrypt our CryptoAPI-encrypted data without success. Not sure if
the
problem is in the implementation of the RC4 algorithms themselves or
the key generation.
I have been calling PasswordDerivedBytes.CryptDeriveKey() with "RC2"
as the algname argument, as "RC4" is not available, and this seems to
be the only algname that will produce a 128 bit key without salt
(which is how the keys were derived in the encryption phase).
Any assistance or direction would be much appreciated. Thanks in
advance for your help.
-Grant
As part of your migration, have you considered decrypting the data and
re-encrypting it using a supported, safer, encryption scheme? That would
be my strong suggestion.
From your post I gather that you've already tried solutions like:
http://sourceforge.net/projects/rc4dotnet/
Apart from using COM interop there is no alternative but using P/Invokes
to invoke CAPICOM. For more information on generating the correct COM
Runtime Callable Wrapper see:
http://msdn.microsoft.com/en-us/library/ms973800.aspx
--
Jesse Houwing
jesse.houwing at sogeti.nl