Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to decrypt RC4 w/ managed code?

11 views
Skip to first unread message

Grant Davis

unread,
Sep 9, 2009, 9:27:09 AM9/9/09
to
Crossposted from microsoft.public.security.crypto ...

We're migrating a COM application (VB6) that uses the Crypto API to
encrypt data using RC4 (128 bit keys, MD5 hash) and stores it in a
database. I need to decrypt this data in .NET and I cannot use
PINVOKE or any other unmanaged code.

Of course, RC4 is not supported in the .NET Framework.

I have attempted to use some open-source RC4 implementations to
decrypt our CryptoAPI-encrypted data without success. Not sure if
the
problem is in the implementation of the RC4 algorithms themselves or
the key generation.

I have been calling PasswordDerivedBytes.CryptDeriveKey() with "RC2"
as the algname argument, as "RC4" is not available, and this seems to
be the only algname that will produce a 128 bit key without salt
(which is how the keys were derived in the encryption phase).

Any assistance or direction would be much appreciated. Thanks in
advance for your help.

-Grant

Jesse Houwing

unread,
Sep 10, 2009, 4:32:07 AM9/10/09
to

As part of your migration, have you considered decrypting the data and
re-encrypting it using a supported, safer, encryption scheme? That would
be my strong suggestion.

From your post I gather that you've already tried solutions like:
http://sourceforge.net/projects/rc4dotnet/

Apart from using COM interop there is no alternative but using P/Invokes
to invoke CAPICOM. For more information on generating the correct COM
Runtime Callable Wrapper see:
http://msdn.microsoft.com/en-us/library/ms973800.aspx


--
Jesse Houwing
jesse.houwing at sogeti.nl

0 new messages