Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

How to decrypt RC4 w/ managed code?

341 views
Skip to first unread message

Grant Davis

unread,
Sep 8, 2009, 5:33:39 PM9/8/09
to
We're migrating a COM application (VB6) that uses the Crypto API to
encrypt data using RC4 (128 bit keys, MD5 hash) and stores it in a
database. I need to decrypt this data in .NET and I cannot use
PINVOKE or any other unmanaged code.

Of course, RC4 is not supported in the .NET Framework.

I have attempted to use some open-source RC4 implementations to
decrypt our CryptoAPI-encrypted data without success. Not sure if the
problem is in the implementation of the RC4 algorithms themselves or
the key generation.

I have been calling PasswordDerivedBytes.CryptDeriveKey() with "RC2"
as the algname argument, as "RC4" is not available, and this seems to
be the only algname that will produce a 128 bit key without salt
(which is how the keys were derived in the encryption phase.

Any assistance or direction would be much appreciated. Thanks in
advance for your help.

-Grant

Mounir IDRASSI

unread,
Sep 10, 2009, 8:27:01 PM9/10/09
to
Hi,

I have answered a similar question sometimes ago concerning RC4
interoperability between Crypto API and openssl and I have provided a sample
code that shows how this can be done for 56-bit RC4 keys (but can be modified
for all sizes)

You can implement the logic of my sample in .NET by using any available .NET
RC4 implementation (like the one of BouncyCastle
http://www.bouncycastle.org/csharp/ ).

Here is the link for my sample :
http://www.idrix.fr/Root/Samples/rc4_deriveKey.cpp

If you need an explicit .NET implementation of the above, I can provide one.

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)

Mounir IDRASSI

unread,
Sep 13, 2009, 3:56:01 PM9/13/09
to
Hi,

I have written a fully managed version of RC4 key derivation and decryption.
You can get the source code of the implementation from the following link :
http://www.idrix.fr/Root/Samples/rc4_derive_dotnet.cs

The code contains a test that checks that the implementation is correct
against Crypto API (P/Invoke is used for this test).

Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr

To reach me: mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)

Neuron Upheaval

unread,
Apr 15, 2011, 3:40:54 PM4/15/11
to
Lucky you!

Now there is a .NET managed-code implementation of the RC4 algorithm which is also compliant to Microsoft's Crypto API.

The project is called RC4ize.NET and is hosted at https://github.com/NeuronUpheaval/RC4ize.NET

Please feel free to check it out!

Cheers

> On Thursday, September 10, 2009 8:27 PM Mounir IDRASSI wrote:

> Hi,
>
> I have answered a similar question sometimes ago concerning RC4
> interoperability between Crypto API and openssl and I have provided a sample
> code that shows how this can be done for 56-bit RC4 keys (but can be modified
> for all sizes)
>
> You can implement the logic of my sample in .NET by using any available .NET
> RC4 implementation (like the one of BouncyCastle
> http://www.bouncycastle.org/csharp/ ).
>
> Here is the link for my sample :
> http://www.idrix.fr/Root/Samples/rc4_deriveKey.cpp
>
> If you need an explicit .NET implementation of the above, I can provide one.
>

> Cheers,
> --
> Mounir IDRASSI
> IDRIX
> http://www.idrix.fr
>
> To reach me: mounir_idrix_fr (replace the underscores with the at and dot
> characters respectively)
>
>
> "Grant Davis" wrote:


>> On Sunday, September 13, 2009 3:56 PM Mounir IDRASSI wrote:

>> Hi,
>>
>> I have written a fully managed version of RC4 key derivation and decryption.
>> You can get the source code of the implementation from the following link :
>> http://www.idrix.fr/Root/Samples/rc4_derive_dotnet.cs
>>
>> The code contains a test that checks that the implementation is correct
>> against Crypto API (P/Invoke is used for this test).
>>
>> Cheers,
>> --
>> Mounir IDRASSI
>> IDRIX
>> http://www.idrix.fr
>>
>> To reach me: mounir_idrix_fr (replace the underscores with the at and dot
>> characters respectively)
>>
>>
>> "Grant Davis" wrote:

0 new messages