Re: Decrypt AES
j...@cix.compulink.co.uk
snor...@newsgroups.nospam (=?Utf-8?B?U2NvdHQ=?=) wrote:
> I have a C# program that encrypts a structure with the
> RijndaelManaged class, I need to be able to decrypt that block in
> native cpp.
>
> I have looked everywhere, there are several/many aes implementations
> in cpp but none of them decrypt the block correctly. Going back the
> the C# program the block decrypts fine.
Do the other AES implementations talk to each other correctly? If so,
that's evidence that your C# version has a bug that operates
symmetrically for encryption and decryption.
--
John Dallman, j...@cix.co.uk, HTML mail is treated as probable spam.
Rong-Chun Zhang [MSFT]
Thanks for your feedback.
RijndaelManaged is an implementation of Rijndael algorithm and allows you
to select the block size. If the block size is not set to 128 bits,
RijndaelManaged will not be able to interoperate with an AES
implementation. The detailed information can be found in .NET security
blog(http://blogs.msdn.com/shawnfa/archive/2006/10/09/The-Differences-Betwee
n-Rijndael-and-AES.aspx):
<quote>
Since RijndaelManaged is an implementation of Rijndael, it will allow you
to select different block sizes (although both block and key sizes must be
either 128, 192, or 256 bits. 160 and 224 bit are not supported). By
selecting a block size which is not 128 bits however, RijndaelManaged will
not be able to interoperate with an AES implementation ... since the block
sizes will not match on either end of the communication.
One other interesting quirk of the RijndaelManaged implementation is that
it will adjust block size to match the feedback size in CFB mode. This
means that if you use CFB and a block size of 128 bits, but a feedback size
which is not 128 bits you again will not be compatible with AES. Generally
this does not affect many people, since the most common cipher mode to use
is CBC.
Essentially, if you want to use RijndaelManaged as AES you need to make
sure that:
1. The block size is set to 128 bits
2. You are not using CFB mode, or if you are the feedback size is also 128
bits
</quote>
Let me know if the above information helps. You can also try the workaround
on my last reply(use a C++/CLI wrapper class to interact with the
RijndaelManaged class) and tell me if this works for you. If you have
additional question and concerns, feel free to contact me. I will be more
than happy to be of assistance.
Regards,
Rongchun Zhang (v-rz...@online.microsoft.com, remove 'online.')
Microsoft Online Community Support
=================================================
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
msd...@microsoft.com.
This posting is provided "AS IS" with no warranties, and confers no rights.
=================================================
Scott
case I do NOT have the clr and I haven't been able to find a microsoft
library (native) that will decrypt any AES encrypted block.
There are several freeware or shareware implementations of AES/Rijndael
available but they are not FIPS standard which mean that only 128 bit
encryption can be used.
So what does MicroSoft recommend to decrypt a block in native mode that was
created with the managed encryption?
--
Scott Norberg
"Rong-Chun Zhang [MSFT]" wrote:
> Hello Scott Norberg,
>
> Thanks for using Microsoft Newsgroup Support Service, my name is Rongchun
> Zhang[MSFT] and I will work on this issue with you.
>
> The RijndaelManaged class in .NET creates encryptor and decryptor based on
> the secret key and the initialization vector. I am not sure how the cipher
> key is set in your cpp. However, one way to workaround the problem is to
> write a C++/CLI wrapper class to interact with the RijndaelManaged class,
> and use the wrapper class to do the decryption. But this requires a
> prerequisite, which is your application needs be run with CLR(.NET
> Framework need to be installed on the target machine). The following
> sample shows the creation of a wrapper class to interact with .NET objects:
>
> http://msdn.microsoft.com/en-us/library/ms235259.aspx
>
> By the way, the attached file is the source that shows how .NET implements
> the Rijndael symmetrical encryption algorithm. You can download the
> attachment in Windows Live Mail or Outlook Express. The reference code of
> .NET was downloaded from
> http://referencesource.microsoft.com/downloadsetup.aspx.
>
> Let me know if this workaround helps. If you have any additional question
> and concerns, feel free to contact me.
>
> Best regards,
> Rongchun Zhang (v-rz...@online.microsoft.com, remove 'online.')
> Microsoft Online Community Support
>
> Delighting our customers is our #1 priority. We welcome your comments and
> suggestions about how we can improve the support we provide to you. Please
> feel free to let my manager know what you think of the level of service
> provided. You can send feedback directly to my manager at:
> msd...@microsoft.com.
>
> ==================================================
> Get notification to my posts through email? Please refer to
> http://msdn.microsoft.com/en-us/subscriptions/aa948868.aspx#notifications.
>
> Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
> where an initial response from the community or a Microsoft Support
> Engineer within 1 business day is acceptable. Please note that each follow
> up response may take approximately 2 business days as the support
> professional working with you may need further investigation to reach the
> most efficient resolution. The offering is not appropriate for situations
> that require urgent, real-time or phone-based interactions or complex
> project analysis and dump analysis issues. Issues of this nature are best
> handled working with a dedicated Microsoft Support Engineer by contacting
> Microsoft Customer Support Services (CSS) at
> http://support.microsoft.com/select/default.aspx?target=assistance&ln=en-us.
> ==================================================
Scott
encrypt (easily) in a managed program and decrypt in a unmanaged program?
There is no requirement to be AES, I just need an easy to use method to
encrypt and decrypt, that is supported by Microsoft with both managed and
unmanaged code.
I have had some luck using the ProtectedData.Protect/Unprotect routines, but
these are too closely linked to the user or machine.
--
Scott Norberg
Rong-Chun Zhang [MSFT]
Thanks for your feedback.
> There is no requirement to be AES, I just need an easy to use method to
encrypt and decrypt, that is supported by Microsoft with both managed and
unmanaged code.
The cryptography libraries in .NET Framework provide a variety of managed
algorithm implementations as well as wrappers around native implementations
from the CryptoAPI. Therefore in many cases(especially that wraps
implementations from the CryptoAPI), you will be able to interoperate
between managed code and native code without any trouble. The point is to
match every single key property between native and its managed equivalent,
and then it should work just fine. You may also try to P/Invoke the
CryptoAPI to interoperate between managed code and native code. The
following articles show you more detailed information.
Extending .NET Cryptography with CAPICOM and P/Invoke
http://msdn.microsoft.com/en-us/library/ms867087.aspx
Applying Cryptography Using The CNG API In Windows Vista
http://msdn.microsoft.com/en-us/magazine/cc163389.aspx
If you have any additional questions and concerns, feel free to contact me.
Scott
to be the only way to solve this, so I wrote a managed cpp wrapper and a
unmanaged version. Everything encodes and decodes as they should.
Thanks for pushing me in that direction.
--
Scott Norberg