c# - ASP.NET DES encryption with encrypted text length equal to plain text length -
i looking encrypt string of text using des algorithm requirement encrypted string length should same plain text string length. have tried use option ciphermode.cts, getting cryptographicexception "specified cipher mode not valid algorithm."
thanks in advance.
as stated in this codeproject article time ago.
the cts mode not supported of symmetric encryption algorithms shipped .net framework bcl. included support new symmetric algorithms might derive symmetricalgorithm class @ later time.
this article 2002, after doing further investigation, quote above seems still accurate.
fortunately though, bouncy castle support cts.
public static byte[] encrypt(byte[] data, byte[] key, byte[] iv) { bufferedblockcipher cipher = new ctsblockcipher(new cbcblockcipher(new aesengine())); icipherparameters keyparam = new parameterswithiv(new keyparameter(key), iv); cipher.init(true, keyparam); return cipher.dofinal(data, 0, data.length); } public static byte[] decrypt(byte[] data, byte[] key, byte[] iv) { bufferedblockcipher cipher = new ctsblockcipher(new cbcblockcipher(new aesengine())); icipherparameters keyparam = new parameterswithiv(new keyparameter(key), iv); cipher.init(false, keyparam); return cipher.dofinal(data, 0, data.length); }
cbc used in example , you'll need use fixed iv since don't have anywhere store random iv each encryption (which preferable). if there way can change encrypted data length requirement, should , use aes cbc , random iv instead. at minimum though, use aes instead of des (as in code above). des insecure regardless of whatever block cipher mode use it.
there 2 further things should keep in mind.
first, cts (in bouncy castle implementation) requires data you're encrypting @ least 1 block in length. if use aes, data need @ least 16 bytes, or if use des it'll need @ least 8 bytes.
second, if you're encrypting text need keep in mind encrypted data binary, , may not able store in same location unencrypted text without encoding hex or base64 first (which increase it's length).
update
a side note on strength/security of cts: given ntoskrnl's comment ecb cts (which correct), thought prudent investigate if cts weakens cbc in way. appears that not.
Comments
Post a Comment