After looking at a few examples, I put together several encryption / decryption methods that use Rfc2898DeriveBytes to get the key and initialization vector. My concern is that the party receiving my encrypted content should be able to decrypt it. Since I have no control over what language they use (can be Java, PHP, C, etc.), How can I guarantee that they can get the Key vector and Initialization Vector (IV), since I use the Rfc2898DeriveBytes class in .NET? Here are the encryption and decryption methods that I use.
Public Shared Function EncryptText(ByVal plainText As String, ByVal password As String) As String Dim aesCrypto As Rijndael = Nothing Dim plainTextBytes As Byte() plainTextBytes = Encoding.Default.GetBytes(plainText) Dim rfc2898 As Rfc2898DeriveBytes rfc2898 = New Rfc2898DeriveBytes(password, GenerateSalt(password)) aesCrypto = Rijndael.Create() aesCrypto.Padding = PaddingMode.ISO10126 Dim tx As ICryptoTransform tx = aesCrypto.CreateEncryptor(rfc2898.GetBytes(32), rfc2898.GetBytes(16)) Dim encryptedBytes As Byte() encryptedBytes = tx.TransformFinalBlock(plainTextBytes, 0, plainTextBytes.Length) Return Convert.ToBase64String(encryptedBytes) End Function Public Shared Function DecryptText(ByVal encryptedText As String, ByVal password As String) As String Dim aesCrypto As Rijndael = Nothing Dim encryptedTextBytes As Byte() encryptedTextBytes = Convert.FromBase64String(encryptedText) Dim rfc2898 As Rfc2898DeriveBytes rfc2898 = New Rfc2898DeriveBytes(password, GenerateSalt(password)) aesCrypto = Rijndael.Create() aesCrypto.Padding = PaddingMode.ISO10126 Dim tx As ICryptoTransform tx = aesCrypto.CreateEncryptor(rfc2898.GetBytes(32), rfc2898.GetBytes(16)) Dim decryptedBytes As Byte() decryptedBytes = tx.TransformFinalBlock(encryptedTextBytes, 0, encryptedTextBytes.Length) Return Encoding.Default.GetString(decryptedBytes) End Function
source share