All geek questions in one place

Extending AES using C #

I use a Java-based configuration management tool called Zuul , which supports the encryption of sensitive configuration information using various encryption schemes.

I configured it to use the below schema for my data

AES (Bouncy Castle)

  • Name: PBEWITHSHA256AND128BITAES-CBC-BC
  • Requirements: Bouncy Castle API and JCE Unlimited Strength Policy Files.
  • Hash Algorithm: SHA256
  • Iteration Hashing: 1000

Now, while reading my configuration data, I need to decrypt the information before I can use it, and the documentation below provides information on this topic.

The encrypted values ​​created by Jasypt (and therefore Zuul) are prefixed with salt (usually 8 or 16 bytes, depending on the requirements of the algorithm). Then they are encoded by Base64. Deciphering the results is something like this:

  • Convert Base64 string to bytes
  • Delete the first 8 or 16 bytes as salt
  • Save remaining bytes for encrypted payload
  • Call KDF function with salt, counter and password to create a secret key.
  • Use secret key to decrypt encrypted payload

Read more here: Zull Encryption wiki

Based on the details above, I wrote the code below (and my security knowledge is very limited)

public static string Decrypt(string cipher, string password)
{
   const int saltLength = 16;
   const int iterations = 1000;

   byte[] cipherBytes = Convert.FromBase64String(cipher);
   byte[] saltBytes = cipherBytes.Take(saltLength).ToArray();
   byte[] encryptedBytes = cipherBytes.Skip(saltLength).ToArray();

   Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(password, saltBytes, iterations);
   byte[] keyBytes = key.GetBytes(16);

   AesCryptoServiceProvider aesAlg = new AesCryptoServiceProvider();
   aesAlg.KeySize = 256;
   aesAlg.BlockSize = 128;

   aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
   aesAlg.IV = key.GetBytes(aesAlg.BlockSize / 8);

   ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
   MemoryStream msDecrypt = new MemoryStream(encryptedBytes);
   CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read);
   StreamReader srDecrypt = new StreamReader(csDecrypt);

   return srDecrypt.ReadToEnd();
}

I configured Zuul to use the password below for encryption

Simplepassword

, , .

p8C9hAHaoo0F25rMueT0 + u0O6xYVpGIkjHmWqFJmTOvpV8 + cipoDFIUnaOFF5ElQ

, ,

System.Security.Cryptography.CryptographicException: .

, , , , , - .

.

+4
2

Bouncy Castle , Zuul.

,

public static string Decrypt(string cipher, string password)
{
   const int saltLength = 16;
   const int iterations = 1000;
   const string algSpec = "AES/CBC/NoPadding";
   const string algName = "PBEWITHSHA256AND128BITAES-CBC-BC";

   byte[] cipherBytes = Convert.FromBase64String(cipher);
   byte[] saltBytes = cipherBytes.Take(saltLength).ToArray();
   byte[] encryptedBytes = cipherBytes.Skip(saltLength).ToArray();
   char[] passwordChars = password.ToCharArray();

   Asn1Encodable defParams = PbeUtilities.GenerateAlgorithmParameters(algName, saltBytes, iterations);
   IWrapper wrapper = WrapperUtilities.GetWrapper(algSpec);
   ICipherParameters parameters = PbeUtilities.GenerateCipherParameters(algName, passwordChars, defParams);
   wrapper.Init(false, parameters);

   byte[] keyText = wrapper.Unwrap(encryptedBytes, 0, encryptedBytes.Length);

   return Encoding.Default.GetString(keyText);
}
0

Zuul, iv /. , 256 + 128 (.. 48 ) 32 16 IV. , key.DeriveBytes.

+1

Source: https://habr.com/ru/post/1599618/

More articles:


All Articles