I am attempting to use System.Security.Cryptography.AesManaged
to encrypt a file in my .net application. It needs to be decrypted in an embedded Linux enviroment, so the .net libraries will not be available to me.
The code I have at the moment looks something like this:
string encPassword = "ABCDABCDABCDABCDABCDABCDABCDABCD";
string sourceFile = "myFile.txt";
string targetFile = "myFile.encrypted.txt";
FileStream fsInput = = new FileStream(sourceFile, FileMode.Open, FileAccess.Read);
FileStream fsOutput = new FileStream(targetFile, FileMode.OpenOrCreate, FileAccess.Write);
CryptoStream cryptoStream = null;
try
{
byte[] key = Encoding.ASCII.GetBytes(encPasswd);
byte[] IV = new byte[16];
Array.Copy(key, 0, IV, 0, 16);
AesManaged aes = new AesManaged();
aes.Key = key;
aes.IV = IV;
aes.BlockSize = 128;
aes.KeySize = 256;
aes.Mode = CipherMode.CBC;
ICryptoTransform encryptor = aes.CreateEncryptor();
cryptoStream = new CryptoStream(fsOutput, encryptor, CryptoStreamMode.Write);
byte[] buffer = new byte[BUFFER_LENGTH];
long bytesProcessed = 0;
long fileLength = fsInput.Length;
int bytesInCurrentBlock;
do
{
bytesInCurrentBlock = fsInput.Read(buffer, 0, BUFFER_LENGTH);
cryptoStream.Write(buffer, 0, bytesInCurrentBlock);
bytesProcessed = bytesProcessed + bytesInCurrentBlock;
}
while (bytesProcessed < fileLength);
return true;
}
// ...
This encrypts the file okay. Now I am trying to decrypt the file using a 3rd-party utility on Windows that is also supported in Linux, to give me confidence that the Linux developer will be able to decrypt it.
A quick search on SourceForge let me to Enqrypt. However, if I use Enqrypt
on the encrypted file like this:
enqrypt.exe -d -aes -256 -cbc -k ABCDABCDABCDABCDABCDABCDABCDABCD myFile.encrypted.txt
where -d
indicates decrypt, -256
indicates the key size, -cbc
the mode, and -k
preceding the key.
it doesn't give me the original file.
I have tried this with a few 3rd party utilities but I can't seem to decrypt it.
Are there any obvious errors with how I am attempting to encrypt and decrypt this file?
In response to recommendations from @Paŭlo, I now have the following test code (don't worry, I plan to change the key and IV to be different):
byte[] key = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 };
byte[] IV = { 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, 0x88 };
The block size is still 128 and the key size is still 256 in code.
I now try to decrypt the file using openssl
like so:
openssl enc -d -aes-256-cbc -in c:\encrypted.txt -out c:\decrypted.txt -K 11223344556677881122334455667788 -iv 11223344556677881122334455667788
This results in the following error:
bad decrypt 11452:error:06065064:digital envelope routines:EVP_DecryptFinal:bad decrypt:evp_enc.c:450:
Any idea what I am doing wrong?
I found the solution to my problem with decrypting using openssl
(in the Update section of the question).
Firstly, my key length was wrong (as suggested by @Paŭlo Ebermann) - it should have been 256 bits.
But the final problem was that I was setting the key size after the key:
AesManaged aes = new AesManaged();
aes.Key = key;
aes.IV = IV;
aes.BlockSize = 128;
aes.KeySize = 256;
aes.Mode = CipherMode.CBC;
If I changed the above code to the following, I could decrypt it using openssl
:
AesManaged aes = new AesManaged();
aes.BlockSize = 128;
aes.KeySize = 256;
aes.Key = key;
aes.IV = IV;
aes.Mode = CipherMode.CBC;
Thanks to this answer which led me in the right direction, and thanks to everyone else for their answers!
This enqrypt tool seems to be quite silly:
DUMMY_DUMMY_DUMM
.For CBC, the initialization vector should be essentially random, and not predictable by any attacker, if you use the same key for multiple messages.
You can work around the issue of fixed IV: Simply prepend your plaintext with one block (128 bits=16 bytes) of random data, encrypt with the fixed initialization vector, and strip this first block off again after decryption. As each block's ciphertext is used like the initialization vector for the next block, this should give enough randomization for the real data.
But as enqrypt is only A simple demonstrative command line tool, I think you should instead use either the openssl
command line tool, as recommended by sarnold, or use the OpenSSL library functions directly (if you are writing a program there).
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With