Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
using Rijndael with a randomly generated intialization vector 1
- Thread starter tango1948
- Start date
-
1
- #2
The initialization vector (IV) is just an array of bytes.
When you create a new instance of the RijndaelManaged class, it's IV property is set to a random byte array (this is cryptographically strong randomness, not the weak pseudo-random generation), and you'd just use that.
If you want to use your own IV (and you should because you'll need those bytes to successfully decrypt it later), the length must be the same as the Blocksize property.
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
When you create a new instance of the RijndaelManaged class, it's IV property is set to a random byte array (this is cryptographically strong randomness, not the weak pseudo-random generation), and you'd just use that.
If you want to use your own IV (and you should because you'll need those bytes to successfully decrypt it later), the length must be the same as the Blocksize property.
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
- Thread starter
- #3
Hi Chip,
Thanks for your reply. The thing is that I recieve the encrypted string with a randomly generated IV. I understand that the IV is included at the begining of the encrypted string and I thought there may be functions the .Net Cryptography library that would return the IV from a Rijndael encrypted string.
Thanks for your reply. The thing is that I recieve the encrypted string with a randomly generated IV. I understand that the IV is included at the begining of the encrypted string and I thought there may be functions the .Net Cryptography library that would return the IV from a Rijndael encrypted string.
No, the IV and the key need to be passed 'out of band'. They are not embedded in the crypto stream in any way (other than the fact that they're encrypted into the stream...)
This is why private-key cryptography is so expensive/difficult in the real world -- you need a way to make sure all the participants in a conversation have the same IV/key pair. The US Military has people whose job it is to hand-carry key information around the world to all the military bases that need it. That's generally not an option for the rest of us!
Which is why that public/private-key cryptography is so appealing. You can publish your public key with no worries that an attacker can use it against you.
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
This is why private-key cryptography is so expensive/difficult in the real world -- you need a way to make sure all the participants in a conversation have the same IV/key pair. The US Military has people whose job it is to hand-carry key information around the world to all the military bases that need it. That's generally not an option for the rest of us!
Which is why that public/private-key cryptography is so appealing. You can publish your public key with no worries that an attacker can use it against you.
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
- Thread starter
- #5
- Thread starter
- #6
Chip Hi,
found the following at
"Because the initialization vector is required during decryption, it must be stored along with the encrypted data. (Note: Unlike the encryption key, the initialization vector contains no secret, so there is no need to protect it, although protecting it would not hurt.) Similar to salt used in hashing, the initialization vector can be stored in a separate table column or appended to the ciphertext, in which case you must consider it in the size calculations; because the size of the initialization vector is likely to be constant (normally, it must be the same as the size of the encryption block), it can be easily extracted from the ciphertext value."
Seems to suggest that the IV is stored with the encrypted data.
David
found the following at
"Because the initialization vector is required during decryption, it must be stored along with the encrypted data. (Note: Unlike the encryption key, the initialization vector contains no secret, so there is no need to protect it, although protecting it would not hurt.) Similar to salt used in hashing, the initialization vector can be stored in a separate table column or appended to the ciphertext, in which case you must consider it in the size calculations; because the size of the initialization vector is likely to be constant (normally, it must be the same as the size of the encryption block), it can be easily extracted from the ciphertext value."
Seems to suggest that the IV is stored with the encrypted data.
David
You're right -- I was thinking about another crypto algorithm. Sorry.
If you know your blocksize, you can read that number of bytes from the encrypted stream, set your IV and key, then reposition the stream back to 0, and pass it to the decrypt method.
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
If you know your blocksize, you can read that number of bytes from the encrypted stream, set your IV and key, then reposition the stream back to 0, and pass it to the decrypt method.
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
- Thread starter
- #8
Hi Chip
Thanks for the reply, I'm still breaking my head to decrypt i'm having problems reading the encrypted string - wrong length, "invalid character in a Base-64 string" ect.
I'd really appriciate a snippet of code that does what you suggested - the blocksize is 16 bytes.
Thanks
David
Thanks for the reply, I'm still breaking my head to decrypt i'm having problems reading the encrypted string - wrong length, "invalid character in a Base-64 string" ect.
I'd really appriciate a snippet of code that does what you suggested - the blocksize is 16 bytes.
Thanks
David
Oh, it's been Base-64 encoded. You'd have to Base-64 decode the entire stream first, to get back to a byte array, and then start looking for the IV.
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
Chip H.
____________________________________________________________________
If you want to get the best response to a question, please read FAQ222-2244 first
- Status
Similar threads
