DES.CreateEncryptor() Question

  • Thread starter Thread starter Tiraman
  • Start date Start date
T

Tiraman

Hi ,

can some one explain me what does it mean those 2 params that i need

to pass the des.CreateEncryptor(rgbKey as byte,rgbIV as byte)


Best Regards ,

Tiraman :-)
 
In modern cryptography, ciphers (crypto algorithms) are publicly available.
You can look at the alogorithm's math and know exactly what it's doing.
However, the math requires a secret key. With DES (and all "symmetric block
ciphers"), the key is used as part of the math to encrypt the data. The very
same key must be used to decrypt it. As you can see, the key is just a
sequence of bytes (it's actually a byte array, not just a single byte).

In .NET, when you create the initial symmetric block cipher object (in this
case, the DES object), it will automatically generate a
cryptographically-strong, random key sequence for you. When you call
CreateEncryptor, if you pass no key, the key in the base DES object is used.
However, as you can see with the method you wrote here, you can pass your
own key (because remember, you must use the same key to decrypt data that
you used to encrypt it in the first place).

As for the IV, it's used in various Feedback modes. If you encrypt straight
plain text one block at a time, and that data had repeating blocks, you
could end up with repeating encrypted blocks, and that could give away clues
to a malicious person looking to crack your encryption. Feedback takes bits
from the previous block and mathematically infuses that data with the next
block as it encrypts. That way, you get even more protection and more
unpreditcable results. However, the first block of data has nothing in front
of it to use as feedback, so the IV acts as a "fake" block of data used to
perform the feedback math on the first block. If you use a feedback mode
(.NET uses some form of feedback by default unless you turn it off), you
must also keep the IV byte sequence used to encrypt the data because you
can't decrypt the data without it. Make sure you keep both the Key and IV
private and safe at all times.

-Rob Teixeira [MVP]
 
hi ,

first i would like to 10x for the gr8 explanation but it is still not so
clear to me .

i tried to use those 2 keys as follow
Dim rgbKey() As Byte = New UnicodeEncoding().GetBytes("abcd")

Dim rgbIV() As Byte = New UnicodeEncoding().GetBytes("SomeString")

Dim DesEnc As ICryptoTransform = Des.CreateEncryptor(rgbKey, rgbIV)

and i got the encryption and decryption as well but if i tried to put some
more text in the secret key it was failed bcz of

Specified key is not a valid size for this algorithm.

so how can i use those methods but for the above example ?

how can i change the size of the key ?

10x again
 
Ideally, the keys and IV should be generated randomly. Using the unicode
bytes may not be a good idea becuse it creates repeating sets of zeros in
your key data (in fact, half your key will be zeros for most string
characters used), and that may present vulnerabilities in the expanded key
and even encrypted data itself (clues that would give a potential hacker
insight into what the original key was).

But getting back to the data itself - the IV must always be exactly one
block in size. One block could be different number of bits depending on the
algorithm you use. For most block encryption algorithms, a block is 16 bits
or 32 bits. You can check the BlockSize property on the base algorithm
object.
The key length itself also depends on the algorithm. Most algorithms have at
least a few possible key lengths, which are typically multiples or factors
of the block size (or some relation thereof). You can check the KeySizes
property of the base cipher object for valid sizes of the algorithm you
choose.

On the other hand, if you want to create keys from password strings, rather
than use the strings directly, check out the PasswordDerrivedBytes class. If
you use that class, you can use variably sized input strings. But like I
said, your best bet would be to randomly generate the keys using something
like the RandomNumberGenerator class (both these classes are also in the
system.security.cryptography namespace).

-Rob Teixeira [MVP]
 
Hello Rob

10x for the explanation !

Rob Teixeira said:
Ideally, the keys and IV should be generated randomly. Using the unicode
bytes may not be a good idea becuse it creates repeating sets of zeros in
your key data (in fact, half your key will be zeros for most string
characters used), and that may present vulnerabilities in the expanded key
and even encrypted data itself (clues that would give a potential hacker
insight into what the original key was).

But getting back to the data itself - the IV must always be exactly one
block in size. One block could be different number of bits depending on the
algorithm you use. For most block encryption algorithms, a block is 16 bits
or 32 bits. You can check the BlockSize property on the base algorithm
object.
The key length itself also depends on the algorithm. Most algorithms have at
least a few possible key lengths, which are typically multiples or factors
of the block size (or some relation thereof). You can check the KeySizes
property of the base cipher object for valid sizes of the algorithm you
choose.

On the other hand, if you want to create keys from password strings, rather
than use the strings directly, check out the PasswordDerrivedBytes class. If
you use that class, you can use variably sized input strings. But like I
said, your best bet would be to randomly generate the keys using something
like the RandomNumberGenerator class (both these classes are also in the
system.security.cryptography namespace).

-Rob Teixeira [MVP]
Click to expand...
 
Back
Top