DES Querystring Encryptiion

  • Thread starter Thread starter Chad
  • Start date Start date
C

Chad

Another (non .NET, Oracle) application will be passing my .NET web application data via the QueryString. I was told that this data would be DES encrypted and Base64 encoded.

The problem is that they told me that their encryption package uses only a "key" to perform the encryption....
http://www.lc.leidenuniv.nl/awcourse/oracle/appdev.920/a96612/d_obtoo2.htm

....but the .NET DES object that I expect to use to decrypt the Querystring expects 2 parameters, the original KEY used to encode it plus an Initialization Vector (IV)

http://msdn2.microsoft.com/system.security.cryptography.des.aspx

It seems to me that unless I have the IV, that there is no way that I can decode the Querystring they send me. Any idea?



I saw an example on the web

http://www.devcity.net/Articles/47/1/encrypt_querystring.aspx

which uses the following IV :

Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}

Since I saw this same IV value in multiple web examples, I thought perhaps for some reason it was commonly used, though using this value along with the key that was provided to me did not yeild a meaningful result.



Any suggestions would be appreciated.
 
That's correct. You can agree with them on a suitable vector that you would
hard code in if they don't want to pass it to you.

--
Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------



Another (non .NET, Oracle) application will be passing my .NET web
application data via the QueryString. I was told that this data would be DES
encrypted and Base64 encoded.

The problem is that they told me that their encryption package uses only a
"key" to perform the encryption....
http://www.lc.leidenuniv.nl/awcourse/oracle/appdev.920/a96612/d_obtoo2.htm

....but the .NET DES object that I expect to use to decrypt the Querystring
expects 2 parameters, the original KEY used to encode it plus an
Initialization Vector (IV)

http://msdn2.microsoft.com/system.security.cryptography.des.aspx

It seems to me that unless I have the IV, that there is no way that I can
decode the Querystring they send me. Any idea?



I saw an example on the web

http://www.devcity.net/Articles/47/1/encrypt_querystring.aspx

which uses the following IV :

Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}

Since I saw this same IV value in multiple web examples, I thought perhaps
for some reason it was commonly used, though using this value along with the
key that was provided to me did not yeild a meaningful result.



Any suggestions would be appreciated.
 
Several years ago I had to do something similar using VB6 and a third party
encryption component. I had to decrypt the querystring data which was
encrypted by a Java application.

I think it was DES (instead of 3DES). They only gave me a PW and said not to
use an IV. I thought it strange but I did so and it worked.

Hope this helps...
 
Back
Top