T
Tony Selke
Forgive my rather wide posting of this note, but I was uncertain of where I
would find the best help.
I am working on a class that is basically providing a secure location for
name/value pairs to be stored by the application. I am using TripleDES
encryption and having a very odd problem that appears to be related to a
memory management issue in the CLR. I have the 1.1 .NET Framework installed
and I am using VS.NET 2002.
I have a class whose definition begins like so:
Public Class cSecureConfigFile
' internal constants
Private Const BASE_XML As String = "XML crap here"
' internal objects
Private des As TripleDESCryptoServiceProvider = New
TripleDESCryptoServiceProvider()
Private md5 As New MD5CryptoServiceProvider()
Private xmlDoc As New XmlDocument()
Private ReadOnly fileName As String = Environment.CurrentDirectory &
"\cfg.bin"
Private ReadOnly key() As Byte = {<24 bytes go here>}
Private ReadOnly iv() As Byte = {8, 7, 6, 5, 4, 3, 2, 1}
The first time I run, if there is no file, I create one. Then I save it in
an encrypted manner. This works fine.
The second time I run, I decrypt the file just fine. Then, as soon as I
instantiate a new memory stream (xmlStream) and make the following call:
xmlDoc.Save(xmlStream)
my encryption vector (iv) is "flushed" (all bytes set to 0). Since the
variable is defined ReadOnly and I am not doing anything even remotely
related to the TDES object, I am thinking that the unused, tail-end of the
memory stream being used by xmlDoc is overwriting the vector array. As a
result, when I decrypt my file the next go around, the first 8 bytes are
screwed up.
As a test, I moved the declaration of the key and vector arrays to be inside
of the encryption function, and it all works flawlessly.
Is there something I am missing here, or does it look (as I suspect) like
the CLR is allowing a memory stream to overwrite an existing, used block of
memory?
Tony
would find the best help.
I am working on a class that is basically providing a secure location for
name/value pairs to be stored by the application. I am using TripleDES
encryption and having a very odd problem that appears to be related to a
memory management issue in the CLR. I have the 1.1 .NET Framework installed
and I am using VS.NET 2002.
I have a class whose definition begins like so:
Public Class cSecureConfigFile
' internal constants
Private Const BASE_XML As String = "XML crap here"
' internal objects
Private des As TripleDESCryptoServiceProvider = New
TripleDESCryptoServiceProvider()
Private md5 As New MD5CryptoServiceProvider()
Private xmlDoc As New XmlDocument()
Private ReadOnly fileName As String = Environment.CurrentDirectory &
"\cfg.bin"
Private ReadOnly key() As Byte = {<24 bytes go here>}
Private ReadOnly iv() As Byte = {8, 7, 6, 5, 4, 3, 2, 1}
The first time I run, if there is no file, I create one. Then I save it in
an encrypted manner. This works fine.
The second time I run, I decrypt the file just fine. Then, as soon as I
instantiate a new memory stream (xmlStream) and make the following call:
xmlDoc.Save(xmlStream)
my encryption vector (iv) is "flushed" (all bytes set to 0). Since the
variable is defined ReadOnly and I am not doing anything even remotely
related to the TDES object, I am thinking that the unused, tail-end of the
memory stream being used by xmlDoc is overwriting the vector array. As a
result, when I decrypt my file the next go around, the first 8 bytes are
screwed up.
As a test, I moved the declaration of the key and vector arrays to be inside
of the encryption function, and it all works flawlessly.
Is there something I am missing here, or does it look (as I suspect) like
the CLR is allowing a memory stream to overwrite an existing, used block of
memory?
Tony