Problem sending encrypted data via webservice

  • Thread starter Thread starter moondaddy
  • Start date Start date
M

moondaddy

Using vb.net I'm trying to send encrypted data as a parameter in a
webservice. I have sample code that takes a text file, encrypts it and
saves it as a text file, then it also successfully decrypts the encrypted
text file and saves that data in a 3rd text file. Great, the model works.
Now I need to take the encrypted text file and convert it to a string so I
can send it as a string parameter in a web service. The problem is that in
the process of reading the encrypted data from the file into a string
variable its getting changed somehow and therefore can't be decrypted. The
code that's working (before attempting to read the encrypted file to a
string var) is from this KB article: HOW TO: Encrypt and Decrypt a File by
Using Visual Basic .NET
http://support.microsoft.com/default.aspx?scid=kb;en-us;301070&Product=vbNET

I've killed 2 days trying to figure this out and have trying variations
using the UnicodeEncoding, ASCIIEncoding, UTF8Encoding classes in different
places in the code to no avail. How can I successfully convert the
encrypted file into a string var, or how can I simply send the encrypted
file as the parameter?

Thanks!
 
Hi,

Thanks for posting in the community.

Currently I am looking for somebody who could help you on it. We will reply
here with more information as soon as possible.
If you have any more concerns on it, please feel free to post here.


Thanks!

Best regards,

Gary Chang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
 
Hi,

Thanks for posting in the community.

First of all, I would like to confirm my understanding of your issue.
From your description, I understand that you wants to pass an secure data
into the webservice.
Have I fully understood you? If there is anything I misunderstood, please
feel free to let me know.

I think you may try to read the encrpted file as binary file and convert it
into a string.
Public Sub Main()
'Must be 64 bits, 8 bytes.
Dim sSecretKey As String

'Dim desCrypto As DESCryptoServiceProvider =
DESCryptoServiceProvider.Create()
'Dim ckey() As Byte = desCrypto.Key
'To secure the transfer, it is better to pass the security key in a
more secure way(e.g. https). Usually we can use a predefined key.

Dim bkey() As Byte = {&H56, &H3A, &HC6, &HC7, &HA1, &H4A, &H93,
&H34}
sSecretKey = ASCIIEncoding.ASCII.GetString(bkey)

' For additional security, pin the key.
'Dim gch As GCHandle = GCHandle.Alloc(sSecretKey,
GCHandleType.Pinned)

' Encrypt the file, the file is same as the KB article you mention.

EncryptFile("MyData.txt", _
"Encrypted.txt", _
sSecretKey)

Dim fs As New FileStream("Encrypted.txt", FileMode.Open)

Dim r As New BinaryReader(fs)
Dim by() As Byte = r.ReadBytes(fs.Length)
Dim str As String = Encoding.Unicode.GetString(by)
'To ensure the data has been encrpted.
Console.WriteLine(str)
r.Close()
fs.Close()

' Decrypt the file.
Dim ws As New localhost.Service1

'Do Base64 encoding so that we can pass it to the webservices.
Dim keystring As String = Convert.ToBase64String(bkey)

Console.WriteLine(ws.HelloWorld(str, keystring))
End Sub

[Web Service]
<WebMethod()> _
Public Function HelloWorld(ByVal str As String, ByVal skey As String)
As String
'Use the key passed
Dim bkey() As Byte = Convert.FromBase64String(skey)

'Or Use the predefined key.
'Dim bkey() As Byte = {&H56, &H3A, &HC6, &HC7, &HA1, &H4A, &H93,
&H34}

Dim sSecretKey As String = ASCIIEncoding.ASCII.GetString(bkey)
Dim bt() As Byte = Encoding.Unicode.GetBytes(str)
Dim o As New MemoryStream(bt)
Dim DES As New DESCryptoServiceProvider

DES.Key() = ASCIIEncoding.ASCII.GetBytes(sSecretKey)

DES.IV = ASCIIEncoding.ASCII.GetBytes(sSecretKey)

Dim desdecrypt As ICryptoTransform = DES.CreateDecryptor()

Dim cryptostreamDecr As New CryptoStream(o, desdecrypt,
CryptoStreamMode.Read)

Dim sstr As String = New StreamReader(cryptostreamDecr).ReadToEnd()
'Now the string has been decrypted.
Return sstr
End Function

[NOTE: Since we use a symmetric key to encrypt, i.e. we encrypt and decrypt
the data with the same key. So it is important to ensure the process of
pass the symmetric key]

Please apply my suggestion above and let me know if it helps resolve your
problem.

Also we can use a asymmetric key, which is known as a public-private key
pair. In which way, the webservice will need to keep a private key and it
can distribute the public key to all its client.
The client will need to encrypt the data with the public key, and only the
private key held by the webservice can be use to decrypted the data. (So it
is important to secure the process of distribution of private key)

Here is a link may help you.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/
wseencryption.asp

Take a look at the the two section below.
Symmetrically Encrypting a SOAP Message
Using X.509 Certificates to Encrypt a SOAP Message

For more information, see the "Managing X.509 Certificates," "Encrypting a
SOAP Message Using an X.509 Certificate," and "Decrypting a SOAP Message
Using an X.509 Certificate" sections in the WSE documentation.

You may download the document via the link below.
http://www.microsoft.com/downloads/details.aspx?FamilyId=06255A94-2635-4D29-
A90C-28B282993A41&displaylang=en

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
 
Thanks Peter this helps!

--
(e-mail address removed)
"Peter Huang" said:
Hi,

Thanks for posting in the community.

First of all, I would like to confirm my understanding of your issue.
From your description, I understand that you wants to pass an secure data
into the webservice.
Have I fully understood you? If there is anything I misunderstood, please
feel free to let me know.

I think you may try to read the encrpted file as binary file and convert it
into a string.
Public Sub Main()
'Must be 64 bits, 8 bytes.
Dim sSecretKey As String

'Dim desCrypto As DESCryptoServiceProvider =
DESCryptoServiceProvider.Create()
'Dim ckey() As Byte = desCrypto.Key
'To secure the transfer, it is better to pass the security key in a
more secure way(e.g. https). Usually we can use a predefined key.

Dim bkey() As Byte = {&H56, &H3A, &HC6, &HC7, &HA1, &H4A, &H93,
&H34}
sSecretKey = ASCIIEncoding.ASCII.GetString(bkey)

' For additional security, pin the key.
'Dim gch As GCHandle = GCHandle.Alloc(sSecretKey,
GCHandleType.Pinned)

' Encrypt the file, the file is same as the KB article you mention.

EncryptFile("MyData.txt", _
"Encrypted.txt", _
sSecretKey)

Dim fs As New FileStream("Encrypted.txt", FileMode.Open)

Dim r As New BinaryReader(fs)
Dim by() As Byte = r.ReadBytes(fs.Length)
Dim str As String = Encoding.Unicode.GetString(by)
'To ensure the data has been encrpted.
Console.WriteLine(str)
r.Close()
fs.Close()

' Decrypt the file.
Dim ws As New localhost.Service1

'Do Base64 encoding so that we can pass it to the webservices.
Dim keystring As String = Convert.ToBase64String(bkey)

Console.WriteLine(ws.HelloWorld(str, keystring))
End Sub

[Web Service]
<WebMethod()> _
Public Function HelloWorld(ByVal str As String, ByVal skey As String)
As String
'Use the key passed
Dim bkey() As Byte = Convert.FromBase64String(skey)

'Or Use the predefined key.
'Dim bkey() As Byte = {&H56, &H3A, &HC6, &HC7, &HA1, &H4A, &H93,
&H34}

Dim sSecretKey As String = ASCIIEncoding.ASCII.GetString(bkey)
Dim bt() As Byte = Encoding.Unicode.GetBytes(str)
Dim o As New MemoryStream(bt)
Dim DES As New DESCryptoServiceProvider

DES.Key() = ASCIIEncoding.ASCII.GetBytes(sSecretKey)

DES.IV = ASCIIEncoding.ASCII.GetBytes(sSecretKey)

Dim desdecrypt As ICryptoTransform = DES.CreateDecryptor()

Dim cryptostreamDecr As New CryptoStream(o, desdecrypt,
CryptoStreamMode.Read)

Dim sstr As String = New StreamReader(cryptostreamDecr).ReadToEnd()
'Now the string has been decrypted.
Return sstr
End Function

[NOTE: Since we use a symmetric key to encrypt, i.e. we encrypt and decrypt
the data with the same key. So it is important to ensure the process of
pass the symmetric key]

Please apply my suggestion above and let me know if it helps resolve your
problem.

Also we can use a asymmetric key, which is known as a public-private key
pair. In which way, the webservice will need to keep a private key and it
can distribute the public key to all its client.
The client will need to encrypt the data with the public key, and only the
private key held by the webservice can be use to decrypted the data. (So it
is important to secure the process of distribution of private key)

Here is a link may help you.

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnwse/html/
wseencryption.asp

Take a look at the the two section below.
Symmetrically Encrypting a SOAP Message
Using X.509 Certificates to Encrypt a SOAP Message

For more information, see the "Managing X.509 Certificates," "Encrypting a
SOAP Message Using an X.509 Certificate," and "Decrypting a SOAP Message
Using an X.509 Certificate" sections in the WSE documentation.

You may download the document via the link below.
http://www.microsoft.com/downloads/details.aspx?FamilyId=06255A94-2635-4D29-
A90C-28B282993A41&displaylang=en

Best regards,

Peter Huang
Microsoft Online Partner Support

Get Secure! - www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no rights.
Click to expand...
 
Back
Top