Introduction to AES

Key sizes 256, 512 or 1024 bits (key size is equal to block size) Block sizes 256, 512 or 1024 bits Rounds 72 (80 for 1024-bit block size) TWOFISH Designers Bruce Schneier First published 1998 Derived from Blowfish, SAFER, Square Related to Threefish Certification AES finalist. Each half of the 256 bit key gets mixed in less often compared with the 128 bit key since AES-256 only as 1.4 times as many rounds, not twice as many. The additional rounds might compensate for the weaker key schedule in padded AES-256 compared with AES-128, but it certainly feels risky.

The AES encryption is a symmetric cipher and uses the same key for encryption and decryption. The AES algorithm supports 128, 192 and 256 bit encryption, which is determined from the key size : 128 bit encryption when the key is 16 bytes, 192 when the key is 24 bytes and 256 bit when the key is 32 bytes.

The methods provided by the library accept also a string password instead of a key, which is internally converted to a key with a chosen Hash function.

The optional initialization vector (IV) size is 16 bytes, which is the block size of the algorithm. This is summarized in the table below:

Key sizeAES encryption
16 bytes (128 bits)128 bit encryption
24 bytes (192 bits)192 bit encryption
32 bytes (256 bits)256 bit encryption
IV size:16 bytes

Back to Top

Padding and Block modes

The Padding and Block mode are important settings for the AES class, that affect the produced encrypted output.

The Padding is used to align the input data to the algorithm BlockSize (16 bytes). The default is PKCS7.

The Block Mode determines what transformation is performed on each processed block. The default one is CBC. It is very important to know what block mode was used for encryption, in order to be able to decrypt it! For example if we know that the encryption has used CTR block mode, we shall set the class to use that mode before decrypting:

Back to Top

AES encrypting and decrypting a String

The example below shows how to AES encrypt and decrypt a String with a byte array key, with a password and by using or not the optional initialization vector (IV).

Back to Top

Encrypting and Decrypting a File

The file encryption is performed by calling the methods AES.EncryptFile. The decryption is through the DecryptFile methods respectively:

VB.NET example

Back to Top

AES Encrypting and decrypting a Stream

The Stream encryption is performed by reading the data from a Stream opened for reading and writing the encrypted output to a Stream that accepts write operations. After the method execution, the output Stream Position will be at the end of the encrypted data.

C# code

VB.NET code

Back to Top

Encrypting and Decrypting a Byte array

The EncryptBytes and DecryptBytes methods accept byte array as input and return the output as byte array. The example below demonstrates the four possibilities for AES key and initialization vector (IV) offered by the library:

C# example

VB.NET example

Back to Top

Exception handling

During the AES encryption and decryption operations errors can appear. In order to handle them more gracefully, the library offers a set of typed exceptions that can help us identify the cause of the error.

Below is an example class that demonstrates the various exceptions that can be expected during encryption and decryption. The methods that deal with files and streams of course may also throw System.IO.IOException sub classes:

C# code

VB.NET code

Summary

This chapter illustrated how to perform AES encryption and decryption with the help of NCiphers.Crypto library.

AES Decryption using the MachineKey DecryptionKey

Dec 04, 2007 11:02 PMtom.hundleyLINK

Hi. I'm trying to figure out how to use AES encyption and decryption using the DecryptionKey in the MachineKey. I think I'm on the right track, but I don't know how to get a proper Key and IV from the DecryptionKey to set in my Rijndael manager.

Here is my web config:

<machineKeyvalidationKey='3EF4FE4BD3F9A1CA4F293F521B8E3F492ED855FA4029511934BF221FCE80AE6A13252ED080EE6423A69EC96A3AB6E8F6E3A1B90AE70C97CC3C33FD4E51041879'decryption='AES'decryptionKey='D2B115C0460D0DA0F84A4DC2713435A3B4C49C734E1D7E33'validation='AES'/>

My 'Rijndael Manager' is below. Here is what I'm stuck on right now. I know this Manager class works great if I create a seperate Key and IV in my webconfig that looks like this (actually those are 256 bit not 128 as the class below shows).

<addkey='Key'value='JQZqQLLTQ+yV3jfvwPK7PXlJEiKQqDA9bld/ePSyx+E='/>
<
addkey='IV'value='P1I/4wNHVbpM4/o7DwuCi83YAfOLpBwJyPBVkvRX7vs='/>

BUT, the problem with this is if I do that, I'm using two different keys for encryption- one for Membership and one with my own Rijnadael manager. I want to use the same shared DecrytpionKey in the MachineConfig for ALL of my encryption.

This is what I normally do:

RijndaelManagedManagercipherManager = new RijndaelManagedManager(Convert.FromBase64String(ConfigurationManager.AppSettings.Get('Key')), Convert.FromBase64String(ConfigurationManager.AppSettings.Get('IV')));

This is what I WANT to do, using the DecryptKey.

RijndaelManagedManager cipherManager = newRijndaelManagedManager();
cipherManager.IV =
??? Get me from the Machine Key Please!
cipherManager.Key = ??? Get e from the Machine Key Please!

THANK YOU in advance for any help you can give me.

--Tom

____________________________________________________________________

using System.Security.Cryptography;

namespace DOR.Security.Cryptography

///<summary>

/// Manages simple encrypt and decrypt functions using the RijndaelManaged provider

///</summary>

publicclassRijndaelManagedManager

{

RijndaelManaged _cipher = null;

///<summary>

/// Empty constructor

///</summary>

public RijndaelManagedManager()

{

_cipher = InitCipher();

}

///<summary>

/// Pass key and iv to use in operations

///</summary>

///<param name='key'></param>

///<param name='iv'></param>

public RijndaelManagedManager(byte[] key, byte[] iv)

{

_cipher = InitCipher(key, iv);

}

///<summary>

///

///</summary>

publicbyte[] Key

{

get { Keyreturn _cipher.Key; }set { _cipher.Key = value; }

}

///<summary>

///

///</summary>

publicbyte[] IV

{

get { return _cipher.IV; }set { _cipher.IV = value; }

}

///<summary>

/// Encrypt the passed byte array

///</summary>

///<param name='plainText'></param>

///<returns></returns>

publicbyte[] Encrypt(byte[] plainText)

{

ICryptoTransform transform = _cipher.CreateEncryptor();

byte[] cipherText = transform.TransformFinalBlock(plainText, 0, plainText.Length);

return cipherText;

}

///<summary>

/// Decrypt the passed byte array

///</summary>

///<param name='cipherText'></param>

///<returns></returns>

publicbyte[] Decrypt(byte[] cipherText)

{

ICryptoTransform transform = _cipher.CreateDecryptor();

byte[] plainText = transform.TransformFinalBlock(cipherText, 0, cipherText.Length);

return plainText;

}

privateRijndaelManaged InitCipher()

{

RijndaelManaged

32 Bit Encryption Key Generator

cipher = CreateCipher();

cipher.GenerateKey();

cipher.GenerateIV();

return cipher;

}

privateRijndaelManaged InitCipher(byte[] key, byte[] iv)

{

RijndaelManaged cipher = CreateCipher();

cipher.Key = key;

cipher.IV = iv;

return cipher;

}

privateRijndaelManaged CreateCipher()

{

RijndaelManaged cipher = newRijndaelManaged();

cipher.KeySize = 128;

cipher.BlockSize = 128;

cipher.Mode = CipherMode.CBC;

cipher.Padding = PaddingMode.ISO10126;

Padding For Aes 256 Bit Key Generator For Sale

return cipher;

}

}

}

Coments are closed
Scroll to top