[WEB SECURITY] What problem have this Rijndael(.NET&PHP) code?

김영일 zero12a at naver.com
Thu Dec 14 19:35:26 EST 2006

Dear, web security Professionals.

I have a AES problem.

I want to send confidential data. 

STEP is bottom...

1. Encrypt confidential-data by C#.NET.

2. Send encrypted data on HTTP(80) protocol.

2. Decrypt encyrpted data by PHP & mcrypt(2.4.x)

I want to decrypt data. but, Result data(decrypted data) don't same input data.

What's problem?.  My code is a bottom.

---------------------PHPinfo() & Decrypt/Encrypt Function-----------------------------------

* PHPinfo() mcrypt
Version: >=2.4.x
Supported ciphers : cast-128 gost rijndael-128 twofish arcfour cast-256 loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent xtea blowfish enigma rc2 tripledes 
Supported modes : cbc cfb ctr ecb ncfb nofb ofb stream 

* C#.NET Encrypt function

private string EncryptString(string InputText, string Password)

 RijndaelManaged RijndaelCipher = new RijndaelManaged();
 RijndaelCipher.Mode = CipherMode.ECB;

 byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);
 byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString()); 
 PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);

  ICryptoTransform Encryptor = RijndaelCipher.CreateEncryptor(SecretKey.GetBytes(32), SecretKey.GetBytes(16));
 MemoryStream memoryStream = new MemoryStream();
 CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor, CryptoStreamMode.Write);
 cryptoStream.Write(PlainText, 0, PlainText.Length);
 byte[] CipherBytes = memoryStream.ToArray();

 string EncryptedData = Convert.ToBase64String(CipherBytes);
 return EncryptedData;


* PHP(mcrypt) Decrypt function

function decrypt($decrypt,$key) { 
   $decoded = base64_decode($decrypt); 
   $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256, MCRYPT_MODE_ECB), strlen($key)); 
   $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded, MCRYPT_MODE_ECB, $iv); 
   return $decrypted; 

Young-il Kim, CISA/CISSP/OCP
Korean, http://cafe.naver.com/WebHack
zero12a at naver.com, zero12a at dreamwiz.com

새로운 기부 문화의 씨앗, 해피빈

More information about the websecurity mailing list