[WEB SECURITY] Re: What problem have this Rijndael(.NET&PHP) code?

Scott C. Sanchez scottsanchez at gmail.com
Fri Dec 15 10:01:32 EST 2006


Maybe this URL will help?  It's a working example and some tips for
encryption/decryption between .net and php

http://programmin.prim8.net/archives/25-PHP-and-DotNet-encryption.html

Good luck!


Scott C. Sanchez, CISSP

On 12/14/06, 김영일 <zero12a at naver.com> wrote:
>
> Dear, web security Professionals.
>
> I have a AES problem.
>
> I want to send confidential data.
>
> STEP is bottom...
>
>
>
> * STEP
> 1. Encrypt confidential-data by C#.NET.
>
> 2. Send encrypted data on HTTP(80) protocol.
>
> 2. Decrypt encyrpted data by PHP & mcrypt(2.4.x)
>
>
>
>
> I want to decrypt data. but, Result data(decrypted data) don't same input
> data.
>
> What's problem?.  My code is a bottom.
>
>
>
>
> ---------------------PHPinfo() & Decrypt/Encrypt
> Function-----------------------------------
>
> * PHPinfo() mcrypt
> Version: >=2.4.x
> Supported ciphers : cast-128 gost rijndael-128 twofish arcfour cast-256
> loki97 rijndael-192 saferplus wake blowfish-compat des rijndael-256 serpent
> xtea blowfish enigma rc2 tripledes
> Supported modes : cbc cfb ctr ecb ncfb nofb ofb stream
>
>
>
> * C#.NET Encrypt function
>
> private string EncryptString(string InputText, string Password)
> {
>
> RijndaelManaged RijndaelCipher = new RijndaelManaged();
> RijndaelCipher.Mode = CipherMode.ECB;
>
> byte[] PlainText = System.Text.Encoding.Unicode.GetBytes(InputText);
>
> byte[] Salt = Encoding.ASCII.GetBytes(Password.Length.ToString());
> PasswordDeriveBytes SecretKey = new PasswordDeriveBytes(Password, Salt);
>
>   ICryptoTransform Encryptor = RijndaelCipher.CreateEncryptor(
> SecretKey.GetBytes(32), SecretKey.GetBytes(16));
> MemoryStream memoryStream = new MemoryStream();
> CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor,
> CryptoStreamMode.Write);
> cryptoStream.Write(PlainText, 0, PlainText.Length);
> cryptoStream.FlushFinalBlock();
> byte[] CipherBytes = memoryStream.ToArray();
> memoryStream.Close();
> cryptoStream.Close();
>
> string EncryptedData = Convert.ToBase64String(CipherBytes);
> return EncryptedData;
> }
>
>
>
> * PHP(mcrypt) Decrypt function
>
> function decrypt($decrypt,$key) {
>    $decoded = base64_decode($decrypt);
>    $iv = mcrypt_create_iv(mcrypt_get_iv_size(MCRYPT_RIJNDAEL_256,
> MCRYPT_MODE_ECB), strlen($key));
>    $decrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, $key, $decoded,
> MCRYPT_MODE_ECB, $iv);
>    return $decrypted;
> }
>
>
>
>
>
> -------------------------------------------
> Young-il Kim, CISA/CISSP/OCP
> Korean, http://cafe.naver.com/WebHack
> zero12a at naver.com, zero12a at dreamwiz.com
>
>
> ------------------------------------------------------------------------
> 새로운 기부 문화의 씨앗, 해피빈
> http://happybean.naver.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/attachments/20061215/d0894302/attachment.html>


More information about the websecurity mailing list