EldoS | Feel safer!

Software components for data protection, secure storage and transfer

problem with encrypt and decrypt using key amterial

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#3555
Posted: 08/16/2007 01:19:53
by jagadish  (Basic support level)
Joined: 08/16/2007
Posts: 6

hi,
following is my requirement:
1. I have an input file, which can be of any size.
2. I have a encrypted file which i create using Key Material function.
3. I use Crypto.Encrypt to create an output file.

The problem im facing is, i am unable to encrypt files of even 4 kb, when i have set the key material bit length to 1024 bits. I have seen that the larger the bit length of the key material, the bigger the size of the input file i can encrypt. Is there anyway i can encrypt a larger file with a smaller bit key material(say 512) ?

The error iam getting is "Input file to long". I tried the buff overloaded method of Cryto.Encrypt, and was able to encrypt, but on decrypt i got a "decryption error".

here is the code for encrypting:

Crypto.KeyMaterial = KeyMaterial 'bit size is 512
Crypto.InputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary
Crypto.OutputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary
Dim objInputArr() As Byte
Dim objOutputArr(4194304) As Byte
objInputArr = File.ReadAllBytes(strinputFilePath)
Crypto.Encrypt(objInputArr, 0, 128, objOutputArr, 0, 512)

here is the code for decrypting:

Crypto.KeyMaterial = KeyMaterial 'bit size is 512
Crypto.InputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary
Crypto.OutputEncoding = TSBPublicKeyCryptoEncoding.pkeBinary
Dim objInputArr() As Byte
Dim objOutputArr(4194304) As Byte
objInputArr = File.ReadAllBytes(strinputFilePath)
Crypto.Decrypt(objInputArr, 0, 512, objOutputArr, 0, 128)

#3556
Posted: 08/16/2007 01:34:19
by Eugene Mayevski (EldoS Corp.)

1. Please don't crosspost your questions to HelpDesk and Forum. Your helpdesk posts will be removed.

2. Public Key Cryptography is used to encrypt really small blocks of data. For 1024-bit RSA key the max. data size is 96 bytes if memory serves (Innokentiy said about 117 bytes, but he's on vacation now).
If you need to encrypt the larger data blocks, you need to

1) generate a cryptographically strong random symmetric key and optionally an IV (where needed). Use ElRandom class for this.
2) Use symmetric algorithm in CBC or similar mode to encrypt the data.
3) Use asymmetric algorithm to encrypt the generated key and IV. Note that the length of the asymmetric key might be not enough to encrypt them. In this case you would need longer asymmetric keys.


Sincerely yours
Eugene Mayevski
#3557
Posted: 08/16/2007 02:19:28
by jagadish  (Basic support level)
Joined: 08/16/2007
Posts: 6

hi,

im sorry about the cross-posting.

Could you please provide an implementation for the above solution you've provided ?

i just need to encrypt a input file using an encrypted keyfile. then i send this to the client using ftp, and they use this keyfile to decrypt the sent file.

Please let me know how i can achieve this, and the classes i need to use. a small implementation would be raelly helpful. thanks
#3558
Posted: 08/16/2007 03:05:04
by Eugene Mayevski (EldoS Corp.)

You will need to create an implementation yourself. Alternatively, you can generate a self-signed certificate, then use ElMessageEncryptor / ElMessageDecryptor classes to encrypt and decrypt the data.


Sincerely yours
Eugene Mayevski
#3563
Posted: 08/16/2007 06:17:54
by jagadish  (Basic support level)
Joined: 08/16/2007
Posts: 6

hi Eugene

I tried your solution of usign the symmetric encryption option. However, when i try creating a symmetric key using TElSymmetricKeyMaterial, it creates a key, but sets the Valid property as false. Hence when i try using this by loading it, it gives me invalid key material error.

Code:

Dim objSymmetricCrypto As TElSymmetricCrypto
Dim objSymmetricCryptoFactory As TElSymmetricCryptoFactory
Dim objSymmeticKeyMaterial As New TElSymmetricKeyMaterial(Nothing)

streamKey = New FileStream(strKeyMaterialFilePath, FileMode.Create)
objSymmeticKeyMaterial.Generate(1024)
objSymmeticKeyMaterial.Save(streamKey)

objSymmetricCryptoFactory = New TElSymmetricCryptoFactory()
objSymmetricCrypto = objSymmetricCryptoFactory.CreateInstance(SBConstants.Unit.SB_ALGORITHM_CNT_AES256, TSBSymmetricCryptoMode.cmCBC)
objSymmetricCrypto.KeyMaterial = objSymmeticKeyMaterial
objSymmetricCrypto.Encrypt(streamInput, streamOutput)

The above code fails stating "Invalid key Material".

Also, i am unable to directly instantiate a symmetric class like this
Dim objSymmetricCrypto As new TElAESSymmetricCrypto()

It gives the error ".ctor is ambiguous because muliple kinds of members with this name exists in class 'SBSymmetricCrypto.TElAESSymmetricCrypto"

Please help!
#3564
Posted: 08/16/2007 06:32:50
by Eugene Mayevski (EldoS Corp.)

Quote
jagadish wrote:
I tried your solution of usign the symmetric encryption option. However, when i try creating a symmetric key using TElSymmetricKeyMaterial, it creates a key, but sets the Valid property as false. Hence when i try using this by loading it, it gives me invalid key material error.


You have not specified the algorithm for the SymmetricKeyMaterial. So nothing has been generated.

Quote
jagadish wrote:
Also, i am unable to directly instantiate a symmetric class like this
Dim objSymmetricCrypto As new TElAESSymmetricCrypto()


Use ElSymmetricCryptoFactory class to instanciate the object.


Sincerely yours
Eugene Mayevski
#3566
Posted: 08/16/2007 06:39:48
by jagadish  (Basic support level)
Joined: 08/16/2007
Posts: 6

I am unable to provide the an algorithm for the symmetrickeymaterial, since the only argument it accepts is of type "Prov as SBCryptoProv.TElCustomCryptoProvider" and i do not understand what should be supplied here.
Please specify how we can assign a given algorithm to this.
#3567
Posted: 08/16/2007 06:56:35
by Eugene Mayevski (EldoS Corp.)

ElSymmetricKeyMaterial has Algorithm property.


Sincerely yours
Eugene Mayevski
#3575
Posted: 08/17/2007 00:07:36
by jagadish  (Basic support level)
Joined: 08/16/2007
Posts: 6

i have tried this earlier too, it does not work. Moreover, in the help section it mentions that the Algorithm property is for information only. The KeyMaterial's Valid property still returns false.

Code:

Dim objSymmeticKeyMaterial As New TElSymmetricKeyMaterial(Nothing)

objSymmeticKeyMaterial.Algorithm = SBConstants.Unit.SB_ALGORITHM_CNT_DES

streamKey = New FileStream(strKeyMaterialFilePath, FileMode.Create)
objSymmeticKeyMaterial.GenerateIV(512)
objSymmeticKeyMaterial.Generate(512)
objSymmeticKeyMaterial.Save(streamKey)

#3581
Posted: 08/17/2007 04:07:37
by Ken Ivanov (EldoS Corp.)

Quote
i just need to encrypt a input file using an encrypted keyfile. then i send this to the client using ftp, and they use this keyfile to decrypt the sent file.

I do not think that this scheme is good, as anyone (i.e. the eavesdropper) can intercept the keyfile and decrypt the data himself. The encryption key *must* be kept private, or at least transferred separately from the encrypted data.

SecureBlackbox contains TElMessageEncryptor class, which supports symmetric encryption. In most cases it is easier to use this class rather than TElSymmetricCrypto and its descendatns. Please do the following:
1. Choose a symmetric algorithm. Let it be AES128, which uses 16-byte key material.
2. Generate the symmetric key of appropriate length:
byte[] key = new byte[16];
TElRandom rnd = new TElRandom();
// it's a good idea to seed random
// with some session-specific data,
// i.e. current time or some OS/hardware parameters:
rnd.Randomize(my_random_parameters);
rnd.Generate(key, 0, 16);
3. Create an instance of TElMessageEncryptor class and adjust the necessary properties:
TElMessageEncryptor enc = new TElMessageEncryptor()
enc.Algorithm = SBConstants.Unit.SB_ALGORITHM_CNT_AES128;
4. Call Encrypt method, passing the generated key there:
enc.Encrypt(inputStream, outputStream, key);
5. Send the encrypted file to your client. Then call him and tell him the key value by phone. DO NOT TRANSFER THE KEY ALONG WITH THE ENCRYPTED DATA.

Quote
i have tried this earlier too, it does not work.

The Valid property should not be used with symmetric keys. It has sense only for asymmetric keys. Please ignore this property if symmetric key material is generated.
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 6853 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!