EldoS | Feel safer!

Software components for data protection, secure storage and transfer

problem with encrypt and decrypt using key amterial

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
#3584
Posted: 08/17/2007 05:06:54
by jagadish  (Basic support level)
Joined: 08/16/2007
Posts: 6

thanks Innokentiy, I was able to finally encrypt the data. However, i noticed there are some issues w.r.t using a few algorithms for encryption.

for eg: if i give the key as 16 bits, and try to use SB_ALGORITHM_CNT_AES256, it does not encrypt, and i get teh output file with 0 bytes. same case with many of the other algorithms. luckily, the AES128 works fine. Is there any particular reason for this ?

Also, i noticed that when you give the key length greater than 16, it does not encrypt. I am getting the output file again as 0 bytes in this case too. any reason for this ?

Thanks!
#3586
Posted: 08/17/2007 05:34:14
by Ken Ivanov (EldoS Corp.)

Quote
for eg: if i give the key as 16 bits, and try to use SB_ALGORITHM_CNT_AES256, it does not encrypt, and i get teh output file with 0 bytes. same case with many of the other algorithms. luckily, the AES128 works fine. Is there any particular reason for this ?

Yes. The length of the key should correspond to the algorithm being used. AES128 requires 16-byte key, AES256 requires 32-byte key. The necessary key length can be obtained via TElSymmetricCryptoFactory.GetDefaultKeyAndBlockLengths() method.

Quote
Also, i noticed that when you give the key length greater than 16, it does not encrypt. I am getting the output file again as 0 bytes in this case too.

Please see the above explanation. Please note that you should check the return value of Encrypt() method. It returns 0 if the operation succeeded and non-zero error code otherwise.
#7747
Posted: 09/29/2008 11:29:46
by Matt Scheaffer (Basic support level)
Joined: 09/29/2008
Posts: 1

Quote
Innokentiy Ivanov wrote:
Quote
i just need to encrypt a input file using an encrypted keyfile. then i send this to the client using ftp, and they use this keyfile to decrypt the sent file.

I do not think that this scheme is good, as anyone (i.e. the eavesdropper) can intercept the keyfile and decrypt the data himself. The encryption key *must* be kept private, or at least transferred separately from the encrypted data.

SecureBlackbox contains TElMessageEncryptor class, which supports symmetric encryption. In most cases it is easier to use this class rather than TElSymmetricCrypto and its descendatns. Please do the following:
1. Choose a symmetric algorithm. Let it be AES128, which uses 16-byte key material.
2. Generate the symmetric key of appropriate length:
byte[] key = new byte[16];
TElRandom rnd = new TElRandom();
// it's a good idea to seed random
// with some session-specific data,
// i.e. current time or some OS/hardware parameters:
rnd.Randomize(my_random_parameters);
rnd.Generate(key, 0, 16);
3. Create an instance of TElMessageEncryptor class and adjust the necessary properties:
TElMessageEncryptor enc = new TElMessageEncryptor()
enc.Algorithm = SBConstants.Unit.SB_ALGORITHM_CNT_AES128;
4. Call Encrypt method, passing the generated key there:
enc.Encrypt(inputStream, outputStream, key);
5. Send the encrypted file to your client. Then call him and tell him the key value by phone. DO NOT TRANSFER THE KEY ALONG WITH THE ENCRYPTED DATA.

Quote
i have tried this earlier too, it does not work.

The Valid property should not be used with symmetric keys. It has sense only for asymmetric keys. Please ignore this property if symmetric key material is generated.


I can't get this to work. My encrypted file is just nothing. Empty. Nothing
#7749
Posted: 09/29/2008 12:23:40
by Eugene Mayevski (EldoS Corp.)

"It doesn't work" is not something we can help with. Please check the support policy before using our support channels. Thank you.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 6851 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!