DES Querystring Encryptiion

C

Chad

Another (non .NET, Oracle) application will be passing my .NET web application data via the QueryString. I was told that this data would be DES encrypted and Base64 encoded.

The problem is that they told me that their encryption package uses only a "key" to perform the encryption....
http://www.lc.leidenuniv.nl/awcourse/oracle/appdev.920/a96612/d_obtoo2.htm

....but the .NET DES object that I expect to use to decrypt the Querystring expects 2 parameters, the original KEY used to encode it plus an Initialization Vector (IV)

http://msdn2.microsoft.com/system.security.cryptography.des.aspx

It seems to me that unless I have the IV, that there is no way that I can decode the Querystring they send me. Any idea?



I saw an example on the web

http://www.devcity.net/Articles/47/1/encrypt_querystring.aspx

which uses the following IV :

Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}

Since I saw this same IV value in multiple web examples, I thought perhaps for some reason it was commonly used, though using this value along with the key that was provided to me did not yeild a meaningful result.



Any suggestions would be appreciated.
 
A

Alvin Bruney - ASP.NET MVP

That's correct. You can agree with them on a suitable vector that you would
hard code in if they don't want to pass it to you.

--
Regards,
Alvin Bruney [MVP ASP.NET]

[Shameless Author plug]
The Microsoft Office Web Components Black Book with .NET
Now Available @ www.lulu.com/owc
Forth-coming VSTO.NET - Wrox/Wiley 2006
-------------------------------------------------------



Another (non .NET, Oracle) application will be passing my .NET web
application data via the QueryString. I was told that this data would be DES
encrypted and Base64 encoded.

The problem is that they told me that their encryption package uses only a
"key" to perform the encryption....
http://www.lc.leidenuniv.nl/awcourse/oracle/appdev.920/a96612/d_obtoo2.htm

....but the .NET DES object that I expect to use to decrypt the Querystring
expects 2 parameters, the original KEY used to encode it plus an
Initialization Vector (IV)

http://msdn2.microsoft.com/system.security.cryptography.des.aspx

It seems to me that unless I have the IV, that there is no way that I can
decode the Querystring they send me. Any idea?



I saw an example on the web

http://www.devcity.net/Articles/47/1/encrypt_querystring.aspx

which uses the following IV :

Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF}

Since I saw this same IV value in multiple web examples, I thought perhaps
for some reason it was commonly used, though using this value along with the
key that was provided to me did not yeild a meaningful result.



Any suggestions would be appreciated.
 
G

Guest

Several years ago I had to do something similar using VB6 and a third party
encryption component. I had to decrypt the querystring data which was
encrypted by a Java application.

I think it was DES (instead of 3DES). They only gave me a PW and said not to
use an IV. I thought it strange but I did so and it worked.

Hope this helps...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Reading EBCDIC Files. 9
FWT Newsletter - Weekly - November 3, 2003 2
WTD: Nvidia Videocard for 4x AGP Slot 0

Top