Sharing encrypted data with .Net?

[Todd Gruben]

I am trying to send some encrypted data from a php application to be
decoded in a .Net application. Both apps encode/decode a given string
but generate different encrypted results. Anyone have any idea? Code
to follow:

php====>
<?php

// Designate string to be encrypted
$string = "This is a test";

// Encryption/decryption key
$key = pack('H*',md5("mysecretkey"));
echo "PHP:KeySize:";
echo mcrypt_get_key_size('tripledes', 'ecb')*8;
echo "<BR>";
echo "PHP:BlockSize:";
echo mcrypt_get_block_size('tripledes', 'ecb')*8;
echo "<BR>";



// Encryption Algorithm
$cipher_alg = MCRYPT_TRIPLEDES;
#$cipher_alg = ;
#$cipher_alg = ;

// Create the initialization vector for added security.
//$iv = mcrypt_create_iv(mcrypt_get_iv_size($cipher_alg,
MCRYPT_MODE_ECB), MCRYPT_RAND);

$iv = pack("H*","ec787813562c5be0");

// Output original string
echo "PHP:Original string:$string <br>";
echo "PHP:Original Key:". base64_encode($key)."<br>";
echo "PHP:Encryption Method: tripledes <br>";
echo "PHP:IV:".base64_encode($iv)."<br>";

// Encrypt $string
//$encrypted_string = mcrypt_encrypt($cipher_alg, $key, $string,
MCRYPT_MODE_CBC, $iv);
$encrypted_string = mcrypt_encrypt($cipher_alg, $key, $string,
MCRYPT_MODE_CFB, $iv);
$decrypted_string = mcrypt_decrypt($cipher_alg, $key,
$encrypted_string, MCRYPT_MODE_CFB, $iv);
echo "PHP:Encrypted string
Base64:".base64_encode($encrypted_string)."<br>";
echo "PHPecrypted string:$decrypted_string";
?>
<===================
PHP OUTPUTPHP:
KeySize:192
PHP:BlockSize:64
PHP:Original string:This is a test
PHP:Original Key:NNLkJVyOa+s8QvJN/X5tqQ==
PHP:Encryption Method: tripledes
PHP:IV:7Hh4E1YsW+A=
PHP:Encrypted string Base64:A+9SKuoLdZaATqa+qmTipg==
PHPecrypted string:This is a test

===========================>
C# (.NET)

using System;
using System.Security.Cryptography;
using System.Text;

namespace test
{
class TryDes{

public string EncryptTripleDES(string Plaintext,
string key) {
TripleDESCryptoServiceProvider DES = new
TripleDESCryptoServiceProvider();
MD5CryptoServiceProvider hashMD5 = new
MD5CryptoServiceProvider();

DES.Key =
hashMD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
DES.Mode = CipherMode.CFB;
DES.IV =
Convert.FromBase64String("7Hh4E1YsW+A=");
DES.Padding=PaddingMode.Zeros;

Console.WriteLine("");
Console.WriteLine("NET:KeySize:"+DES.KeySize);

Console.WriteLine("NET:BlockSize:"+DES.BlockSize);
Console.WriteLine("NET:Original
String:"+Plaintext);
Console.WriteLine("NET:Original
Key:"+Convert.ToBase64String(DES.Key));
Console.WriteLine("NET:Encryption
Method:TripeDES");

//DES.Mode = CipherMode.ECB;
Console.WriteLine(
"NET:IV:"+Convert.ToBase64String(DES.IV));

ICryptoTransform DESEncrypt =
DES.CreateEncryptor(DES.Key,DES.IV);
byte[] Buffer =
ASCIIEncoding.ASCII.GetBytes(Plaintext);
return
Convert.ToBase64String(DESEncrypt.TransformFinalBlock(Buffer, 0,
Buffer.Length));
}

public string DecryptTripleDES(string base64Text,
string key){
TripleDESCryptoServiceProvider DES = new
TripleDESCryptoServiceProvider();

MD5CryptoServiceProvider hashMD5 = new
MD5CryptoServiceProvider();

DES.Key =
hashMD5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(key));
DES.Mode = CipherMode.CFB;
DES.Padding=PaddingMode.Zeros;
DES.IV = Convert.FromBase64String("7Hh4E1YsW+A=");

ICryptoTransform DESDecrypt =
DES.CreateDecryptor(DES.Key,DES.IV);
byte[] Buffer =
Convert.FromBase64String(base64Text);
return
ASCIIEncoding.ASCII.GetString(DESDecrypt.TransformFinalBlock(Buffer,
0, Buffer.Length));
}
}

class Class1
{
static void Main(string[] args) {
TryDes md = new TryDes();
string secrekey = "mysecretkey";
string sometest = md.EncryptTripleDES("This is
a test",secrekey);
Console.WriteLine("NET:Encrypted string
Base64:"+sometest);
Console.WriteLine("NETecrypted
string:"+md.DecryptTripleDES(sometest,secrekey));
Console.WriteLine("");
}
}
}
<======================
..Net Output

NET:KeySize:192
NET:BlockSize:64
NET:Original String:This is a test
NET:Original Key:NNLkJVyOa+s8QvJN/X5tqQ==
NET:Encryption Method:TripeDES
NET:IV:7Hh4E1YsW+A=
NET:Encrypted string Base64:qbGgiTZp9YTGOutg8IGlqw==
NETecrypted string:This is a test

 

[Jon Skeet [C# MVP]]

I am trying to send some encrypted data from a php application to be
decoded in a .Net application. Both apps encode/decode a given string
but generate different encrypted results. Anyone have any idea?

Well for a start, you need to know how mcrypt_encrypt encodes a string.
Pretty much every encryption scheme works with bytes rather than text -
and to get from text to bytes, you need to specify an encoding. You're
using ASCII in the .NET version - what does PHP use?

 

[Todd Gruben]

The string format of php is a array of characters. The
binary form of both strings in php and csharp appear to be
the same. I did a dump of the input string and its is
exactly the same

*** Sent via Devdex http://www.devdex.com ***
Don't just participate in USENET...get rewarded for it!

 

[Jon Skeet [C# MVP]]

The string format of php is a array of characters. The
binary form of both strings in php and csharp appear to be
the same. I did a dump of the input string and its is
exactly the same

I don't think you understand. In order to encrypt data, you need to
convert from text to binary. That doesn't mean how they're stored
internally, it means converting from an array of characters to an array
of bytes, which could be in any one of many encodings. If you use a
different encoding, you will get different results.