gibbo1715

Hi All

I am using an MD5 encription to encript my password into my database, which i know is a one way encription, my question is

Is there an in built encription that works both ways so i can encript and unencript as well

thanks

Gibbo




Re: Visual Basic Express Edition Encription Question

Derek Smyth

Hi Gibbo,

MD5 isn't really an encryption method mate it's a hashing method. With hashing methods you cannot turn the hash code back to the original value. Generally there isn't a need for it. Hashes are used to determine if data has changed and not used to protect data.

Yes there are a number of encryption methods. You'll want to use a symmetric method (one key to encrypt and decrypt). The best method is the Rijndael method, see the RijndaelManaged class. It's produces large key sizes and is the most secure. I don't have an example of using it but if you need one let me know and I'll code one up. You can also use DES and TripleDES.

The important thing is protecting the key. Just on a side note look at the ProtectedData class which provides encryption using DPAPI which uses user credentials to protect the data, i.e. the password the user uses to log onto the machine. You could use this, depends on the project, and that could save you from needing to protect keys.

Post again if you need more info, I've studied these classes.






Re: Visual Basic Express Edition Encription Question

gibbo1715

Derek

Thanks for your reply

What i need to do is encript my data into a database and then decript it on the way back, but this is a multi user program so going by individual user password etc wont work for me

Any example you can offer me that will point me in the right direction would be very appreciated

gibbo

I have tried the following but dont really fuly understand it or why my message box only gives the response system.byte[]

Code Snippet

Imports System

Imports System.IO

Imports System.Security.Cryptography

Module Module1

Sub Main()

Try

Dim original As String = "Here is some data to encrypt!"

' Create a new instance of the RijndaelManaged

' class. This generates a new key and initialization

' vector (IV).

Dim myRijndael As New RijndaelManaged()

' Encrypt the string to an array of bytes.

Dim encrypted As Byte() = encryptStringToBytes_AES(original, myRijndael.Key, myRijndael.IV)

' Decrypt the bytes to a string.

Dim roundtrip As String = decryptStringFromBytes_AES(encrypted, myRijndael.Key, myRijndael.IV)

'Display the original data and the decrypted data.

MsgBox(original)

MsgBox(encrypted.ToString)

MsgBox(roundtrip)

Catch e As Exception

MsgBox("Been an Error")

End Try

End Sub

Function encryptStringToBytes_AES(ByVal plainText As String, ByVal Key() As Byte, ByVal IV() As Byte) As Byte()

' Check arguments.

If plainText Is Nothing OrElse plainText.Length <= 0 Then

Throw New ArgumentNullException("plainText")

End If

If Key Is Nothing OrElse Key.Length <= 0 Then

Throw New ArgumentNullException("Key")

End If

If IV Is Nothing OrElse IV.Length <= 0 Then

Throw New ArgumentNullException("Key")

End If

' Declare the streams used

' to encrypt to an in memory

' array of bytes.

Dim msEncrypt As MemoryStream = Nothing

Dim csEncrypt As CryptoStream = Nothing

Dim swEncrypt As StreamWriter = Nothing

' Declare the RijndaelManaged object

' used to encrypt the data.

Dim aesAlg As RijndaelManaged = Nothing

' Declare the bytes used to hold the

' encrypted data.

Dim encrypted As Byte() = Nothing

Try

' Create a RijndaelManaged object

' with the specified key and IV.

aesAlg = New RijndaelManaged()

aesAlg.Key = Key

aesAlg.IV = IV

' Create a decrytor to perform the stream transform.

Dim encryptor As ICryptoTransform = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV)

' Create the streams used for encryption.

msEncrypt = New MemoryStream()

csEncrypt = New CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)

swEncrypt = New StreamWriter(csEncrypt)

'Write all data to the stream.

swEncrypt.Write(plainText)

Finally

' Clean things up.

' Close the streams.

If Not (swEncrypt Is Nothing) Then

swEncrypt.Close()

End If

If Not (csEncrypt Is Nothing) Then

csEncrypt.Close()

End If

If Not (msEncrypt Is Nothing) Then

msEncrypt.Close()

End If

' Clear the RijndaelManaged object.

If Not (aesAlg Is Nothing) Then

aesAlg.Clear()

End If

End Try

' Return the encrypted bytes from the memory stream.

Return msEncrypt.ToArray()

End Function

Function decryptStringFromBytes_AES(ByVal cipherText() As Byte, ByVal Key() As Byte, ByVal IV() As Byte) As String

' Check arguments.

If cipherText Is Nothing OrElse cipherText.Length <= 0 Then

Throw New ArgumentNullException("cipherText")

End If

If Key Is Nothing OrElse Key.Length <= 0 Then

Throw New ArgumentNullException("Key")

End If

If IV Is Nothing OrElse IV.Length <= 0 Then

Throw New ArgumentNullException("Key")

End If

' TDeclare the streams used

' to decrypt to an in memory

' array of bytes.

Dim msDecrypt As MemoryStream = Nothing

Dim csDecrypt As CryptoStream = Nothing

Dim srDecrypt As StreamReader = Nothing

' Declare the RijndaelManaged object

' used to decrypt the data.

Dim aesAlg As RijndaelManaged = Nothing

' Declare the string used to hold

' the decrypted text.

Dim plaintext As String = Nothing

Try

' Create a RijndaelManaged object

' with the specified key and IV.

aesAlg = New RijndaelManaged()

aesAlg.Key = Key

aesAlg.IV = IV

' Create a decrytor to perform the stream transform.

Dim decryptor As ICryptoTransform = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV)

' Create the streams used for decryption.

msDecrypt = New MemoryStream(cipherText)

csDecrypt = New CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)

srDecrypt = New StreamReader(csDecrypt)

' Read the decrypted bytes from the decrypting stream

' and place them in a string.

plaintext = srDecrypt.ReadToEnd()

Finally

' Clean things up.

' Close the streams.

If Not (srDecrypt Is Nothing) Then

srDecrypt.Close()

End If

If Not (csDecrypt Is Nothing) Then

csDecrypt.Close()

End If

If Not (msDecrypt Is Nothing) Then

msDecrypt.Close()

End If

' Clear the RijndaelManaged object.

If Not (aesAlg Is Nothing) Then

aesAlg.Clear()

End If

End Try

Return plaintext

End Function






Re: Visual Basic Express Edition Encription Question

Derek Smyth

If you use ...

MsgBox(BitConvertor.ToString(encrypted))

... it will display the cyphertext.

Can I ask the multiuser application will each user use their own account to use the program or will many users share an account. What I'm trying to establish is if the windows account is unique for each user or if one windows account is shared by many users.






Re: Visual Basic Express Edition Encription Question

gibbo1715

Thanks for the reply,

All of my users have their own account

Also Can I ask a couple of questions

im assuming the longer my key the better really,

Im assuming i save the string to my db "BitConvertor.ToString(encrypted)"

and can i ask what level of encription is this, i ve heard of 128 bit, 256 bit and Blowfish etc, how does this compare

thanks again

gibbo






Re: Visual Basic Express Edition Encription Question

Derek Smyth

Hi,

No worries mate it's maybe sad to admit it but I do like cryptography.

If each of your users have a user account then you can use ProtectedData as it's based on the password used to log into Windows by that user. So each password stored in the database can only be decrypted by the user account that created it. The only reason to use this approach is for key security. Using RijndealManaged, and any other symmetric encryption means you need to protect the key and thats fundamentally how systems become at risk. Encryption is only as good as the security measures used to protect the key. ProtectedData takes that risk away. Look into it.

Yes the longer the key the better encryption but the longer it takes to encrypt. DES is crackable now, it's key size is 64 bits but its the fastest method around. RijndealManaged has a maximum key size of 256 bits which the highest key size of any method. It's safe as to crack it takes a million odd years with current technology.

How you save the password depends on the field type in your database. If your storing bytes you don't need to convert to string, if the field is string then yes use that method.

Here's the example, you'll notice a kind of symmetry between encryption and decryption. Note this example doesn't secure the key and isn't as robust as your code (doesn't check for null data). It does demonstrate how to specify the key size, in this example it selects the maximum size key possible.

Code Snippet

Module Module1

Dim rij As RijndaelManaged = RijndaelManaged.Create()

Sub Main()

'generate the maximum key size

rij.KeySize = rij.LegalKeySizes(rij.LegalKeySizes.Length - 1).MaxSize

'remember to save the key and iv so you can decrypt the data

rij.GenerateKey()

rij.GenerateIV()

SaveKey()

Dim original As String = "Hello World"

Console.WriteLine("Original: {0}", original)

Dim data As Byte() = Text.Encoding.ASCII.GetBytes(original)

Console.WriteLine("Plain: {0}", BitConverter.ToString(data))

Dim cypher As Byte() = EncryptData(data)

Console.WriteLine("Cypher: {0}", BitConverter.ToString(cypher))

LoadKey()

data = DecryptData(cypher)

Console.WriteLine("Plain: {0}", BitConverter.ToString(data))

original = Text.Encoding.ASCII.GetString(data)

Console.WriteLine("Original: {0}", original)

Console.ReadLine()

End Sub

Public Sub SaveKey()

'this is the tricky bit with encyption, protecting the key, this is not ideal

Dim writer As New BinaryWriter(New FileStream("secret.dat", FileMode.Create))

writer.Write(rij.Key, 0, rij.Key.Length)

writer.Write(rij.IV, 0, rij.IV.Length)

writer.Close()

End Sub

Public Sub LoadKey()

Dim writer As New BinaryReader(New FileStream("secret.dat", FileMode.Open))

writer.Read(rij.Key, 0, rij.Key.Length)

writer.Read(rij.IV, 0, rij.IV.Length)

writer.Close()

End Sub

Public Function EncryptData(ByVal data As Byte()) As Byte()

Dim memory As New MemoryStream()

Dim crypto As New CryptoStream(memory, rij.CreateEncryptor, CryptoStreamMode.Write)

crypto.Write(data, 0, data.Length)

crypto.Close()

Return memory.ToArray()

End Function

Public Function DecryptData(ByVal cypher As Byte()) As Byte()

Dim memory As New MemoryStream()

Dim crypto As New CryptoStream(memory, rij.CreateDecryptor, CryptoStreamMode.Write)

crypto.Write(cypher, 0, cypher.Length)

crypto.Close()

Return memory.ToArray()

End Function

End Module