0

I'm trying to encrypt a string in javascript and then decrypt it back in server using c#. I thought of using System.Security.Cryptography.Rijndael on server side and some AES implementation like this or this on client-side.

I don't know much about cryptography, so basically I generate a key and send it to client and encrypt my text with that key and send it back to server.

My problem is that Javascript AES implementations use a key to encrypt a text but c# Rijndael class uses a key and a vector. where does that vector come from?

Improve this question
1
  • 1
    You should look at stackoverflow.com/a/11859450/1310220, somebody else had a similar problem. The issue is normally the way the key and IV is set on each side and ensuring the encryption mode is correct. Almost everybody uses CBC (cipher block chaining), so the IV and key are normally most complex to get right. Commented Sep 14, 2012 at 14:53

2 Answers 2

Reset to default
2

AES is just a block cipher, which is a cryptographic primitive. Its purpose is to encrypt one single block of data (16 bytes).

Encryption requires a lot more than that. You need a method to encrypt an arbitrary amount of data, and hopefully in a way that doesn't give away any information. To do this, you need to break the amount of data into blocks, pad the last part to a full block, and then somehow encrypt each block in a clever way. Doing that is the responsibility of the encryption mode.

The most trivial mode (electronic cookbook, ECB), just encrypts each block with the same key, but that's horribly dangerous. Other modes require some sort of initialization state, which needs to be random but can be publicly known.

To encrypt and decrypt your data, you must know both the block cipher and the encryption mode, on both sides, and you must find a way to generate the initial state on the encrypting side and to recover it on the decrpyting side to initialize the encoder and the decoder, respectively.

In a nutshell: You need a lot more information about what you're doing!

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Do you have a simpler solution for what I'm trying to do. I don't need top secret security, just don't want to send plain text on the network.
@nima: Just make sure you know all the details of the encryption used on both ends, and then set up both ends accordingly. As I said, you will need to know the encryption mode.
I think your right, there's no easy way around this, so I started reading a book about it :) thanks
I hope you didn't give up, if you are still looking for an decently easy fix that doesn't require deeper studies in Cryptography I hope you let us know.
Also you might consider using C# both client and server-side to reduce complexity.
0

This isn't perhaps exactly what you are looking for. But I can think that what you actually need to do is implement SSL.

http://en.wikipedia.org/wiki/Secure_Sockets_Layer

This might solve your problem without needing to get involved with coding cryptography.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.