0

I tried to encrypt a string with System.Security.Cryptography.DES but I found that every time I run The program the result of encryption changed ! I don't know how to get the same result each time I run the application ? IS there constant key or anything else to add to get the same result ? I want when I enter "google" in this code 

byte[] plaintextBytes = (new UnicodeEncoding()).GetBytes(expireddate);
            SymmetricAlgorithm sa = DES.Create();
            MemoryStream msEncrypt = new MemoryStream();
            CryptoStream csEncrypt = new CryptoStream(msEncrypt, sa.CreateEncryptor(), CryptoStreamMode.Write);
            csEncrypt.Write(plaintextBytes, 0, plaintextBytes.Length);
            csEncrypt.Close();
            byte[] encryptedTextBytes = msEncrypt.ToArray();

get "google" from this code when I entered the result of array of bytes in next time i opened the application ?

MemoryStream msDecrypt = new MemoryStream(decodedlistbyte.ToArray());
            CryptoStream csDecrypt = new CryptoStream(msDecrypt, sa.CreateDecryptor(), CryptoStreamMode.Read);
            byte[] decryptedTextBytes = new Byte[decodedlistbyte.Count];
            csDecrypt.Read(decryptedTextBytes, 0, decodedlistbyte.Count);
            csDecrypt.Close();
            msDecrypt.Close();
            string decrypteddate = (new UnicodeEncoding()).GetString(decryptedTextBytes);
Improve this question
4
  • You are probably changing the salt each time. (which is the right thing to do!) Commented Oct 25, 2011 at 15:09
  • but after encryption i will decrypt it in another PC so the result of decryption must be what i entered in encryption !!! Commented Oct 25, 2011 at 15:11
  • the key you must keep safe and private, the salt you can keep in plain text and share it. Commented Oct 25, 2011 at 15:12
  • 1
    btw, salt== Initialisation vector. And Des is not the most secure algorithm you would be better off using triple des or even better Rijndael Commented Oct 25, 2011 at 15:14

4 Answers 4

Reset to default
2

You are generating a cryptographically secure IV (initialization vector) each time you re-encrypt the plain text - this is good, and the value should change each time. The IV can be kept public and should in no way relate to the encryption key.

However Des is not a very secure algorithm any more and I would recommend switching to Rijndael or tripple des.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

ok no problem about the algo the important thing that i want to get the string back when i run the decryption application in another pc with the same array of bytes that i got from encryption
No thats not really his problem. If he just messed up the IV, only the first part of his data would be garbage, Recall how CBC mode decryption works.
0

I recommend you use a strong symmetric key algorithm such as AES (i.e. Rijndael). Have a look at the RijndaelManaged class in .NET. The same key can be used for encryption and decryption, which is why it's a symmetric algorithm. The security of the key is vital, so keep it private and store it securely.

Improve this answer

Comments

0

Like @Ross said the encrypted string will be different because a new IV should be used each time.

However you current code is using a new Key and IV each time. If you want to be able to decrypt on another computer then you should set the Key and IV yourself - or keep the one automagically produced while encrypting.

E.g. when encrypting

byte[] key = sa.Key;
byte[] iv = sa.IV;
ICryptoTransform ct = sa.CreateEncryptor ();

E.g. while decrypting (on another computer)

ICryptoTransform ct = sa.CreateDecryptor (key, iv);

You can transmit the IV with the encrypted data. The secret key should, of course, be transmitted/shared out-of-band.

Improve this answer

Comments

0

Your problem isn't that he cipher text is different. This is actually an important property of an encryption scheme.

Your problem is either that you are reusing the same symmetric algorithm object without reseting its state or -- more likely, but I can't tell from the snippet, -- reintegrating the symmetric algorithm with a different key and iv.

For decrypt, generate a new symmetric algorithm and then set sa.Key and sa.IV to be the values used in the one you encrypted with. Important, make sure you store the key securely and make sure your IV is random ( you will need to include it in the data you store). Don't hardcode the IV. That is completely insecure.

By the way, DES is rather insecure ( I could try all possible keys in about 3 days 10 years ago). Use AESManaged. Also, crypto is hard and I don't recommend you do it yourself. If you do want to , consider looking at this, it does most of what you want and a little more.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.