Below is a working c# Cryptography Code.
Included namespace reference
using System.Web.Script.Serialization;
using System.Security.Cryptography;
using System.Text;
C# code to encode json format user data
// Encode the data into a JSON object
JavaScriptSerializer s = new JavaScriptSerializer();
string json_data = s.Serialize(user_data);
string site_key = "84129";
string api_key = "0d2c15da-b36f-4a9c-8f44-93eb95811e2e-05e1fb36-54aa-44fc-888e-45d2669c3013";
byte[] bIV = { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };
//Using byte arrays now instead of strings
byte[] encrypted = null;
byte[] data = Encoding.ASCII.GetBytes(json_data);
//Use the AesManaged object to do the encryption
using (AesManaged aesAlg = new AesManaged())
{
aesAlg.IV = bIV;
aesAlg.KeySize = 16 * 8;
// Create the 16-byte salted hash
SHA1 sha1 = SHA1.Create();
byte[] saltedHash = sha1.ComputeHash(Encoding.ASCII.GetBytes(api_key + site_key), 0, (api_key + site_key).Length);
Array.Resize(ref saltedHash, 16);
aesAlg.Key = saltedHash;
// Encrypt using the AES Managed object
ICryptoTransform encryptor = aesAlg.CreateEncryptor();
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
csEncrypt.Write(data, 0, data.Length);
csEncrypt.FlushFinalBlock();
}
encrypted = msEncrypt.ToArray();
}
}
// the Base64-encoded encrypted data
string encodedData= Convert.ToBase64String(encrypted, Base64FormattingOptions.None)
.TrimEnd("=".ToCharArray()) // Remove trailing equal (=) characters
.Replace("+", "-") // Change any plus (+) characters to dashes (-)
.Replace("/", "_"); // Change any slashes (/) characters to underscores (_)
Note : json_data string is like..
{"email":"[email protected]","name":"chandresh","expires":"2013-07-05T11:47:32"}
I have tryed to write CryptoJS Code equivalent to above C# working code.
Somehow, the encryption/encoding done is not valid encodedData. Please help
var json_data = '{"email":"[email protected]","name":"chandresh","expires":"2013-07-05T11:47:32"}';
var site_key = "84129";
var api_key = "0d2c15da-b36f-4a9c-8f44-93eb95811e2e-05e1fb36-54aa-44fc-888e-45d2669c3013";
var _iv = [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
var options = { mode: CryptoJS.mode.CBC, padding: CryptoJS.pad.Pkcs7, iv: _iv, keySize: 128/8 };
// Create the 16-byte salted hash
var saltedHash = CryptoJS.SHA1(api_key + site_key);
saltedHash.sigBytes = 16;
saltedHash = CryptoJS.enc.Base64.stringify(saltedHash);
var encrypted = CryptoJS.AES.encrypt(json_data,saltedHash, options);
// the Base64-encoded encrypted data
var encodedData = encrypted.ciphertext.toString(CryptoJS.enc.Base64);
encodedData = encodedData.trimEnd("="); // Remove trailing equal (=) characters
encodedData = encodedData.replace(/\+/gi, "-"); // Change any plus (+) characters to dashes (-)
encodedData = encodedData.replace(/\//gi, "_"); // Change any slashes (/) characters to underscores (_)
You are Base64-encoding the key in the JavaScript version. Just pass in the saltedHash variable without encoding and it should work.
There are other issues with this cryptographic system though. A static IV is almost always a security issue. Key derivation is also dubious here.