I have received a task to encrypt and decrypt an XML string by using a TOKEN and a KEY.
The encryption shall use 3DES EDE / ECB / NOPadding and can be made either in PHP or C#
I am not so prepared on this so I have read around a bit of theory and came to a very easy implementation which is as follow:
public string Encrypt( string message, string key, string token ) {
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes( message );
byte[] keyArray = CreateHash( key );
byte[] vectorArray = CreateHash( token );
TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes. We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.ECB;
//padding mode(if any extra byte added)
tdes.Padding = PaddingMode.None;
ICryptoTransform cTransform = tdes.CreateEncryptor(keyArray, vectorArray);
//transform the specified region of bytes array to resultArray
byte[] resultArray = cTransform.TransformFinalBlock( toEncryptArray, 0, toEncryptArray.Length );
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase64String( resultArray, 0, resultArray.Length );
}
private byte[] CreateHash( string toHash ) {
//use get hashcode regards to your key
MD5CryptoServiceProvider hashKey = new MD5CryptoServiceProvider();
byte[] kArray = hashKey.ComputeHash( UTF8Encoding.UTF8.GetBytes( toHash ) );
//Always release the resources and flush data
//of the Cryptographic service provide. Best Practice
hashKey.Clear();
return kArray;
}
However I think this is not completely correct. In fact I am not sure that the TOKEN shall be used this way. Can somebody provide more informations and point me to the right direction on how to solve this problem?
Thanks
You could use token as a vector on TripleDESCryptoServiceProvider, together with the key.
ICryptoTransform cTransform = tdes.CreateEncryptor(key, token);