Explore. NET core Data encryption and decryption issues

Objective

It's been bothering me. About data encryption this piece, 24th night with nearly 3 hours to complete a task, this thought can be solved immediately, but in order to ensure the security of data, we began to encrypt the data, and then the next 3 hours specifically to study the encryption of this piece, but using the use but found a little problem, So come back from work to write this blog until late at night to formally solve, please look down.

3DES Data Encryption

Since the data needs to be obtained and displayed so that only symmetric encryption can be used, there are countless implementations of the. NET Framework on the Internet for encryption, as if the. NET core is relatively small, and the study begins. This time using DES or Triple des also known as 3DES, the full name of Triple Data encryption Algorithm (Tdea or Triple DEA), that is, symmetric cipher block password, 3DES each block of data using the algorithm for 3 encryption, the initial design of the algorithm, the number of bits is only 56 bits is 7 bytes, the designer thinks that is sufficient, but with the rapid development of computers, exposing the crack has made the problem of the algorithm increasingly prominent, The advent of the 3DES algorithm provides a relatively simple way to increase the size of the key to prevent attacks, rather than redesign a new set of block cipher algorithms.

3DES Encryption algorithm naming

The earliest criteria for defining the algorithm were placed in ans X9.52 and described in 1998 as a triple Data encryption algorithm (TDEA), which defines three operations for the algorithm in ANSI X3.92 but does not use DES or 3DES until the FIPS PUB released in 1999 46-3 formally named Triple Data encryption algorithm, probably in the form of 2004 to 2005 formally introduced triple Data encryption algorithm, has been tdea exist, that is, Tdea is 3DES, but did not use 3DES as standard terminology.

3DES Algorithmic Logic

The Triple Data encryption algorithm uses include key K1, key K2 and key constraint K3, each containing 56 bits without parity, the algorithm implementation formula is as follows:

ciphertext = EK3 (DK2 (EK1 (plaintext)))

That

cipher Text = EK3 (DK2 (EK1))

The data is encrypted with K1, the data is decrypted with K2, and the data is encrypted with K3.

The decryption formula is as follows:

plaintext = DK1 (EK2 (DK3 (ciphertext)))

That

Pingwen = DK1 (EK2 (DK3 (ciphertext)))

The data is decrypted with K3J, the data is encrypted with K2, and the data is encrypted with K1. Each encryption processes 64 bits of data and forms a piece.

3DES encryption Options

Three key options are defined.

(1) Three keys are independent of each other.

(2) K1 and K2 keys are independent, but K1 = K3.

(3) Three keys are equal.

Key Option 1 has the highest strength, with 3 x 56 = 168 Independent key bits.

Key Option 2 has a slightly lower security, with 2 x 56 = 112 separate key bits. This option is more intense than the simple application des two times, i.e. using K1 and K2, as it can defend against midway encounters attacks.

The key option 3 is equivalent to Des, with only 56 key bits. This option provides compatibility with Des because the 1th and 2nd des operations cancel each other out. This option is no longer recommended by the National Institute of Technology (NIST) nor is it supported by ISO/IEC 18033-3.

Using 3DES to implement encryption and decryption in the. NET Framework

Let's look at the specific implementation of 3DES in the. NET framework, as follows:

         Public Static stringDesencrypt (stringInputstringkey) {            byte[] Inputarray =Encoding.UTF8.GetBytes (input); TripleDESCryptoServiceProvider TripleDES=NewTripleDESCryptoServiceProvider (); Tripledes.key=Encoding.UTF8.GetBytes (key); Tripledes.mode=CIPHERMODE.ECB; Tripledes.padding=PADDINGMODE.PKCS7; ICryptoTransform Ctransform=Tripledes.createencryptor (); byte[] Resultarray = Ctransform.transformfinalblock (Inputarray,0, inputarray.length);            Tripledes.clear (); returnConvert.tobase64string (Resultarray,0, resultarray.length); }
         Public Static stringDesdecrypt (stringInputstringkey) {            byte[] Inputarray =convert.frombase64string (input); TripleDESCryptoServiceProvider TripleDES=NewTripleDESCryptoServiceProvider (); Tripledes.key=Encoding.UTF8.GetBytes (key); Tripledes.mode=CIPHERMODE.ECB; Tripledes.padding=PADDINGMODE.PKCS7; ICryptoTransform Ctransform=Tripledes.createdecryptor (); byte[] Resultarray = Ctransform.transformfinalblock (Inputarray,0, inputarray.length);            Tripledes.clear (); returnEncoding.UTF8.GetString (resultarray); }

We give a 16-bit encryption key, then encrypt and decrypt the corresponding data.

            var " Jeffcky " ;             var " sblw-3hn8-sqoy19 " );            Console.WriteLine (name);             var " sblw-3hn8-sqoy19 " );            Console.WriteLine (DECRYPTSTR);

We define the key as 16 bytes, that is, there should be two keys, but at this time the key is different, so guess the second in the internal implementation of the 3DES password option, because the key 3 and the key 1 is equal, since there is no error, the internal should go to the number of bits in key 1 as the number of digits of the key 3. We'll see what happens in. NET core next.

Leverage 3DES for encryption and decryption in. NET Core

Since there is no tripledescryptoserviceprovider in. NET core instead of TripleDES , our code needs to be modified slightly at this point, as follows:

         Public Static stringDesencrypt (stringInputstringkey) {            byte[] Inputarray =Encoding.UTF8.GetBytes (input); varTripleDES =tripledes.create (); varBytekey =Encoding.UTF8.GetBytes (key); Tripledes.key=Bytekey; Tripledes.mode=CIPHERMODE.ECB; Tripledes.padding=PADDINGMODE.PKCS7; ICryptoTransform Ctransform=Tripledes.createencryptor (); byte[] Resultarray = Ctransform.transformfinalblock (Inputarray,0, inputarray.length); returnConvert.tobase64string (Resultarray,0, resultarray.length); }         Public Static stringDesdecrypt (stringInputstringkey) {            byte[] Inputarray =convert.frombase64string (input); varTripleDES =tripledes.create (); varBytekey =Encoding.UTF8.GetBytes (key); Tripledes.key=Bytekey; Tripledes.mode=CIPHERMODE.ECB; Tripledes.padding=PADDINGMODE.PKCS7; ICryptoTransform Ctransform=Tripledes.createdecryptor (); byte[] Resultarray = Ctransform.transformfinalblock (Inputarray,0, inputarray.length); returnEncoding.UTF8.GetString (resultarray); }

Then make the call:

            var " Jeffcky " ;             var " sblw-3hn8-sqoy19 " );            Console.WriteLine (name);             var " sblw-3hn8-sqoy19 " );            Console.WriteLine (DECRYPTSTR);

The result is an error with the following details:

 is  for  this algorithm. "

From the above description we give the size of the key to 3DES symmetric encryption algorithm is not valid, why, in the. NET framework is good, when we debug the mouse in the 3DES key when you will find that it actually needs 24 bytes of bytes, and we only provide 16 bytes, as follows:

So here we should know where the problem is, according to our introduction to the 3DES the internal implementation of the option should be the key option 2, the key 1 and key 2 separate, and the key 3 and the key is the same, in the. NET Framework we only have two keys, Since the third key is the same as the first one, since there is no mistake, the key 1 is internally reused, but in. NET core we need to give 24 bytes, stating that even if the key 1 and key 3 are the same, we need to provide the key byte, so we just copy the 1 bytes from the key eight to the key 3. This will have 24 bytes, implemented as follows:

         Public Static stringDesencrypt (stringInputstringkey) {            byte[] Inputarray =Encoding.UTF8.GetBytes (input); varTripleDES =tripledes.create (); varBytekey =Encoding.UTF8.GetBytes (key); byte[] Allkey =New byte[ -]; buffer.blockcopy (Bytekey, 0, Allkey, 0, 16); Buffer.blockcopy (bytekey, 0, Allkey, 8,); Tripledes.key=Allkey; Tripledes.mode=CIPHERMODE.ECB; Tripledes.padding=PADDINGMODE.PKCS7; ICryptoTransform Ctransform=Tripledes.createencryptor (); byte[] Resultarray = Ctransform.transformfinalblock (Inputarray,0, inputarray.length); returnConvert.tobase64string (Resultarray,0, resultarray.length); }         Public Static stringDesdecrypt (stringInputstringkey) {            byte[] Inputarray =convert.frombase64string (input); varTripleDES =tripledes.create (); varBytekey =Encoding.UTF8.GetBytes (key); byte[] Allkey =New byte[ -]; buffer.blockcopy (Bytekey, 0, Allkey, 0, 16); Buffer.blockcopy (bytekey, 0, Allkey, 8,); Tripledes.key=Allkey; Tripledes.mode=CIPHERMODE.ECB; Tripledes.padding=PADDINGMODE.PKCS7; ICryptoTransform Ctransform=Tripledes.createdecryptor (); byte[] Resultarray = Ctransform.transformfinalblock (Inputarray,0, inputarray.length); returnEncoding.UTF8.GetString (resultarray); }

Let's look at the print results again:

            varName ="Jeffcky"; Console.WriteLine ($"the encrypted string is {name}"); varEncryptstr = desencrypt (name,"sblw-3hn8-sqoy19"); Console.WriteLine ($"after encryption, the result is: {ENCRYPTSTR}"); varDecryptstr = Desdecrypt (Encryptstr,"sblw-3hn8-sqoy19"); Console.WriteLine ($"the decrypted string is {DECRYPTSTR}");

Summarize

At that time I was on the verge of collapse, finding the data to find out that someone had a problem, and then to understand the 3DES fundamentals to solve the problem.

Remember: Using 3DES encryption and decryption in. NET core must give 3 keys, or 24 bytes, even if key 3 and key 1 are equal, it does not reuse the number of bits in key 1 as in the. NET Framework.

Reference: Http://stackoverflow.com/questions/39013264/tripledes-16-byte-not-working

Explore. NET core Data encryption and decryption issues