|
dev
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
DES Querystring EncryptiionThe problem is that they told me that their encryption package uses only a "key" to perform the encryption.... http://www.lc.leidenuniv.nl/awcourse/oracle/appdev.920/a96612/d_obtoo2.htm ....but the .NET DES object that I expect to use to decrypt the Querystring expects 2 parameters, the original KEY used to encode it plus an Initialization Vector (IV) http://msdn2.microsoft.com/system.security.cryptography.des.aspx It seems to me that unless I have the IV, that there is no way that I can decode the Querystring they send me. Any idea? I saw an example on the web http://www.devcity.net/Articles/47/1/encrypt_querystring.aspx which uses the following IV : Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF} Since I saw this same IV value in multiple web examples, I thought perhaps for some reason it was commonly used, though using this value along with the key that was provided to me did not yeild a meaningful result. Any suggestions would be appreciated. That's correct. You can agree with them on a suitable vector that you would
hard code in if they don't want to pass it to you. -- Regards, Alvin Bruney [MVP ASP.NET] [Shameless Author plug] The Microsoft Office Web Components Black Book with .NET Now Available @ www.lulu.com/owc Forth-coming VSTO.NET - Wrox/Wiley 2006 ------------------------------------------------------- "Chad" <chad.dokmanov***@unisys.com> wrote in message Another (non .NET, Oracle) application will be passing my .NET webnews:dr60cn$23h$1@trsvr.tr.unisys.com... application data via the QueryString. I was told that this data would be DES encrypted and Base64 encoded. The problem is that they told me that their encryption package uses only a "key" to perform the encryption.... http://www.lc.leidenuniv.nl/awcourse/oracle/appdev.920/a96612/d_obtoo2.htm ....but the .NET DES object that I expect to use to decrypt the Querystring expects 2 parameters, the original KEY used to encode it plus an Initialization Vector (IV) http://msdn2.microsoft.com/system.security.cryptography.des.aspx It seems to me that unless I have the IV, that there is no way that I can decode the Querystring they send me. Any idea? I saw an example on the web http://www.devcity.net/Articles/47/1/encrypt_querystring.aspx which uses the following IV : Private IV() As Byte = {&H12, &H34, &H56, &H78, &H90, &HAB, &HCD, &HEF} Since I saw this same IV value in multiple web examples, I thought perhaps for some reason it was commonly used, though using this value along with the key that was provided to me did not yeild a meaningful result. Any suggestions would be appreciated. Several years ago I had to do something similar using VB6 and a third party
encryption component. I had to decrypt the querystring data which was encrypted by a Java application. I think it was DES (instead of 3DES). They only gave me a PW and said not to use an IV. I thought it strange but I did so and it worked. Hope this helps...  |
|||||||||||||||||||||||
Other interesting topics