2

I use the following javascript to encrypt some data : http://www.movable-type.co.uk/scripts/aes.html

I have to decrypt it with C#. Anyone knows how to decrypt that with the Rijndael manager ?

I want to avoid to port the code ;-)

Thanks in advance

hotips
  • 2,409
  • 6
  • 37
  • 55
  • http://social.msdn.microsoft.com/Forums/en-US/csharpgeneral/thread/df38debe-3c4a-4792-8ddb-24d12e827e75/ – Daniel A. White Mar 24 '11 at 00:45
  • Also see this question: http://stackoverflow.com/questions/1149611/getting-slowaes-and-rijndaelmanaged-class-in-net-to-play-together which shows how to get SlowAES (a javascript AES library) to work with .NET/C#. It works. (but not in CTR mode) – Cheeso Mar 25 '11 at 00:21
  • 1
    I finally rewrote the algorithm in C# ;) – hotips Feb 18 '12 at 13:05
  • @hotips Care to post your code here as an answer? – Artjom B. Apr 19 '17 at 21:53
  • This was done for a customer with tight terms and conditions regarding ip... sorry – hotips Apr 20 '17 at 05:47

3 Answers3

10

Alas, CTR mode is not implemented as a "mode" in the builtin AES class in the System.Security.Cryptography namespace.

But, there is a solution. CTR mode is not too difficult to implement using the builtin AES class operating in ECB mode, an IV of all zeros, no padding, and a few tweaks. Basically, for each block, CTR mode encrypts the counter, then XORs the result of that encryption with the plaintext to get the ciphertext. That's for encryption. You'd do the converse for decryption. Since the transform operation is XOR, it's reflexive, so decryption is really the same as encryption.

Start with the counter at zero for the first block of 16-bytes (the block size for AES); increment the counter for each subsequent block.

Honestly, the trickiest part about the whole affair is segmenting the data to be encrypted, into blocks of 16 bytes. If the app asks to encrypt 10 bytes, you can't encrypt. You need to wait til you get a full 16 bytes before you do the transform. So you need to manage a buffer.

I don't have a working code demo for you, but given this description it shouldn't be too hard to construct a CTR mode suitable for you. You can see an example of CTR mode encryption based on the builtin AES class in the WinZipAes.cs module, part of the open-source DotNetZip library. This code does work but isn't ready to be used outside of DotNetZip. You'd need to repackage it to make it clean.

On the other hand, if you just want to get Javascript and C# to interoperate with AES, and you are not particularly wedded to CTR mode, then you could use ECB mode, very easily. This question shows you how to get SlowAES and .NET's Aes class to work together, and it includes links to working code (Javascript, C#, and VB). But be careful about ECB mode.

This is a different Javascript library than the one you selected; I prefer slowAES because it made more sense to me. also, in that answer I provide supporting classes like the RFC2898 password-based key derivation.

Good luck.

Community
  • 1
  • 1
Cheeso
  • 180,104
  • 92
  • 446
  • 681
2

I don't have enough points to reply to Cheeso's answer, but I do not believe this is accurate, "If the app asks to encrypt 10 bytes, you can't encrypt."

Since CTR mode encrypts the nonce, and then XORs the result with clearText, you can encrypt blocks of any size. That's actually one of the primary benefits of CTR mode, along with parallel encryption.

Jack Bond
  • 259
  • 2
  • 7
-2

You may also want to ensure that your input to the AES ECB block is a combination of a random IV and a byte offset. For example, the upper 92 bits is the random IV (different for each file) and the lower 32 bits is your byte offset.

Using an IV of 0 for every file encryption is dangerous. (check out "Writing Secure Code", pg. 285, 2nd edition). Vary the key and IV for each encrypt operation.

Jason
  • 1