|
security
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Question on the use of CryptoStreamfollowing RijndaelManaged myRijndael = new RijndaelManaged (); ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, IV); MemoryStream msEncrypt = new MemoryStream(); CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write); toEncrypt = textConverter.GetBytes(original); csEncrypt.Write(toEncrypt, 0, toEncrypt.Length); csEncrypt.FlushFinalBlock(); encrypted = msEncrypt.ToArray(); This code is straight forward, but there is a piece of missing information. If I am encrypting multiple messages to a single destination and each of these messages are being encrypted with the same key and IV, the I BELIEVE that I should use the same instance of RijndaelManaged for each message and leave Mode set to ChipherMode.CBC (the default). I would also ASSUME that I would use the same instance of the Encryptor for each message. What I do not have an idea on is 1) - if I should use the same instance of the CryptoStream for each message or create a new CryptoStream for each message. 2) - if I can use the same instance of RijndaelManaged for encoding and decoding to/from the same destination. (Not to worry about data volume issues. Key management will be performed independently.) Thanks ------------------------------ Roy Chastain SOHO Technology Solutions, LLC You can use the same encrypter instance, as this is just the functionality
working on the CryptoStream objects. The cryptoCtream objecs however, contains the actual data being encrypted/decrypted. Hence - do NOT use the same cryptostream object for each message you have in your array or list. Create a new CryptoStream object for each message to encrypt. And do remember to call close (or a using statement) on the cryptostream object. -- Show quoteHide quotergds. /Claus Konrad "Roy Chastain" wrote: > The example code in the RijndaelManaged class documentation has the > following > > RijndaelManaged myRijndael = new RijndaelManaged (); > ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, IV); > MemoryStream msEncrypt = new MemoryStream(); > CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, > CryptoStreamMode.Write); > toEncrypt = textConverter.GetBytes(original); > csEncrypt.Write(toEncrypt, 0, toEncrypt.Length); > csEncrypt.FlushFinalBlock(); > encrypted = msEncrypt.ToArray(); > > This code is straight forward, but there is a piece of missing > information. > > If I am encrypting multiple messages to a single destination and each > of these messages are being encrypted with the same key and IV, the I > BELIEVE that I should use the same instance of RijndaelManaged for > each message and leave Mode set to ChipherMode.CBC (the default). > > I would also ASSUME that I would use the same instance of the > Encryptor for each message. > > What I do not have an idea on is > 1) - if I should use the same instance of the CryptoStream for each > message or create a new CryptoStream for each message. > 2) - if I can use the same instance of RijndaelManaged for encoding > and decoding to/from the same destination. (Not to worry about data > volume issues. Key management will be performed independently.) > > Thanks > > > > > ------------------------------ > Roy Chastain > SOHO Technology Solutions, LLC > you should also NEVER reuse the IV!
--- Dominick Baier, DevelopMentor http://www.leastprivilege.com Show quoteHide quote > You can use the same encrypter instance, as this is just the > functionality working on the CryptoStream objects. The cryptoCtream > objecs however, contains the actual data being encrypted/decrypted. > > Hence - do NOT use the same cryptostream object for each message you > have in > your array or list. Create a new CryptoStream object for each message > to > encrypt. > And do remember to call close (or a using statement) on the > cryptostream > object. > "Roy Chastain" wrote: > >> The example code in the RijndaelManaged class documentation has the >> following >> >> RijndaelManaged myRijndael = new RijndaelManaged (); >> ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, IV); >> MemoryStream msEncrypt = new MemoryStream(); >> CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, >> CryptoStreamMode.Write); >> toEncrypt = textConverter.GetBytes(original); >> csEncrypt.Write(toEncrypt, 0, toEncrypt.Length); >> csEncrypt.FlushFinalBlock(); >> encrypted = msEncrypt.ToArray(); >> This code is straight forward, but there is a piece of missing >> information. >> >> If I am encrypting multiple messages to a single destination and each >> of these messages are being encrypted with the same key and IV, the I >> BELIEVE that I should use the same instance of RijndaelManaged for >> each message and leave Mode set to ChipherMode.CBC (the default). >> >> I would also ASSUME that I would use the same instance of the >> Encryptor for each message. >> >> What I do not have an idea on is >> 1) - if I should use the same instance of the CryptoStream for each >> message or create a new CryptoStream for each message. >> 2) - if I can use the same instance of RijndaelManaged for encoding >> and decoding to/from the same destination. (Not to worry about data >> volume issues. Key management will be performed independently.) >> Thanks >> >> ------------------------------ >> Roy Chastain >> SOHO Technology Solutions, LLC I have a similar problem:
- I know I should not reuse the IV. - I have by some means established a session and an AES key/IV pair on client and server. - Over the course of several minutes/hours/days the client will send many messages of differing length over this session to the server and the server should respond, all encrypted. - Using a stream more cipher (AES-CBC) this should theoretically be OK, as the IV is only used/set once at the beginning of the session and the future key stream is generated from the sent data. - Now how is this done practically in dotnet? Which object instance (the Rijndael alg, the transfor, or the CryptoStream, or...) is maintaining the keystream state? - If I close the CryptoStream, as has been suggested, I need to open a new one for the next message (n+). How do I ensure that it doesn't restart the key stream with the initial IV, but with the state after sending the n previous messages? - If I don't close the CryptoStream, how do get around the "cryptoStream receiver blocks waiting for data that never arrives" problem/bug frequently asked about in newsgroups? The answers there don't seem to address the problem of continuing with an existing key stream. Thanks for your help. - Martin 
Other interesting topics
Creating MSI for installing .NET security policies
ActiveDirectory group membership in offline profile SecurityException thrown when serializing custom exception class How to deploy a VS2005 VB app without signing the clickonce manifest and assy Effective FileSystemRights for a WindowsIdentity??? The remote server returned an error: (403) Forbidden in webrequest Which encryption type ???? Seeking Advice on RSA Why am I not trusted? IL code fails with VerificationException |
|||||||||||||||||||||||
