I'm working on an semi-internal encryption process for somewhat sensitive information. Email addresses and the like. I'm working with a few other developers at some sister companies on the project, and the requirements are that everyone's encryption can talk to everyone else's. We use a global password, encrypt and decrypt information onsite, and that's about it.
My problem is that my encryption procedure, while matching theirs, is giving me variable results. I'm currently polling our SQL server for the strings to be encrypted in question, iterating through the array of results, and updating the server with the encrypted strings.
The problem is that the first string is always different from all subsequent strings, and isn't recognized as valid by the testing software we're supposed to be basing our solution off of. The second and all subsequent strings come through just fine.
Example:
[email protected] - BrPURPlWW7+VYrR5puJ/JHXoIp/MV5WR
[email protected] - BrPURPlWW79h+n4Tgot0xRmM7SdWQQsy
[email protected] - BrPURPlWW79h+n4Tgot0xRmM7SdWQQsy
I can't quite figure out what's going on, because I can encrypt and decrypt back and forth on my own machine with no issues. Any advice would be lovely.
My encryption function follows:
Private TripleDES As New DESCryptoServiceProvider
Sub New(ByVal key As String)
Dim ivHash(), keyHash() As Byte
keyHash = System.Text.Encoding.UTF8.GetBytes(key)
ReDim Preserve keyHash(7)
TripleDES.Key = keyHash
ivHash = System.Text.Encoding.UTF8.GetBytes(String.Empty)
ReDim Preserve ivHash(7)
TripleDES.IV = ivHash
End Sub
Public Function EncryptData(ByVal Plaintext As String) As String
Dim PlaintextBytes() As Byte = System.Text.Encoding.UTF8.GetBytes(Plaintext)
Dim ms As New System.IO.MemoryStream
Dim encStream As New CryptoStream(ms, TripleDES.CreateEncryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
TripleDES.Mode = CipherMode.ECB
encStream.Write(PlaintextBytes, 0, PlaintextBytes.Length)
encStream.FlushFinalBlock()
Return Convert.ToBase64String(ms.ToArray)
End Function
Public Function DecryptData(ByVal EncryptedText As String) As String
Dim EncryptedBytes() As Byte = Convert.FromBase64String(EncryptedText)
Dim ms As New System.IO.MemoryStream
Dim decStream As New CryptoStream(ms, TripleDES.CreateDecryptor(), System.Security.Cryptography.CryptoStreamMode.Write)
TripleDES.Mode = CipherMode.ECB
decStream.Write(EncryptedBytes, 0, EncryptedBytes.Length)
decStream.FlushFinalBlock()
Return System.Text.Encoding.UTF8.GetString(ms.ToArray)
End Function
You are setting
TripleDES.Mode = CipherMode.ECB
after you have calledTripleDES.CreateEncryptor()
, so the first encryption is using the default value ofCipherMode.CBC
. SinceTripleDES
is reused, after the first call toEncryptData
itsMode
is set correctly.Move
TripleDES.Mode = CipherMode.ECB
intoNew
and it should work consistently.