INTRODUCTION
AES256 is symmetric key algorithm i.e., same Key is used for both encryption and decryption process.
AES256 is a 256 bits encryption/decryption algorithm that encrypts a plain text into a human unreadable format using an encryption key (Key 256 bits) and initialization vector (IV 128 bits). The Key size should be 256 bits and block size should be 128 bits. It uses Cipher Block Chaining (CBC) mode which introduces feedback. Before each plain text block is encrypted, it is combined with the cipher text of the previous block by a bitwise exclusive OR operation. This ensures that if the plain text contains many identical blocks, they will each encrypt to different cipher text block. The initialization vector (IV) is combined with the plain text block by a bitwise exclusive OR operation before the block is encrypted. If a single bit of a cipher text block is mangled, the corresponding plain text block will also be mangled. The padding mode used is PKCS7 i.e., Public Key Cryptography Standards 7 which consists of a sequence of bytes, each of which is equal to the total number of padding bytes added.
ENCRYPTION
AesEcnrypt accepts three parameters namely: PlainText, Key and IV. The PlainText is converted into an array of bytes that needs to be encrypted. Using RijndaelManaged class provided by .net, Key and IV are assigned after converting them into array of bytes, followed by the specification of the CipherMode and PaddingMode.
Following Cipher Modes are supported by RijndaelManaged class:
CBC – Cipher Block Chaining (recommended and preferred)
CFB – Cipher Feedback
CTS – Cipher Text Stealing
ECB – Electronic Code Book
OFB – Output Feedback
Following Padding Modes are supported:
ANSIX923
ISO10126
None
PKCS7 (recommended)
Zeroes
In our process of encryption we have used CBC Cipher Mode and PKCS7 Padding Mode. Specify the KeySize as 256 and BlockSize as 128.
Using the CryptoStream class we start encryption process by passing three parameters i.e., MemoryStream object onto which it will perform cryptographic transformation, the cryptographic transformation that is to be performed on the stream i.e., CreateEncryptor method provided by RijndaelManaged class, and CryptoStreamMode which of course will be Write mode. Using the CryptoStream object , write the PlainText bytes on to the stream and finally convert the MemoryStream object to Base64 string.
DECRYPTION
AesDecrypt accepts three parameters namely: CipherText, Key and IV. The same Key that is used for encryption process and the same IV used for encryption process. The CipherText is converted into an array of bytes that needs to be decrypted. In our process of decryption we have used the same CBC Cipher Mode and PKCS7 Padding Mode. Specify the same KeySize as 256 and BlockSize as 128.
Using the CryptoStream class we start decryption process by passing three parameters i.e., MemoryStream object onto which it will perform cryptographic transformation, the cryptographic transformation that is to be performed on the stream i.e., CreateDecryptor method provided by RijndaelManaged class, and CryptoStreamMode which of course will be Write mode. Using the CryptoStream object, write the CipherText bytes on to the stream and finally convert the MemoryStream object to UTF8 string.
IMPLEMENTATION
Encryption
/// <summary>
/// AES_Encrypt method to encrypt a series of text with Key and IV
/// </summary>
/// <param name=" DecryptedData ">plain text to be encrypted</param>
/// <param name=" AesKey ">Key to encrypt the data</param>
/// <param name=" AesIV ">IV to encrypt the data in combination with Key </param>
/// <returns></returns>
public string AesEncrypt(string DecryptedData, string AesKey, string AesIV)
{
if (string.IsNullOrEmpty(DecryptedData))
throw new ArgumentNullException("DecryptedData");
if (string.IsNullOrEmpty(AesKey))
throw new ArgumentNullException("AesKey");
if (string.IsNullOrEmpty(AesIV))
throw new ArgumentNullException("AesIV");
string encryptedString = string.Empty;
byte[] bytesToBeEncrypted = Encoding.UTF8.GetBytes(DecryptedData);
using (MemoryStream ms = new MemoryStream())
{
using (RijndaelManaged AES = new RijndaelManaged())
{
try
{
//defining key size and block size
AES.KeySize = 256;
AES.BlockSize = 128;
AES.Key = Encoding.UTF8.GetBytes(AesKey);
AES.IV = Encoding.UTF8.GetBytes(AesIV);
AES.Mode = CipherMode.CBC;
AES.Padding = PaddingMode.PKCS7;
using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
cs.Close();
}
encryptedString = Convert.ToBase64String(ms.ToArray());
}
catch (Exception ex)
{
}
}
}
return encryptedString;
}
Decryption
/// <summary>
/// AES_Decrypt method to decrypt a series of encrypted text with provided Key and IV
/// </summary>
/// <param name="EnryptedData">encrypted text that needs to be decrypted</param>
/// <param name="AesKey">Key to decrypt the data (the same key used for encryption)</param>
/// <param name="AesIV">IV to decrypt the data (the same IV used for encryption)</param>
/// <returns></returns>
public string AesDecrypt(string EnryptedData, string AesKey, string AesIV)
{
if (string.IsNullOrEmpty(EnryptedData))
throw new ArgumentNullException("EnryptedData");
if (string.IsNullOrEmpty(AesKey))
throw new ArgumentNullException("AesKey");
if (string.IsNullOrEmpty(AesIV))
throw new ArgumentNullException("AesIV");
string decryptedString = string.Empty;
byte[] bytesToBeDecrypted = Convert.FromBase64String(EnryptedData);
using (MemoryStream ms = new MemoryStream())
{
using (RijndaelManaged AES = new RijndaelManaged())
{
try
{
//defining key size and block size
AES.KeySize = 256;
AES.BlockSize = 128;
AES.Key = Encoding.UTF8.GetBytes(AesKey);
AES.IV = Encoding.UTF8.GetBytes(AesIV);
AES.Mode = CipherMode.CBC;
AES.Padding = PaddingMode.PKCS7;
using (var cs = new CryptoStream(ms, AES.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(bytesToBeDecrypted, 0, bytesToBeDecrypted.Length);
cs.Close();
}
decryptedString = Encoding.UTF8.GetString(ms.ToArray());
}
catch (Exception ex)
{ }
}
}
return decryptedString;
}
The image blow explains how encryption and decryption works in a web application:
SUMMARY
RijndaelManaged is a class that provides methods to implement AES 256 algorithm. AES is not an algorithm but a standard set by US NIST and that is what AES stands for i.e., Advanced Encryption Standard, which was introduced to provide much better way to achieve cryptography after DES and TrippleDES. In a competition to set standards by NIST, two Belgian Cryptologists namely Vincent Rijmen and Joan Daemen introduced their work of cryptography and later on won the competition to set standards for AES by NIST. Rijndael (the combination of the surname of the cryptologists) is an algorithm popularly used as AES.
AES supports 128, 192, 256 key size and 128 bits block size but Rijndael provides variable block size for the process with minimum 128 and max 256 bits.
No comments:
Post a Comment