Decryption Works and Encryption Does not

I have converted an old project(crap, 0 documentation) from asp.net 1.1 to 4.5 ,which works fine.But now we have to change the connection strings of a project that interacts with ours so it points to our new sql database. And we need to encrypt the new sqlconnection strings but there was 0 documentation on this and how they encrypt the strings

I have managed to get the decryptor working:

public static string DecryptConnectionString(string value)
        {
            string cryptoKey = "xxxxxxxx";
            Byte[] IV = { xxx, x, xx, xx, x, xx,xxx,xx};
            Byte[] byt;
            byt = Convert.FromBase64String(value);

            TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();

            MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
            des.Key = md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(cryptoKey));
            des.IV = IV;

            return Encoding.ASCII.GetString(des.CreateDecryptor().TransformFinalBlock(byt, 0, byt.Length));

        }

But my encryptor isn't working it gives me a bogus string of random characters (like a club) and when i plug back into the decryptor it crashes

Here is my encryptor work so far:

 public static string EncryptConnectionString(string value)
        {
            char[] v =value.ToCharArray();
            string cryptoKey = "xxxxxxxxx";
            Byte[] IV = { xxx, x, xx, xx, x, xx,xxx,xx};
            Byte[] byt;
             byt = Encoding.ASCII.GetBytes(value);



            TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();

            MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
            des.Key = md5.ComputeHash(ASCIIEncoding.ASCII.GetBytes(cryptoKey));
            des.IV = IV;


            return Encoding.ASCII.GetString(des.CreateEncryptor().TransformFinalBlock(byt, 0, byt.Length));
        }

Thanks in advance

Jon Skeet
people
quotationmark

This is problematic:

return Encoding.ASCII.GetString(...);

The result of encryption is arbitrary binary data. Do not try to convert it into a string like that - you'll almost always lose data.

Instead, either just return the encrypted data as a byte[], or use something like Base64 to convert it into text in a reversible way:

return Convert.ToBase64String(...);

In fact, in your decryption code you already appear to be assuming it's Base64:

byt = Convert.FromBase64String(value);

... so you don't even need to change the decryption code.

(I'm pretty dubious about using MD5 to create a key like this, by the way - but that's a different matter. Oh, and currently you can't handle any non-ASCII text (use UTF-8 instead) and you call ToCharArray for no obvious reason.)

See my blog post on reversible data transformations for more details about this sort of thing, and how to take the process apart step-by-step if you run into a similar problem in the future.

people

See more on this question at Stackoverflow