Using Aes for file encryption

Question

2.50/5 (2 votes)

See more:

Hi,

I haven't been using encryption much so this is probably a basic question. I'm writing a small program to encrypt a file using username and password information from the user.

Currently I've created an instance of AesManaged which is always instantiated the same way, regardless if I'm encrypting or decrypting the data.

The code is as follows:

C#

private static System.Security.Cryptography.Aes InitAes(string username, string password) {
   System.Security.Cryptography.Aes aes = new System.Security.Cryptography.AesManaged();

   aes.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
   aes.KeySize = 128;
   aes.Key = System.Text.Encoding.Unicode.GetBytes(password);
   aes.IV = System.Text.Encoding.Unicode.GetBytes(username);

   return aes;
}

As you can see I've simply used the password as key and the username as IV.

Now, I've understood that in this situation the preferred way is to generate both key and IV with Rfc2898DeriveBytes.

The question I'm asking: Is that correct? And if it is, how should I use Rfc2898DeriveBytes? If I use random salt in encryption, how should I decrypt the file?

Posted 4-Sep-12 10:05am

Wendelius

Add a Solution

Comments

Kenneth Haugland 4-Sep-12 16:23pm

Just out of curiosity why did you choose AesManaged? seems to be a lot of encryption algorithms to choose from:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.aspx
Not saying its wriong, just wonded :)

Wendelius 4-Sep-12 16:38pm

Good question, I was looking for quite strong but easy to implement encryption. First I thought about Rijndael, but then I read somewhere from MSDN that Aes should be used instead. At that point Aes seemed sufficient, but I'm definitely open to suggestions :)

Kenneth Haugland 4-Sep-12 16:49pm

Seems that this guy agrees with your choise in any case:
http://msdn.microsoft.com/en-us/magazine/cc164055.aspx

Wendelius 4-Sep-12 16:53pm

That's a good read, thanks!

Kenneth Haugland 4-Sep-12 17:01pm

It also seems that the Aes uses Rijndael algorithm, at least to judge by the reference in the bottom. I just got interested and had to find out, this stuff would be good to know in any case :)

Wendelius 6-Sep-12 10:49am

Noticed this comment: "Although the terms AES and Rijndael are sometimes used interchangeably, they are distinct." :)

Wendelius 10-Sep-12 0:48am

If you want to have a look how the code looks like in whole, I used for a small article: Encrypting a dataset using AES[^] :)

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Wendelius · Answer 1 · 2012-09-06T04:46:00

Not sure if this is the best approach for the question, but I came up with the following solution.

Define a new Rfc2898DeriveBytes
Define the password as the password for Rfc2898DeriveBytes (well this was surpising)
Define the username as salt
Use the first 16 bytes (128 bit) as the Key for Aes
Use the next 16 bytes as the initialization vector

So the code looks currently like this:

C#

private static System.Security.Cryptography.Aes InitAes(string username, string password) {
   System.Security.Cryptography.Aes aes = new System.Security.Cryptography.AesManaged();
   System.Security.Cryptography.Rfc2898DeriveBytes rfc2898 
   = new System.Security.Cryptography.Rfc2898DeriveBytes(password, 
                                                         System.Text.Encoding.Unicode.GetBytes(username));

   aes.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
   aes.KeySize = 128;
   aes.Key = rfc2898.GetBytes(16);
   aes.IV = rfc2898.GetBytes(16);

   return aes;
}

If anybody has comments or enhancement ideas, feel free to add them as comments or solutions.