WebApp Sec mailing list archives
Re: What problem have this Rijndael(.NET&PHP) code?
From: "Jamie Riden" <jamesr () europe com>
Date: Sat, 16 Dec 2006 08:42:04 +1300
On 15/12/06, 김영일 <zero12a () naver com> wrote:
Dear, web security Professionals. I have a AES problem. I want to send confidential data. STEP is bottom... * STEP 1. Encrypt confidential-data by C#.NET. 2. Send encrypted data on HTTP(80) protocol. 2. Decrypt encyrpted data by PHP & mcrypt(2.4.x)
I got PHP's mcrypt talking to the Botan library in C++ and I think one of the issues was the padding scheme - not the actual mechanics of the encryption itself. Unfortunately, I don't have access to the source code any more, and I don't know the .NET implementation. The Botan doc states : "In the case of the ECB and CBC modes, a padding method can also be specified. If it is not supplied, ECB defaults to not padding, and CBC defaults to using PKCS #5/#7 compatible padding. The padding methods currently available are "NoPadding", "PKCS7", "OneAndZeros", and "CTS". CTS padding is currently only available for CBC mode, but the others can also be used in ECB mode." I seem to remember that I had to use 'NoPadding' to interoperate with PHP - the PHP docs are kind of vague on this. Google suggests you may need "RijndaelCipher.Padding = PaddingMode.None;" in your .NET stuff. (You know that ECB mode isn't a great one to use unless you don't have any patterns in your plaintext? CBC is probably best for encrypting data etc.) Hope this helps a bit. cheers, Jamie -- Jamie Riden, CISSP / jamesr () europe com / jamie.riden () gmail com NZ Honeynet project - http://www.nz-honeynet.org/
Current thread:
- What problem have this Rijndael(.NET&PHP) code? 김영일 (Dec 15)
- Re: What problem have this Rijndael(.NET&PHP) code? Peter Conrad (Dec 18)
- Message not available
- Re: What problem have this Rijndael(.NET&PHP) code? Scott C. Sanchez (Dec 18)
- Re: What problem have this Rijndael(.NET&PHP) code? Jamie Riden (Dec 18)