.Net TrippleDES Encryption

Although TrippleDES is no longer considered to be a very secure encryption method you may find there are still uses for it. In my case I ended up needing to encrypt some sensitive query string parameters which were being passed between an application I worked on and a 3rd party. The encryption needed to be easily implemented, use a common key to encrypt and decrypt the data as well as require very little alterations by the 3rd party code. In order to meet all of these demands the application Architect (one awesome mentor) decided we would use the TrippleDESCryptoServiceProvider built into the .Net Cryptography library.

In order to use the provider you first need to add a reference to System.Security.Cryptography (using System.Security.Cryptography).

Now because cryptographic algorithms encrypt data block by block and because contiguous blocks may contain identical data it is always wise to use what is called an ‘Initialization Vector’. This provides TrippleDES with a beginning block of data which it uses to encrypt the first block of actual data. This starts a chain reaction as the algorithm then uses the previous blocks data to process and encrypt each subsequent block. Why is this important you ask? Well had we not used the previous blocks data to encrypt each following block, then all blocks with identical data would have been encrypted using the private key to the exact same result, i.e. they would be identical. With identical blocks throughout the encryption it is much easier for someone to figure out the patterns and begin to identify individual characters and decode what was meant to be secret.

An example would be a text document which is made up of English letters. If every ‘e’ was encrypted to the same result and we were aware that in the English language the letter ‘e’ is the most commonly used letter we could then scan the encrypted results for a pattern which happens the most and conclude they are all the letter ‘e’. Following the same pattern we could run down the alphabet by priority of common use and eventually decode the entire document, of course inserting characters as need like in ‘Wheel of Fortune’. The Initializer Vector allows us to reduce the patterns that begin to show up within the encrypted results thus reducing the ease of decryption by those without the private key (This was of course a simplistic example).

Here are examle Encryption/Decryption methods you can use to accomplish TrippleDES encryption:

using System;

using System.Text;

using System.Security.Cryptography;

public static class StringExtensions

{

    public static string EncryptString3Des(this string value, string key, byte[] iVector)

    {

        //(Example) Initialization Vector: byte[] IVector = new byte[8] { 27, 9, 45, 27, 0, 72, 171, 54 };

        byte[] buffer = Encoding.ASCII.GetBytes(value);

        TripleDESCryptoServiceProvider tripleDes = new TripleDESCryptoServiceProvider();

        MD5CryptoServiceProvider MD5 = new MD5CryptoServiceProvider();

        tripleDes.Key = MD5.ComputeHash(Encoding.ASCII.GetBytes(key));

        tripleDes.IV = iVector;

        ICryptoTransform ITransform = tripleDes.CreateEncryptor();

        return Convert.ToBase64String(ITransform.TransformFinalBlock(buffer, 0, buffer.Length));

    }

    public static string DecryptString3Des(this string value, string key, byte[] iVector)

    {

        //(Example) Initialization Vector: byte[] IVector = new byte[8] { 27, 9, 45, 27, 0, 72, 171, 54 };

        byte[] buffer = Convert.FromBase64String(value);

        TripleDESCryptoServiceProvider tripleDes = new TripleDESCryptoServiceProvider();

        MD5CryptoServiceProvider MD5 = new MD5CryptoServiceProvider();

        tripleDes.Key = MD5.ComputeHash(Encoding.ASCII.GetBytes(key));

        tripleDes.IV = iVector;

        ICryptoTransform ITransform = tripleDes.CreateDecryptor();

        return Encoding.ASCII.GetString(ITransform.TransformFinalBlock(buffer, 0, buffer.Length));

    }

}

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s