I found those piece of code in my old project. I forget where to get it. Just post here in case I lost it.


using
System; using System.Data; using System.Configuration; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; using System.Security.Cryptography; using System.Text; /// <summary> /// Summary description for Cryptography /// </summary> public static class Cryptography { /// <summary> /// Encrypt a string using dual encryption method. Return a encrypted cipher Text /// </summary> /// <param name="toEncrypt">string to be encrypted</param> /// <param name="useHashing">use hashing? send to for extra secirity</param> /// <returns></returns> public static string Encrypt(string toEncrypt, bool useHashing) { byte[] keyArray; byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt); System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader(); // Get the key from config file string key = (string)settingsReader.GetValue("SecurityKey", typeof(String)); //System.Windows.Forms.MessageBox.Show(key); if (useHashing) { MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider(); keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key)); hashmd5.Clear(); } else keyArray = UTF8Encoding.UTF8.GetBytes(key); TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider(); tdes.Key = keyArray; tdes.Mode = CipherMode.ECB; tdes.Padding = PaddingMode.PKCS7; ICryptoTransform cTransform = tdes.CreateEncryptor(); byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length); tdes.Clear(); return Convert.ToBase64String(resultArray, 0, resultArray.Length); } /// <summary> /// DeCrypt a string using dual encryption method. Return a DeCrypted clear string /// </summary> /// <param name="cipherString">encrypted string</param> /// <param name="useHashing">Did you use hashing to encrypt this data? pass true is yes</param> /// <returns></returns> public static string Decrypt(string cipherString, bool useHashing) { byte[] keyArray; byte[] toEncryptArray = Convert.FromBase64String(cipherString); System.Configuration.AppSettingsReader settingsReader = new AppSettingsReader(); //Get your key from config file to open the lock! string key; try { key = (string)settingsReader.GetValue("SecurityKey", typeof(String)); }catch { key = "broadview networks"; } if (useHashing) { MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider(); keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key)); hashmd5.Clear(); } else keyArray = UTF8Encoding.UTF8.GetBytes(key); TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider(); tdes.Key = keyArray; tdes.Mode = CipherMode.ECB; tdes.Padding = PaddingMode.PKCS7; ICryptoTransform cTransform = tdes.CreateDecryptor(); byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length); tdes.Clear(); return UTF8Encoding.UTF8.GetString(resultArray); } }


 
Categories: C#

I have a application need authentication to access another application's API, but the API's password  stored in the database was encrypted by 3DES algorithm in Java code. I can access the Key for decrypt the password.
So I had tried some different to get the clear password,
1. Ask for Plain text password
   I got it, for security reason, It can not be used in production.
2. Ask Java team to build a Java WebService  offer the decode service.
   It looks good plan, but need wait for other team's work, I already wait for 1 month.
3. Try to decrypt the password from .net side. 
   I tried, and just proved it not works. So I come here write down what I found.

The reason is simple: the byte array in java and byte in C# are different.
In Java, the byte  is 8 bit signature, value is from -127 to 128.
but in C# the byte is 8 bit non-signature, the correspond Java byte  in C# is sbyte.
I hard code the Key byte array to force all value of key's byte between 0-128 so c# and Java can have same Key.
But unlucky, the same short string "Hello Wei", in Java, the byte array length is 8. but in C# it is 16.

That obviously tell me it is impossible to share key between java and .net application to do de/encryption.

Here are some of my Java  and C# code I wrote in this research.
Java code have BlowFish and 3sdes.

BlowFishAPI.zip (4.16 KB) 
TripleDesFixture.cs (11.38 KB)

Some reference links;
blowfish in .net: http://www.hotpixel.net/software.html
TripleDes Encryption:  click here


 
Categories: Asp.net | Java

September 8, 2009
@ 11:39 PM
Check this link:
http://jigsaw.w3.org/css-validator/validator?uri=http://www.liuxue123.com

It can help to find many of you css errors.

but not all errors report by it need be fix.
upper link got two errors:
171 #mainmenu li Property zoom doesn't exist : 1
183 #mainmenu a Value Error : background-color steelblue is not a color value : steelblue

"Zoom" is working for IE and it can fixed the missing border in IE6.
"steelblue" is a well used web color. it works fine in IE and fireworks.


There is also a xhtml validator offered by W3 site,
add the links to your web site, so you can validator your page by one click:

<a href="http://jigsaw.w3.org/css-validator/check/referer">CSS</a>
<a href="http://validator.w3.org/check/referer">XHTML</a>


 
Categories: WebDesign