The Code Project - Client/Server Encryption plus extras - C# Programming

All Topics, C#, .NET >> C# Programming >> Security

Client/Server Encryption plus extras

By Domenic
Shows how to implement an RSA encryption algorithm on a server and client environement, even through a web browser!
Search:

C#, ASP.NET, XP, W2K, Win2003, .NET 1.1, Win9X Posted 21 Oct 2003 Updated 19 Jan 2004 Articles by this author 9,477 views

Articles

Go

FAQ

What's New Lounge Contribute Message Boards 8 members have rated this article. Result: Popularity: 3.95. Rating: 4.37 out of 5.

Toolbox
Broken links? VS.NET 2003 from $899 MSDN Univ. from $1950 Print version Bookmark this Send to a friend
q

Download source files for web, exe, and dll - 233 Kb

Introduction
Today, security on our applications is a big issue. Companies have dedicated personnel whose sole job is to critique your code and make sure that the best of the best hackers cant break into your site or application. On a recent project, my Information Security Officer (ISO), days from implementation, sprung on me that a password could be seen being sent across the network using Microsofts Network Monitor (or NetMon, as it is more commonly known). Because my work was not limited to this single application, I needed a way to securely pass plain text values from a client to a server in both EXE applications and web application. Oh, and there wasnt any money to buy an SSL certificate that would have been an easy way out. Two-way encryption for executables has been increasingly easier to do with the Cryptography classes of the .NET framework. However, when I found no easy way to use these cryptography classes on a web client. You may be thinking why not just use the .NET cryptography classes then? Well, believe me, I tried. But when we need to execute code through a web browser on a clients PC, you can understand the challenge. I would have had to come up with some way of guaranteeing that the client PC had the .NET framework installed, and even if they did, how do I execute the code? Because of that simple reason, I had to come up with my own version of the RSA algorithm (with much help from Paul Johnston: http://pajhome.org.uk/crypt/rsa/ index.html). In a nutshell, here is what I came up with a complied .NET DLL (with COM Interop) that can encrypt data on a web client with JavaScript using a public key of a derivative of the known RSA encryption algorithm. In addition, the dll can be used by .NET executable application, COM executable applications and even COM web applications! Now that you know why I had to re-write the RSA algorithm, lets take a look at it...

My Profile
My Settings My Articles My Bookmarks Sign out

Code
To begin, any algorithms I know of that have to do with encryption handle incredibly large numbers, even higher than a 64 bit long integer. To handle these long numbers, I used a version of the BigInteger class (slightly altered to handle a larger radix), found here on CodeProject (http://www.codeproject.com/csharp/biginteger.asp). You can see how that works at the link above but I wanted to give credit where credit is due, plus, now you know what BigInteger is in the code below.

http://www.codeproject.com/csharp/TotalSecurity.asp (1 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

If you check out Paul Johnstons site, youll understand that theres 3 parts to an RSA public/ private key pair. N and E are known as your public Key, E and D are known as your private key. You can encrypt with N and E, but can only decrypt if you have the part D. Below is one of the overloads in the dll to create this key pair:
public Encryption(int bitSize) {if (!((bitSize == 8) | (bitSize == 16) | (bitSize == 32) | (bitSize == 64) | (bitSize == 128) | (bitSize == 256) | (bitSize == 512))) { throw new ArgumentException("Encryption supports only 8, 16, 32, " + "64, 128, 256, 512 bit encryption"); }; // I only want to allow certain bit lengths. Note that the higher the // bit length the longer the computation time BigInteger q; BigInteger p; BigInteger m; p = BigInteger.genPseudoPrime(bitSize,10,new System.Random()); do { q = BigInteger.genPseudoPrime(bitSize,10, new System.Random()); } while(p == q); _key.N = (p*q); m = (p-1)*(q-1); _key.E = new BigInteger("10001", 16); _key.D = _key.E.modInverse(m); }

Now, that I have a key pair, I can encrypt and decrypt virtually anything. For a web application, you can store all 3 parts in the session variable, and use N and E to encrypt, where the server has access to D to do the decryption! So how do we encrypt? Heres where it gets tricky? First Ill show you how to its done mathematically in the dll. Then Ill show you how this can be done on the client.
public BigInteger[] Encrypt(string message ) { if ((_key.E == 0) || (_key.N == 0)) { throw new ApplicationException("Invalid Key");}; int i ; byte[] temp = new byte[1] ; byte[] digits = System.Text.ASCIIEncoding.ASCII.GetBytes(message); BigInteger[] bigdigits = new BigInteger[digits.Length] ; for( i = 0 ; i < bigdigits.Length ; i++ ) { temp[0] = digits[i] ; bigdigits[i] = new BigInteger( temp ) ; } BigInteger[] encrypted = new BigInteger[bigdigits.Length] ; for( i = 0 ; i < bigdigits.Length ; i++ ) encrypted[i] = bigdigits[i].modPow( _key.E,_key.N) ; return( encrypted ) ; }

So how do we do this on the client? Good old JavaScript. You may be thinking: hey, I can view
http://www.codeproject.com/csharp/TotalSecurity.asp (2 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

JavaScript source code in a web browser. How is that secure? Youre right you can see the JavaScript code through a web browser, but all we are going to do on the client is encryption. To encrypt we only need the public key: E and N. The missing part D is hidden from the user at all times. The code behind, or ASP, or any other server code has access to this D variable through the session state to do all the decryption. At this point you may ask: Why use the session state? Why not create a key pair, and use that all the time to make it more efficient? Well, that was my initial thought too until a colleague pointed out that he could easily capture the encrypted values from the form as it is posted back to the server, and use those same values at a later time to post back to the server. That would have worked fine because the hacker could have just made a simple script to POST that encrypted data to the web login page, and it would have been decrypted properly because the private key never changed. By using the session variables, any time a new session starts, that client has its own unique public and private key pair. Now even if you captured the encrypted values, they would be worthless because the private key would be different when a new session is opened. 99% of the code is how JavaScript implements the BigInteger class. This code came from http:// www.leemon.com/. I wont publish that here, because you can get it from the source files. To encrypt though, heres what we do. Weve opened our session to the web site, new keys are made for us. My server code page calls the GetJavaScriptClientCode from the DLL which can be used to write out to the client page. This includes all the BigInteger code and the small piece for encryption:
function Encrypt (str, n, e) { var n=str2bigInt(n,16,0); var x=str2bigInt(str,95,n.length); var y=str2bigInt(e,16,0); powMod(x,y,n,0); x = bigInt2str(x,16); return x; }

We can now add a password box for the password the user enters, and a hidden field that will have the encrypted data:
<INPUT type="submit" value="Login" OnClick="var s = txtPassword.value; password.value=Encrypt(s,'<%=Session("n")%>','<%=Session("e")%>'); var strStar = ''; for (i = 0; i < s.length; i++) {strStar = strStar + '*';} txtPassword.value = strStar"> <input id="password" type="hidden" name="password">

This code calls the JavaScript encrypt function, replaces the value of the original password with a bunch of *s, and assigns another hidden variable the actual encrypted password. I did the * thing to make the encryption invisible to the user. If I replaced the password that they typed with the encrypted values, the lengths would be obviously different. The little function above simply replaces their password in the textbox they typed it in with * characters the same length as the password they entered. Then end result is 2 parameters being posted to the form: password which will be equal to the actual encrypted password, and txtPassword, which is merely a bunch of * characters. The server code will care about the password variable. Decrypting is a little more complex than then encryption, but follows the general RSA algorithm rules. Heres the code for the decrypt function, which resides in the DLL:
public string Decrypt( BigInteger[] encrypted ) { if (_key.D == 0) {throw new ApplicationException("Invalid key");}; int i ;

http://www.codeproject.com/csharp/TotalSecurity.asp (3 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

BigInteger[] decrypted = new BigInteger[encrypted.Length] ; for( i = 0 ; i < decrypted.Length ; i++ ) decrypted[i] = encrypted[i].modPow((_key.D),(_key.N)) ; char[] charArray = new char[decrypted.Length] ; for( i = 0 ; i < charArray.Length ; i++ ) charArray[i] = (char) ( (byte)decrypted[i].IntValue() ) ; return( new string( charArray ) ) ; }

Conclusion
Security can be a difficult task to tackle in many applications. I hope that this article and my code help you in your applications, and whatever requirements they have.

Updates
q q

1/16/04 - Added sample source code for web implementation in source download file 1/16/04 - Added a feature to the forms control to load machine name if no domains are available. 1/16/04 - Fixed an issue with namespace inconsistencies (see thread below).

Extras!
Also included in the DLL code, is a class called Authentication. The methods in this class talk to directory services or LDAP (LDAP wasnt tested), to authenticate a user in a specified domain, as well as get whatever properties for the user. It also allows you to get SIDs of users, and other cool stuff. Also, there is a windows control (see image) that can be used on any .NET exe to implement a universal logon screen for your applications. That control obviously is integrated with the Authentication class. If you want an article on any of these please ask by posting to this article.

Domenic
Click here to view Domenic's online profile.

Other popular C# Programming articles:

q

Reversi in C#
The game of Reversi in C#.

I/O Ports Uncensored Part 2 - Controlling LCDs (Liquid Crystal Displays) and VFDs (Vacuum Fluorescent Displays) with Parallel Port
Controlling LCDs (Liquid Crystal Displays) and VFDs (Vacuum Fluorescent Displays) with Parallel Port

Windows Management Instrumentation (WMI) Implementation

Implementing Windows Management Instrumentation (WMI) in your application.

Minesweeper, Behind the scenes

This article demonstrates directly reading another processes memory in C# using P/Invoke and Win32 Api's.

[Top]

Rate this Article for us!

Poor

Excellent

Vote

http://www.codeproject.com/csharp/TotalSecurity.asp (4 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

Premium Sponsor
FAQ View New thread Subject hai

Noise level

Medium

Search comments Per page

Set Options

Dynamic

25
First Prev Next Last

Msgs 1 to 25 of 48 (Total: 48) (Refresh) Author Anonymous

Date 3:59 21 Jan '04

i have a project on data transfer between winnt and linux platform using sockets. pls help
[Reply][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Domenic 8:20 21 Jan '04

Re: hai

Hello. Not sure what you are really trying to do based on your description, but you can use the .NET Framework Cryptography namespace to encrypt/decrypt your data. If you are using a web client, it shouldn't matter what OS is on the client machine.
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) MacTruck 9:06 19 Jan '04

Sure there was... "Oh, and there wasnt any money to buy an SSL certificate..."

Sure there was. All you had to do was to use the Certificate Authority (CA) signing tools that come with Win32 OpenSSL, generate a CA, generate a certificate signing request, and finally sign a certificate for the web server - and renew it every year (renew the CA once every 10 years). Then, you just have people install the public CA key in their browsers (to make the warning dialog go away). Thus, you don't need a whole ton of JavaScript hoopla and you get the security of an SSL layer on an insecure network. MacTruck, Shining Light Productions "Meeting the Needs of Fellow Programmers"
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Domenic 8:15 20 Jan '04

Re: Sure there was...

As you noted, with an internal CA, you would have to have your clients install the public CA into their trusted root. This wasn't an option based on the technical experience of the audience. Thanks.
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) smithimage 11:01 20 Jan '04

Re: Sure there was...

Maybe you could write an article (a little more detailed) about how one would go about to configure a webserver (iis)/application with (open)ssl?? I would be interested in reading it

[Reply][Email][View Thread][Get Link]

[Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5)

http://www.codeproject.com/csharp/TotalSecurity.asp (5 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

Encryption is not working

Kentr

10:22 31 Dec '03

Domenic, First of all, I really like the idea behind your article. This can be a very complicated subject; especially, with web apps. The only complaint (besides it not working) I have with your article is that your sample code for web apps is very weak. I am experiencing the same problems as smithimage where the code you supplied does not encypt and decrypt correctly from JavaScript. I would be curious to know if anyone else has had any success with getting this to work in a web app. I can use your Encryption object just fine, but I cannot decrypt correctly with the JavaScript. Domenic, I have taken your code samples and have tried to get them to work with my web app. There is something missing, because what you have supplied does not work for a web app. I am guessing that your main audience here is for web developers. If that is the case, why didn't you supply any source code (besides the JavaScript) of how this should be used in a web app. I can only guess that you have your own solution that works with a web app. Next time you write an article, I would highly recommend that you provide a good working example for the audience you are writing for. Thanks, Kent
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Domenic 13:01 31 Dec '03

Re: Encryption is not working

Thanks for your comments Kent. In the next couple of weeks, I will update the article with some working code for a web client. I do have a working version, but it will take a little time to make it appropriate for this article. Thanks.
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Kentr 16:02 31 Dec '03

Re: Encryption is not working

Domenic, Maybe I can help by sending you a very basic example of a login web app that you can supply with your source. Hopefully, you can fill in the missing details. It shouldn't take me more than an hour to throw something together. Like I said in a previous email, I really like your idea and want this to work. Let me know if there is anything I can do to help. More than likely, it is something I am doing wrong. Thanks, Kent
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Tuan, Nguyen Hoang 2:09 16 Dec '03

Help me!!!

http://www.codeproject.com/csharp/TotalSecurity.asp (6 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

Hi, I don't know type data you use in your project BigInteger what? It for .NET? In C++, how I can do RSA with modulou n about 512bits Thanks
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Domenic 8:23 16 Dec '03

Re: Help me!!!

I'm not sure what you are asking for. BigInteger is a class that was designed to handle very large numbers (larger than Int64). This implementation is for .NET. The call to GetJavaScriptClientCode also grabs a class similar to the . net one, but it is in javascript. You can use this in C++, by simply comiling the dll, and referencing it in your C++ project. If you're looking to rewrite it in C++, you're on your own. All I did here is show how it can be done. I'm sure you can write it in C++, but I'm skilled more in C#. dom
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) smithimage 20:11 10 Dec '03

How to decrypt??

Hi Domenic! Sorry if this question allready is answered in the article but Ive read it somewhat 30times and cant find out howto decrypt after I have encrypted on the webbpage with the javascript included in the assembly (and therefore your function getJava...()). The problem lies in that a hidden text control in .NET returns the value to the serverbehind code as a string and your decrypt function takes a BigIntger[] as a argument... How do one solve this?? BTW thanks for your fast answer on the TOA <> DJD assembly issue.... smithimage
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Domenic 8:54 11 Dec '03

Re: How to decrypt??

No problem, You can't decrypt with Javascript. That's the whole point. If you did your decryption on the client, it wouldn't be very secure, because you would have to have the private key visible in the source code. The proper way to do it, is to create session variables that store the public and private key. The public key gets sent to the javascript code to do the encryption on the client, whereas the private key remains on the server, out of sight from the end user. When you click that .net control, it sends the encrypted value to the server. There, you do the decryption, simply by passing the value to the decrypt function of the dll. As far as converting the string you get from the javascript to a bigInteger[], try the code below. c is the value passed to the codebehind. bi_d and bi_n are your private key. bi_encrypted is the actual conversion from string to a bigInteger, and finally bi_decrypted is the decrypted bigInteger array. Convert bi_decrypted to a string, and there's your original string. Note '95' is the radix used for the characters on your US keyboard. Dim c As String = Request.Form("password") Dim bi_d As BigInteger = New BigInteger(Convert.ToString(Session("d")), 16) Dim bi_n As BigInteger = New BigInteger(Convert.ToString(Session("n")), 16) Dim bi_encrypted As BigInteger = New BigInteger(c, 16) Dim bi_decrypted As BigInteger = bi_encrypted.modPow(bi_d, bi_n) Dim strDecPassword As String = bi_decrypted.ToString(95)

http://www.codeproject.com/csharp/TotalSecurity.asp (7 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

Oh, and by the way I did the modPow thing because I didn't want to instantiate a new encryption object. It would have performance issues because when you create a new instance, it generates a new set of keys automatically. You could change that of course. The modPow does the exact same thing as the Decrypt function in the dll Good luck.
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) smithimage 10:41 13 Dec '03

Re: How to decrypt??

Hi and once again thank you for the fast reply, Domenic! This time however I did not sort it out with your solution. I want to start saying that I understand that decryption should not take place on the client since as you remarked "it wouldnt be very secure". However I added your supplied code in the previous post to mine but I still cant get it to work. To clearify what I want to do with your code I will explain below: I am trying to create a "System.Web.UI.WebControl" wich should automaticly give you a textbox that posts a crypted value to the server. On the server you should be able (just as with a ordinary "WebControl.TextBox") to reach the decrypted value using "cryptedTextBox.Text". To do this I have done the following: C#Code//////////////////////////////////////////////////////////////////////////////////////////// public class encryptedTextBox:WebControl { /* * this is the encryptedTextBox head wich gives * all encryptedTextBoxes a TextBox and a HtmlInputHidden */ private int encryptionBitSize; protected TextBox visibleText; protected HtmlInputHidden hiddenText; public keyParams keys; /*The constructor wich initiates the * TextBox,HtmlInputHidden and sets the * encryptionBitSize */ public encryptedTextBox(int bitSize) { encryptionBitSize = bitSize; visibleText = new TextBox(); hiddenText = new HtmlInputHidden(); } /* * Its here I create the Encryption object and * set the Session variables beacuse I cant reach the Page object * before the OnInit event and I dont whant to create a new Encryption object * each time a postback event happens.. */ protected override void OnInit(EventArgs e) { /*Here i check if the page is postback or not * since I only whant to set the Session variables the first * time the page is requested. * I also supply the whole Encryption object to the * Page Session, this because I allways whant to be able to * use your getJavaScritp..() funtion to add the script to the page. * Probebly I could satisfy with only add the Encyption object to * the Session, since I with that allways can fetch the keys. * But since I whanted to use your code more or less intact * I also added the keys separetly */ if(!this.Page.IsPostBack)

http://www.codeproject.com/csharp/TotalSecurity.asp (8 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

{ Encryption encryptor = new Encryption(encryptionBitSize); this.Page.Session.Add("encryptor",encryptor); keyParams keys = encryptor.ExportParamaters(true); this.Page.Session.Add("n",keys.N); this.Page.Session.Add("e",keys.E); this.Page.Session.Add("d",keys.D); } /*here a fetch back the Session variables * since if this is a postback * that is the only way to reach the keys */ Encryption sessionEncryptor = (Encryption) this.Page.Session["encryptor"]; BigInteger keyN = (BigInteger) this.Page.Session["n"]; BigInteger keyE = (BigInteger) this.Page.Session["e"]; //On the next line I add the javascript to the page this.Page.Controls.AddAt(1,new LiteralControl(sessionEncryptor.GetJavaScriptClientCode())); this.Controls.Add(visibleText); this.Controls.Add(hiddenText); /*On the next line I add the javascript funtion call to * the visible TextBox, I have changed the event to * "onblur" since I feel this would not impose * the use of a button in this WebControl */ visibleText.Attributes.Add("onblur","var s = " + this.visibleText.UniqueID + ".value; " + this.hiddenText. UniqueID + ".value = Encrypt(s,'" + keyN + "','" + keyE + "'); var strStar = ''; for (i = 0; i < s.length; i++) {strStar = strStar + '*';}" + this.visibleText.UniqueID + ".value = strStar"); base.OnInit (e); } /* Its here it get Tricky... * The function works but does not decrypt proper * I have more or less copied the code you posted */ public string Text { get { string c = hiddenText.Value; BigInteger bigD = new BigInteger(Convert.ToString(this.Page.Session["d"]),16); BigInteger bigN = new BigInteger(Convert.ToString(this.Page.Session["n"]),16); BigInteger bigEncrypted = new BigInteger(c, 16); BigInteger bigDecrypted = bigEncrypted.modPow(bigD,bigN); string decryptedString = bigDecrypted.ToString(95); return decryptedString; } } } endC#Code///////////////////////////////////////////////////////////////////////////////////////// The control is not nearly completed there is much work with exeption handeling and soforth to make it work generelly as a webcontrol, but since I have got stuck on the decryption issue I dont know how to go on.... If you cant make anything out of my code/explanation dont go sleep less over it, my world wont crumble. However if you immediately sense what I have done wrong I would be most greatful for any help..

http://www.codeproject.com/csharp/TotalSecurity.asp (9 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

Thanks again! Smithimage

[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Domenic 8:32 15 Dec '03

Re: How to decrypt??

Hello. I didn't want to have to recreate your control to debug what's happening, so let me ask you this: Is it possible that your onblur event is being called multiple times. Put an alert in there somwhere so you know how often it's being called. Otherwise, everything else looks pretty good. I would not recommend putting the entire object in the session variable. That is a tremendous amount of overhead on the server if you are making an enterpirise application. All you need is the keys, because you can recreate the object from the keys. the GetJavaScripClientCode function is not dynamic. No matter what the keys are, it will always return the same thing. If the onblur isn't it, let me know and I'll look further into it. Nice idea to put it all into a control by the way.
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) smithimage 20:30 17 Dec '03

Re: How to decrypt??

Hi again Domenic.. I have gone over the recomendations you gave me and altered in such a way that it wont put the whole Encryption object in the Session. Allthought the onblur event issue I havent sorted out just yet(I see the problem of the issue if the user dont know about this limitation, and in most cases he/she wont), however during my tests I have made sure that the onblur event only happens once and that it is not the reason to the faulty decryption (or rather multiple encryption). This I have done trough only using the part of the javafunction call that swaps the string for a equal long string of '*' and then printing the hidden value. Wich if the event only happens once should be the string the user applied if it happens twice or more it will be a string of '*'. I have noticed that the second key 'E' allways get the same and rather short value of '65537' (maybe this is not faulty but it seems strange to me, not being to good with algorithms and soforth). You mentioned that you might look furter into it, if you want I could email you the source code(last time i posted it in the forum it allmost took up half the page, so i wont this time..) Im not sure but is there a refernce to your email address in the automatic mail that the codeproject generates on a Post-reply? If so i will use that one. Thank you once again! smithimage
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Domenic 12:52 19 Dec '03

Re: How to decrypt??

Hello SmithImage. Yes, send me the code at the e-mail address I have on file. I'll take a look. As for the E exponent, take a look at the thread directly below this one. Thanks!
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Kentr 16:09 14 Jan '04

Re: How to decrypt??

http://www.codeproject.com/csharp/TotalSecurity.asp (10 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

Domenic, Just wondering if you had a chance to review the sample code I sent you to determine what I was doing wrong? Thanks, Kent
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Domenic 16:29 14 Jan '04

Re: How to decrypt??

Hello Kent. As a matter of fact, I looked at it today. You were missing a lot of the encryption stuff. I'll make every effort to edit this article and post the sample code up tomorrow. Again, thanks for your comments.
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Kentr 19:43 14 Jan '04

Re: How to decrypt??

That is great news. Looking forward to reviewing your latest changes tomorrow. Thanks, Kent
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Anonymous 8:14 19 Jan '04

con: How to decrypt?9999

cyxcxycc
[Reply][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) smithimage 18:24 20 Jan '04

Re: How to decrypt??

Hi again Domenic.. Thanks for the addition to the article, it solved my problem at once. The fault I had done was that I forgot/not understod to convert the bigintegers to a string(with radix 16) before I added them to the session. I had however done the converting on decryption. I guess the radix didnt match when I just did the following "Session.Add("n",keys.N)". The right thing to do would be "Session.Add("n",keys.N.ToString(16))" Now the only thing left to do is to figure out the key "E" issue Once again thank you for a very good article and thank you for all help..
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Domenic 8:22 21 Jan '04

Re: How to decrypt??

Yes, the E issue. That will most likely be in a future update, however, I don't have much time to look into it right now. If you find a solution, please let me know and I'll post it up here. Thanks, Dom
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Kentr 9:14 31 Dec '03

Re: How to decrypt??

http://www.codeproject.com/csharp/TotalSecurity.asp (11 of 12)21/01/2004 22.52.07

The Code Project - Client/Server Encryption plus extras - C# Programming

Smithimage, Did you ever get your code to work? I think I am having similar problems; where, the encryption is not working. Appreciate any help, Kent
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) smithimage 9:24 31 Dec '03

Re: How to decrypt??

Hi Kentr... No I am sorry I have not got my code to work yet.. I havent had the time to answer Domenic yet and sending him my code, due to the hollidays... I will as soon as the hollidays are over and I have had the time to comment it so someone execept me can understand it Happy new year!
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) Kentr 10:48 3 Jan '04

Re: How to decrypt??

I have already sent Domenic a sample web page for him to look at, so I wouldn't worry about putting something together to send him. I sent him a very simple example that will hopefully help him see where the problem might be.
[Reply][Email][View Thread][Get Link] [Modify|Delete] Rate this message: 1 2 3 4 5 (out of 5) First Prev Next Last

Last Visit: 13:07 Thursday 20th November, 2003

All Topics, C#, .NET >> C# Programming >> Security Updated: 19 Jan 2004 Editor: Nishant S

Article content copyright Domenic, 2003 everything else Copyright CodeProject, 1999-2004. Advertise on The Code Project | Privacy

MSDN Communities | ASPAlliance Developer Fusion DevelopersDex DevGuru Programmers Heaven SitePoint Tek-Tips Forums TopXML VisualBuilder ZVON Search Us!

http://www.codeproject.com/csharp/TotalSecurity.asp (12 of 12)21/01/2004 22.52.07