Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Encryption Key Chars #62

Open
co-dax opened this issue May 19, 2023 · 1 comment
Open

Encryption Key Chars #62

co-dax opened this issue May 19, 2023 · 1 comment

Comments

@co-dax
Copy link

co-dax commented May 19, 2023
edited

Is it safe to use the whole range of UTF-8 characters that are part of the byte in UTF-8 encoding?
I am referring to code points from U+0000 to U+007F at the following page https://en.wikipedia.org/wiki/UTF-8#Encoding and the characters related to that range (from U+0000 to U+007F) are at the following page https://www.utf8-chartable.de/.
I am asking this since I noticed not all the characters are used when generating keys with EncryptProvider.CreateAesKey(). The range being used in the source code is:
char[] arrChar = new char[]{ 'a','b','d','c','e','f','g','h','i','j','k','l','m','n','p','r','q','s','t','u','v','w','z','y','x', '0','1','2','3','4','5','6','7','8','9', 'A','B','C','D','E','F','G','H','I','J','K','L','M','N','Q','P','R','T','S','V','U','W','X','Y','Z' };

I tried using some UTF-8 codes outside of the range from code above but still in the range from U+0000 to U+007F and it worked fine.

Is it safe to use that kind of chars for encryption key?

From the following excerpt from the source code I can see that you are using Encoding.UTF8.GetBytes(...) to decode UTF chars to byte array so I guess it should be safe to use any of UTF-8 chars from the range U+0000 to U+007F for encryption key:

`public static byte[] AESDecrypt(byte[] data, string key, string vector)
{
Check.Argument.IsNotEmpty(data, nameof(data));

        Check.Argument.IsNotEmpty(key, nameof(key));
        Check.Argument.IsEqualLength(key.Length, 32, nameof(key));

        Check.Argument.IsNotEmpty(vector, nameof(vector));
        Check.Argument.IsEqualLength(vector.Length, 16, nameof(vector));

        byte[] encryptedBytes = data;
        byte[] bKey = new byte[32];
        Array.Copy(Encoding.UTF8.GetBytes(key.PadRight(bKey.Length)), bKey, bKey.Length);
        byte[] bVector = new byte[16];
        Array.Copy(Encoding.UTF8.GetBytes(vector.PadRight(bVector.Length)), bVector, bVector.Length);

        byte[] decryptedData = null; // decrypted data

        using (Aes Aes = Aes.Create())
        {
            try
            {
                using (MemoryStream memory = new MemoryStream(encryptedBytes))
                {
                    using (CryptoStream decryptor = new CryptoStream(memory, Aes.CreateDecryptor(bKey, bVector), CryptoStreamMode.Read))
                    {
                        using (MemoryStream tempMemory = new MemoryStream())
                        {
                            byte[] Buffer = new byte[1024];
                            Int32 readBytes = 0;
                            while ((readBytes = decryptor.Read(Buffer, 0, Buffer.Length)) > 0)
                            {
                                tempMemory.Write(Buffer, 0, readBytes);
                            }

                            decryptedData = tempMemory.ToArray();
                        }
                    }
                }
            }
            catch
            {
                decryptedData = null;
            }

            return decryptedData;
        }
    }`

Thanks!
@myloveCc
Copy link
Owner

myloveCc commented Jun 7, 2023

EncryptProvider.CreateAesKey() method only provides a convenient way to create a key, as long as the key meets the requirements, it can be used as a key.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@co-dax @myloveCc