I'm currently working on a port of an application from iPhone onto WP7 and the local content has to be decrypted on the device. The content was original encrypted for a different platform and the cipher & padding used are not supported in the Silverlight version for WP7. The content was encrypted using the AES symmetric algorithm with an ECB cipher and PCKS5 padding. As stated this combination is not supported by the AESManaged class available in the System.Security.Cryptography namespace. The documentation states only the following is supported:
'The cipher mode is always CBC, and the padding mode is always PKCS7'
I'm not sure why this is, but I'm aware that ECB is no longer viewed a secure cipher - the choice to use this was out of our hands. The next stage was to find OSS library for WP7. After several recommendations we decided to use Bouncy Castle. BC (Bouncy Castle) is a well established cryptography library from the Java world with a port to C#. The don't offer a WP7 specific build so I decided to re-compile for WP7 & WP7.1 - both of these are available for download at the bottom of the post. I used the 1.7 source code with IDEA support, available here.
The only issue to arise was during testing the compiled assembly, the Enum class inside BC didn't like some of the reflection code, specifically throwing exception when attempting to get value from an instance of the FieldInfo class, see below:
I had to add the following conditional compile statements to get the enum parsing to work as expected. After that everything was groovy:
I probably could have refactored the method completely but I didn't, I'm not overly familiar with the code base. This means if you download and use the binaries below you might well find other issues with the BC code base running on WP7. Make sure you write enough tests to cover all your edge cases!
Shown below is the code I used to decrypt the test data. The BC specific code is highlighted in bold, as you can see setting up the AES cipher is easy and the whole process of decrypting data is handled in 5 lines of code. The 'false' parameter passed to the Init() method defines the cipher as a decrypting cipher, using 'true' would mean it would encrypt.
That pretty much covers where I got to when using Bouncy Castle, I hope this helps someone in the future.
'The cipher mode is always CBC, and the padding mode is always PKCS7'
I'm not sure why this is, but I'm aware that ECB is no longer viewed a secure cipher - the choice to use this was out of our hands. The next stage was to find OSS library for WP7. After several recommendations we decided to use Bouncy Castle. BC (Bouncy Castle) is a well established cryptography library from the Java world with a port to C#. The don't offer a WP7 specific build so I decided to re-compile for WP7 & WP7.1 - both of these are available for download at the bottom of the post. I used the 1.7 source code with IDEA support, available here.
The only issue to arise was during testing the compiled assembly, the Enum class inside BC didn't like some of the reflection code, specifically throwing exception when attempting to get value from an instance of the FieldInfo class, see below:
I had to add the following conditional compile statements to get the enum parsing to work as expected. After that everything was groovy:
I probably could have refactored the method completely but I didn't, I'm not overly familiar with the code base. This means if you download and use the binaries below you might well find other issues with the BC code base running on WP7. Make sure you write enough tests to cover all your edge cases!
Shown below is the code I used to decrypt the test data. The BC specific code is highlighted in bold, as you can see setting up the AES cipher is easy and the whole process of decrypting data is handled in 5 lines of code. The 'false' parameter passed to the Init() method defines the cipher as a decrypting cipher, using 'true' would mean it would encrypt.
private void button1_Click(object sender, RoutedEventArgs e)
{
// Get the encrypted data from the WP7 installation directory
var stream = Application.GetResourceStream(new Uri("test.data", UriKind.Relative)).Stream;
var encryptedData = new byte[stream.Length];
stream.Read(encryptedData, 0, encryptedData.Length);
// encryption key...
var key = Encoding.UTF8.GetBytes("12345678qwertyui");
// AES algorthim with ECB cipher & PKCS5 padding...
var cipher = CipherUtilities.GetCipher("AES/ECB/PKCS5Padding");
// Initialise the cipher...
cipher.Init(false, new KeyParameter(key));
// Decrypt the data and write the 'final' byte stream...
var bytes = cipher.ProcessBytes(encryptedData);
var final = cipher.DoFinal();
// Write the decrypt bytes & final to memory...
var decryptedStream = new MemoryStream(bytes.Length);
decryptedStream.Write(bytes, 0, bytes.Length);
decryptedStream.Write(final, 0, final.Length);
decryptedStream.Flush();
var decryptedData = new byte[decryptedStream.Length];
decryptedStream.Read(decryptedData, 0, (int)decryptedStream.Length);
// Convert the decrypted data to a string value...
var result = Encoding.UTF8.GetString(decryptedData, 0, decryptedData.Length);
Debug.WriteLine(result);
}
That pretty much covers where I got to when using Bouncy Castle, I hope this helps someone in the future.
0 comments:
Post a Comment