> From: Jaco De Villiers [mailto:jac...@infoslips.com] > > You have put me on the right track, but I cannot find a way to change the key > size or block size in the BouncyCastle Portable class library > implementation. My Rijndael implementation has a KeySize of 256 and a > BlockSize of 128.
No matter what, Rijndael/AES always have a blocksize of 16. That's the nature of Rijndael. The supported key sizes are 128, 192, and 256. https://en.wikipedia.org/wiki/Advanced_Encryption_Standard > public class BouncyCastleEngine : CryptoBase, ICrypto > { > private Encoding _encoding; > private IBlockCipher _blockCipher; > private PaddedBufferedBlockCipher _cipher; > private IBlockCipherPadding _padding; > > public BouncyCastleEngine() > { > > _blockCipher = new AesEngine(); > _encoding = Encoding.UTF8; > _padding = new ZeroBytePadding(); > } > > public string Encrypt(string plain, string key) > { > if (plain == null) > throw new ArgumentNullException(nameof(plain)); > if (key == null) > throw new ArgumentNullException(nameof(key)); > > var plainBytes = _encoding.GetBytes(plain); > var keyBytes = _encoding.GetBytes(key); Normally, you don't convert random bytes to a string via encoding, because you can have invalid characters that way. (For example, if your last byte is >127, then I'm pretty sure the last byte is not a valid character encoded in any of the ASCII or UTF character sets, but I know for a fact it's not valid ASCII or UTF8, so your string will simply exclude that byte). It's better to use: public string Encrypt(string plain, string keyBase64) { var keyBytes = Convert.FromBase64String(keyBase64); > return ToHexString(result); You're returning the result as a hex string. Nothing wrong with that, if that's the format you expect your output, but Base64 is more compact. 6 bits per character instead of 4 bits per character. Also by the looks of it, I'm guessing you wrote your own ToHexString method. Perhaps you should consider one of these alternatives: return BitConverter.ToString(result); return BitConverter.ToString(result).Replace("-",""); return BitConverter.ToString(result).Replace("-","").ToUpper(); > public string Decrypt(string hexString, string key)[Jaco De Villiers] > {…} > private byte[] _bouncyCastleCrypto(bool forEncrypt, byte[] input, byte[] > keyByte) > { > _cipher = _padding == null ? new > PaddedBufferedBlockCipher(_blockCipher) : new > PaddedBufferedBlockCipher(_blockCipher, _padding); > _cipher.Init(forEncrypt, new KeyParameter(keyByte)); > return _cipher.DoFinal(input); > } > } Encrypt() works as designed, but probably shouldn't be designed the way it is - It takes the input string, converts to bytes, pads the length to a multiple of Rijndael blocksize, and then encrypts in ECB mode. Normally ECB mode shouldn't be used; there are only rare circumstances when that's ok. For example, set your input to something like >=32 repeated characters. You'll see the ciphertext bytes 0-15 are identical to bytes 16-31, which is a major security leak, informing an attacker that you (a) have screwed up your crypto, using ECB when you shouldn't, and (b) have repeated data in block 0 and block 1. During decryption, because of the zero padding, the PaddedBufferedBlockCipher doesn't know where your data ends, so you have to manually remove the extraneous zeros from the end, if any. And that should explain the extra block you asked about.
