Blowfish Encryption Using Setup Factory & .NET

[AlphaMeasure]

Hey All,

I'm trying to encrypt a string in Setup Factory using the Blowfish algorithm and decrypt it in .NET using CryptoSys API for .NET.

Here's a high level overview of what I'm trying to accomplish:

1st) Use the a Crypto action in Setup Factory to encrypt a string that stores some application data in the registry. I am currently attempting to implement Blowfish within Setup Factory. I'm not too concerned with what algorithm I use, whatever is the easiest to implement is fine.

2nd) I need to read this string from within our software application and then decrypt it using C# .NET.

When I run my encryption code in Setup Factory I get: "WcxpiBwj9bgxvjBq7nsQ==".
When I run my encryption code in .NET I get: "j9PpOSolpFBbKGerLANSFA==".

I'm currently using http://www.cryptosys.net/ for the Blowfish encryption. I considered purchasing Chilkat, but I don't want to add an additional 5.5MB to our download.

I would expect them to be the same values, but unfortunately not. In Blowfish, there really isn't too much to configure.

Thanks in advance,
Josh

///////////////////////////////////////////
// SETUP FACTORY CODE
///////////////////////////////////////////
sEncryptedString = Crypto.BlowfishEncryptString("secrettext", "secretkey", 0);
Dialog.Message("Encrypted String", sEncryptedString);

///////////////////////////////////////////
// CALL TO OUR BLOWFISH ENCRYPTION FUNCTION IN .NET
///////////////////////////////////////////
string strEncrypt = Crytography.Encrypt("secrettext", "secretkey");
MessageBox.Show(strEncrypt);

///////////////////////////////////////////
// .NET BLOWFISH ENCRYPT FUNCTION
///////////////////////////////////////////
public static string Encrypt(string toEncrypt, string key)
{
Console.WriteLine("CryptoSys API Version={0}", General.Version());
// ENCRYPTION.
// INPUT: data string, key in hex format
// OUTPUT: ciphertext in hex format
Console.WriteLine("ENCRYPTION:");

string keyHex = Cnv.ToHex(key);
string data = toEncrypt;

// 1. Convert string to hex format
string dataHex = Cnv.ToHex(data);

// 2. Pad it ready for encryption
string plainHex = Blowfish.Pad(dataHex);

Console.WriteLine("SecretKey ='{0}'", key);
Console.WriteLine("Key ={0}", keyHex);
Console.WriteLine("SecretText ='{0}'", data);
Console.WriteLine("Secret Text In Hex ={0}", dataHex);
Console.WriteLine("Padded Secret Text Hex ={0}", plainHex);

// 3. Encrypt it
string cipherHex = Blowfish.Encrypt(plainHex, keyHex, Mode.ECB, null);
Console.WriteLine("Encrypted Text ={0}", cipherHex);
string strBase64 = Convert.ToBase64String(Cnv.FromHex(cipherHex));
Console.WriteLine("Base64 Encrypted Text ={0}", strBase64);

// DECRYPTION.
// INPUT: ciphertext in hex format, key in hex format
// OUTPUT: data string OR "decryption failed" error
Console.WriteLine("DECRYPTION:");
Console.WriteLine("Key Hex ={0}", keyHex);
Console.WriteLine("Encrypted Text ={0}", Cnv.ToHex(Convert.FromBase64String(strBase64)));

// 1. Decrypt ciphertext
plainHex = Blowfish.Decrypt(cipherHex, keyHex, Mode.ECB, null);
Console.WriteLine("Output in hex ={0}", plainHex);

// 2. Unpad it
dataHex = Blowfish.Unpad(plainHex);
Console.WriteLine("After unpadding ={0}", dataHex);

// 3. Check for error (see CryptoSysAPI.chm help)
if (dataHex.Length == plainHex.Length)
{
Console.WriteLine("decyryption error");
return "decyryption error";
}

// 4. Convert from hex back to string, if OK
data = Cnv.StringFromHex(dataHex);
Console.WriteLine("Data ='{0}'", data);
return data;
}


///////////////////////////////////////////
// CONSOLE OUTPUT FROM .NET ENCRYPTION
///////////////////////////////////////////
CryptoSys API Version=430
ENCRYPTION:
SecretKey ='secretkey'
Key =7365637265746B6579
SecretText ='secrettext'
Secret Text In Hex =73656372657474657874
Padded Secret Text Hex =73656372657474657874060606060606
Encrypted Text =8FD3E9392A25A4505B2867AB2C035214
Base64 Encrypted Text =j9PpOSolpFBbKGerLANSFA==
DECRYPTION:
Key Hex =7365637265746B6579
Encrypted Text =8FD3E9392A25A4505B2867AB2C035214
Output in hex =73656372657474657874060606060606
After unpadding =73656372657474657874
Data ='secrettext'

[jassing]

I know this won't help much --but i feel your pain. just becuase it uses blowfish doesn't mean that one version will result in the same output vs. another product. I've seen this over and over and over. ( I had wanted to share encyrpted data between my SUF file and a php page.... I had to write my own...)

Additionally; I'm not sure if IR's "blowfish" uses ecb or not...
Your best bet would be to use an api that is a dll and then use that as a primer file -- then your setup could use it and share the same encryption with your application.

[Ulrich]

Some of the parameters set in the Blowfish algorithm, as used in the provided Lua actions are explained here:
http://www.indigorose.com/forums/thr...lowfish-format
The IR implementation uses ECB, while PHP uses CBC, so they won't work together.

I have updated my Crypto plugin today, adding two new "Rijndael" actions. They use CBC with two tables to set up the initialization vector and the key, and are compatible with the AES implementation in the .NET Framework. A text encrypted and base64-encoded with C#, for example, can now be decrypted with Crypto.RijndaelDecryptString() into cleartext and vice-versa. [ Example ]

Ulrich

[AlphaMeasure]

Hey All,

Thanks to Ulrich and an update he made to his cryptography plugin, I am able to share encryption between Setup Factory and .NET. I spent a couple of days working towards getting this implemented and figured it worthwile to post a solution.

I switched the encryption algorithm to Rijndael to finally get this code operational. You'll need Ulrich's crypto plug to get this functionality running.

////////////////////////////////////////////////////////////////
.NET - I created two functions for handling encryption.
////////////////////////////////////////////////////////////////

public static string Encrypt(string toEncrypt)
{
RijndaelManaged rman = new RijndaelManaged();
rman.Mode = CipherMode.CBC;
rman.Padding = PaddingMode.PKCS7;
rman.KeySize = 256;

// Use a 32-byte key (for 256-bit encryption)
byte[] keyBytes = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31};

// The IV for AES is 16 bytes, because the AES block size is 16.
byte[] ivBytes = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,14, 15 };

ICryptoTransform encryptor = rman.CreateEncryptor(keyBytes, ivBytes);
byte[] plainText = System.Text.Encoding.UTF8.GetBytes(toEncrypt);
byte[] encrypted = encryptor.TransformFinalBlock(plainText, 0, plainText.Length);

return Convert.ToBase64String(encrypted);
}

public static string Decrypt(string toDecrypt)
{
RijndaelManaged rman = new RijndaelManaged();
rman.Mode = CipherMode.CBC;
rman.Padding = PaddingMode.PKCS7;
rman.KeySize = 256;

// Use a 32-byte key (for 256-bit encryption)
byte[] keyBytes = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 };

// The IV for AES is 16 bytes, because the AES block size is 16.
byte[] ivBytes = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,14, 15 };

ICryptoTransform decryptor = rman.CreateDecryptor(keyBytes, ivBytes);
byte[] plainText = Convert.FromBase64String(toDecrypt);
byte[] decrypted = decryptor.TransformFinalBlock(plainText, 0, plainText.Length);

return System.Text.Encoding.UTF8.GetString(decrypted);
}

////////////////////////////////////////////////////////////////
Setup Factory - I created two global functions for handling encryption
////////////////////////////////////////////////////////////////

function Encrypt (strText)
key = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 }
iv = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,14, 15 };
return Crypto.RijndaelEncryptString(strText, key, iv);
end

function Decrypt (strText)
key = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31 }
iv = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13,14, 15 };
return Crypto.RijndaelDecryptString(strText, key, iv);
end

////////////////////////////////////////////////////////////////
Setup Factory - Call the following code from within your scripts
////////////////////////////////////////////////////////////////
strEncrypted = Encrypt("secrettext");
strDecrypted = Encrypt(strEncrypted);

If everything is working, you'll get the same values between Setup Factory and .NET.

That's it. Be sure to include the System.Security.Cryptography namespace. Also be sure to change up the numbers in your key and vector, but keep the same format. Hope it helps.

~Josh