as3crypto encryption does not match C#/.NET

Question

Presently, I have this algorithm in C#/.NET:

 private static byte[] key = { }; private static readonly byte[] IV = { 20, 52, 88, 120, 76, 89, 205, 239 }; private static readonly string sEncryptionKey = "abcdefgh"; public static string Encrypt(string stringToEncrypt) { try { Debug.WriteLine("stringToEncrypt: " + stringToEncrypt); key = System.Text.Encoding.UTF8.GetBytes(sEncryptionKey.Substring(0, 8)); Debug.WriteLine("key: " + Convert.ToBase64String(key)); DESCryptoServiceProvider des = new DESCryptoServiceProvider(); //var des = new AesCryptoServiceProvider(); des.Padding = PaddingMode.Zeros; byte[] inputByteArray = Encoding.UTF8.GetBytes(stringToEncrypt); Debug.WriteLine("inputByteArray: " + Convert.ToBase64String(inputByteArray)); MemoryStream ms = new MemoryStream(); CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write); Debug.WriteLine("IV: " + Convert.ToBase64String(IV)); cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); Debug.WriteLine("Convert.ToBase64String(ms.ToArray()): " + Convert.ToBase64String(ms.ToArray())); return Convert.ToBase64String(ms.ToArray()); } catch (Exception e) { return e.Message; } }

The problem is, I am trying to get the results of this algorithm to match the results of my ActionScript using as3crypto DES:

 protected function encrypt(input:String):String { var logData:Object = new Object(); var decrKey:String = new String("abcdefgh"); // byte[] IV = { 20, 52, 88, 120, 76, 89, 205, 239 }; var iv:ByteArray = new ByteArray(); iv.writeByte(20); iv.writeByte(52); iv.writeByte(88); iv.writeByte(120); iv.writeByte(76); iv.writeByte(89); iv.writeByte(205); iv.writeByte(239); iv.position = 0; trace("iv: " + iv); //var decrIV:String = iv.readUTF(); var decrIV:String = new String(); while (iv.bytesAvailable > 0) { //read to letter or end of bytes decrIV += iv.readUTFBytes(1); } var inputBA:ByteArray=Hex.toArray(Hex.fromString(input)); var key:ByteArray = Hex.toArray(Hex.fromString(decrKey)); var pad:IPad = new NullPad(); var aes:ICipher = Crypto.getCipher("des-cbc", key, pad); pad.setBlockSize(aes.getBlockSize()); var ivmode:IVMode = des as IVMode; ivmode.IV = Hex.toArray(Hex.fromString(decrIV)); des.encrypt(inputBA); return Base64.encodeByteArray( inputBA); }

Does anyone have any suggestions as to why they are different? What am I missing? TIA.

UPDATE:

This is the ActionScript code I am now using, but as my comment indicates it is still different than the C# result:

 protected function encrypt(input:String):String { var logData:Object = new Object(); var decrKey:String = new String("tuber$20"); // byte[] IV = { 20, 52, 88, 120, 76, 89, 205, 239 }; var iv:ByteArray = new ByteArray(); iv.writeByte(20); iv.writeByte(52); iv.writeByte(88); iv.writeByte(120); iv.writeByte(76); iv.writeByte(89); iv.writeByte(205); iv.writeByte(239); iv.position = 0; trace("iv: " + iv); //var decrIV:String = iv.readUTF(); var decrIV:String = new String(); while (iv.bytesAvailable > 0) { //read to letter or end of bytes decrIV += iv.readUTFBytes(1); } //var inputBA:ByteArray = Hex.toArray(Hex.fromString(input)); var inputBA:ByteArray = new ByteArray(); inputBA.writeUTFBytes(input); //var key:ByteArray = Hex.toArray(Hex.fromString(decrKey)); var key:ByteArray = new ByteArray(); inputBA.writeUTFBytes(decrKey); var pad:IPad = new NullPad(); var aes:ICipher = Crypto.getCipher("des-cbc", key, pad); pad.setBlockSize(aes.getBlockSize()); var ivmode:IVMode = aes as IVMode; //ivmode.IV = Hex.toArray(Hex.fromString(decrIV)); ivmode.IV = new ByteArray(); inputBA.writeUTFBytes(decrIV); aes.encrypt(inputBA); return Base64.encodeByteArray( inputBA); }

UPDATE 2:

Thank you, @Miguel Sanchez. If I break each down and compare their output, they are identical except for the very last encryption:

 protected function encrypt(input:String):String { trace("stringToEncrypt: " + input); var logData:Object = new Object(); var decrKey:String = new String("tuber$20"); // byte[] IV = { 20, 52, 88, 120, 76, 89, 205, 239 }; var iv:ByteArray = new ByteArray(); iv.writeByte(20); iv.writeByte(52); iv.writeByte(88); iv.writeByte(120); iv.writeByte(76); iv.writeByte(89); iv.writeByte(205); iv.writeByte(239); iv.position = 0; trace("iv: " + Base64.encodeByteArray(iv)); //var decrIV:String = iv.readUTF(); var decrIV:String = new String(); while (iv.bytesAvailable > 0) { //read to letter or end of bytes decrIV += iv.readUTFBytes(1); } trace("decrIV: " + decrIV); //var inputBA:ByteArray = Hex.toArray(Hex.fromString(input)); var inputBA:ByteArray = new ByteArray(); inputBA.writeUTFBytes(input); trace("inputBA: " + Base64.encodeByteArray(inputBA)); //var key:ByteArray = Hex.toArray(Hex.fromString(decrKey)); var key:ByteArray = new ByteArray(); key.writeUTFBytes(decrKey); trace("key: " + Base64.encodeByteArray(key)); var pad:IPad = new NullPad(); var aes:ICipher = Crypto.getCipher("des-cbc", key, pad); pad.setBlockSize(aes.getBlockSize()); var ivmode:IVMode = aes as IVMode; //ivmode.IV = Hex.toArray(Hex.fromString(decrIV)); ivmode.IV = new ByteArray(); ivmode.IV.writeUTFBytes(decrIV); trace("ivmode.IV: " + Base64.encodeByteArray(ivmode.IV)); aes.encrypt(inputBA); trace("Base64.encodeByteArray(inputBA): " + Base64.encodeByteArray(inputBA)); return Base64.encodeByteArray(inputBA); }

Here is the output from the ActionScript:

stringToEncrypt: a1d63a1fb90b422ecce953b3302b6e521f96 key: dHViZXIkMjA= inputBA: YTFkNjNhMWZiOTBiNDIyZWNjZTk1M2IzMzAyYjZlNTIxZjk2 iv: FDRYeExZze8= decrIV: 4XxLYÍï ivmode.IV: FDRYeExZw43Drw== Base64.encodeByteArray(inputBA): 6AJu1PUFRHx+Ykf0r1HlZVy39kR0HrOaw+wTHmnRPPunisp4TR0cSw== stringToEncrypt: 10:00 key: dHViZXIkMjA= inputBA: MTA6MDA= iv: FDRYeExZze8= decrIV: 4XxLYÍï ivmode.IV: FDRYeExZw43Drw== Base64.encodeByteArray(inputBA): N5VgWd0Ccu0=

Here is the output from C#/.NET:

stringToEncrypt: a1d63a1fb90b422ecce953b3302b6e521f96 key: dHViZXIkMjA= inputByteArray: YTFkNjNhMWZiOTBiNDIyZWNjZTk1M2IzMzAyYjZlNTIxZjk2 IV: FDRYeExZze8= Convert.ToBase64String(ms.ToArray()): h2jT8xR2SOPagrQwF3leuKFdEvHpYyfCUzEJw2lxXG2HnuUyw1QXzg== stringToEncrypt: 10:00 key: dHViZXIkMjA= inputByteArray: MTA6MDA= IV: FDRYeExZze8= Convert.ToBase64String(ms.ToArray()): WVOOknAikYs=

UPDATE 3:

This is the ActionScript code for the last steps:

 aes.encrypt(inputBA); return Base64.encodeByteArray(inputBA);

This is the C#/.NET code for the last steps:

 CryptoStream cs = new CryptoStream(ms, des.CreateEncryptor(key, IV), CryptoStreamMode.Write); cs.Write(inputByteArray, 0, inputByteArray.Length); cs.FlushFinalBlock(); return Convert.ToBase64String(ms.ToArray());

In as3 why are you using the Hex functions for converting String to ByteArray why not use ByteArray.writeUTFBytes() — Miguel Sanchez
– Miguel Sanchez, Commented Oct 12, 2016 at 4:58
If I change the first Hex line to this: "var inputBA:ByteArray=ByteArray.writeUTFBytes(input);" I get the error: "Line 222, Column 45 1061: Call to a possibly undefined method writeUTFBytes through a reference with static type Class." — user8128167
– user8128167, Commented Oct 12, 2016 at 5:13
var inputBA:ByteArray = new ByteArray(); inputBA.writeUTFBytes(input); — Miguel Sanchez
– Miguel Sanchez, Commented Oct 12, 2016 at 5:19
OK, now I get this from C#: h2jT8xR2SOPagrQwF3leuKFdEvHpYyfCUzEJw2lxXG2HnuUyw1QXzg== and this from ActionScript: +KZVDXO6+1bIC3IgPqxh6j1lsiJK/rXPnKHpH84Gd5nZcJ3bdp1aRvhtF+moz5WMPzYgCMIrk7Y= they are still different. — user8128167
– user8128167, Commented Oct 12, 2016 at 5:26
have you changed both lines using Hex, I mean for inputBA and for key? — Miguel Sanchez
– Miguel Sanchez, Commented Oct 12, 2016 at 5:27

Community · Accepted Answer · 2017-05-23 10:27:48Z

1

First change this line

inputBA.writeUTFBytes(decrKey);

to

key.writeUTFBytes(decrKey);

You may need some function like this to print a ByteArray in AS3.

public static function fromArray(array:ByteArray, colons:Boolean=false):String { var s:String = ""; for (var i:uint=0;i<array.length;i++) { s+=("0"+array[i].toString(16)).substr(-2,2); if (colons) { if (i<array.length-1) s+=":"; } } return s; }

Sources: AS3 ByteArray to Hex representation