I have received a task to encrypt and decrypt an XML string by using a TOKEN and a KEY. The encryption shall use 3DES EDE / ECB / NOPadding and can be made either in PHP or C#
I am not so prepared on this so I have read around a bit of theory and came to a very easy implementation which is as follow:
public string Encrypt( string message, string key, string token ) { byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes( message ); byte[] keyArray = CreateHash( key ); byte[] vectorArray = CreateHash( token ); TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider(); //set the secret key for the tripleDES algorithm tdes.Key = keyArray; //mode of operation. there are other 4 modes. We choose ECB(Electronic code Book) tdes.Mode = CipherMode.ECB; //padding mode(if any extra byte added) tdes.Padding = PaddingMode.None; ICryptoTransform cTransform = tdes.CreateEncryptor(keyArray, vectorArray); //transform the specified region of bytes array to resultArray byte[] resultArray = cTransform.TransformFinalBlock( toEncryptArray, 0, toEncryptArray.Length ); //Release resources held by TripleDes Encryptor tdes.Clear(); //Return the encrypted data into unreadable string format return Convert.ToBase64String( resultArray, 0, resultArray.Length ); } private byte[] CreateHash( string toHash ) { //use get hashcode regards to your key MD5CryptoServiceProvider hashKey = new MD5CryptoServiceProvider(); byte[] kArray = hashKey.ComputeHash( UTF8Encoding.UTF8.GetBytes( toHash ) ); //Always release the resources and flush data //of the Cryptographic service provide. Best Practice hashKey.Clear(); return kArray; } However I think this is not completely correct. In fact I am not sure that the TOKEN shall be used this way. Can somebody provide more informations and point me to the right direction on how to solve this problem?
Thanks
3DES/ECB/NOPaddingby using a Key and a Token. The key is a string like "123456789012345678901234" (24 characters)