How to create an encrypted key by code

Topics: Cryptography Application Block, Enterprise Library Core
Jul 16, 2009 at 6:15 PM

Hey all,

How can I create a new (encrypted) key by code?

I'm trying to "simulate" the enterprise library configuration wizard process (by code).

Assuming I provide\generate the strong key* - I need to create the encrypted *.key file for the system to work with in machine mode.

* PCI regulations indicate that the full key should be contributed by 2 or more individuals.
Therefore, I would like to create an application that collects all the key parts, unifies them all together and create the encrypted *.key file automatically.

Any ideas? Code Samples?

 

Thanks!

 

 

Jul 17, 2009 at 2:13 AM

You can actually look into the entlib source code.  I basically just pattern the code sample below from it.

System.Text.ASCIIEncoding encoding = new System.Text.ASCIIEncoding();
byte[] key = encoding.GetBytes("passwords");
ProtectedKey protectedKey = ProtectedKey.CreateFromPlaintextKey(key, DataProtectionScope.CurrentUser);
IKeyWriter writer = new KeyReaderWriter();
Stream keyOutput = File.Create(@"C:\mykey.key");
writer.Write(keyOutput, protectedKey);

 

Sarah Urmeneta
Global Technology & Solutions
Avande, Inc.
entlib.support@avanade.com

Jul 19, 2009 at 6:25 AM
Edited Jul 19, 2009 at 6:26 AM

Sarah Hi,

Thanks for your reply.

I have managed to create the key, according to the code above (I used DataProtectionScope.LocalMachine instead of DataProtectionScope.CurrentUser).

The key is created, but when I try to encrypt using this key, I get the following error: "Specified key is not a valid size for this algorithm."

This is the app.config element:

<add algorithmType="System.Security.Cryptography.RijndaelManaged, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" protectedKeyFilename="C:\mykey.key" protectedKeyProtectionScope="LocalMachine" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.SymmetricAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null" name="symprovider2"/>

Doesn't the code above correspond with the RijndaelManaged algorithm?

 

Thanks!

Jul 20, 2009 at 6:06 PM

Anyone?:)

Jul 21, 2009 at 2:05 AM

Sorry, I misinterpreted the source code.  Modifying the code:

RijndaelManaged algorithm = new RijndaelManaged();
algorithm.GenerateIV();
PasswordDeriveBytes password = new PasswordDeriveBytes("passwords", algorithm.IV);
byte[] key = password.GetBytes(32); 
ProtectedKey protectedKey = ProtectedKey.CreateFromPlaintextKey(key, DataProtectionScope.LocalMachine);
IKeyWriter writer = new KeyReaderWriter();
Stream keyOutput = File.Create(@"C:\mykey.key");
writer.Write(keyOutput, protectedKey);

 

Sarah Urmeneta
Global Technology & Solutions
Avande, Inc.
entlib.support@avanade.com

Jul 21, 2009 at 5:37 AM

Sarah Hi,

Thank you so much! It worked.

Just for quiousity, why 32 (byte[] key = password.GetBytes(32);)?  

I tried using 64 and same error occurs: (Specified key is not a valid size for this algorithm).

Does RijndaelManaged only works with 32 bytes?

 

Thanks again

 

Jul 21, 2009 at 5:57 AM

RijndaelManaged only supports key lengths of 128, 192, or 256 bits - http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndaelmanaged.aspx.  Using GetBytes(16) would work.

 

Sarah Urmeneta
Global Technology & Solutions
Avande, Inc.
entlib.support@avanade.com