Error encrypting string

Topics: Cryptography Application Block, Enterprise Library Core
Mar 20, 2007 at 4:14 PM
hi guys,

I am having the following error when i try to encrypt a string.
System.Security.Cryptography.CryptographicException was caught
Message="Key not valid for use in specified state. \r\n"
Source="System.Security"

thanks in advance

Mar 20, 2007 at 8:44 PM
I recommend checking out the Cryptography QuickStart in the January 2006 Enterprise Library. It has a sample of encrypting a secret that shows you how to encrypt a string using RijndaelManaged.

Regards,

Dave

_____________________

David Hayden
Microsoft MVP C#
Mar 21, 2007 at 1:10 PM
thanks,
I did, and also follow the hands on lab. this is the scenario:
I have a separate class library projects that need to encrypt and decrypt. I reference the cryptography block dll file in my project. but the exception was thrown at the point of encrypting string. I used the configuration tool to configure the web.config of the web project, which reference the class library project.
Mar 21, 2007 at 3:49 PM
The error appears to be thrown from the .NET Framework.

I don't have enough information to understand the problem, but I would just double check:

1) A valid key file has been generated using the Cryptographic Key Wizard via the Configuration Tool
2) You perhaps encrypt the file using DPAPI Machine Mode so the website can decrypt the key file
3) The Cryptographic Routines can find the key file

Note that the key file must be encrypted on the machine that uses it. Therefore, if you are encrypting the key on one machine and then XCOPYING it to another machine ( web host ), it will not work because the key file is encrypted using information about the current user or local machine.

Regards,

Dave

_______________________

David Hayden
Microsoft MVP C#
May 10, 2007 at 7:25 AM
Is there ANY way at all of encrypting on one machine (machine 1), Copying the key to ANOTHER machine (machine 2 ) and decrypting on the other other machine (machine 2).
Example: Machine 1 encrypts data that is stored in SQL Server database. The database is migrated to Machine 2 (because machine 1 crashes), The "current" user for machine one is no longer with the company. We can copy the key to Machine 2. How can we decrypt the data on Machine 2. We are using RijndaelManaged.

Is the data then LOST forever? What method should we use if we want to be able to just copy the generated key back to the other machine and decypt?


DavidHayden wrote:
The error appears to be thrown from the .NET Framework.

I don't have enough information to understand the problem, but I would just double check:

1) A valid key file has been generated using the Cryptographic Key Wizard via the Configuration Tool
2) You perhaps encrypt the file using DPAPI Machine Mode so the website can decrypt the key file
3) The Cryptographic Routines can find the key file

Note that the key file must be encrypted on the machine that uses it. Therefore, if you are encrypting the key on one machine and then XCOPYING it to another machine ( web host ), it will not work because the key file is encrypted using information about the current user or local machine.

Regards,

Dave

_______________________

David Hayden
Microsoft MVP C#

May 10, 2007 at 2:13 PM
Not that I know of.

The guidance is to make a password-protected version of your key file. This way if a machine does crash, you can import the password-protected key file on the new machine, re-encrypt it, and continue encrypting and decrypting information on the new machine.

Regards,

Dave

______________________________

David Hayden
Microsoft MVP C#
May 10, 2007 at 4:20 PM
So Cryptography will work only if the developer has access to the Deployment machine to build (rebuild) the keys?
How useful is the approach for disaster recorvery? I hope everyone who is storing encrypted data in a database is well aware of this since they may not be able to recover.

DavidHayden wrote:
Not that I know of.

The guidance is to make a password-protected version of your key file. This way if a machine does crash, you can import the password-protected key file on the new machine, re-encrypt it, and continue encrypting and decrypting information on the new machine.

Regards,

Dave

______________________________

David Hayden
Microsoft MVP C#
{quote}
May 10, 2007 at 4:46 PM
Edited May 10, 2007 at 4:47 PM
No. I misread key for encrypted key file in your message.

The key can be used on any machine and is typically exported to a password protected key file to put on different machines.

But in order to use it with the Cryptography Application Block on a particular machine, you must use the Cryptographic Key Wizard on that machine to place it in a file that gets encrypted using DPAPI.

What you can't copy is the encrypted key file to another machine because it will not be able to read it since it was encrypted using DPAPI to a particular machine.

Check the documentation as it discusses it in pretty good detail.

Regards,

Dave

______________________________

David Hayden
Microsoft MVP C#
May 10, 2007 at 7:56 PM
Thanks BUT
Can the function of the Crypto Key Wizard be automated (programmed ) if the developer does not have control over the deployed machine. Is there an example on how to program the functionality of the wizard for cases such as websites(Intranets) where we cannot install Enterprise Libary Configuaration wizard? For security reasons many companies do not allow direct access to intranet servers for developers. They may also prevent installation of components sub as Enterpise libray wizard.


This will also help greatly in disaster recorvery situations.


DavidHayden wrote:
No. I misread key for encrypted key file in your message.

The key can be used on any machine and is typically exported to a password protected key file to put on different machines.

But in order to use it with the Cryptography Application Block on a particular machine, you must use the Cryptographic Key Wizard on that machine to place it in a file that gets encrypted using DPAPI.

What you can't copy is the encrypted key file to another machine because it will not be able to read it since it was encrypted using DPAPI to a particular machine.

Check the documentation as it discusses it in pretty good detail.

Regards,

Dave

______________________________

David Hayden
Microsoft MVP C#

{quote}
Jul 17, 2007 at 10:32 AM
I've been struggling with the whole problem of deploying Cryptography Application Block encryption keys. In my scenario, I'm publishing a Windows application to a server where users will install it using ClickOnce deployment. Also, since the data is encrypted before it is stored in a database and decrypted when recovered, all users must be using exactly the same encryption key. Otherwise, errors are generated when pulling data out of the database that was not encrypted on the user's current workstation.

I think I have a solution that works for all the users and all workstations in a large enterprise, so it may work for developers deploying to a web server as well.

1. Create a key in LocalMachine scope. My App.config section looks like this when I'm finished:

<symmetricCryptoProviders>
<add algorithmType="System.Security.Cryptography.RijndaelManaged, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089"
protectedKeyFilename="C:\ClientProjects\ProjectX\Source\XFiles\XFileSecurity.key"
protectedKeyProtectionScope="LocalMachine" type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.SymmetricAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=2.0.0.0, Culture=neutral, PublicKeyToken=null"
name="RijndaelManaged" />

2. Export the key to a text file using the Enterprise Library Configuration Tool. (Right click on the provider node, and choose Export key from the context menu)

3. When publishing to the deployment server, do not include the key file. In this case, XFileSecurity.key is not published to the deployment server, so that it is not copied to the user's workstation when they run the ClickOnce install.

4. Do publish the text file that the Enterprise Library Configuration Tool created when you exported the key. In my scenario, every user who installs the app gets a copy of the exported text file, secured with a password specified when it was exported.

5. When the user runs the application for the first time, it is basically a matter of recovering the key from the exported text file, creating a key file in the location you wish, and then updating the App.config (or Web.config) file.
It seems like a lot of work, and it is. The function I use to do all this when the application starts up is included below. This particular development is VB, but it also works fine in C#. In my scenario, the app should not run without encryption, and will fail with nasty errors without it, so I run this function before I load my main form and exit with a message if it returns false.

The key method here is: KeyManager.RestoreKey. This allows one to migrate the key from one machine to another programmatically.


Imports System.IO
Imports System.Configuration
Imports System.Security.Cryptography
Imports Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Configuration
Imports Microsoft.Practices.EnterpriseLibrary.Security.Cryptography

-- Private class members
Private Const SECURITYKEYFILE As String = "XFileSecurity.key"
Private Const KEYIMPORTFILE As String = "ColorIndex.txt"
Private Const KEYIMPORTFILE_PW As String = "color2007"

Private Function ApplicationSecured() As Boolean
Dim secure As Boolean = False
Dim sCurrentPath As String = Application.ExecutablePath
Do Until sCurrentPath.EndsWith("\")
sCurrentPath = sCurrentPath.Remove(sCurrentPath.Length - 1)
Loop
Dim importFile As String = sCurrentPath & KEYIMPORTFILE
Dim keyFile As String = sCurrentPath & SECURITYKEYFILE
If Not My.Computer.FileSystem.FileExists(keyFile) Then
Dim key As ProtectedKey = KeyManager.RestoreKey(File.Open(importFile, FileMode.Open, FileAccess.Read), KEYIMPORTFILE_PW, DataProtectionScope.LocalMachine)
KeyManager.Write(File.Open(keyFile, FileMode.Create), key)
End If
Dim cfg As Configuration = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
If cfg.HasFile Then
Dim cryptoSection As ConfigurationSection = cfg.Sections("securityCryptographyConfiguration")
If Not cryptoSection Is Nothing Then
Dim cryptoSettings As CryptographySettings = cryptoSection
Dim data As SymmetricProviderData = cryptoSettings.SymmetricCryptoProviders.Get(0)
Dim sSetPath As String = data.ElementInformation.Properties("protectedKeyFilename").Value.ToString()
If sSetPath <> keyFile Then
data.ElementInformation.Properties("protectedKeyFilename").Value = keyFile
cfg.Save(ConfigurationSaveMode.Minimal)
End If
secure = True
End If
End If
Return secure
End Function


Nov 22, 2008 at 4:02 PM
Edited Nov 22, 2008 at 4:05 PM
DevLingo,

Thanks! I used your solution and it worked great!

I also was using "Click Once" to deploy my application.  I would like to add, when adding the text version of the key file (*.txt)  in Step 4, add the file to the ROOT directory of your Visual Studio Project you are going to deploy.  Before publishing your solution, check the Application Files ... to make sure the text version of the key file is there.

Thanks Again!

John

Dec 30, 2008 at 3:08 PM
I don't mean to be a stick in the mud...

But isn't the whole point of this design to make the system more secure?  By storing the encryption key file password directly in the source code you are compromising the security of your data.  If you are going to do that... why bother encrypting the data at all?  Right?  Sure its a pain to import the key for every machine you have to setup, but how long does it really take?  5 minutes each?

Alternatively, can you set the machine key of the machine in the web.config or other .config file?  That seems like it would reduce the vulnerability a little... although I guess someone could still rewrite the code on your web server (provided that they have access to it) to output to a browser or transmit the data in another form.

Even if you use the standard approach and manually import the key to each machine, where is the point of failure?  Someone gaining access to the filesystem on your webserver, and being able to modify your aspx.cs files?
Dec 31, 2008 at 9:58 PM
I don't think you're being a stick in the mud, skippyfire, but I do think it's important to think in terms of cost-effective development and support. 5 minutes per machine adds up to 8 hours and 20 minutes for 100 workstations per deployment. With that many machines something is likely to be missed. Many thanks to DevLingo for suggesting a cost-effective solution.
Jul 13, 2010 at 10:46 PM

This is the version that I used in C#:

using System;
using System.IO;
using System.Collections.Generic;
using System.Text;
using System.Security.Permissions;
using Microsoft.Practices.EnterpriseLibrary.Security.Cryptography;
using Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.Configuration;
using System.Security.Cryptography;

public class CryptographyKeyManager
    {
        //private class members
        private const string SECURITYKEYFILE = "XFileSecurity.key";
        private const string KEYIMPORTFILE = "ColorIndex.txt";
        private const string KEYIMPORTFILE_PW = "color2007";

        private bool ApplicationSecured(string strKeyDirectoryPath)
        {
            bool secure = false;

            string importFile = Path.Combine(strKeyDirectoryPath, KEYIMPORTFILE);
            string keyFile = Path.Combine(strKeyDirectoryPath, SECURITYKEYFILE);

            if (File.Exists(keyFile))
            {
                secure = true;
            }//if
            else if (!File.Exists(keyFile))
            {
                ProtectedKey key = KeyManager.RestoreKey(File.Open(importFile, FileMode.Open, FileAccess.Read), KEYIMPORTFILE_PW, System.Security.Cryptography.DataProtectionScope.LocalMachine);
                KeyManager.Write(File.Open(keyFile, FileMode.Create), key);

                secure = true;
            }//if

            return secure;
        }//method: ApplicationSecured
    }//class

Jul 18, 2010 at 12:00 AM

Hi VS2010Junkie,

How did you implement your C# file?

Jul 29, 2010 at 5:58 PM
Not sure what you mean. The code for my C# file is above. Thanks.
Oct 8, 2010 at 12:39 PM

It is throwing an padding erros.actually i have a taken a class library in the windows app.i have written  the above code(c#) in class library and i called in the button click event.

 

 I have given SECURITYKEYFILE=C:\..\DESKTOP\KEY1.KEY   ,KEYIMPORTFILE="C:\..\KEY.TXT

in (keymanager.restorekey)  line then  i got  padding error

 

can you help me...

Oct 8, 2010 at 6:40 PM

I do get the error in the line where keymanager.restore key is defined. Padding Error

I have generated a password based text key using Rijandel symmetric provider.

my doudt is that how come the above program can read that password protected text file and generate a key .

if this is case ,can any  onegive me an alternative where we have to use the same key in some x system where xsystem doesnot contain enterprise library installed.

Please help me.

Thanks

 

Oct 11, 2010 at 3:48 AM

The SECURITYKEYFILE variable there should be the file name of the .key file defined in your config.  The text file is in the KEYIMPORTFILE variable. 

"my doudt is that how come the above program can read that password protected text file and generate a key ."

The code used above is actually copied from the entlib source code.  It is the same code used when you select Import a password-protected key file option in the entlib config tool. 

If entlib is not installed on the machine nor its assemblies available, you can check out the entlib source code and look for the KeyManager and ProtectedKey classes.  Basically, you'll be using the code inside the KeyManager.RestoreKey and KeyManager.Write methods and other methods they are calling necessary to import the key file.  Your code then will be much longer since you don't have the option to use the entlib classes.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 11, 2010 at 5:53 AM

but when you select import a password-protected key file option in the entlib config tool it will ask you for the the password?but in the above program it is not taking any password .

Oct 11, 2010 at 6:14 AM

It will ask you first for the exported key file (.txt file) and then the password.  The password is in the KEYIMPORTFILE_PW variable.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 11, 2010 at 11:18 AM

see now i dont have errors however when iam using the same key for encryption and decryption in some x machine it is throwing an error saying

"The current build operation(build key Build Key[Microsoft practices.enterpriselibrary.security.cryptography.issysmmetricCryptoProvider,Rijndael]) failed.key versions

donot match between encrypted key and decryption algorithm(startegeytype config)

 

Thanks

Oct 11, 2010 at 3:02 PM

Now i have a problem of key mismatch.

I took my application generated the txt key file from key file then i went to x machine I took the above c# code  in separate application and generated key file using the txt keyfile then when i have added this key to the main application it gives an error saying the key mismatch.

 

 

Can u help me please

Oct 12, 2010 at 2:20 AM

I've seen posts encountering the same error and the cause was they use different versions of entlib between where you encrypted and where you decrypted it.  If this is true in your case, what versions are you using?

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 12, 2010 at 7:20 AM
Edited Oct 12, 2010 at 7:22 AM

4.1 version installed on the my sytsem.As i said earlier the x system doesnot contain any enterprise library s/w installed.

Oct 12, 2010 at 7:38 AM

When you say entlib is not installed on the machine, does that mean that you didn't also have the entlib assemblies at least copied to it?  Because how come you were able to copy the code above if you don't have those assemblies?  The KeyManager and ProtectedKey classes are part of the Cryptography assembly. 

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 12, 2010 at 10:34 AM

See ihave copied all the dlls required for the above code to run in the x system however enterprise library s/w has not been installed on x system.

Oct 13, 2010 at 9:22 AM

I'll investigate more on this.  I was trying this out in the 5.0 version and it's working fine.  I was able to repro your error in the 4.1 version and unsure yet why it isn't working.  No problems when using the configuration tool.  I'll inform you for any updates.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 13, 2010 at 11:57 AM

Many Thanks

Oct 14, 2010 at 1:56 AM

Hi kiran,

Turns out I was really using different versions of entlib assemblies on the 2 machines that's why I got the error on key mismatch.  Do you have multiple versions of enterprise library assemblies on the machine where you encrypted the key?  In addition, check the properties of your entlib references in your visual studio project on the machine where you're decrypting it.  See if the Version property reflects the same version you used on the encrypting machine.  See also if the Copy Local property is set to True.  If it is false, look if there's any entlib assemblies in GAC and what version is it. 

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 16, 2010 at 7:45 AM

Hello Sarah

how shall i check whether the copy local property is set to true?we use only enterprise library 4.1 we dont have other versions installed however in order to run the above c# code i have added system.security dll.when i checked its property it shows me the version as 2.0.0.0 version does this make any difference?

 

Thanks

Oct 16, 2010 at 4:37 PM
Edited Oct 18, 2010 at 12:26 AM

The Copy Local property is a property of a project 's reference.  Thus, you can see it when you have your visual studio solution open, locate the project where you have the entlib assembly reference, click on it and check the Properties window.  Check for the Version property of the entlib assemblies as well, not the System.Security.dll.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 18, 2010 at 5:05 AM

Yes i have observed that the copy local property is true and version of enterprise library is 4.1.0.0

Oct 18, 2010 at 5:26 AM

Could we try this?  I'll send you a project, a file with encrypted content, and an exported key file.  That project programmatically imports the key file and then attempt to read the content of the file with encrypted text.  Send me an email if this is ok with you.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 18, 2010 at 5:01 PM

yes please .Please send the code to my email account

Oct 19, 2010 at 12:09 AM

I've sent it to your email.  Run it on the machine where you're doing the import.  Let me know if you have any issues.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 19, 2010 at 5:14 AM

Hi

In the mean time i have tried on some ysystem where enterprise library is installed.( using the configuration tool) i have created  a key  on ysystem using keytext which ihave created on my system.

i have encrypted a string on my system then i took that encrypted string on y system and tried to decrypt but it throws an padding error.Can you please help me.i am not  even successful using the enterprise library configuration tool.

 

I have used machine mode

Thanks

 

 

Oct 19, 2010 at 5:42 AM

Ok, let's use the one which I sent you.

Open your config with the Enterprise Library Configuration Tool.  Add the Cryptography Application Block.  Right click on Symmetric Providers and add the RijndaelManaged provider. 

In the Cryptographic Key  Wizard, select Import a password-protected key file and click on Next.  The next window prompts you to locate the key text file.  Browse to the location where you saved the ProtectedConfiguration solution which I sent you.  It should be in \ProtectedConfiguration\ProtectedConfiguration directory with the filename exportKeyFile.txt.  Type "password" as the value for the password that was used to encrypt the key file. Click on Next.  That's it, you're done with the import task.

To test, attempt to read the encryptedFile.txt located in the \ProtectedConfiguration\ProtectedConfiguration\bin\debug folder.  Use the code from the same solution.

Let me know if you're successfull with this or not.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 19, 2010 at 12:43 PM
Edited Oct 19, 2010 at 1:12 PM

1. yes iam successful.Have  you generated this keytext using machine mode or user mode?

when i tried on my system with  keytext generated on z machines it gives "padding invalid and cannot be removed" but when i use the key text generated by my machine it works fine.can you help me.

if you want i can send my key text generated by my machine?

 

2.i do have 1 more doudt. i ahave info column which stores the information.column length is 255.when iam encrypting the small information and storing in the info column i dont have any problem but when iam encrypting a string of length morethan 160 as a result after encrypting it is more than length of the info column.other than changing the length of the info column any alternative where we can reduce the length of the encrypted string

Oct 20, 2010 at 1:49 AM
Edited Oct 20, 2010 at 2:05 AM

I generated it using machine mode.  Are you decrypting the same exact string in your machine and z machine.  Any notable difference between the two machines?  How exactly are you taking the encypted string to the decrypting maching?

On #2, I'm not aware of any way to do that.  Why not just simply use a datatype of nvarchar(MAX) rather than using a specific length? 

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com


Oct 20, 2010 at 4:57 AM

see i am able to decrypt your encrypted file in my machine and other machines.when i have  generated a key text on my server machine and thought of generating a key in other machines using the server key text but it throws an padding error however when ihave generated a key text  for the key on my machine or other machines(not server machine)) and when ihave used that keytext to generate key on other machines(not server machine) it works fine so why it is throwing a padding error when iam using key generated using server  key text?

is there any chahnce of firewall problem in server?any help related to this

 

 

Oct 20, 2010 at 8:35 AM
Edited Oct 20, 2010 at 8:56 AM

To confirm, you are able to export and import the key.  It is only when calling the Decrypt method that you are encountering the error, correct?  Does your server machine have a different operating machine than that of othe other machines?  What's the OS of the server machine?  I'm not sure what's the cause of the error yet but I'll try to recreate the scenario so if there are other differences between the involved machines, please do include the details.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com


Oct 20, 2010 at 9:34 AM

yes ihave a problem in decrypting only.     server os:windows server 2008,    other machines os:windows xp

 

Oct 20, 2010 at 9:38 AM

as i dont have full  access to server iam unable provide you the differences except operating system

Oct 21, 2010 at 3:21 AM
Edited Oct 21, 2010 at 3:30 AM

Thanks, I'll try to do the exact same thing you're doing.  I'll try exporting a key file from a Windows server 2008 machine although I'm not really sure if that's what causing the error.  

By the way, have you verified that you are able to decrypt the same string on the same machine(server)? 

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 21, 2010 at 4:53 AM

yes iam able to decrypt the strings in the server machine.

Oct 21, 2010 at 11:58 PM

I was able to successfully export the key file from a windows server 2008 machine and derypt it on a windows xp machine.  Have you tried doing this more than once?  How are you transferring the text to decrypt?  Is it stored in a file and you copy the file to the decrypting machine?

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 22, 2010 at 5:17 AM

A key has been generated on server machine and then the key text is generated  and saved on desktop of server machine using the configuration tool.then i copied that key text  into a shared folder of server machine.then from the shared folder i copied into other xp machines where the decrypting to be performed.then i took your console application on to the xp machine and in the encrypted text file i placed the string(copied from the info column of table which contains the encrypted string) which was encrypted by the key in the server machine.i have tried this only once.

note:same database access  for the server and xp machines

 

Oct 22, 2010 at 5:55 AM
Edited Oct 22, 2010 at 7:46 AM

Could you send the exported key text file, password, as well as the string to decrypt?   I will try decrypting it on my machine.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 23, 2010 at 2:58 PM

I have sent it to your email account

Oct 25, 2010 at 12:48 AM

I was able to decrypt the contents of the file without any error.  Try it again, maybe you just missed something.  Check the location of the key file specified in your config and make sure to delete that file if it exists.  Check if the values of the variable in the program which imports the key file.

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 27, 2010 at 5:01 AM

Yes now iam able to decrypt the string now.

Many Thanks

 

Oct 27, 2010 at 5:07 AM

Great! :) Just curious, were you able to determine what's causing the error you encountered before?

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Oct 28, 2010 at 10:46 AM

Actually I have used enterprise library configuration tool(all programs>...enterpriselibraryconfiration) where i used the 'open application' option to open the web.config but after creating the key i forgot to save as aresult i did create akey and there was already a key existing before creating anew  key so this was the reason i could not decrypt

one more thing when iam having 2 strings one is encrypted and one is unencrypted one saved in the info column.encrypted string can be decrypted but when the decrypt  method encounters a plain text i.e unencrypted string then it is throwing a error.is there any provision in cryptograpgy application block to identify an encrypted aand unencrypted string  so that when decrypt method in cryptography  encounters unencrypted string it simple returns the unencryptedstring

 

Thanks

Oct 28, 2010 at 10:48 AM

in the first line it is ' as a result it didnot create......'

Oct 29, 2010 at 3:14 AM

No, there's no such functionality in the Cryptography Application Block.  Please create a new thread for different questions.

 

Sarah Urmeneta
Global Technology and Solutions
Avanade, Inc.
entlib.support@avanade.com

Jun 30, 2011 at 7:58 AM

Hi

I had problems to deploy the crypto key file and this post worked perfect to me.

The only thing I changed is that I used the statement using to open the FileStream and I closed the stream.

if (File.Exists(keyFile)) {
    secure = true;
}//if
else if (!File.Exists(keyFile)) {
    using (FileStream fs = File.Open(importFile, FileMode.Open, FileAccess.Read)) {
        ProtectedKey key = KeyManager.RestoreKey( fs,
            KEYIMPORTFILE_PW, System.Security.Cryptography.DataProtectionScope.LocalMachine);
        KeyManager.Write(File.Open(keyFile, FileMode.Create), key);
        fs.Close();
        secure = true;
    }
}//if

It caused problem to me because my Application is a web application.

Thank you

Valdek