Switching to CBC mode in Triple DES encryption

Question

I’m working on a mvc application over .Net, to secure my sensitive information such as info in web.config I’ve got two functions that encrypts and decrypts information using Triple DES, however I’m new to this and succeeded to reach till here by the help of a friend and asking few question over here.

The point where I’m currently stuck is how can I add TDES IV (Initialization Vector) at the end of the encrypted string and how also retrieve it again while decrypting? I mean how would you identify in an encrypted info that from here the IV (Initialization Vector) stars?

From How to add and retrieve TDES IV (Initialization Vector) in encrypted string i was advised to switch to CBC mode instead of ECB as ECB doesn't support IVs.

But I am confused how can I switch to CBC?

I really need help regarding this, it’s been long that ma struck with this problem and unable to fnid a solution to it. Please help.

public static string Encrypt(string Message)
{
    byte[] iv;
    byte[] Results;
    System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
    MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
    byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(GetSHA256String()));
    TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
    TDESAlgorithm.Key = TDESKey;
    TDESAlgorithm.Mode = CipherMode.ECB;
    TDESAlgorithm.Padding = PaddingMode.PKCS7;
    // Capture the randomly generated IV
    iv = TDESAlgorithm.IV;
    byte[] DataToEncrypt = UTF8.GetBytes(Message);
    try
    {
        ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
        Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length);
        //var lnght=Results.GetLength(0);
        //System.Buffer.BlockCopy(iv, 0, Results, lnght + 1, iv.Length()); //HOW?
    }
    finally
    {
        TDESAlgorithm.Clear();
        HashProvider.Clear();
    }
    return Convert.ToBase64String(Results);
    //return Encoding.UTF8.GetString(Results);
}

public static string Decrypt(string Message)
{
    byte[] Results;
    System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
    MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
    byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(GetSHA256String()));
    TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
    TDESAlgorithm.Key = TDESKey;
    // Apply the same IV used during encryption
    //TDESAlgorithm.IV = iv;  // HOW?
    TDESAlgorithm.Mode = CipherMode.ECB;
    TDESAlgorithm.Padding = PaddingMode.PKCS7;
    try
    {
        byte[] DataToDecrypt = Convert.FromBase64String(Message);
        //byte[] DataToDecrypt = UTF8.GetBytes(Message);
        //byte[] DataToDecrypt = Encoding.UTF8.GetBytes(Message);
        ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
        Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length); // << ERROR is here.
    }
    finally
    {
        TDESAlgorithm.Clear();
        HashProvider.Clear();
    }
    return UTF8.GetString(Results);
}

…
…

Any guideline, link or a piece of code would be appreciated. Thankyou.

Answer 1

To change to CBC, amend your code to read, TDESAlgorithm.Mode = CipherMode.CBC; for both encryption and decryption.

DES is a 64 bit block cypher, so you will need 64 bits of IV, 8 bytes. Use a cryptographically secure RNG, C# has RNGCryptoServiceProvider to generate your IV, and pass it as as a parameter to the encryption method. The C# documentation will help you here.

When you have encrypted the plain text, prepend the IV to the message and send the whole thing.

When you decrypt, extract the first eight bytes of the incoming message to use as the IV. The rest of the message will form the cyphertext.