Android Question Encryption B4a vs VB.NET

mmieher

Active Member
Licensed User
Longtime User
Having problems with encryption between a VB.NET host program and a B4a app. Sure I am missing something fundamental as this is my first whack at encryption.

I first tried AES VB.NET stuff and B4XEncryption. Was not working. After much time in the forum I saw Erel post "B4XEncryption will only work with B4a, B4i and B4j. Use Encryption library."

So off to Encrption library and DES on VB.NET. First several hours spent learning that the password key MUST be exactly 8 characters. Why?

The DES and Encryption library are producing two very different results. Any ideas? Did I miss a post? I have looked at everything returned form a "Encryption" search.

B4a Code:
B4X:
        '        Dim cipherText() As Byte = EncryptText(txPassword.Text,PwdKey)
        '        Dim cText As String = BytesToString(cipherText,0,cipherText.Length,"utf8")
               
                Dim kg As KeyGenerator
                Dim c As Cipher
                c.Initialize("DES/ECB/NoPadding")
                kg.Initialize("DES")
               
                Dim b() As Byte = PwdKey.GetBytes("UTF8")
                Log("key length = " & b.Length)               
                kg.KeyFromBytes(b)
               
                Dim cText As String = padString(txPassword.Text)
                Log("cText.len = " & cText.Length)
                Dim data(0) As Byte = bConv.StringToBytes(cText,"UTF8")
               
                Log("data length = " & data.Length)
               
                data = c.Encrypt(data,kg.Key,False)
               
                cText = bConv.HexFromBytes(data)
                ' this did not work either cText = BytesToString(data,0,data.Length,"utf8")
               
                mLog("SB","cText = " & cText)
                mLog("SB","rspPassword = " & rspPassword)
               
                If rspPassword <> cText Then
                    ToastMessageShow("Invalid User Name or Password",False)
                    Job.Release
                    fInTrans = False
                    Return
                End If
VB.NET Code:
B4X:
Imports System.Security.Cryptography

 Public Function AES_Encrypt(ByVal input As String, ByVal pass As String) As String
        Dim AES As New RijndaelManaged
        Dim Hash_AES As New MD5CryptoServiceProvider
        Dim encrypted As String = ""
        Try
            Dim hash(31) As Byte
            Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
            Array.Copy(temp, 0, hash, 0, 16)
            Array.Copy(temp, 0, hash, 15, 16)
            AES.Key = hash
            AES.Mode = CipherMode.ECB
            Dim DESEncrypter As ICryptoTransform = AES.CreateEncryptor
            Dim Buffer As Byte() = ASCIIEncoding.ASCII.GetBytes(input)
            encrypted = Convert.ToBase64String(DESEncrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
            Return encrypted
        Catch ex As Exception
            Return "Error"
        End Try
    End Function
 

KMatle

Expert
Licensed User
Longtime User
First several hours spent learning that the password key MUST be exactly 8 characters. Why?

DES uses EXACT 8 bytes as the keylength (as any encryption methid). No magic here but please do not use it as the security is very weak.

Use AES-256 uses EXACT 32 bytes, AES-128 16 bytes. Of course you can have longer "keys" but they are hashed to fit the keylength you need. This one is good to create EXACTLY 32 bytes (256 Bits / 8 Bits = 32 Bytes).

B4X:
Sub SHA256Hash (pw As String) As String
    Dim md As MessageDigest
    Dim ByteCon As ByteConverter
    Dim passwordhash() As Byte
    
    passwordhash = md.GetMessageDigest(pw.GetBytes("UTF8"),"SHA-256")
    Dim SHA256string As String
    SHA256string = ByteCon.HexFromBytes(passwordhash)
    SHA256string = SHA256string.ToLowerCase
    'Log(SHA256string.Length)
    Return SHA256string
    
End Sub

B4xEncryption uses AES-256, too with IV and Salt which is added at the start (I guess) of the encrypted message. See my example here: https://www.b4x.com/android/forum/threads/b4x-aes-encryption-lessons-learned-best-practice.97927/ for an explanation and how to ancrypt/decrypt with IV and Salt. VB .NET uses the same. Take a look at the www. There are tons of examples.
 
Upvote 0

mmieher

Active Member
Licensed User
Longtime User
Thank you for your help.

It is not clear to me what I am to do with the above sub? It looks like I need to transform my pass key with it? I call it with a 32-byte string. It returns a 64-byte string which blows up AES_Encrypt at "Dim datas() As Byte = C.Encrypt(inputB, kg.Key, True)". When I do this:
B4X:
            '    AES 256
            Dim IV As String = GenerateIV
            Dim tKey As String = PwdKey & s.Space(32-PwdKey.Length)
    ''        tKey = SHA256Hash(tKey)
            Dim cText As String = AES_Encrypt(txPassword.Text,IV,tKey)

I get something that looks more reasonable (no out-there ASCII characters) but still does not match.

B4A = MBPtvGzqLAJBFc8JdbxEXQ==

VB.NET = 5Gm9ZWgSdTTnYb94/XwFkw==
 
Upvote 0
Top