Android Question Encryption problem

[Ascanio D'Andrea]

Hi to all,
I never post a question because I always find great solutions reading your posts but now I really can't find a solution for an encryption problem, I have very basic knowledge about it.
I wrote an asmx webservice who receives, from a vb.net program, an encrypted password, decode it and activates some functions to returns some data. All works fine with encryption in vb.net (I used this suggestion) and comunication with the webservice.
Now I'm trying to write an app to do the same thing on Android devices but I stopped with encryption code!
I start with a very basic code:

Dim B64 As Base64
Log(B64.EncodeStoS("mypassword","UTF8"))

and the result is: "bXlwYXNzd29yZA=="
instead in vb.net I obtain "fcoG1id4sTqR++7ETTNHzw=="
How can I obtain the same encoded string? I know I should use different approach, something like this I think but maybe there is a simplier (for me!) way.
Thank you in advance for any suggestion.

 

[KMatle]

Did you set the encoder in vb.net to UTF8 and convert to Bytes with UTF8?

Note: Base64 is NOT an encryption! It's just an encoding to tranfer data lossless...

'VB.NET code
Dim encoder As New UTF8Encoding
Dim B64String, MyText As String
MyText = "mypassword"
B64String = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(MyText))

B4x:

Dim su As StringUtils
    Dim bc As ByteConverter
    Dim TextBytes() As Byte = bc.StringToBytes("mypassword","UTF8")
    Dim B64String As String = su.EncodeBase64(TextBytes)

 

[Ascanio D'Andrea]

Thank you KMatle,
Yes you're right, setting UTF8 also in vb.net I can obtain the same result, but as you said it's not an encryption, I'm sorry for this misunderstanding and I need to encrypt the string.
In vb.net I used the .Net Framework NameSpace

Imports System.Security.Cryptography

following this code.
I don't know if it's a right question for this forum and maybe the answer should be "Please learn to code" but I try the same to ask....how can I use Encryption library I found here to obtain the same result? I would only need to be put on the right way.
Thank you

 

[KMatle]

I can give you a hint. Use AES.

Libs needed:

- Encryption
- StringUtils

B4x (working encryption. I use this to encrypt and decrypt in VB.NET later)

Sub AESEncrypt(dataToEncrypt As String, MyAESPW As String) As String
    Dim su As StringUtils
    Dim kg As KeyGenerator
    Dim C As Cipher
    Dim md As MessageDigest
    Dim encrypted() As Byte

    kg.Initialize("AES")
    kg.KeyFromBytes(md.GetMessageDigest(MyAESPW.GetBytes("UTF8"), "MD5"))
       
    C.Initialize("AES/ECB/PKCS5Padding")
    encrypted = C.Encrypt(dataToEncrypt.GetBytes("UTF8"), kg.Key, False)

    Return su.EncodeBase64(encrypted)
End Sub

VB.NET:

https://codepaste.net/w5j8fn


Hint:

- EVERYTHING is UTF8 (really)
- It's all about converting Strings to Bytes (=math!) and vice versa
- Base64 is used to transfer the enrypted Bytes as a Base64 encoded string


Encryption: String -> Bytes -> encrypt -> Bytes -> Base64 encode -> send/transfer/store
Decryption: Base64 decode -> Bytes -> decrypt -> Bytes -> String

 

[Ascanio D'Andrea]

Thank you Kmatle for your hints but nothing to do! Too much for me I think! I have to study more deeply!
I use your B4x code and I can obtain this encripted value:
mypassword=ZIZDiPJTDpEtZ8TDBLuLKw==
I use your vb.net linked code and I can obtain this encrypted value:
mypassword=GXgmf8tcfhXZ0In/wxX06Q==

I also tried to change vb.net code with

 Dim Buffer As Byte() = System.Text.Encoding.UTF8.GetBytes(input)

but I obtain the same result.
I think I can understand enough what does each line but I can't understand what exactly happens here:

 Dim DESEncrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateEncryptor

and here:

DESEncrypter.TransformFinalBlock(Buffer, 0, Buffer.Length)

Anyway! I tried to skip the problem in another way, I set up the webservice (IIS webserver) to work on https channel, I tried to capture data packages with Fiddler and it seems nothing is passing in "clear". Could it be a solution in terms of security issues or I'm on the wrong way?
Thanks you for any suggestion.

 

[KMatle]

I know this is complicated. Took me some days to get it running. Take a look at my RSA examples. Ever harder. However.

For sure you don't use UTF-8

Here's my working code (VB.net):

encoded = AES_Encrypt("Hello AESäöüßé", "PW")
decoded = AES_Decrypt(encoded, "PW")

Public Function AES_Encrypt(ByVal input As String, ByVal pass As String) As String
        Dim AES As New System.Security.Cryptography.RijndaelManaged
        Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
        Dim encrypted As String = ""
        Try
            Dim hash(31) As Byte
            Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
            Array.Copy(temp, 0, hash, 0, 16)
            Array.Copy(temp, 0, hash, 15, 16)
            AES.Key = temp 'hash
            AES.Mode = CipherMode.ECB
            Dim DESEncrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateEncryptor
            Dim Buffer As Byte() = System.Text.UTF8Encoding.UTF8.GetBytes(input)
            encrypted = Convert.ToBase64String(DESEncrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
            Return encrypted
        Catch ex As Exception
        End Try
    End Function

 Public Function AES_Decrypt(ByVal input As String, ByVal pass As String) As String
        Dim AES As New System.Security.Cryptography.RijndaelManaged
        Dim Hash_AES As New System.Security.Cryptography.MD5CryptoServiceProvider
        Dim decrypted As String = ""
        Try
            Dim hash(31) As Byte
            Dim temp As Byte() = Hash_AES.ComputeHash(System.Text.ASCIIEncoding.ASCII.GetBytes(pass))
            Array.Copy(temp, 0, hash, 0, 16)
            Array.Copy(temp, 0, hash, 15, 16)
            AES.Key = temp 'hash
            AES.Mode = CipherMode.ECB
            Dim DESDecrypter As System.Security.Cryptography.ICryptoTransform = AES.CreateDecryptor
            Dim Buffer As Byte() = Convert.FromBase64String(input)
            decrypted = System.Text.UTF8Encoding.UTF8.GetString(DESDecrypter.TransformFinalBlock(Buffer, 0, Buffer.Length))
            Return decrypted
        Catch ex As Exception
        End Try
    End Function

 

[Ascanio D'Andrea]

And finally I solved!...using this code.

B4A code:

Sub Process_Globals
    Dim pwd_connect As String
End Sub

Sub btnLogin_Click   
    pwd_connect=EncryptMobile("mypassword")
    StartActivity("my_view")
End Sub
   
Sub InitializeCipher(c As Cipher, transformation As String)
   Dim r As Reflector
   Dim o As Object = r.RunStaticMethod("javax.crypto.Cipher", "getInstance", Array(transformation, "BC"), _
     Array As String("java.lang.String", "java.lang.String"))
   r.Target = c
   r.SetField2("cipher", o)
End Sub
Sub EncryptMobile(dataToEncrypt As String ) As String
   Dim kg As KeyGenerator
   Dim c As Cipher
   Dim B64 As Base64
   Dim bconv As ByteConverter

   Dim data(0) As Byte
   Dim iv(0) As Byte
   iv = Array As Byte(8, 8, 2, 10, 12, 12, 28, 5) ' 16 bytes for AES
   InitializeCipher(c, "DESEDE/CBC/PKCS5Padding")  
   
   c.InitialisationVector = iv
   kg.Initialize("DESEDE")
 
   kg.KeyFromBytes(bconv.StringToBytes("XXXX000011Ix2010","ASCII"))
   data = bconv.StringToBytes(dataToEncrypt, "ASCII")    
   data = c.Encrypt(data, kg.Key, True)          

   Return B64.EncodeBtoS(data, 0, data.Length)
 
End Sub

VB.NET code:

Private Function DecryptMobile(encryptedData As String) As String
        Dim buffer As Byte() = System.Convert.FromBase64String(encryptedData)
        Dim des As TripleDESCryptoServiceProvider = New TripleDESCryptoServiceProvider()
        des.IV = New Byte() {8, 8, 2, 10, 12, 12, 28, 5}
        des.Key = ASCIIEncoding.ASCII.GetBytes("XXXX000011Ix2010")
        Dim result As String = Encoding.ASCII.GetString(des.CreateDecryptor().TransformFinalBlock(buffer, 0, buffer.Length))
        des.Clear()
        Return result
    End Function

Thank you for your help and thank you to this forum!