eflles eflles - 3 months ago 51
C# Question

Using Sha256 or Rfc2898DeriveBytes to create IC

Based on this: http://www.superstarcoders.com/blogs/posts/symmetric-encryption-in-c-sharp.aspx

I have written encryption/decryption of byte-arrays:

public static byte[] EncryptFile(string password, byte[] bytes, string salt)
{
using (RijndaelManaged aesEncryption = new RijndaelManaged())
{
DeriveBytes rgb = new Rfc2898DeriveBytes(password, Encoding.Unicode.GetBytes(salt));
byte[] rgbKey = rgb.GetBytes(aesEncryption.KeySize >> 3);
byte[] rgbIV = rgb.GetBytes(aesEncryption.BlockSize >> 3);
aesEncryption.KeySize = 256;
aesEncryption.Mode = CipherMode.CBC;
aesEncryption.Padding = PaddingMode.PKCS7;
aesEncryption.IV = rgbIV;
aesEncryption.Key = rgbKey;
using (ICryptoTransform crypto = aesEncryption.CreateEncryptor())
{
return crypto.TransformFinalBlock(bytes, 0, bytes.Length);
}
}
}

public static byte[] DecryptFile(string password, byte[] bytes, string salt)
{
using (RijndaelManaged aesEncryption = new RijndaelManaged())
{
DeriveBytes rgb = new Rfc2898DeriveBytes(password, Encoding.Unicode.GetBytes(salt));
byte[] rgbKey = rgb.GetBytes(aesEncryption.KeySize >> 3);
byte[] rgbIV = rgb.GetBytes(aesEncryption.BlockSize >> 3);
aesEncryption.KeySize = 256;
aesEncryption.Mode = CipherMode.CBC;
aesEncryption.Padding = PaddingMode.PKCS7;
aesEncryption.IV = rgbIV;
aesEncryption.Key = rgbKey;
using (ICryptoTransform crypto = aesEncryption.CreateDecryptor())
{
return crypto.TransformFinalBlock(bytes, 0, bytes.Length);
}
}
}


But when calculating the IV and the key, should I instead use SHA256 instead of
Rfc2898DeriveBytes
?

Answer

No you should not use SHA256, SHA256 is a hashing function where Rfc2898DeriveBytes is used to implements password-based key derivation functionality.

A hash function can be used to verify data, where the Rfc2898DeriveBytes is used specifically to generate a key.

Via msdn Rfc2898DeriveBytes and SHA256