Flash + .NET encryption

by Nathan D. on March 7th, 2011

There are plenty of encryption libraries out there for .NET and plenty for Flash/Flex. Getting them to communicate together on the other hand... well, just google .NET/Flex encryption and you'll soon realize, the two do not play very friendly.

We spent the better part of 5 days attempting every known encryption method out there via the AS3Crypto library (http://code.google.com/p/as3crypto/) (and 3 others freely available) on the Flex side and the same thing on the .NET side. Unfortunately, every test was a failure. 3 days into our attempts to decrypt a .NET encrypted string, we had some success as I was able to successfully pull out the first character of the encrypted string but nothing beyond that. We eventually settled on using an MD5 hash "system" to protect service calls. Not really wanting to settle on security, the .NET developer suggested one more attempt. Still unsuccessful until I altered one minor detail: encoding.

It turns out, on the .NET side, we were encoding the text in Unicode format before encrypting the string. Once it was passed over to Flex, I was never able to decode successfully because this. Once we updated the .NET to encode the string using UTF-8, I was able to successfully decode in Flex.

The one key from all the successful .NET to Flex encryption/decryption that I never saw: ensure your .NET encodes anything you want to encrypt in UTF-8 prior to encrypting.
.NET code:
public static string Encrypt(string plainText)
{
byte[] keyArray;
// path of file to encrypt
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(plainText);
string key = "RANDOMKEY";

keyArray = UTF8Encoding.UTF8.GetBytes(key);

System.Security.Cryptography.RijndaelManaged aes = new RijndaelManaged();
aes.Key = keyArray;
aes.Mode = CipherMode.ECB;
ICryptoTransform cTransform = aes.CreateEncryptor();
byte[] resultArray = cTransform.TransformFinalBlock
(toEncryptArray, 0, toEncryptArray.Length);
aes.Clear();
return Convert.ToBase64String(resultArray);
}

Flex code (using as3crypto):
private function decrypt(value:String, key:String):String
{
var keyByteArray:ByteArray = Hex.toArray(Hex.fromString(key));
var valueByteArray:ByteArray = Base64.decodeToByteArray(value));
var aes:ICipher = Crypto.getCipher("aes-ecb", keyByteArray);
aes.decrypt(valueByteArray);
return valueByteArray.toString();
}


Posted in Flex, .NET    Tagged with flash, encryption, decryption, .NET


4 Comments

Swapnil Patil - July 29th, 2011 at 1:43 PM
Hey Nathan,

Thanks for this..

Are you able to encrypt the same in flash..? i am getting "Error: ECB mode cipher length must be a multiple of blocksize 16" while reverse the process.

Thanks,
Swapnil
Reply
Nathan D. - July 29th, 2011 at 2:23 PM
As far as I know, it all worked the same in reverse. This doesn't sound like an encryption error so much as an error generating the cipher to encrypt your text... You should try looking at http://crypto.hurlant.com/demo/ - it was very helpful on determining what should and shouldn't be showing when attempting to encrypt something.
Reply
Swapnil Patil - July 29th, 2011 at 2:43 PM
Thanks for you reply Nathan.

Is was my fault while encryption but still i am not yet seceded in reverse, Is this possible for you to post reverse code or mail me @ sswapnilpatil[at]gmail[dot]com

Thanks in advance. :D

Thanks,
Swapnil
Reply
Swapnil - July 29th, 2011 at 4:02 PM
Hi Nathan,

Just wanted to let you that, i succeeded in reverse.

Thanks for your help :)

Swapnil
Reply

Leave a Comment
Home