Re: What problem have this Rijndael(.NET&PHP) code?

On 15/12/06, 김영일 <zero12a@naver.com> wrote:> Dear, web security Professionals.>> I have a AES problem.>> I want to 
send confidential data.>> STEP is bottom...>>>> * STEP> 1. Encrypt confidential-data by C#.NET.>> 2. Send encrypted data on 
HTTP(80) protocol.>> 2. Decrypt encyrpted data by PHP &amp; mcrypt(2.4.x)
I got PHP's mcrypt talking to the Botan library in C++ and I think oneof the 
issues was the padding scheme - not the actual mechanics of theencryption 
itself. Unfortunately, I don't have access to the sourcecode any more, and I 
don't  know the .NET implementation.
The Botan doc states : "In the case of the ECB and CBC modes, apadding method can also be specified. If it is not supplied, 
ECBdefaults to not padding, and CBC defaults to using PKCS #5/#7compatible padding. The padding methods currently available 
are"NoPadding", "PKCS7", "OneAndZeros", and "CTS". CTS padding iscurrently only available 
for CBC mode, but the others can also be usedin ECB mode."
I seem to remember that I had to use 'NoPadding' to interoperate withPHP - the PHP docs 
are kind of vague on this. Google suggests you mayneed "RijndaelCipher.Padding = 
PaddingMode.None;" in your .NET stuff.
(You know that ECB mode isn't a great one to use unless you don't haveany 
patterns in your plaintext? CBC is probably best for encryptingdata etc.)
Hope this helps a bit.
cheers, Jamie-- Jamie Riden, CISSP / jamesr@europe.com / 
jamie.riden@gmail.comNZ Honeynet project - http://www.nz-honeynet.org/