Does anybody know what Key and IV are used to encrypt/decrypt the ASPXAUTH cookie?
I think I have the Key part figured out.
After extensive reading and research (and other questions posted here) I see ASPXAUTH uses the FormsAuthentication.Encrypt and Decrypt methods. They in turn use whatever algorithm and keys you have defined in your machineKey section in your web/machine.config files.
As a refrence I've read these articles:
http://msdn.microsoft.com/en-us/library/ff647070.aspx
http://www.codeproject.com/Articles/16822/The-Anatomy-of-Forms-Authentication
If I used the following machineKey (from an msdn example on deploying in a server farm):
<machineKey
validationKey="32E35872597989D14CC1D5D9F5B1E94238D0EE32CF10AA2D2059533DF6035F4F"
decryptionKey="B179091DBB2389B996A526DE8BCD7ACFDBCAB04EF1D085481C61496F693DF5F4"
decryption="AES"
/>
Accorting to the later link, ASPXAUTH will use AES (implemented as RijndaelManaged in managed code) with the above settings.
I would like to try to decrypt using a standard RijndaelManaged function, but the input requires a Key and IV.
I am assuming I can use the decryptionKey for the key if I convert it from Hex to a byte array, easy enough.
However what do I use as the input for the IV? I can't find this information or setting anywhere.
Related
I have an asp.net application, using aspnetsqlMembership provider for encrypt/descrypt user profile data.
Now, we decided to move our application to a new server, but I am getting this error on the new server when I am trying to create a new user (encrypting):
Key not valid for use in specified state
What I already tried:
1. I Imported the certificate from the old server and it seems to be good/
2. I Checked the security permissions of the certificate, and they are the same as those on the old server
3. Also the machine key definitions on the IIs seems to be the same.
4. Tried to change sqlmembership format from encrypted to hashed, but the exception still throwed.
I spent al lot of time on trying to solve this problem.
Will be happy if anybody here can help me.
Thanks,
Hana.
The encryption of the passwords for the SqlMEmbershipProvider has nothing to do with a certificate.
Encrypted and Hashed passwords are encrypted or hashed by default based on information supplied in the machineKey element in your configuration. Note that if you specify a value of 3DES for the validation attribute, or if no value is specified, hashed passwords will be hashed using the SHA1 algorithm.
A custom hash algorithm can be defined using the hashAlgorithmType attribute of the membership Element (ASP.NET Settings Schema) configuration element. If you choose encryption, default password encryption uses AES. You can change the encryption algorithm by setting the decryption attribute of the machineKey configuration element. If you are encrypting passwords, you must provide an explicit value for the decryptionKey attribute in the machineKey element. The default value of AutoGenerate for the decryptionKey attribute is not supported when using encrypted passwords with ASP.NET Membership.
Microsoft Docs: SqlMembershipProvider.PasswordFormat Property
Have a look at your web.config file. Is there a section? Are there any values in there?
Make sure the new server has exactly the save values!
If there is no section or no values...
You must have access to the old server once again!
After a bit of digging in the current 4.5 framework, turns out that the auto generated keys are stored in HttpApplication.s_autogenKeys byte array. The validation key is the first 64 bytes, followed by 24 bytes of the decryption key.
#Mr-Curious has written a nice answer on how to resolve the values (keys) for the machineKey section if they are not existent (AutoGenerated).
I am new to cryptography. I want to encrypt the connection string section and some other section in the web.config. I know this can be accomplished using RSACryptoServiceProvider.
But I am not sure about the Key which is being used by the default RSACryptoServiceProvider and the key size.
As per our organization security policy the key size should be 196 bit and we have to share the Key with security team which is used for encryption.
When we use the default encryption what will be key used internally by asp.net for encryption/decryption and the key size?
In-order to use a custom key which can be shared with security team do we need to create a custom class by inhering RSACryptoServiceProvider?
Also RSA Key Container is bit confusing. Is it a container for the Key or the Key itself
Please advice.
RSA key container files which are exported from aspnet_regiis.exe are indeed containers for the key. They are XML files. Actually, as RSA is public key crypto, the key container holds both the public key and private key (if you export both).
When you perform web.config or app.config encryption via aspnet_regiis.exe, and you do not specify a provider, it will use the value of "defaultProvider". See http://msdn.microsoft.com/en-us/library/zhhddkxy(v=vs.100).aspx. The encrypted output will list the provider name (so that you know how to decrypt it). It appears the default name of the default provider is "RsaProtectedConfigurationProvider". That crypto provider uses a key. The default key has a default name of "NetFrameworkConfigurationKey" (see http://blogs.msdn.com/b/mosharaf/archive/2005/11/17/protectedconfiguration.aspx). The key with that name will have a different value on every machine and is generated when .NET is installed.
A key length of 196 bits sounds like your security team expects you to be performing symmetric key encryption (not asymmetric PKC) of some sort. For example, people brag about their AES key lengths being 256 bits. The .NET 4.0 aspnet_regiis.exe command for creating a custom RSA crypto provider and key use a key size of 2048 bits (although 1024 is not uncommon from days of yore). I imagine the default RSA provider and default key use default values for key lengths. But to be sure, you might want to export the default key, and inspect it yourself. The -pc and -px switches and their associated options (like -size) are documented at http://msdn.microsoft.com/en-us/library/vstudio/k6h9cz8h(v=vs.100).aspx.
If you need to be very specific about a private key, which would be durable beyond a machine reimaging, and would be used by many nodes in a server farm, and which needs to be held in escrow by the security team, you probably want to invest the time in creating a non-default crypto provider of the RsaProtectedConfigurationProvider type (not inventing your own CSP class as an alternative to RsaProtectedConfigurationProvider).
One last thing to note, web.config XML encryption is performed in a multi step process. First, the encryption process generates a random symmetric key (which is short in comparison to an RSA key) which will be used to encrypt a plaintext corpus. The plaintext is encrypted with the symmetric key (after the corpus is normalized for whitespace, etc). Then, the symmetric key (which is short compared to the corpus) is encrypted using an RSA public key. If the whole plaintext corpus was encrypted with an RSA public key, it would take a long time to decrypt. So when you look at a block of encrypted XML in a web.config encrypted you will really see two things: an encrypted key section, and an encrypted data section. To decrypt the ciphertext, ASP.NET needs to first decrypt the encrypted symmetric key, and then use the decrypted key to decrypt the stuff you actually want as plaintext.
There is an example of the two-levels of encryption at "Problem with decrypting xml document". What is apparent (and perhaps troubling), is that the RSA crypto provider uses Triple DES in CBC mode for the symmetric crypto algorithm underlying the RSA PKC which you think is really providing the encryption. See this person's frustration around trying to change the symmetric algorithm to AES, for example, Change Microsoft Config File Encryption Method From TripleDES. Triple DES is only recommended for use until 2030 in very ideal scenarios (see http://en.wikipedia.org/wiki/Triple_DES#Security) by the algorithm's endorsers (NIST). NIST had a bake-off years ago for a replacement symmetric algorithm suite, which they have chosen and endorsed as AES (http://en.wikipedia.org/wiki/Advanced_Encryption_Standard). So to use AES-192 or AES-256, you would need to invent your own CSP class as an alternative to RsaProtectedConfigurationProvider, then make it available for creating providers and performing encrypt/decrypt operations from ASP.NET.
Here is another stack-overflow article which is relevant: ASP.NET Encryption - aspnet_regiis - Farm.
Here is a guide to creating/exporting RSA crypto providers and keys for spreading around in a farm, for example: http://msdn.microsoft.com/en-us/library/2w117ede(v=vs.100).aspx
I want to do searching on encrypted data. Which means that there is the need to have the same ciphertext every time I encrypt the same plaintext. I.e. think of a list of encrypted names and I want to find all "Kevin"'s in it. I would now encrypt "Kevin" and search the database for the encrypted text. All hits will be "Kevin"'s — but still only the one who has the password knows.
Now my question: What about security if I use the same salt and IV (to get the effect described above) all the time? Is the encryption still secure? Or is there any other method to do searching on encrypted data?
If you want to do a deterministic encryption then you should use an encryption mode
that has been designed for deterministic encryption (and not modify an encryption mode designed for something else).
One possibility is the SIV encryption mode described in
RFC 5297.
(Of course, deterministic encryption has its drawbacks, but discussing this is not part of this question.)
I cannot find (after hours of googling) the MSDN article/doc that declares what algorithms are used by the RSAProtectedConfigurationProvider when encrypting a section of the web.config file for an ASP.NET web application. I recall reading that it uses RSA for the key, and 3DES for the actual connection string.
What algorithms are used in encrypting the web.config file when using the default RSAProtectedConfigurationProvider (for both the key and the data)? Can someone provide a link to the appropriate MSDN article or other documentation on this?
RSA (naturally) is used as the asymmetric algorithm that is used to protect the symmetric key that is encrypted and stored alongside the protected data.
If you look at the relevant code in Reflector, there's a strong indication that the symmetric algorithm used to protect the data is AES256 ("http://www.w3.org/2001/04/xmlenc#aes256-cbc") although TripleDES is also supported.
Use Reflector or JustDecompile and have a look at:
public EncryptedData Encrypt(XmlElement inputElement, string keyName);
Declaring Type: System.Security.Cryptography.Xml.EncryptedXml
I am having some trouble understanding the documentation on machinekey. What algorithm is being used to encrypt/decrypt the forms authentication ticket when the decryption attribute is not set. I have:
<machineKey validationKey="128CharacterKey" decryptionKey="48CharacterKey" validation="3DES"/>
I found some documentation saying that if the decryption attribute was not specifically set it would use the value in the validation attribute. I also found something saying it would use SHA-1. Yet another articles said it would be based on the size of the value in the decryptionKey.
Which algorithm is it using?
On a side note, which algorithm are most people using nowadays AES, 3DES, SHA1, etc?
On a side note, which algorithm are most people using nowadays AES, 3DES, SHA1, etc?
Certainly new applications should avoid 3DES in favour of AES for symmetric encryption. SHA1 should also be avoided, and use at least SHA-256 for hashing.
The defaults are on MSDN: AES and SHA1 (see Remarks section).
You'll want to read Chapter 6 of "Professional ASP.NET 3.5 Security, Membership and Role Management with C# and VB". Here's a link to the Google Books version of it, which should suffice...
It's definetely something you'll want to modify if you're building a serious application.
http://books.google.com/books?id=uAnOTcTR8l8C&pg=PA295&lpg=PA295PPA295,M1