Hi there,
Our team is leaving the Outsystems platform. We've been using this plugin in our apps for a long time. But now we need to write the encrypt and decrypt in .NET Core code instead of keeping using the plugin. So, how can we encrypt and decrypt the information? I have exported the plugin as a .NET solution. There are lots of functions. So which functions should I call and what kind of parameter should I pass in it?
Thanks,
Jay
Hello Jay,CryptoAPI Plugin (Previously called ardoCrypto) has 2 ways of encryption and decryption: AES and RSA.
AES is a symmetric algorithm used primarily for quick encryption and decryption while RSA is an asymmetric algorithm used primarily for secure key exchange and digital signatures.
I'm going to explain how to work with the code that encrypts and decrypts using AES in this post.
You have multiple functions but we are going to focus on only 3 of them (AES_KeyFromPassword, AES_Encrypt, AES_Decrypt) and they can be found in the CryptoAPI.cs file
CryptoAPI.cs is a wrapper over the CryptoBackend class that has the implementation for each function
1) AES_KeyFromPassword is mainly used to convert your secret password to a byte array used for the encryption and decryption, We need to call this function first in order to have the key used for encryption.
AES_KeyFromPassword calls the deriveKey function in CryptoBackend.cs, It takes the password as input and depends on 2 class variables "fixedSalt" byte array and "iterationCount".
You can change the fixedSalt and the iterationCount to different values and you can read more about the values that Rfc2898DeriveBytes depends on here: Rfc2898DeriveBytes Microsoft Learn
2) AES_Encrypt is used to encrypt text and takes a byte array key as input (the output of AES_KeyFromPassword function) along with the text you want to encrypt.
AES_Encrypt calls "getCipher()" first to return an instance of AesManaged class and sets the Cipher mode to CBC and padding mode To PKCS7 and that instance is used later on for encryption so you will need that function.
You also need "getRandomBytes" function that returns a random byte array.
3) AES_Decrypt us used to decrypt text and takes 2 input parameters the encrypted text and the key byte array (the same key you got from AES_KeyFromPassword function)
The decrypt function decrypts the text using the same method and key used for encryption and returns the decrypted text.
I hope that cleared the confusion about the AES functions for the plugin
Hi Ahmed,
Thanks for your explanation. It is crystal clear.
However, I failed to decrypt the text when I follow your steps. Maybe I didn't pass the right parameters to the function? I am passing my private key to the deriveKey(PrivateKey), then I am using the generate key to call decrypt decrypt() function. But it didn't work out. Am I doing it the right way?
Also, I noticed it that the privateKey is passed in the plugin with the Base64ToBinary(PrivateKey). Please refer to the screenshot. Should I do something like that to passing myPrivateKey. By the way, I am using the AES encrypt and descryt.
I've created a simple console application demo that encrypts input text from console and decrypts it again.
Kindly check the attached solution
Kindly check this github repo: CryptoApiConsole
Thanks Ahmed, I was doing the exactly same as your code. I still get the decryption failed. But I figured out what happened to the error. It turns out that my key is not from derivekey() function. It is just comes from Convert.FromBase64String(MyPrivateKeyStr), which matches the screenshot I took from Outsystems above. Maybe I am using an older version of the Plugin.
Thanks again for all your answers. I appreciate it a lot!