Thread: Issues with decrypting XML document on remote machines.

  1. #1
    Registered User
    Join Date
    Feb 2009
    Posts
    329

    Issues with decrypting XML document on remote machines.

    Hi,

    I have written code to encrypt an XML file containing user credentials, to then distribute the xml file with the applicationa and decrypt at run time. It all works fine on my local machine, but when I distribute the application the xml file won' decrypt. My code is:
    Encrypt:
    Code:
    static void Main()
            {
                //load xml file into xml document
                XmlDocument xmlDoc = new XmlDocument();
    
                try
                {
                    xmlDoc.PreserveWhitespace = true;
                    xmlDoc.Load("credentials.xml");
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }
                //create object to specify key container
                RSACryptoServiceProvider.UseMachineKeyStore = true;
                CspParameters cspParam = new CspParameters();
                cspParam.KeyContainerName = "XML_RSA_FTP_KEY";
                //create key and store in container
                RSACryptoServiceProvider ftpkey = new RSACryptoServiceProvider(cspParam);
    
    
                //call encrypt method and clear key when finished
                try
                {
                    Encrypt(xmlDoc, "usercredentials", "EncryptionElement1", ftpkey, "ftpkey");
    
                    xmlDoc.Save("test1.xml");
                }
                catch (Exception e)
                {
                    Console.WriteLine(e.Message);
                }
    }
    
     public static void Encrypt(XmlDocument Doc, string ElementToEncrypt, string EncryptionElementID, RSA Alg, string Keyname)
            {
                if (Doc == null)
                    throw new ArgumentNullException("Doc");
                if (ElementToEncrypt == null)
                    throw new ArgumentNullException("Element to Encrypt");
                if (EncryptionElementID == null)
                    throw new ArgumentNullException("EncryptionElementID");
                if (Alg == null)
                    throw new ArgumentNullException("ALG");
                //specify which xml elements to encrypt
                XmlElement elementToEncrypt = Doc.GetElementsByTagName(ElementToEncrypt)[0] as XmlElement;
    
                if (elementToEncrypt == null)
                    throw new XmlException("The specified element was not found");
                try
                {
    
                    RijndaelManaged sessionkey = new RijndaelManaged();
                    sessionkey.KeySize = 256;
    
                    EncryptedXml exml = new EncryptedXml();
    
                    byte[] encryptedElement = exml.EncryptData(elementToEncrypt, sessionkey, false);
    
                    EncryptedData edElement = new EncryptedData();
                    edElement.Type = EncryptedXml.XmlEncElementUrl;
                    edElement.Id = EncryptionElementID;
    
                    edElement.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncAES256Url);
                    EncryptedKey ek = new EncryptedKey();
    
                    byte[] encryptedKey = EncryptedXml.EncryptKey(sessionkey.Key, Alg, false);
    
                    ek.CipherData = new CipherData(encryptedKey);
                    ek.EncryptionMethod = new EncryptionMethod(EncryptedXml.XmlEncRSA15Url);
    
    
                    DataReference dRef = new DataReference();
    
                    dRef.Uri = "#" + EncryptionElementID;
    
                    ek.AddReference(dRef);
                    edElement.KeyInfo.AddClause(new KeyInfoEncryptedKey(ek));
    
                    KeyInfoName kin = new KeyInfoName();
    
                    kin.Value = Keyname;
    
                    ek.KeyInfo.AddClause(kin);
    
                    edElement.CipherData.CipherValue = encryptedElement;
    
                    EncryptedXml.ReplaceElement(elementToEncrypt, edElement, false);
                }
                catch (Exception e)
                {
                    throw e;
                }
            }
    Any help greatly appreciated.

    Thanks,

    Darren.


    Decrypt:
    Code:
    public static string Decrypt()
            {
                    //create XML documentobject and load config file
                    XmlDocument xmlDoc = new XmlDocument();
    
                    try
                    {
                        xmlDoc.Load("config.xml");
                    }
                    catch (FileNotFoundException e)
                    {
                        Console.WriteLine(e.Message);
                        Console.ReadLine();
    
                    }
                    catch (Exception e)
                    {
                        Console.WriteLine(e.Message);
                        Console.ReadLine();
                    }
                    RSACryptoServiceProvider.UseMachineKeyStore = true;
                    //create container for key
                    CspParameters cspParam = new CspParameters();
                    cspParam.KeyContainerName = "XML_RSA_FTP_KEY";
                    //create key and store in container
                    RSACryptoServiceProvider ftpkey = new RSACryptoServiceProvider(cspParam);
                    //add keyname mapping qnd decrypt the document
                    EncryptedXml exml = new EncryptedXml(xmlDoc);
                    exml.AddKeyNameMapping("ftpkey", ftpkey);
                    exml.DecryptDocument();
                    
                    //pass decrypted document to extract credentials method
                    string details =  Extract_Credentials(xmlDoc);
    
                    //return decrypted log in details
                    return details;
    
            }

  2. #2
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    This like looks suspicious, especially if it works on your machine but nobody else's.
    Code:
    RSACryptoServiceProvider.UseMachineKeyStore = true;
    --edit--
    looks like the pub/private keys are being stored locally. in order to decrypt, you will need one of them to be distributed as well (careful with this).
    Last edited by neandrake; 09-13-2010 at 07:50 PM.
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

  3. #3
    Registered User
    Join Date
    Feb 2009
    Posts
    329
    Quote Originally Posted by neandrake View Post
    This like looks suspicious, especially if it works on your machine but nobody else's.
    Code:
    RSACryptoServiceProvider.UseMachineKeyStore = true;
    --edit--
    looks like the pub/private keys are being stored locally. in order to decrypt, you will need one of them to be distributed as well (careful with this).
    Forgive my ignorance, but which one within my code is the private key and how would I go about distributing that to the client machines?

    Thanks

  4. #4
    30 Helens Agree neandrake's Avatar
    Join Date
    Jan 2002
    Posts
    640
    Actually, it looks like UseMachineKeyStore is ignored when passing CspParameters into the RSACryptoServiceProvider constructor.

    Look here for your question:
    RSA.ToXmlString Method (System.Security.Cryptography)
    Environment: OS X, GCC / G++
    Codes: Java, C#, C/C++
    AOL IM: neandrake, Email: neandrake (at) gmail (dot) com

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Remote debug not working in Visual Studio 2003
    By Bassquake in forum Tech Board
    Replies: 12
    Last Post: 08-22-2008, 12:11 PM
  2. parsing xml document
    By blazer26 in forum C# Programming
    Replies: 0
    Last Post: 05-09-2006, 09:54 AM
  3. XML and data exchange
    By seexml in forum C Programming
    Replies: 0
    Last Post: 04-27-2006, 03:02 PM