So I've made a desktop application (before the website) were i've made a login and a register system in it and an encryption ofcourse. And now I've had an idea to make a website with the register and login system because i thought it would be easier but the problem is i've made the website after the desktop application which means i've made a C# encryption/decryption before website and I want to convert the C# encryption to the PHP (if it is even possible) to match my database users information (password, username, mail etc.). This is my C# encryption and decryption code: Encryption:
private static byte[] AesEncrypt(byte[] bytesToBeEncrypted, byte[]
passwordBytes)
{
byte[] encryptedBytes;
var saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }; // min 8
using (var ms = new MemoryStream())
{
using (var aes = new RijndaelManaged())
{
aes.KeySize = 256;
aes.BlockSize = 128;
var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
aes.Key = key.GetBytes(aes.KeySize / 8);
aes.IV = key.GetBytes(aes.BlockSize / 8);
aes.Mode = CipherMode.CBC;
using (var cs = new CryptoStream(ms, aes.CreateEncryptor(), CryptoStreamMode.Write))
{
cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
cs.Close();
}
encryptedBytes = ms.ToArray();
}
}
return encryptedBytes;
}
Decryption:
private static byte[] AesDecrypt(byte[] bytesToBeDecrypted, byte[] passwordBytes)
{
byte[] decryptedBytes;
var saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8 }; // min 8
using (var ms = new MemoryStream())
{
using (var aes = new RijndaelManaged())
{
aes.KeySize = 256;
aes.BlockSize = 128;
var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
aes.Key = key.GetBytes(aes.KeySize / 8);
aes.IV = key.GetBytes(aes.BlockSize / 8);
aes.Mode = CipherMode.CBC;
using (var cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(bytesToBeDecrypted, 0, bytesToBeDecrypted.Length);
cs.Close();
}
decryptedBytes = ms.ToArray();
}
}
return decryptedBytes;
}
Method which I use to encrypt data:
public static string Encrypt(string clearText, string password, byte[] salt = null)
{
var baPwd = Encoding.UTF8.GetBytes(password);
var baPwdHash = SHA256.Create().ComputeHash(baPwd);
var baText = Encoding.UTF8.GetBytes(clearText);
byte[] baSalt;
baSalt = salt;
var baEncrypted = new byte[baSalt.Length + baText.Length];
for (var i = 0; i < baSalt.Length; i++)
baEncrypted[i] = baSalt[i];
EncryptionSalt = baSalt.ToString();
for (var i = 0; i < baText.Length; i++)
baEncrypted[i + baSalt.Length] = baText[i];
baEncrypted = AesEncrypt(baEncrypted, baPwdHash);
var result = Convert.ToBase64String(baEncrypted);
EncryptionSalt = baSalt.ToString();
return result;
}
}
Method which I use to decrypt data:
public static string Decrypt(string cipherText, string password)
{
var baPwd = Encoding.UTF8.GetBytes(password);
var baPwdHash = SHA256.Create().ComputeHash(baPwd);
var baText = Convert.FromBase64String(cipherText);
var baDecrypted = AesDecrypt(baText, baPwdHash);
const int saltLength = 12;
var baResult = new byte[baDecrypted.Length - saltLength];
for (var i = 0; i < baResult.Length; i++)
baResult[i] = baDecrypted[i + saltLength];
var result = Encoding.UTF8.GetString(baResult);
return result;
}
An example of using C# encryption in my C# code:
Encryption.Encrypt(password, Encryption.RandomBytes().ToString(), salt));
And the RandomBytes method:
public static byte[] RandomBytes()
{
const int saltLength = 12;
var ba = new byte[saltLength];
RandomNumberGenerator.Create().GetBytes(ba);
return ba;
}
Firstly I need to know if it's possible, secondly if anyone wants to you could give me an example of this encryption in PHP or give me the code.
