0

I am newbie to C# and I have a task to encrypt the files in C# and put it onto server (Mentioned that use 256-bit AES encryption). Whoever wants it, they should Decrypt it first and then use it.

But I have some doubts related to it as: I am using AESCryptoServiceProvider Class. In that I am using the method CreateEncryptor(Byte[], Byte[]). But the question I want to ask is, If I encrypt the file using key as well as IV, then I have to share the both with the user Key and IV.

What should I do in such case? I want that I should use only key at the time of encryption and decryption. How can I do that?

I am totally confused about it. Please suggest me some steps over it.

Thanks

Bhavesh Shah
  • 3,299
  • 11
  • 49
  • 73

1 Answers1

1

As far as i know, the IV doesn't need to be secret, so you could store it together with the encrypted data on the server. Just make sure that each IV is random and that you don't reuse them.

For more details on the IV, look here:
http://en.wikipedia.org/wiki/Initialization_vector

Botz3000
  • 39,020
  • 8
  • 103
  • 127
  • again is there any way to avoid the use of IV? The instruction given to me is don't use IV – Bhavesh Shah Aug 08 '12 at 06:06
  • 2
    @BhaveshShah There is no way to avoid the IV using the AESCryptoServiceProvider class, but it is up to you where you get the IV from (unique or not). If you don't use unique IVs though, your encrypted data will be easy to decrypt. A short (and optional) IV is one of the the reasons why WEP is so easily cracked. – Botz3000 Aug 08 '12 at 06:44
  • Thanks for your reply. I want to ask again one question that which class in C# will help me to skip the use the IV?? Can u pls tell me? – Bhavesh Shah Aug 08 '12 at 08:35
  • @BhaveshShah There is no class for that as far as i know. You'll need to pass an IV to that method. If security isn't so important though, you can try other methods of encrypting/obfuscating data. – Botz3000 Aug 08 '12 at 08:52