Rijndael Encryption Keys

Question

I'm trying to understand why the code directly below does not require you to generate a IV key as well?? Code is from:

http://msdn.microsoft.com/en-us/library/sb7w85t6(v=vs.85).aspx

Dim key As RijndaelManaged = Nothing

Try
    ' Create a new Rijndael key.
    key = New RijndaelManaged()

I see this sample code but requires you to generate both keys manaually?

Code is from:

http://msdn.microsoft.com/en-us/library/System.Security.Cryptography.RijndaelManaged(v=vs.110).aspx

  Class RijndaelExample

    Public Shared Sub Main()
        Try 

            Dim original As String = "Here is some data to encrypt!" 

            ' Create a new instance of the RijndaelManaged 
            ' class.  This generates a new key and initialization  
            ' vector (IV). 
            Using myRijndael As New RijndaelManaged()

                myRijndael.GenerateKey()
                myRijndael.GenerateIV()

Also I plan to hardcode the key into the source(I know it's not the most secure)... how do I actually store these.. it looks like it will generate a new key everytime the application is open.

Answer 1

You're right, in that it will create a new key and IV every time you run. Instead, you should be creating a hash yourself (which is used to encrypt the data, and is derived from your password and a "salt" - see http://en.wikipedia.org/wiki/Salt_(cryptography))

For example,

    SymmetricAlgorithm m_encryption;
    RSACryptoServiceProvider m_rsa;
    Rfc2898DeriveBytes m_hash;

    string password = "Pa55w0rd";
    string salt = "this is my salt. There are many like it, but this one is mine.";

    public void SetupEncryption()
    {


        m_encryption = new RijndaelManaged();
        m_hash = new Rfc2898DeriveBytes(password, Encoding.ASCII.GetBytes(salt));

        m_encryption.Key = m_hash.GetBytes(m_encryption.KeySize / 8);
        m_encryption.IV = m_hash.GetBytes(m_encryption.BlockSize / 8);

    }

As you've noted though, storing your salt and your password are very bad form! This is just an example to show how to get started. Take a good look through wikipedia and other articles until you fully understand the principles!