Extremely Simple TripleDES Encryption/Decryption with Base64 Encoding/Decoding.

A friend of mine needed a way to store some values in a configuration file that is somewhat sensitive (coming from a web service using WSE2 with encryption). I thought about using DP-API, however, he needed the ability to use the same configuration file for all users. The first thing that came to mind was to use TripleDES in a similar manner as when I worked on RadioShack e-Commerce site. Basically, I used a third party component that would encrypt and decrypt the strings (password, credit card, etc.) and then use a crude homemade Base64 type function to convert the string so that special characters (specifically, the ASCII 0 - NULL) wouldn’t interfere with the OLEDB functions.

I knew that the encryption/decryption and Base64 functionality is part of the BCL… so I did some googling for a sample. I came across a pretty simple example that was written in C#. Alas, my friend needed the code in VB.NET (well, of course he did ;-) ). Here is an even more simplified version of the code I found.

Private Function TripleDESEncode(ByVal value As String, ByVal key As String) As String
  Dim des As New Security.Cryptography.TripleDESCryptoServiceProvider
  des.IV = New Byte(7) {}
  Dim pdb As New Security.Cryptography.PasswordDeriveBytes(key, New Byte(-1) {})
  des.Key = pdb.CryptDeriveKey("RC2", "MD5", 128, New Byte(7) {})
  Dim ms As New IO.MemoryStream((value.Length * 2) - 1)
  Dim encStream As New Security.Cryptography.CryptoStream(ms, des.CreateEncryptor(), Security.Cryptography.CryptoStreamMode.Write)
  Dim plainBytes As Byte() = Text.Encoding.UTF8.GetBytes(value)
  encStream.Write(plainBytes, 0, plainBytes.Length)
  encStream.FlushFinalBlock()
  Dim encryptedBytes(CInt(ms.Length - 1)) As Byte
  ms.Position = 0
  ms.Read(encryptedBytes, 0, CInt(ms.Length))
  encStream.Close()
  Return Convert.ToBase64String(encryptedBytes)
End Function
 
Public Function TripleDESDecode(ByVal value As String, ByVal key As String) As String
  Dim des As New Security.Cryptography.TripleDESCryptoServiceProvider
  des.IV = New Byte(7) {}
  Dim pdb As New Security.Cryptography.PasswordDeriveBytes(key, New Byte(-1) {})
  des.Key = pdb.CryptDeriveKey("RC2", "MD5", 128, New Byte(7) {})
  Dim encryptedBytes As Byte() = Convert.FromBase64String(value)
  Dim ms As New IO.MemoryStream(value.Length)
  Dim decStream As New Security.Cryptography.CryptoStream(ms, des.CreateDecryptor(), Security.Cryptography.CryptoStreamMode.Write)
  decStream.Write(encryptedBytes, 0, encryptedBytes.Length)
  decStream.FlushFinalBlock()
  Dim plainBytes(CInt(ms.Length - 1)) As Byte
  ms.Position = 0
  ms.Read(plainBytes, 0, CInt(ms.Length))
  decStream.Close()
  Return Text.Encoding.UTF8.GetString(plainBytes)
End Function

Basically, I just wanted two simple functions that would take a string and a private key value and encrypt it using TripleDES and Base64 Encode it. When I wanted to decode the value, just pass it to another function that would reverse the process using the same private key. This code is completely self-contained, just drop into a existing form, class or module and use. Here’s an example of the functions being used from a console application:

<STAThread()> _
Sub Main()
 
  Dim key As String = "a1B@c3D$"

  Dim original As String = "This is a test, blah, blah, blah."
  Console.WriteLine("Original" & vbCrLf & "-----------------")
  Console.WriteLine(original & vbCrLf)
  Dim encrypted As String = TripleDESEncode(original, key)
  Console.WriteLine("Encrypted" & vbCrLf & "-----------------")
  Console.WriteLine(encrypted & vbCrLf)
  Dim decrypted As String = TripleDESDecode(encrypted, key)
  Console.WriteLine("Decrypted" & vbCrLf & "-----------------")
  Console.WriteLine(decrypted & vbCrLf)

  Console.ReadLine()
 
End Sub

When using this, be sure to use a key that conforms to same sort of rules you would want for passwords. Also, if you intend to use this sort of functionality within your code, where the key is stored within the project, but sure to use one of the many obfuscater products that are available that can encrypt the strings within the executable. If you use an obfuscater that does not have that functionality, then use some other mechanism to obfuscate this key value.