AES Counter mode C# equivalent

Question

I use the following javascript to encrypt some data : http://www.movable-type.co.uk/scripts/aes.html

I have to decrypt it with C#. Anyone knows how to decrypt that with the Rijndael manager ?

I want to avoid to port the code ;-)

Thanks in advance

Answer 1

Alas, CTR mode is not implemented as a "mode" in the builtin AES class in the System.Security.Cryptography namespace.

But, there is a solution. CTR mode is not too difficult to implement using the builtin AES class operating in ECB mode, an IV of all zeros, no padding, and a few tweaks. Basically, for each block, CTR mode encrypts the counter, then XORs the result of that encryption with the plaintext to get the ciphertext. That's for encryption. You'd do the converse for decryption. Since the transform operation is XOR, it's reflexive, so decryption is really the same as encryption.

Start with the counter at zero for the first block of 16-bytes (the block size for AES); increment the counter for each subsequent block.

Honestly, the trickiest part about the whole affair is segmenting the data to be encrypted, into blocks of 16 bytes. If the app asks to encrypt 10 bytes, you can't encrypt. You need to wait til you get a full 16 bytes before you do the transform. So you need to manage a buffer.

I don't have a working code demo for you, but given this description it shouldn't be too hard to construct a CTR mode suitable for you. You can see an example of CTR mode encryption based on the builtin AES class in the WinZipAes.cs module, part of the open-source DotNetZip library. This code does work but isn't ready to be used outside of DotNetZip. You'd need to repackage it to make it clean.

---

On the other hand, if you just want to get Javascript and C# to interoperate with AES, and you are not particularly wedded to CTR mode, then you could use ECB mode, very easily. This question shows you how to get SlowAES and .NET's Aes class to work together, and it includes links to working code (Javascript, C#, and VB). But be careful about ECB mode.

This is a different Javascript library than the one you selected; I prefer slowAES because it made more sense to me. also, in that answer I provide supporting classes like the RFC2898 password-based key derivation.

Good luck.

Answer 2

I don't have enough points to reply to Cheeso's answer, but I do not believe this is accurate, "If the app asks to encrypt 10 bytes, you can't encrypt."

Since CTR mode encrypts the nonce, and then XORs the result with clearText, you can encrypt blocks of any size. That's actually one of the primary benefits of CTR mode, along with parallel encryption.