I'm an encryption novice trying to pass some values back and forth between systems. I can encrypt the value, but can't seem to figure out how to decrypt on the other end. I've created a simple Windows Forms application using VB.NET. Trying to input a value and a key, encrypt and then decrypt to get the original value. Here's my code so far. Any help greatly appreciated. Thanks.
Imports System
Imports System.IO
Imports System.Security.Cryptography
Imports System.Text
Public Class Form1
Private Sub btnEncode_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnEncode.Click
Dim hmacsha1 As New HMACSHA1(Encoding.ASCII.GetBytes(txtKey.Text))
Dim hashValue As Byte() = hmacsha1.ComputeHash(Encoding.ASCII.GetBytes(txtValue.Text))
txtResult.Text = BytesToHexString(hashValue)
hmacsha1.Clear()
End Sub
Private Sub btnDecode_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnDecode.Click
'???
End Sub
Private Function BytesToHexString(ByVal bytes As Byte()) As String
Dim output As String = String.Empty
Dim i As Integer = 0
Do While i < bytes.Length
output += bytes(i).ToString("X2")
i += 1
Loop
Return output
End Function
End Class
HMAC-SHA1 is a one-way hash, not a bidirectional encryption algorithm. You can't decrypt it. I don't have time to provide full encryption code here - it's a complicated topic, but Barry Dorrans' "Beginning ASP.NET Security" would give you a good starting point. (Only some of it is ASP.NET-specific.) You could also watch his DDD talk on the topic.
Just to expand on Jon's answer, because you're probably wondering what the point is of encrypting something that you can't decrypt - HMAC-SHA1 is, as Jon said, a hash. The string produced does not contain the original information, even in encrypted form... It's just a sequence of bytes.
The beauty of the hash however is that any sort of change you might make in the string will almost certainly result in a change in the hash result, and the hash result tends to be fairly small. For this reason, hashs are often used to ensure that a piece of information has not been tampered with.
For instance,
I want to send Jon here a message - and I want him to be confident that one of his mates hasn't changed the message prior to his reading it. I can't just take the hash of my message and send that along, because all a trouble causer would have to do is replace the message with one of their own, and provide an appropriate hash...
However, if I supply my message with a hash not of the message itself, but rather of the message with a few specific extra bytes that John and I have agreed on in advance, the trouble maker is defeated. Jon knows to add the extra bytes (commonly known as salting the hash) before he hashes my message, but the trouble causer doesn't - so if he changes the message, even though he works out his own hash, Jon can see that something is amiss...
Encyryption / Hashes are a fiddly business, and I've barely scratched the surface myself - but I thought this might give you a simple example of what hashes are used for...
Another very common use is for maintaining site membership information - people don't store the password, but rather the hash of the password. This means that even if someone manages to nick your user data, they are not able to use it to log into your system.
Martin
A simple one-way hash explaination as to why people would want to do it.
Lets say you have a user account with the username John and password Doe. You store the hash of the following string.
First name, your favorite number, and their selected password
for example: hash= myHash("john7@password")
now hash = "qk239qa*@$)(*84509053903" or whatever
Now that hash is secure and cant be reversed back to figure out what your favorite number is in most cases. To check if the hash is the right one for logging in, you'd re-hash the supplied input (name,your number or w/e, password) and if you get the same exact hash, its a valid deal. wo0t isnt it completely simple!
--should I use the same key to re-hash my data?