Persits Software, Inc. Knowledge Base Articles

Advanced Encryption Standard (AES) Support

Summary

Starting with version 2.3 (released on June 25, 2004), AspEncrypt provides support for the Advanced Encryption Standard (AES) cipher also known as Rijndael. AES is a symmetric block cipher approved by the US government as a replacement for DES in 2001.

AES is currently implemented on Windows XP and Windows 2003, but not on Windows NT or 2000.

This article explains how to use AES with AspEncrypt.

Implementation Details

The AES cipher is currently implemented by the Microsoft Enhanced RSA and AES Cryptographic Provider on Windows XP and 2003 only. On Windows XP, the actual registry name of the CSP is Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype).

AES is currently implemented in three key lengths: 128 bits, 192 bits and 256 bits. Accordingly, the AspEncrypt library defines the following constants to designate these key lengths:

calgAES128 (26126)
calgAES192 (26127)
calgAES256 (26128)

These constants (or their numeric equivalents) are to be passed to the methods GenerateKey, GenerateKeyFromPassword and ImportRawKey as an Algorithm argument.

The following code snippet encrypts a string with a password-derived 256-bit AES key on Windows 2003. On Windows XP, the code would be the same except that the CSP name passed to OpenContextEx would have to be appended with the word (Prototype).

<!--METADATA TYPE="TypeLib" UUID="{B72DF063-28A4-11D3-BF19-009027438003}"-->

<%
Set CM = Server.CreateObject("Persits.CryptoManager")
Set context = CM.OpenContextEx("Microsoft Enhanced RSA and AES Cryptographic Provider", "", True)

' Generate 256-bit AES key
Set Key = context.GenerateKeyFromPassword("password", , calgAES256 )

' Encrypt text
Set Blob = Key.EncryptText("Some text")
%>

Using a Pre-set Key

The following code snippet takes a pre-set 128-bit AES key and encrypts a binary string with it. The values for the key and string were taken from the AES specifications to verify the correctness of encryption:

<!--METADATA TYPE="TypeLib" UUID="{B72DF063-28A4-11D3-BF19-009027438003}"-->

<%
Set CM = Server.CreateObject("Persits.CryptoManager")
Set context = CM.OpenContextEx("Microsoft Enhanced RSA and AES Cryptographic Provider", "", True)

' Blob containing raw bits of key
Set KeyBlob = CM.CreateBlob
KeyBlob.Hex = "00010203050607080A0B0C0D0F101112"

' Import key bits into CryptoKey object, set cipher mode
Set key = context.ImportRawKey(KeyBlob, calgAES128, True)
key.Mode = ccmECB

' Binary plain text
Set blob = CM.CreateBlob
blob.Hex = "506812A45F08C889B97F5980038B8359"

' Encrypt, display result in Hex
Set ResBlob = key.EncryptBinary(blob)

Response.Write ResBlob.Hex
%>