How to decrypt data in .NET Core 5.0 which is encrypted using Enterprise Library 4.1 RRS feed

  • Question

  • User1164847651 posted

    I have a project using Ent Lib 4.1 and millions of records have been encrypted using this. Our enterprise library key is a file stored in local system which was generated using entlib configuration manager. Now we are migrating to .NET Core 5.0. Ent Lib 4.1 is not supported in .NET Core.

    There is a different version of Ent Lib in .net core but not sure if we will be able to decrypt the of records.

    Question: How can I read the file (used to encrypt) and decrypt using RijndaelManaged algo in C# or .NET Core. The data is encrypted using EntLib4.1 RijndaelManaged.

    using (RijndaelManaged myRijndael = new RijndaelManaged())
        // This key was generated using EntLib4.1 configuration manager.
        byte[] key = File.ReadAllBytes("D:\EncryptionKeys\AES.key");
        // failing at this line saying the "specified size if not valid size for this algorithm".
        myRijndael.Key = key;
        // once the key is set, i will use this to decrypt the data. 

    Friday, October 9, 2020 6:52 AM

All replies

  • User753101303 posted


    And what is the size of the key? According to https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.rijndaelmanaged.keysize?view=netcore-3.1 the default is 256. If not I would try to change the KeySize first.

    Or you gave a look at this file? Could it be in base64 or maybe an XML file in which Ent Lib stored this among other things?

    Friday, October 9, 2020 8:39 AM
  • User1164847651 posted

    Dont know the key size. The key was generated from using a text file (Load from File option used in Ent Lib configuration manager) which also is not readable.

    When opening the key file (AES.key) in notepad it looks gibberish:

    á     ÐŒßÑŒz ÀOÂ—ë   R&"U9?J˜Û&¯u       f  À     š¨    |*¼Í†g    E ·›™    €         æ-pö©—˜YL¬^üǧ    iµiºÉdAR¬»Ù±¬óÚ†p ‚J¸ñRô¸ /k   ^”1'(½@£³ àrBLìÀ¾

    Friday, October 9, 2020 10:17 AM
  • User753101303 posted

    I meant what is the value for key.Length? According to the earlier link it should be 256, 192 or 128. If not 256 you may have to use :

    myRijndael.KeySize = key.Length; // Maybe you have to define explicitely tjhe key size first if it is 128 or 192 ?
    myRijndael.Key = key;

    If this is not one of those 3 values then your "key file" is perhaps not just the key. It seems you told it was saved using a "Configuration Manager" feature so could it store as well other settings or be encrypted iltself or,whatever?

    What if looking at the old code that save or read this key?    Edit: according to https://documentation.help/MS-Enterprise-Library-5.0/EntLib50_cc9f653d-cf10-4bfa-a8a6-1795a25a6f9d.html it seems EntLib Configuration is supposed to be an XML or maybe binary XML configurartion file that could include the key you need. In this case your best bet is likely to use Ent Lib to read again this configuration file and extract the key you need.

    Friday, October 9, 2020 10:38 AM
  • User1164847651 posted


    Earlier in Ent Lib 4.1, it was encrypting like below and a block in config file

    Cryptographer.EncryptSymmetric("MyAESProvider", string_data_to_encrypt);

    Cryptographer.DecryptSymmetric("MyAESProvider", string_decrypted_data);

                <add algorithmType="System.Security.Cryptography.RijndaelManaged, mscorlib, Version=, Culture=neutral, PublicKeyToken=b77a5c561934e089"
                    protectedKeyFilename="D:\EncryptionKeys\AES.key" protectedKeyProtectionScope="LocalMachine"
                    type="Microsoft.Practices.EnterpriseLibrary.Security.Cryptography.SymmetricAlgorithmProvider, Microsoft.Practices.EnterpriseLibrary.Security.Cryptography, Version=, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
                    name="MyAESProvider" />

    Friday, October 9, 2020 12:26 PM
  • User753101303 posted

    My guess is that this key file is itself encrypted maybe using https://docs.microsoft.com/en-us/dotnet/standard/security/how-to-use-data-protection (DataProtectionScope have a LocalMachine option as well).

    So you would need first to run this code on the same machine to decrypt the key file before using the decrypted key with Rijndael.

    Friday, October 9, 2020 1:34 PM