When you think ASP, think...
Recent Articles
All Articles
ASP.NET Articles [1.x] [2.0]
ASPFAQs.com
Message Board
Related Web Technologies
User Tips!
Coding Tips
Search

Sections:
Book Reviews
Sample Chapters
Commonly Asked Message Board Questions
Headlines from ASPWire.com
JavaScript Tutorials
MSDN Communities Hub
Official Docs
Security
Stump the SQL Guru!
Web Hosts
XML
Information:
Advertise
Feedback
Author an Article
Jobs
















internet.com
IT
Developer
Internet News
Small Business
Personal Technology
International

Search internet.com
Advertise
Corporate Info
Newsletters
Tech Jobs
E-mail Offers
ASP ASP.NET ASP FAQs Message Board Feedback ASP Jobs
Print this Page!

Back End Development (Agency)
Aquent
US-IL-Chicago

Justtechjobs.com Post A Job | Post A Resume

Published: Wednesday, September 18, 2002

Converting Mike Shaffer's VBScript RC4 Encryption Code to C#
By Chris Scott

Introduction
A while ago, Mike Shaffer posted an excellent article regarding using classic ASP to perform RC4 encryption: RC4 Encryption Using ASP & VBScript. This code overcame one of VBScript/ASP's shortcomings: there are no built in cryptography functions. Using Mike's code, you could take a string of text and encrypt it using the RC4 algorithm. From there, the output was usually URL encoded to make it easy to transmit over the Web, store in a database, etc.

- continued -

I have used Mike's code in a number of situations when designing classic ASP Web sites. Recently, however, I have been creating ASP.NET Web sites and needed to convert Mike's code from VBScript to an ASP.NET-compatible language, such as VB.NET or C#. I decided to take on this task in C# since that is what I am using for all my Web apps but it could have easily (probably more easily) been done in VB.NET. In the next sections, I'll compare the original VBScript code to the new C# code. Also, I'll explain some of the hurdles I encountered when converting the code. If you haven't already, take a look at Mike's article to get a good idea of what the code does and how it works. (Also, it may help to periodically refer to the complete source code when working through this article!)

In my conversion I attempted to keep the code as similar as possible to the original code to make a comparison easier. Very little stylistic changes were made...

Some Helpful Links
If you are more familiar with VB.NET (or VB) than C# you may find the following article quite helpful: From VB.NET to C# and Back Again. This article examines how to convert code between VB.NET and C#; since VB.NET shares a number of syntactic and semantic similarities with VBScript, the article should help developers new to C# understand the conversion process between VBScript and C#.

Examining the VBScript Version of the RC4 Encryption AlgoriMansoor Ahmed Siddiqui explains debugging and tracing and shows how to create custom trace listeners to help ensure hassle-free developmenthtm
Before examining the converted C# code, we must first take a brief look at the original VBScript code, which contains one function - EnDeCrypt - and one subroutine - RC4Initialize. The RC4Initialize sub is used to initialize two arrays that are used by the function that does the actual en/decryption. These two arrays are sbox and key, and are declared in the VBScript code as follows: 

<%
  Dim sbox(255)
  Dim key(255)

The RC4Initialize sub takes one argument, a password used to encrypt the text. Note that the RC4Initialize sub is called from inside the EnDeCrypt function, meaning you do not have to explicitly call this initialization sub. The code for the RC4Initialize sub is as follows: 

Sub RC4Initialize(strPwd)
'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
':::  This routine called by EnDeCrypt function. Initializes the
':::  sbox and the key array)
'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

   dim tempSwap
   dim a
   dim b

   intLength = len(strPwd)
   For a = 0 To 255
      key(a) = asc(mid(strpwd, (a mod intLength)+1, 1))
      sbox(a) = a
   next

   b = 0
   For a = 0 To 255
      b = (b + sbox(a) + key(a)) Mod 256
      tempSwap = sbox(a)
      sbox(a) = sbox(b)
      sbox(b) = tempSwap
   Next
End Sub

Next is the EnDeCrypt function, which does the actual en/decryption. Don't worry about what each line of code does, I'll explain it in more detail when we convert it to C#. (Also, if you haven't already, I'd strongly encourage you to read Mike Shaffer's article, in which he explains the theory behind RC4 encryption in some detail.) 

Function EnDeCrypt(plaintxt, psw)

   dim temp
   dim a
   dim i
   dim j
   dim k
   dim cipherby
   dim cipher

   i = 0
   j = 0

   RC4Initialize psw

   For a = 1 To Len(plaintxt)
      i = (i + 1) Mod 256
      j = (j + sbox(i)) Mod 256
      temp = sbox(i)
      sbox(i) = sbox(j)
      sbox(j) = temp

      k = sbox((sbox(i) + sbox(j)) Mod 256)

      cipherby = Asc(Mid(plaintxt, a, 1)) Xor k
      cipher = cipher & Chr(cipherby)
   Next

   EnDeCrypt = cipher

End Function

At this point we're ready to begin our conversion of the VBScript code to C# code. Part 2 will start this process!

  • Read Part 2!

    Windows Internet Technology | ASP.NET [1.x] [2.0] | ASPMessageboard.com | ASPFAQs.com | Advertise | Feedback | Author an Article



    • JupiterOnlineMedia

    internet.comearthweb.comDevx.commediabistro.comGraphics.com

    Search:

    Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

    Jupitermedia Corporate Info


    Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

    Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers