To read the article online, visit http://www.4GuysFromRolla.com/articles/091802-1.aspx

Converting Mike Shaffer's VBScript RC4 Encryption Code to C#

By Chris Scott


Introduction


A while ago, Mike Shaffer posted an excellent article regarding using classic ASP to perform RC4 encryption: RC4 Encryption Using ASP & VBScript. This code overcame one of VBScript/ASP's shortcomings: there are no built in cryptography functions. Using Mike's code, you could take a string of text and encrypt it using the RC4 algorithm. From there, the output was usually URL encoded to make it easy to transmit over the Web, store in a database, etc.

I have used Mike's code in a number of situations when designing classic ASP Web sites. Recently, however, I have been creating ASP.NET Web sites and needed to convert Mike's code from VBScript to an ASP.NET-compatible language, such as VB.NET or C#. I decided to take on this task in C# since that is what I am using for all my Web apps but it could have easily (probably more easily) been done in VB.NET. In the next sections, I'll compare the original VBScript code to the new C# code. Also, I'll explain some of the hurdles I encountered when converting the code. If you haven't already, take a look at Mike's article to get a good idea of what the code does and how it works. (Also, it may help to periodically refer to the complete source code when working through this article!)

In my conversion I attempted to keep the code as similar as possible to the original code to make a comparison easier. Very little stylistic changes were made...

Some Helpful Links
If you are more familiar with VB.NET (or VB) than C# you may find the following article quite helpful: From VB.NET to C# and Back Again. This article examines how to convert code between VB.NET and C#; since VB.NET shares a number of syntactic and semantic similarities with VBScript, the article should help developers new to C# understand the conversion process between VBScript and C#.

Examining the VBScript Version of the RC4 Encryption AlgoriMansoor Ahmed Siddiqui explains debugging and tracing and shows how to create custom trace listeners to help ensure hassle-free developmenthtm


Before examining the converted C# code, we must first take a brief look at the original VBScript code, which contains one function - EnDeCrypt - and one subroutine - RC4Initialize. The RC4Initialize sub is used to initialize two arrays that are used by the function that does the actual en/decryption. These two arrays are sbox and key, and are declared in the VBScript code as follows:

<%
  Dim sbox(255)
  Dim key(255)

The RC4Initialize sub takes one argument, a password used to encrypt the text. Note that the RC4Initialize sub is called from inside the EnDeCrypt function, meaning you do not have to explicitly call this initialization sub. The code for the RC4Initialize sub is as follows:

Sub RC4Initialize(strPwd)
'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
':::  This routine called by EnDeCrypt function. Initializes the
':::  sbox and the key array)
'::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::

   dim tempSwap
   dim a
   dim b

   intLength = len(strPwd)
   For a = 0 To 255
      key(a) = asc(mid(strpwd, (a mod intLength)+1, 1))
      sbox(a) = a
   next

   b = 0
   For a = 0 To 255
      b = (b + sbox(a) + key(a)) Mod 256
      tempSwap = sbox(a)
      sbox(a) = sbox(b)
      sbox(b) = tempSwap
   Next
End Sub

Next is the EnDeCrypt function, which does the actual en/decryption. Don't worry about what each line of code does, I'll explain it in more detail when we convert it to C#. (Also, if you haven't already, I'd strongly encourage you to read Mike Shaffer's article, in which he explains the theory behind RC4 encryption in some detail.)

Function EnDeCrypt(plaintxt, psw)

   dim temp
   dim a
   dim i
   dim j
   dim k
   dim cipherby
   dim cipher

   i = 0
   j = 0

   RC4Initialize psw

   For a = 1 To Len(plaintxt)
      i = (i + 1) Mod 256
      j = (j + sbox(i)) Mod 256
      temp = sbox(i)
      sbox(i) = sbox(j)
      sbox(j) = temp

      k = sbox((sbox(i) + sbox(j)) Mod 256)

      cipherby = Asc(Mid(plaintxt, a, 1)) Xor k
      cipher = cipher & Chr(cipherby)
   Next

   EnDeCrypt = cipher

End Function

At this point we're ready to begin our conversion of the VBScript code to C# code. Part 2 will start this process!

  • Read Part 2!

  • Article Information
    Article Title: ASP.NET.Converting Mike Shaffer's VBScript RC4 Encryption Code to C#
    Article Author: Chris Scott
    Published Date: September 18, 2002
    Article URL: http://www.4GuysFromRolla.com/articles/091802-1.aspx


    Copyright 2014 QuinStreet Inc. All Rights Reserved.
    Legal Notices, Licensing, Permissions, Privacy Policy.
    Advertise | Newsletters | E-mail Offers