# Implementing Rijndael Encryption

This topic is 631 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Recommended Posts

Could someone PLEASE either explain to me how, or point me to a tutorial that will tell me the simplest possible way to write the Rijndael (AES or very similar) algorithm into C#?  Specifically 256-bit key size.  I just want to make a function that takes an array of bytes or data (will be divisible by 256), and a 256-bit key also as an array of bytes, and outputs a new array of bytes that is encrypted.

I've been looking on Wikipedia, and it explains the steps of the algorithm, but then redirects to all sorts of number theory and abstract algebra crap that I have to wade through endlessly just to get anything done at all!  I'm rusty on all that convoluted nonsense.  I studied it some years ago, but it's so absurdly esoteric and covered with so many weird rules and red tape that it's almost impossible to make any sense of it.

I'm very good at math in general (calculus, etc.), but is it really necessary to get into all the details about finite fields and all that, just to build the sub bytes matrix?

The shift rows is easy, fortunately.

I'm not sure I fully understand the mix columns step either.  And the example they give on Wikipedia is 16 bytes (128 bits), but I need 256 bits anyway.

The add round key step should be easy enough, but only after I figure out what the current round key is, and I'm not sure if I understand the key scheduling either, but I haven't looked into it as much yet.

Any info you could provide would be much appreciated, thanks!

##### Share on other sites

Easy enough, check the docs.  There is source code for a sample usage right in the framework's crypto library documentation.

Also, you should not implement your own encryption algorithm, even experts working from the technical papers tend to get it wrong. They need quite a lot of verification.

##### Share on other sites

Also, you should not implement your own encryption algorithm, even experts working from the technical papers tend to get it wrong. They need quite a lot of verification.

If, as I suspect, this is for learning purposes more than active use, then it's not such a bad thing. Indeed it's an excellent time and place to practice building tests. The thing to do is to find a reference implementation of Rijndael, then make sure that it outputs the same bytes as your own implementation for a bunch of different inputs both known and random.

##### Share on other sites

Actually, I do intend to use it, but I prefer to implement it myself, because I'm putting it into my own C# project and I hate dealing with DLLs, and this needs to be very portable.

But I wouldn't use it until I'm certain it works.

Part of the problem is that if I use someone else's implementation, how can I be sure it's correct, and that it hasn't been deliberately sabotaged, or contain any kind of spyware that would defeat the purpose of the encryption?

##### Share on other sites

Oh, I just checked the link.  That's from Microsoft?  I didn't know they had it included.

But I believe my concerns could still possibly be valid.  And you haven't answered my question about how to implement the algorithm, you've just provided a function that already does it.

Anyway, is it really that hard to implement?  Every other cryptographic algorithm I've ever seen before has been relatively simple, compared to this, and that includes lots of public-key stuff as well.  Is this just the most convoluted thing ever, or what?

Edited by myvraccount

##### Share on other sites

Part of the problem is that if I use someone else's implementation, how can I be sure it's correct

Those results are easy to verify by comparing it to another trusted implementation.  Either it produces the correct encryption or it does not. If there are backdoors it happens before the encryption.

that it hasn't been deliberately sabotaged, or contain any kind of spyware

That's always true, but your own implementation is subject to the same concerns.  If someone can slip into your system and replace the cryptography libraries, they can slip anything in to the system. Key loggers, disk mirroring, or just replace your program with one that has bad encryption.

you haven't answered my question about how to implement the algorithm, you've just provided a function that already does it. Anyway, is it really that hard to implement?

As mentioned above, you really should be searching for this yourself. A Google search for "aes rijndael source code" brings up versions in C, C++, Java, Pascal, Python, and C# all on the first page.

They look like they're around 600-1000 lines long,

Whether that is difficult to implement or not is up to you and your skill level.  There's also the issue of bugs in the code, some will be better than others.

##### Share on other sites
What threat / attacker are you trying to mitigate against?

If you don't trust the platform / device, just be aware that you can't trust "your" code either - how do you know it will run that code and not something else?

##### Share on other sites

Regarding code quality, correct encryption and decryption is only the beginning. You can get in trouble with uninitialized buffers, malicious input etc. and you have to worry about side channels through which an attacker could learn something about secret plaintext and keys.

Among side channels, timing attacks (deducting what you are computing from how long you take to answer) are particularly difficult to address: how well do you know x86 microcode revisions?

It can be safely assumed that writing a high quality AES implementation requires far more effort and skill than managing dependencies and portability.

##### Share on other sites

Don't forget to pad your plaintext with (pseudo-)random bytes before encryption, otherwise you're just doing a fancy Caesar cipher!!

Edited by sjhalayka

##### Share on other sites

What threat / attacker are you trying to mitigate against?

If you don't trust the platform / device, just be aware that you can't trust "your" code either - how do you know it will run that code and not something else?

Why wouldn't I be able to trust my own code not to be running spyware?

Also, does anyone know if it's been proven that the Microsoft implementation does not contain spyware or other malware or any problems?

1. 1
2. 2
3. 3
Rutin
15
4. 4
5. 5

• 13
• 26
• 10
• 11
• 9
• ### Forum Statistics

• Total Topics
633734
• Total Posts
3013587
×