AES 256 Encryption/Decryption in c#

Hello Experts,
I am looking for a AES-256 Encryption/Decryption program to deal with my Customer Credit Card numbers.  If possible, please help find me an industry standard sample program.

Thank you very much in advance.
RadhaKrishnaKiJayaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

David FavorLinux/LXD/WordPress/Hosting SavantCommented:
Depends on exactly how encryption was done.

If credit card numbers have been hashed (converted to a hash) then no decryption is possible (unless you have an extravagant budget + a Boeing hanger full of Crays (or whatever passes for a super computer these days).

Hashes are generated specifically to guard against decryption.

That said, if you really did use openssl to encrypt credit card numbers using AES-256, then you'll use openssl to decrypt them in reverse.

The only way to know for sure, is if you post code used to hash or encrypt the credit card numbers in question.

This info will instantly show if credit card numbers are hashed or truly encrypted.

Tip: Unless you wrote the encryption code yourself, likely your this data is hashed.

Tip: If you're keeping credit card numbers on file, then you best have gone through the entire PCI Compliance process... or you'll be looking at vast amounts of jail time, depending on jurisdiction of card holders + where card numbers are stored.

Tip: Best if you never talk about saving credit card numbers again in an open forum.
kaufmed   ( ͡° ͜ʖ ͡°)*whispers*  I C# people.Commented:
@David

I think he's asking for code that shows how to perform encryption/decryption.

I do agree about going through with PCI compliance. Not sure about the jail time part, but I know that violations can be very monetarily expensive.
RadhaKrishnaKiJayaAuthor Commented:
Hello Dave,
Thank you!  kaufmed is right.  I am looking for code to perform Encryption/Decryption process.  This is to meet our PCI Compliance.  The Credit Card Numbers are not hashed.  Please let me know.

Hello kaufmed, Thank you!

Thank you!
Amazon Web Services

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

Rikin ShahMicrosoft Dynamics CRM ConsultantCommented:
Hi,

You can always go for Aes Class available in .net Namespace: System.Security.Cryptography

Aes Class represents the abstract base class from which all implementations of the Advanced Encryption Standard (AES) must inherit.

You can find example here-
https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aes?view=netframework-4.7.2
Kyle AbrahamsSenior .Net DeveloperCommented:
Check the following:
https://www.ryadel.com/en/aes-256-class-asp-net-c-sharp-custom-options-settings-hash-padding-mode-keylength-cipher-salt-iv-rijndael/

It looks like you can use this to generate your key.

Note that the passphrase is your key.

The IV should be generated and stored per record.
Salt if you're doing hashes, don't use them if you're encrypting the full CC number (good intro here: https://security.stackexchange.com/questions/52924/is-salt-iv-and-key-necessary-when-encrypting-password-in-a-database-using-aes)
RadhaKrishnaKiJayaAuthor Commented:
Thank you Kyle and Rikin,
From the code, how do I know if the Encryption is 256 bits?

Thank you!
Kyle AbrahamsSenior .Net DeveloperCommented:
https://www.techopedia.com/definition/29703/256-bit-encryption

32 Bytes = 32 * 8 bits = 256 bit encryption.
RadhaKrishnaKiJayaAuthor Commented:
Kyle,
I am still lost.  I tried to relate 32 Bytes = 32 * 8 bits = 256 bit with the link you sent me.  I could not understand it.  Do you have any simple example to start with?

Thank you!
RadhaKrishnaKiJayaAuthor Commented:
Rikin,
From your link, I see the sample code.  How would I understand it is 256 bit encryption?

Thank you!
Kyle AbrahamsSenior .Net DeveloperCommented:
If the key is 256 bits, you have 256 bit encryption.
8 bits in a byte, so 32 bytes of a key would also make it 256 bit encryption (8 * 32 = 256).

You'll note in the original link there are 32 characters making up the key which are bytes (the comment incorrectly calls them bits for 256).
RadhaKrishnaKiJayaAuthor Commented:
Kyle, I am sorry.  I am not able to see/understand that (original link there are 32 characters... ) in the link.  Please let me know the line number you are reading.

Thank you!
Kyle AbrahamsSenior .Net DeveloperCommented:
This link:
https://www.ryadel.com/en/aes-256-class-asp-net-c-sharp-custom-options-settings-hash-padding-mode-keylength-cipher-salt-iv-rijndael/


// passPhrase (32 bit length for AES256)   -> should really be 32 BYTE
var passPhrase = "12345678901234567890123456789012";

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RadhaKrishnaKiJayaAuthor Commented:
Thank you guys for your help!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP.NET

From novice to tech pro — start learning today.