I currently have a set of AES Encryption/Decryption functions that I use in ASP.NET for all of my cryptographic needs. I then pass these data in apps back and forth to another secure application that I have no control over. Everything is sent in strings, and the strings are sent to and from these apps with an ASCII encoding.
Now I am working with a pre-existing Silverlight app, where I have a need to add encrypt/decrypt functionality to data, but I will still be sending to this other secure application (over which I have no control) that uses ASCII encoding. Since Silverlight uses UTF-8, this seems like it might be a problem. I know enough about encodings to know how ASCII and UTF-8 are alike and different (0 through 127 are the same in each, but UTF-8 has many more characters). Are there any risks to encrypting/decrypting in UTF-8 on my end if I am going to be sending/receiving data to/from an app that uses ASCII? (My app will not be using any non-standard characters before the encryption)
Also, should I:
- Use a Service Reference in Silverlight that has my ASCII encryption/decryption functions? OR
- Encrypt/Decrypt in UTF-8 inside Silverlight app, no service reference required?
while it’s bad from an i18n perspective, if can be reasonably sure that your input is going to be only in the range of normal ascii characters, you shouldn’t have a problem.
You can add the code from this SO answer to give you some extra protection — converting non-ASCII safe UTF-8 characters to a ‘?’, returning a byte array you can feed into your encryption method.