Home/ Questions/Q 6693713
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-26T06:01:00+00:00

I’m using the TripleDESCryptoServiceProvider and need to store the encryption key. If I call

  • 0

I’m using the TripleDESCryptoServiceProvider and need to store the encryption key.

If I call the providers GenerateKey method, is this just a base64 encoded string? If so am I safe to unencode it as such as use the resulting string as a key?

On a slightly different note, is there any problem with using this same key as a salt key when doing one-way hashes? I’m writing a simple membership provider for .net which allows the user to choose the encryption technique (plain, hash, encrypted) so wondered whether it was necessary to make the user specify both a salt key and encryption key.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Calling GenerateKey will generate a new, random, safe (i.e. not weak) key. It’s length (128 or 192) will depend on how your TripleDESCryptoServiceProvider is set up.

    If I call the providers GenerateKey method, is this just a base 64 encoded string?

    The format itself is a byte[] array since you can only retrieve it from the Key property – so it’s not base64, but can easily be encoded that way if you wish, e.g. Convert.ToBase64String(algo.Key);

    If so am I safe to unencode it as such as use the resulting string as a key?

    You cannot use a string as a key – not unless you convert it back to a byte[]. However you can keep the key as a string between it’s uses (if that’s any help to your application).

    On a slightly different note, is there any problem with using this same key as a salt key when doing one-way hashes?

    If you use the random data as a key or as a salt then there should be no issue. Just don’t use the same data for both (and).

    • 0