My goal is to encrypt a string using an agreed upon key-phrase and standard encryption scheme, send it to a third party and have them be able to decrypt it with the agreed upon key-phrase.
As I dug more into the .NET classes for encryption (AES is was I wanted to use) it became apparent it was more complicated than I originally though. From the limited amount I understand it looks like agreeing upon a shared key-phrase is not enough. Both salt and an initialization vector need to be common between encryption and decryption.
Am I missing something? Is there a way to encrypt the text I want (using .NET) and have someone else be able to decrypt the message using only a shared key-phrase?
I also cannot depend on the person decrypting the message using .NET. Hence I was looking towards a standard encryption method.
For secure password-based encryption, you do need a per-message salt and initialisation vector that are known to both sides.
However, this is not a problem. The salt and IV should be generated randomly on the sending side, and sent to the destination along with the ciphertext (it’s OK if the salt and IV are seen by observers – as long as you’re randomly generating them afresh for each message, this doesn’t compromise the security of the system).
You have to send the ciphertext to the destination anyway, so this only adds a small amount of additional data that must be sent. The only a priori information the destination needs is the passphrase.
As for a standard method, you could use PBES2 from RFC2898.