Not sure if this is the best approach for the question, but I came up with the following solution.
- Define a new
Rfc2898DeriveBytes
- Define the password as the password for Rfc2898DeriveBytes (well this was surpising)
- Define the username as salt
- Use the first 16 bytes (128 bit) as the
Key
for Aes
- Use the next 16 bytes as the initialization vector
So the code looks currently like this:
private static System.Security.Cryptography.Aes InitAes(string username, string password) {
System.Security.Cryptography.Aes aes = new System.Security.Cryptography.AesManaged();
System.Security.Cryptography.Rfc2898DeriveBytes rfc2898
= new System.Security.Cryptography.Rfc2898DeriveBytes(password,
System.Text.Encoding.Unicode.GetBytes(username));
aes.Padding = System.Security.Cryptography.PaddingMode.PKCS7;
aes.KeySize = 128;
aes.Key = rfc2898.GetBytes(16);
aes.IV = rfc2898.GetBytes(16);
return aes;
}
If anybody has comments or enhancement ideas, feel free to add them as comments or solutions.