AES Message Envelope

The AES Encryption Envelope components (provided with all editions of Remoting SDK except for JavaScript) provide a simple Message Envelope that can be used to encrypt on-the-wire communication using the widely-known symetric AES/Rijndael encryption algorithm.

The envelope has been designed with cross-platform capabilities in mind, so that clients and servers written in different platform editions of the product can leverage this envelope and communicate through it.

Setting Up

After hooking up the envelope to your messages as with any other Message Envelope, all that is needed to configure the AES Encryption Envelope is to set the Password property. To avoid inter-platform and inter-codepage conflicts, it is recommended to stick to 7bit ASCII. The password needs to match on client and server, obviously.

The default Envelope Marker suggested by the envelope is "AES". This of course can be adjusted (for example to make the method of encryption less obvious), but also needs to match on client and server.

Wire Specification

Because AES encryption only works on data sizes of multiples of 16 bytes, the envelope pads the original message with zeros to a multiple of 16, before encryption. The encrypted stream is prefixed by an Int32 in standard BinMessage encoding (4 bytes, Little-Endian), indicating the length of the original (unwrapped) message. After decrypting, the result will be cut to that length.

The wire format for encrypted messages is therefore as follows:

  • Standard Message Envelope header ("ROENV" + envelope marker)
  • Decrypted Size as BinMessage Int32
  • Encrypted Data (in x*16 bytes)