The Problem
I want to decrypt encrypted data with RijndaelManaged but the result is always empty (either "" or an byte array with the length of the data full of zeros).
All parameters, salt and data are all correct, CryptoHelper.CreateRijndaelManagedAES gets called the exact same way in the encrypt method (which produces an good output).
The only thing left I could think of is that I use the streams wrong, but I can't figure out why ...
Code
public static RijndaelManaged CreateRijndaelManagedAES(byte[] passwordHash, byte[] salt)
{
RijndaelManaged aes = new RijndaelManaged
{
KeySize = 256,
BlockSize = 128,
Padding = PaddingMode.PKCS7,
Mode = CipherMode.CBC
};
// Derive a key of the full Argon2 string (contains also meta data)
using Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(passwordHash, salt, 10);
aes.Key = key.GetBytes(aes.KeySize / 8);
aes.IV = key.GetBytes(aes.BlockSize / 8);
return aes;
}
public static async Task<string> EncryptDataAsync(string plainData, byte[] passwordHash, int saltSize)
{
return await Task.Run(async () =>
{
// Generate a random salt
byte[] salt = CryptoHelper.GenerateRandomSalt(saltSize);
// Write the salt unencrypted
using MemoryStream memoryStream = new MemoryStream();
await memoryStream.WriteAsync(salt);
// Encrypt the data and write the result to the stream
using RijndaelManaged aes = CryptoHelper.CreateRijndaelManagedAES(passwordHash, salt);
using CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write);
using StreamWriter streamWriter = new StreamWriter(cryptoStream);
await streamWriter.WriteAsync(plainData);
cryptoStream.FlushFinalBlock();
return ENCRYPTED_MAGIC + Convert.ToBase64String(memoryStream.ToArray());
});
}
public static async Task<string> DecryptDataAsync(string encryptedData, byte[] passwordHash, int saltSize)
{
if (!HasValidMagicBytes(encryptedData))
{
throw new ArgumentException("The given data isn't encrypted");
}
return await Task.Run(async () =>
{
byte[] saltAndData = Convert.FromBase64String(encryptedData.Substring(ENCRYPTED_MAGIC.Length));
byte[] salt = saltAndData.Take(saltSize).ToArray();
byte[] data = saltAndData.TakeLast(saltAndData.Length - saltSize).ToArray();
// Decrypt the data and return the result
using MemoryStream memoryStream = new MemoryStream(data);
using RijndaelManaged aes = CryptoHelper.CreateRijndaelManagedAES(passwordHash, salt);
using CryptoStream cryptoStream = new CryptoStream(memoryStream, aes.CreateDecryptor(), CryptoStreamMode.Read);
using StreamReader streamReader = new StreamReader(cryptoStream);
return await streamReader.ReadToEndAsync();
});
}
Security Notice
Don't use Rfc2898DeriveBytes with only 10 iterations (as I do) if you pass a password to it. I derive a key from the password beforehand due to performance reasons (Blazor WASM) and pass the result to the CreateRijndaelManagedAES function.
If you want to use Rfc2898DeriveBytes with a password you should use at least 50000 iterations (as of 2020).
Explantation
The iterations parameter is basically a cost parameter. The higher the iterations count the harder it gets for an attacker to brute force the derived password (as he would need more computing power/time). NIST has made a publication in 2017 which it states that you should use as many iterations as your environment can handle but at least 10000. I can't find the source anymore but I remember to have read that you currently should use at least 50000 (due to future security).
The issue is in the EncryptDataAsync method, i.e. the encryption (in DecryptDataAsync, i.e. the decryption, the bug only becomes evident). This is because the StreamWriter must first be flushed before memoryStream.ToArray() is called. This call must be executed before:
...
cryptoStream.FlushFinalBlock();
...
that is:
...
streamWriter.Flush();
cryptoStream.FlushFinalBlock();
...
or alternatively
...
streamWriter.Close();
...
which flushes/closes both streams, see also StreamWriter.Flush() and StreamWriter.Close().
Related
I have a very big csv file which is encrypted using AES. The code that does the encryption
using var aes = new AesCryptoServiceProvider();
aes.Mode = CipherMode.ECB;
aes.Padding = PaddingMode.None;
aes.Key = key;
aes.IV = initializationVector;
using var memoryStream = new MemoryStream();
var cryptoStream = new CryptoStream(memoryStream, aes.CreateEncryptor(), CryptoStreamMode.Write);
cryptoStream.Write(data, 0, data.Length);
cryptoStream.Flush();
This is later saved into a file. On the decryption end, I'm trying to decrypt it in chunks, e.g.
using var sourceStream = File.OpenRead(path_to_encrypted_file);
using var aes = new AesCryptoServiceProvider();
aes.Mode = CipherMode.ECB;
aes.Padding = PaddingMode.None;
aes.Key = key;
aes.IV = iv;
using (var fs = File.Create(path_to_decrypted_file))
using (var cryptoStream = new CryptoStream(fs, aes.CreateDecryptor(), CryptoStreamMode.Write)
{
var dataBuffer = new byte[81290];
int read;
while ((read = await sourceStream.ReadAsync(dataBuffer)) != 0)
{
ReadOnlyMemory<byte> buffer = dataBuffer.AsMemory().Slice(0, read);
await cryptoStream.WriteAsync(buffer);
await cryptoStream.FlushAsync();
}
}
File is decrypted, however, I see some random bytes and empty lines at the end of the file
Is there anything wrong with how I decrypt ?
There's a couple potential issues I'd investigate first, at least in the existing provided code. There may be more depending on how you're generating the initial data byte array, how you're generating your key, how you're writing the encrypted stream to disk, etc.
You're using ECB and you almost certainly shouldn't. It isn't doing anything with your IV, either. Consider CBC or GCM depending on the application. https://stackoverflow.com/a/22958889/13374279
You're not using a padding mode. Unless your data is exactly contained within the block size, there's a chance you're losing some data, which might be contributing to the gibberish at the end.
You don't show the original encrypting stream disposal, you just show the Flush(). Depending on its disposal, it is likely not calling the CryptoStream's FlushFinalBlock() method, which is important. Given the lack of the padding mode, if you add this in, you'll likely suddenly see yourself with an exception here to alert you that The input data is not a complete block. due to #2 until you swap that out.
Thanks to the answer by #Adam G I reimplemented encrypt/decrypt following suggestions in the answer + comments.
A little background – I needed a solution where encryption happens on the client machine (disconnected from the internet) & decryption later on takes place in the cloud once the encrypted file uploaded to a blob storage.
I wanted to have a hybrid encryption, where key is RSA encrypted, data - AES.
So the file contents on the client:
RSA encrypted key
RSA encrypted IV (RSA encryption of the IV is not necessary AFAIK)
AES encrypted data
This is the final implementation:
// Local
var localRsa = RSA.Create();
localRsa.ImportRSAPublicKey(
Convert.FromBase64String(public_key),
out var _);
var localAes = Aes.Create();
localAes.GenerateKey();
localAes.GenerateIV();
localAes.Mode = CipherMode.CBC;
localAes.Padding = PaddingMode.PKCS7;
using (var dataStream = File.OpenRead(file_to_encrypt))
using (var secretFileStream = File.Create(encrypted_file))
{
await secretFileStream.WriteAsync(localRsa.Encrypt(localAes.Key, RSAEncryptionPadding.OaepSHA256));
await secretFileStream.WriteAsync(localRsa.Encrypt(localAes.IV, RSAEncryptionPadding.OaepSHA256));
using (var cryptoStream = new CryptoStream(secretFileStream, localAes.CreateEncryptor(localAes.Key, localAes.IV), CryptoStreamMode.Write))
{
await dataStream.CopyToAsync(cryptoStream);
}
}
And the decryption piece:
// Cloud
var cloudRsa = RSA.Create();
cloudRsa.ImportRSAPrivateKey(
Convert.FromBase64String(private_key),
out var _);
var cloudAes = Aes.Create();
cloudAes.Mode = CipherMode.CBC;
cloudAes.Padding = PaddingMode.PKCS7;
using (var secretFileStream = File.OpenRead(encrypted_file))
{
var keyBuffer = new byte[256];
await secretFileStream.ReadAsync(keyBuffer, 0, keyBuffer.Length);
cloudAes.Key = cloudRsa.Decrypt(keyBuffer, RSAEncryptionPadding.OaepSHA256);
var ivBuffer = new byte[256];
await secretFileStream.ReadAsync(ivBuffer, 0, keyBuffer.Length);
cloudAes.IV = cloudRsa.Decrypt(ivBuffer, RSAEncryptionPadding.OaepSHA256);
secretFileStream.Position = 512;
using (var plainTextStream = File.Create(decrypted_file))
{
using (var cryptoStream = new CryptoStream(secretFileStream, cloudAes.CreateDecryptor(cloudAes.Key, cloudAes.IV), CryptoStreamMode.Read))
{
await cryptoStream.CopyToAsync(plainTextStream);
}
}
}
I have this code in CryptoJS, inside browser:
var decrypt = function (cipherText) {
var key = "a_long_key_goes_here";
var iv = "initial_vector_goes_here";
key = CryptoJS.enc.Hex.parse(key);
iv = CryptoJS.enc.Hex.parse(iv);
var decrypted = CryptoJS.TripleDES.decrypt({
ciphertext: CryptoJS.enc.Hex.parse(cipherText)
}, key, {
iv: iv,
mode: CryptoJS.mode.CBC
});
var clearText = decrypted.toString(CryptoJS.enc.Utf8);
return clearText;
};
This code is not written by me. Also the cipherText come from another server that I have no access to. However, I have access to key and to iv.
I can decrypt that cipherText inside a browser's console. But I want to use these keys to decrypt that cipherText inside C# code. Here's the code I've written:
public void Desrypt()
{
ICryptoTransform decryptor;
UTF8Encoding encoder;
string key = "a_long_key_goes_here";
string iv = "initial_vector_goes_here";
var cipherText = "cipher_text_goes_here";
string clearText = "";
byte[] cipherBytes = FromHexString(cipherText);
using (Aes aes = Aes.Create())
{
Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(key, new byte[] { });
aes.Key = pdb.GetBytes(32);
aes.IV = pdb.GetBytes(16);
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, aes.CreateDecryptor(), CryptoStreamMode.Write))
{
cs.Write(cipherBytes, 0, cipherBytes.Length);
cs.Close();
}
clearText = Encoding.Unicode.GetString(ms.ToArray());
}
}
return clearText;
}
public static byte[] FromHexString(string hexString)
{
var bytes = new byte[hexString.Length / 2];
for (var i = 0; i < bytes.Length; i++)
{
bytes[i] = Convert.ToByte(hexString.Substring(i * 2, 2), 16);
}
return bytes;
}
I have some problems though. I don't understand if I'm correctly decoding the given cipherText from hexadecimal or not. Also I can't instantiate Rfc2898DeriveBytes, because I don't know what the second parameter (salt) should be.
Also I don't know where should I use that iv I've gotten from the CryptoJS code.
Could you please help?
So that both codes are compatible, the following changes of the C# code are necessary:
The return type of the Decrypt method must be changed from void to string.
Key and IV have to be decoded hexadecimal like the ciphertext with FromHexString.
Instead of AES, TripleDES must be used.
Rfc2898DeriveBytes implements PBKDF2 and must not be applied (since the JavaScript code does not use PBKDF2 either).
The decrypted data must not be decoded with Encoding.Unicode (which corresponds to UTF16LE in .NET), but with Encoding.UTF8.
The C# code can handle 24 bytes keys (to support 3TDEA) and 16 bytes keys (to support the less secure 2TDEA). The posted CryptoJS code also handles these key sizes plus additionally 8 bytes keys (to support the least secure, DES compatible variant 1TDEA).
The following C# code decrypts a ciphertext generated with CryptoJS and 3TDEA:
public string Decrypt()
{
byte[] key = FromHexString("000102030405060708090a0b0c0d0e0f1011121314151617"); // 24 bytes (3TDEA)
byte[] iv = FromHexString("0001020304050607"); // 8 bytes
byte[] ciphertext = FromHexString("2116057c372e0e95dbe91fbfd148371b8e9974187b71e7c018de89c757280ad342d4191d29472040ee70d19015b025e1");
string plaintext = "";
using (TripleDES tdes = TripleDES.Create())
{
tdes.Key = key;
tdes.IV = iv;
using (MemoryStream ms = new MemoryStream())
{
using (CryptoStream cs = new CryptoStream(ms, tdes.CreateDecryptor(tdes.Key, tdes.IV), CryptoStreamMode.Write))
{
cs.Write(ciphertext, 0, ciphertext.Length);
}
plaintext = Encoding.UTF8.GetString(ms.ToArray());
}
}
return plaintext;
}
The decryption is also possible with the posted JavaScript code, which shows the functional equivalence of both codes.
Note: Since AES is more performant than TripleDES, AES should be used if possible.
Note:
The following code sample is for demonstration purposes only and implements an insecure scheme. If you are looking for a secure scheme have a look at https://stackoverflow.com/a/10177020/40347
I am using the AESCryptoServiceProvider class for testing some encryption concepts. So far in all the examples and articles out there they generate a random key to use for encryption and then immediately for decryption. Sure, it works fine because you are using the key right there, but if you encrypt, save the text and at a later time you want to decrypt it you will need the SAME key. And for that purpose also the same IV.
Now, in this code I am using the same key and IV on multiple passes, every time I run the batch that batch gives the same result (as expected). But then I close the test application and rerun the same code without change and the resulting (Base64-encoded) cypher text is different for the same input parameters, why?
I "saved" one of the B64-encoded cyphers from a previous run and fed it to the TestDecrypt method and as expected, it threw a cryptographic exception mentioning something about padding though I am sure it has to do with the fact that somehow for the same Key,IV, plain text and parameters it gives a different result on every separate run of the application.
For encrypting I have this:
public string Test(string password, Guid guid, string text)
{
const int SaltSize = 16;
string b64Cryptogram;
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
Rfc2898DeriveBytes pwbytes = new Rfc2898DeriveBytes(password, SaltSize);
// Block 128-bits Key 128/192/256 bits (16/24/32 bytes)
using (AesCryptoServiceProvider aes = new AesCryptoServiceProvider())
{
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.CBC;
//aes.IV = pwbytes.GetBytes(aes.BlockSize / 8);
aes.IV = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
aes.Key = guid.ToByteArray();
ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(text);
}
b64Cryptogram = Convert.ToBase64String(msEncrypt.ToArray());
}
}
Console.WriteLine("E: {0}", b64Cryptogram);
aes.Clear();
}
return b64Cryptogram;
}
Notice I am not using the RFC2898DeriveBytes because it will randomly derive something I will no longer remember :) The idea of encrypting it is precisely that I KNOW what I used to encrypt it.
The decryption method looks like this:
public void TestDecrypt(string password, Guid guid, string ciphertextB64)
{
const int SaltSize = 16;
byte[] cipher = Convert.FromBase64String(ciphertextB64);
string plaintext;
MD5CryptoServiceProvider md5 = new MD5CryptoServiceProvider();
Rfc2898DeriveBytes pwbytes = new Rfc2898DeriveBytes(password, SaltSize);
// Block 128-bits Key 128/192/256 bits (16/24/32 bytes)
using (AesCryptoServiceProvider aes = new AesCryptoServiceProvider())
{
aes.Padding = PaddingMode.PKCS7;
aes.Mode = CipherMode.CBC;
//aes.IV = pwbytes.GetBytes(aes.BlockSize / 8);
aes.IV = md5.ComputeHash(System.Text.Encoding.UTF8.GetBytes(password));
aes.Key = guid.ToByteArray();
ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
using (MemoryStream msEncrypt = new MemoryStream(cipher))
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader swEncrypt = new StreamReader(csEncrypt))
{
plaintext = swEncrypt.ReadToEnd();
}
}
}
Console.WriteLine("D: {0}", plaintext);
aes.Clear();
}
}
Now, just put that in a console application and run it. Then exit and run it again and you will see that for the same Mode, Padding, IV, Key and plain text data, the output cipher will not be the same on every application run. They will be the same provided you run the method repeatedly in the same run of the application.
In case it was not obvious, here is the console code I used to test:
Guid guid = Guid.NewGuid();
string plain = "Text to be encrypted 123458970";
string password = "This is a test of the emergency broadcast system";
TestDecrypt(password, guid, Test(password, guid, plain));
TestDecrypt(password, guid, Test(password, guid, plain));
Test(password, guid, plain);
Test(password, guid, plain);
Test(plain, guid, password);
TestDecrypt(password, guid, "W4Oi0DrKnRpxFwtE0xVbYJwWgcA05/Alk6LrJ5XIPl8=");
}
The solution here is to pull in from a stored or constant Guid. Calling
Guid.NewGuid();
will return a different result every time. From the docs:
This is a convenient static method that you can call to get a new Guid. The method wraps a call to the Windows CoCreateGuid function. The returned Guid is guaranteed to not equal Guid.Empty.
Alternatively when testing you can use Guid.Empty which will return all zeroes.
Or, you can store it as such using its string constructor overload:
var guid = new Guid("0f8fad5b-d9cb-469f-a165-70867728950e");
I am facing with problem when decrypting data with usage of TripleDESCryptoServiceProvider. The problem is that decrypted value contains beside of original value some additional, strange characters at the end
Per instance if I provide "rastko" to be encrypted, I will get later with decryption something like this "rastko⥊㮶". For other values it could be different number of 'dummy' characters or in some cases I will get exact value.
Then, I saw that for all encrypted data byte array size is divisible by 8. It looks like any provided data is rounded on value that is divisible by 8. Only in case when original encoded value is divisible by 8, decryption will retrieve appropriate value.
Here are methods that I am using :
public static byte[] EncryptPassword(string password, out byte[] cryptoKey, out byte[] cryptoIV)
{
try
{
UnicodeEncoding unicodeEncoding = new UnicodeEncoding();
byte[] unicodePassword = unicodeEncoding.GetBytes(password);
byte[] encryptedPassword;
using (TripleDESCryptoServiceProvider tripleDes = new TripleDESCryptoServiceProvider())
{
tripleDes.Key = GetCryptoKey();
tripleDes.Mode = CipherMode.CBC;
tripleDes.Padding = PaddingMode.PKCS7;
cryptoKey = tripleDes.Key;
cryptoIV = tripleDes.IV;
using (MemoryStream memoryStream = new MemoryStream())
{
ICryptoTransform cryptoTransform = tripleDes.CreateEncryptor();
using (
CryptoStream cryptoStream = new CryptoStream(memoryStream, cryptoTransform, CryptoStreamMode.Write))
{
cryptoStream.Write(unicodePassword, 0, unicodePassword.Length);
////cryptoStream.FlushFinalBlock();
}
encryptedPassword = memoryStream.ToArray();
}
}
return encryptedPassword;
}
catch (Exception ex)
{
throw new Exception("Password encryption failed !", ex);
}
}
public static string DecryptPassword(byte[] encryptedPassword, byte[] cryptoKey, byte[] cryptoIV)
{
try
{
UnicodeEncoding unicodeEncoding = new UnicodeEncoding();
string readablePassword;
using (TripleDESCryptoServiceProvider tripleDes = new TripleDESCryptoServiceProvider())
{
tripleDes.Key = cryptoKey;
tripleDes.IV = cryptoIV;
tripleDes.Mode = CipherMode.CBC;
tripleDes.Padding = PaddingMode.PKCS7;
// Create a new MemoryStream using the passed
// array of encrypted data.
using (MemoryStream memoryStream = new MemoryStream(encryptedPassword))
{
// Create crypto transform that defines the basic operations of cryptographic transformations.
ICryptoTransform cryptoTransform = tripleDes.CreateDecryptor();
// Create a CryptoStream using the MemoryStream and the passed key and initialization vector (IV).
using (CryptoStream decryptoStream = new CryptoStream(memoryStream, cryptoTransform, CryptoStreamMode.Write))
{
decryptoStream.Write(encryptedPassword, 0, encryptedPassword.Length);
///decryptoStream.FlushFinalBlock();
}
byte[] decryptedPassword = memoryStream.ToArray();
//Convert the buffer into a string and return it.
readablePassword = unicodeEncoding.GetString(decryptedPassword, 0, decryptedPassword.Length);
}
}
return readablePassword;
}
catch (Exception ex)
{
throw new Exception("Password decryption failed !", ex);
}
}
private static byte[] GetCryptoKey()
{
UnicodeEncoding unicodeEncoding = new UnicodeEncoding();
string plainKey = "rastkoisajev2310982josipasenera153";
byte[] encodedKey = unicodeEncoding.GetBytes(plainKey);
// Prepares 192 bit key
byte[] preparedKey = new byte[24];
Array.Copy(encodedKey, preparedKey, 24);
return preparedKey;
}
Here is sample test invocation :
private static void CryptoTest()
{
string password = "rastko";
byte[] cryptoKey;
byte[] cryptoIV;
byte[] encryptedPassword = Crypto.EncryptPassword(password, out cryptoKey, out cryptoIV);
string decryptedPAssword = Crypto.DecryptPassword(encryptedPassword, cryptoKey, cryptoIV);
}
I have not good experience with security. What I see is that IV vector is 8byte size and as I found it is related to BlockSize, that is 8times greater then IV size. TripleDESCryptoServiceProvider for IV vector is using 8byte value. I can not change this.
Could you please tell me what I have to do or did I wrote something wrongly ?
DES is a 64 bit block cypher. Any text that does not divide cleanly into 64 bit (=8 byte) blocks needs to be padded to make up a whole number of blocks. You need to set padding for encryption and decryption. If you have control of both ends then use PKCS#5 padding to encrypt and decrypt. If you only have control over the decryption end, then ask the encrypting end what padding they are using and expect that.
Note that encrypting a password is normally not the way to go. Use PBKDF2 instead. Don't confuse passwords and keys!
Try to make sure that your CryptoStreams get closed or flushed:
http://msdn.microsoft.com/en-us/library/system.security.cryptography.cryptostream.flushfinalblock.aspx
If you don't then the padding/unpadding will likely not be performed, and you get trash instead.
After detail investigation I have found the solution for my problem.
I have changed a little bit decryption logic.
Instead of this part in DecryptPassword method :
// Create a CryptoStream using the MemoryStream and the passed key and initialization vector (IV).
using (CryptoStream decryptoStream = new CryptoStream(memoryStream, cryptoTransform, CryptoStreamMode.Write))
{
decryptoStream.Write(encryptedPassword, 0, encryptedPassword.Length);
///decryptoStream.FlushFinalBlock();
}
byte[] decryptedPassword = memoryStream.ToArray();
//Convert the buffer into a string and return it.
readablePassword = unicodeEncoding.GetString(decryptedPassword, 0, decryptedPassword.Length);
}
I am now using the Read logic from CryptoStream and then I am just removing nullable characters. It is like this now :
// Create a CryptoStream using the MemoryStream and the passed key and initialization vector (IV).
using (CryptoStream decryptoStream = new CryptoStream(memoryStream, cryptoTransform, CryptoStreamMode.Read))
{
// Create buffer to hold the decrypted data.
byte[] fromEncrypt = new byte[encryptedPassword.Length];
decryptoStream.Read(fromEncrypt, 0, fromEncrypt.Length);
//Convert the buffer into a string and return it.
readablePassword = unicodeEncoding.GetString(fromEncrypt);
readablePassword = readablePassword.Replace("\0", string.Empty);
}
This works perfectly for me ! Thank you all for your time.
I have following two methods.
1st method
//SymmetricEncryting
private byte[] SymmetricEncrypt()
{
try
{
//Get Byte Value
byte[] x= Encoding.Default.GetBytes("Test");
byte [] y;
//Create Symmetric Key Encription
RijndaelManaged rijndaelManaged = new RijndaelManaged();
//GetSymmetricPublicKey
_symmetricPublicKey = rijndaelManaged.Key;
//Get Symmetric Public IV
_symmetricPublicIv = rijndaelManaged.IV;
using (MemoryStream memoryStream = new MemoryStream(x))
{
//Start EncriptionProcess
var cryptoStream = new CryptoStream(memoryStream,
rijndaelManaged.CreateEncryptor
(_symmetricPublicKey,
_symmetricPublicIv),
CryptoStreamMode.Write);
cryptoStream.Write(x, 0, x.Length);
// Complete the encryption process
//cryptoStream.FlushFinalBlock();
y= memoryStream.ToArray();
}
return y;
}
catch (Exception)
{
throw;
}
}
2nd method
private string Decrypt(
byte[] y,
byte[] symmetricPublicKey,
byte[] symmtricPublicIv)
{
try
{
//Create the Key Container
CspParameters cspParameters = new CspParameters();
//Get the AsyPrivate and Public key from the Container
cspParameters.KeyContainerName = "Keys";
var rsaCryptoServiceProvider = new RSACryptoServiceProvider(cspParameters);
//Decrypt and get the Symmetric Public key
var decryptedSymmetricPubk = rsaCryptoServiceProvider.Decrypt(symmetricPublicKey, false);
//Decrypt and get the Symmetric Public IV
var decryptedSymmetricPubIv = rsaCryptoServiceProvider.Decrypt(symmtricPublicIv, false);
//Create RijndaelManaged object to do the Symmtric dycrption
RijndaelManaged rijndaelManaged = new RijndaelManaged();
//Create cryptostream using decrypted symmetric Public Key and IV
ICryptoTransform iCryptoTransform = rijndaelManaged.CreateDecryptor(decryptedSymmetricPubk,
decryptedSymmetricPubIv);
//Create a memory stream
using (MemoryStream memoryStream = new MemoryStream(y))
{
var cryptoStream = new CryptoStream(memoryStream, iCryptoTransform, CryptoStreamMode.Read);
byte[] z= new byte[y.Length];
cryptoStream.Read(z, 0, z.Length);
//cryptoStream.FlushFinalBlock();
//Convert byte array to string
var x= System.Text.Encoding.Default.GetString(z);
return x;
}
}
catch (Exception)
{
throw;
}
As you see in the code i am trying to encrypt a string using symmetric encryption.I encrypt the symmetric public key and Iv by using the asymmetric public key which i have already created.Then i am trying to decrypt the encrypted string .
Problem 1
What is the purpose of having cryptoStream.FlushFinalBlock(); on both encryption and decryption.As i learned from msdn it will end the processes running on the cyptostream
Problem 2
If i uncomment the line cryptoStream.FlushFinalBlock(); it throws an exception
"Memory stream is not expandable.". But if i comment the line it will work fine and return a byte array.
Problem 3
However the second method throws an exception "system.security.cryptography.cryptographicexception length of the data to decrypt is invalid ,on the execution of line cryptoStream.Read(z, 0, z.Length);
I couldn't find the actual cause of these errors on my debugging .Also i did some search on Google.But unfortunately i couldn't find any solution.Can any one please explain the answer?
You are encrypting using PKCS-padding (this is the default). AES/Rijndael is a block-cipher, which means that it only can encrypt blocks of 16 bytes at a time. To allow block-cipher to encrypt data of arbitrary sizes we use a padding algorithm. PKCS-padding works by adding 1-16 bytes at the end when encrypting and removing them when decrypting. The length of the padding is encoded in the padding itself.
You need the FlushFinalBlock when encrypting to let the CryptoStream know that there is no more incoming data and it should add the padding. It is not necessary and should not be used when you are using the CryptoStream in Read-mode.
The first exception come because you are using the plaintext-array as a backing store for the MemoryStream. Because of the padding the encryption will be larger than the plaintext.
The second exception is because you removed the FlushFinalBlock statement and because the MemoryStream is not allowed to resize to make an array of the correct length. The encrypted data should always be a multiple of 16 bytes, but since the MemoryStream will reuse x, y will have the same length as x, which is not always a valid length.
The solution is:
Use FlushFinalBlock in SymmetricEncrypt.
Replace using (MemoryStream memoryStream = new MemoryStream(x)) and using (MemoryStream memoryStream = new MemoryStream(y)) with using (MemoryStream memoryStream = new MemoryStream()). This will allow the MemoryStreams to resize freely.
Oddly, it works for me to just do a write operation when de-crypting as well. Something like:
var decryptMemoryStream = new MemoryStream();
var decryptStream = new CryptoStream(decryptMemoryStream, iCryptoTransform , CryptoStreamMode.Write);
//write the unencrypted data array to the stream
decryptStream.Write(y, 0, y.Length);
decryptStream.Flush();
decryptStream.Close();
var decryptedData = decryptMemoryStream.ToArray();