I have a C# WinForms app, with AES encryption/decryption. The encryption (decryption) itself works fine, but only once. If I try to encrypt another string, I get a CryptographyException saying the padding is invalid. Based on some research, it seems I forgot to close some stream, but I can't figure out what it is. Does anyone know how to fix this?
Here is the code I use (I believe I found it earlier somewher on SO):
static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key
, byte[] IV)
{
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create())
{
aesAlg.Padding = PaddingMode.PKCS7;
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key
, aesAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt
, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(
csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
//csDecrypt.FlushFinalBlock(); causes an exception
plaintext = srDecrypt.ReadToEnd();
//csDecrypt.Flush(); experimental solution, doesn't work either
srDecrypt.Close();
}
csDecrypt.Close();
}
msDecrypt.Close();
}
}
return plaintext;
}
static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key,
byte[] IV)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
byte[] encrypted;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create())
{
aesAlg.Padding = PaddingMode.PKCS7;
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key
, aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt
, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(
csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
swEncrypt.Close();
}
csEncrypt.Close();
msEncrypt.Close();
encrypted = msEncrypt.ToArray();
//csEncrypt.FlushFinalBlock(); causes an exception saying it was already called
}
}
}
Here is a sample of code I use to test the ecnryption. Performs correctly, but only once...
The key and IV are converted into Unicode string so that the user is able to save it and use it later for decryption.
private void button7_Click(object sender, EventArgs e)
{
string aesKey = "";
string aesIV = "";
string ciphered = "";
string deciphered = "";
using (Aes myAes = Aes.Create())
{
myAes.GenerateKey();
myAes.GenerateIV();
aesKey = Encoding.Unicode.GetString(myAes.Key);
aesIV = Encoding.Unicode.GetString(myAes.IV);
ciphered = Encoding.Unicode.GetString(EncryptStringToBytes_Aes(".ahoj.", myAes.Key, myAes.IV));
byte[] deKey = Encoding.Unicode.GetBytes(aesKey);
byte[] deIv = Encoding.Unicode.GetBytes(aesIV);
deciphered = DecryptStringFromBytes_Aes(Encoding.Unicode.GetBytes(ciphered), deKey, deIv);
MessageBox.Show("key: " + aesKey + "\niv: " + aesIV + "\ndekey: " + Encoding.Unicode.GetString(deKey) + "\ndeIv: " + Encoding.Unicode.GetString(deIv) + "\nDeciphered: " + deciphered);
}
}
Instead of using GetBytes and GetString from the unicode encoding, I would recommend base 64 encoding the bytes.
You can do base 64 encoding using Convert.ToBase64String() and Convert.FromBase64String.
One problem with just getting the unicode string from a generated byte array is that there is no guarantee that all of the characters are printable characters. For example, if you have a 0 in the byte array, that will be a null control character.
I recently ran into this myself. I am making use of the 'using' statements in your first code block but I never call .Close() and I am not running into the issue of only being able to run once.
To solve issues with padding on decrypt and issue of non-printable characters, I am explicitly setting the Padding as you did in the first code block but I am using Encoding.Default.GetBytes(cipherText); and the GetString method of the same encoding so it uses Window's default Extended ASCII encoding so it will recognize all the characters.
Related
I'm using Aes to encrypt and decrypt data. I have tested my Encrypt and Decrypt functions and they work, but when I try to decrypt stored in my database data it throws me
System.Security.Cryptography.CryptographicException: The input data is
not a complete block.
What I do before storing the bytes encryption is
string encryptedData = Encoding.UTF8.GetString(_securityService.AesEncryptToBytes(data));
// Proceed in adding the encryptedData to the database.
This is how I decrypt my encrypted data pulled from the database.
string data = _securityService.AesDecryptFromBytes(Encoding.UTF8.GetBytes(encryptedDataPulledFromMyDataBase));
My encryption method:
public byte[] AesEncryptToBytes(string plainText)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (key == null || key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("IV");
byte[] encrypted;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create())
{
aesAlg.Key = key;
aesAlg.IV = IV;
// Create an encryptor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
// Return the encrypted bytes from the memory stream.
return encrypted;
}
My Decryption method:
public string AesDecryptFromBytes(byte[] cipherText)
{
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (key == null || key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("IV");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create())
{
aesAlg.Key = key;
aesAlg.IV = IV;
// Create a decryptor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
What I've done is basically copy pasting the code from Microsoft Docs. Both methods work when testing them, but when I try to Decrypt the Encrypted data which is the encryption bytes converted to string I get thrown the exception.
I am trying to write client code that requests for information from an external API over the web.
The API is simple enough (to me) except for the stipulations of how to generate the authorisation key.
First some context:
There are 6 string values required to start with:
token
password
devId
salt
orgId
givenKey
Now for the encryption stuff. First up SHA2.
hashedString = SHA2(token + password + devId)
Followed by AES.
authKey = AES(salt + orgId + "=" + hashedString)
The AES parameters are specified as follows:
Mode = ECB
Padding = PKCS5Padding
Secret Key = givenKey
My problem is that I know next to nothing about cryptography.
Below is the code I have attempting to accomplish the above.
// Generate Authorisation key
byte[] fieldsBytes = Encoding.ASCII.GetBytes(token + password + devId);
byte[] keyBytes = Encoding.ASCII.GetBytes(secretKey);
SHA512 shaM = new SHA512Managed();
string hashedFields = Encoding.ASCII.GetString(shaM.ComputeHash(fieldsBytes));
byte[] encryptedBytes = EncryptStringToBytes_Aes(salt + orgId + "=" + hashedfields,
keyBytes, keyBytes);
string encryptedString = Encoding.ASCII.GetString(encryptedBytes);
private byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("IV");
byte[] encrypted;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
aesAlg.Padding = PaddingMode.PKCS7;
aesAlg.Mode = CipherMode.ECB;
// Create an encryptor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor();
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
// Return the encrypted bytes from the memory stream.
return encrypted;
}
This code gets a "401" from the external service.
My first issue is that there does not seem to be a NET method named SHA2. The closest I could find is SHA512 and I am not sure if SHA512 is a .NET implementation of SHA2.
Secondly, padding for AES has been specified as PKCS5Padding but again the closest (naming-wise) I could find is PKCS7 which I am not sure about how similar it is to PKCS5.
There is also the matter of an Initialisation Vector (IV), which the AES parameters don't specify but I see C# AES examples including. In the code, I have set it to have the same value as the Key (which I believe
is what the API calls "secret key") out of sheer desperation but I have tried making the request without setting IV to any value and still get back a 401.
I should probably also mention that I am using ASCII encoding to convert to-and-from bytes because I first tried using UTF8 but when it came to actually making the HTTP request, I was getting an exception
saying that header values (remember we are generating an authorisation key that will be tucked in a HTTP request header) should only be encoded in ASCII.
Any help pointing me in the right direction will be immensely appreciated as I am woefully out of my depth with this cryptography stuff.
Don't worry, crypto can feel overwhelmingly complicated. I think you're close.
SHA2 is a family of hash functions. In practice, "SHA2" usually means SHA2-256 or occasionally SHA2-512. My guess is that your external API is probably using the more common SHA2-256.
This answer on crypto.stackexchange explains that PKCS#5 is essentially a subset of PKCS#7. I'd be willing to bet that the API you're calling made the same mistake described in that answer and should really be calling it PKCS7Padding. Your code is fine!
The IV isn't the same thing as the secret key (or just the "key" for AES). The IV should be random for every encryption run. You aren't supposed to derive it from the input plaintext or the input key. Fortunately, AesCryptoServiceProvider.GenerateIV() will generate one for you. It's up to you to prepend it to your output stream, though.
Using Encoding.ASCII.GetBytes() to get the plaintext and secret key bytes makes sense to me. I don't think that's causing a problem.
Stealing from this excellent answer to a similar question (go give them a vote!), I'd try code like this:
static byte[] AesEncrypt(byte[] data, byte[] key)
{
if (data == null || data.Length <= 0)
{
throw new ArgumentNullException($"{nameof(data)} cannot be empty");
}
if (key == null || key.Length != AesKeySize)
{
throw new ArgumentException($"{nameof(key)} must be length of {AesKeySize}");
}
using (var aes = new AesCryptoServiceProvider
{
Key = key,
Mode = CipherMode.CBC,
Padding = PaddingMode.PKCS7
})
{
aes.GenerateIV();
var iv = aes.IV;
using (var encrypter = aes.CreateEncryptor(aes.Key, iv))
using (var cipherStream = new MemoryStream())
{
using (var tCryptoStream = new CryptoStream(cipherStream, encrypter, CryptoStreamMode.Write))
using (var tBinaryWriter = new BinaryWriter(tCryptoStream))
{
// prepend IV to data
cipherStream.Write(iv);
tBinaryWriter.Write(data);
tCryptoStream.FlushFinalBlock();
}
var cipherBytes = cipherStream.ToArray();
return cipherBytes;
}
}
}
Unless there's something else weird going on with this API, I'd guess it's probably #3 above that is causing your request to fail.
I finally managed to get it to work.
A big part of the problem was that API documentation did not specify that hashedString has to
be composed of hexadecimal characters.
It also didn't say that authKey should be a base64 string.
I don't know if this is so standard that it goes without saying but knowing this could have
saved me hours of agony. I was converting the hashed/encrypted bytes back to ASCII
and much of it was unprintable characters that were causing the server to send back
a HTTP response with status 400 BAD_REQUEST.
It also required hashedString to be hashed using SHA256 but the documentation does not mention it.
Thanks to #Nate Barbettini's answer for steering me in the right direction on this.
Also, it appears that AES ECB mode does not require an initialisation vector unlike other
modes like CBC so I didn't specify an IV.
For padding I specified PKCS7 (again thanks to #Nate Barbettini for that).
With that here's the code that finally worked out for me.
string hashedFields = ComputeSha256HashHex(authToken + password + devId);
string encryptedString = AesEncryptToBase64String(saltString + orgId + "=" + hashedFields, secretKey);
private string AesEncryptToBase64String(string plainText, string key)
{
// Convert string arguments into byte arrays
byte[] keyBytes = Encoding.ASCII.GetBytes(key);
byte[] plainTextBytes = Encoding.ASCII.GetBytes(plainText);
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (key == null || key.Length <= 0)
throw new ArgumentNullException("key");
byte[] encrypted;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create())
{
aesAlg.Key = keyBytes;
aesAlg.Padding = PaddingMode.PKCS7;
aesAlg.Mode = CipherMode.ECB;
// Create an encryptor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor();
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
// Return encrypted bytes as Base 64 string
return Convert.ToBase64String(encrypted);
}
private string ComputeSha256HashHex(string plainText)
{
using (SHA256 sha256Hash = SHA256.Create())
{
// ComputeHash - returns byte array
byte[] bytes = sha256Hash.ComputeHash(Encoding.UTF8.GetBytes(plainText));
// Convert byte array to a string
return BytesToHexString(bytes);
}
}
private string BytesToHexString(byte[] bytes)
{
// Convert byte array to a string
StringBuilder builder = new StringBuilder();
for (int i = 0; i < bytes.Length; i++)
{
builder.Append(bytes[i].ToString("x2"));
}
return builder.ToString();
}
I've been given the task of decrypting some data in C# that was originally encrypted using PHP. Below is the PHP code
$opts = OPENSSL_RAW_DATA;
$res = openssl_decrypt($raw, 'aes-256-ctr', $keyhash, $opts, base64_decode($iv));
$raw is a byte array with a length of 312, $keyhash is 32 bytes and $iv is 16 bytes.
My problem is when I duplicate this code in C# I receive the following CryptographicException -
The input data is not a complete block.
Not being a crypto guy, I've tried many, many C# examples to try to get this to work, but pretty much always end up with the same error. This is one sample of the C# code I've tried.
static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV)
{
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("IV");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an AesManaged object
// with the specified key and IV.
using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
aesAlg.Padding = PaddingMode.PKCS7;
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
I've implemented the code in PHP and it works fine. I've also checked all the input byte arrays and they all exactly the same for both PHP and C#. In desperation I even implemented this in Java and again it works no problem.
SecretKeySpec keySpec = new SecretKeySpec(keyHash, "AES");
IvParameterSpec ivSpec = new IvParameterSpec(iv);
Cipher cipher = Cipher.getInstance("AES/CTR/PKCS5PADDING");
cipher.init(Cipher.DECRYPT_MODE, keySpec, ivSpec);
byte [] original = cipher.doFinal(encData);
String plaintext = new String(original);
So what's up with the C# code and how can I make it work?
Thanks in advance.
OK. This is a duplicate question which has already been answered. I just missed the easy answer, which is here - Aes128CounterMode.cs. And this code will generate the correct result -
byte[] plainText = new byte[encData.Length];
Aes128CounterMode am = new Aes128CounterMode(iv);
ICryptoTransform ict = am.CreateEncryptor(keyHash, null);
ict.TransformBlock(encData, 0, encData.Length, plainText, 0);
return Encoding.UTF8.GetString(plainText);
I am trying to encrypt my data using the AES algorith.I got the functions from the MSDN site encryption decryption. What i am doing is i'm encrypting the data and storing it as a string using the following method
byte[] encrypted = EncryptStringToBytes_Aes(response, myAes.Key, myAes.IV);
string saveresponse = Convert.ToBase64String(encrypted);
and then i save it in IsolatedStorageSettings
settings.Add(merchantId, saveresponse);
But the problem i am facing is when the user comes after sometime and hits my page i check first in the IsolatedStorageSettings object if the data is present i pass that data to decrypt and process further.The step i use to decrypt is as follows
byte[] temp = Convert.FromBase64String(response);
response = DecryptStringFromBytes_Aes(temp, myAes.Key, myAes.IV);
But the above line gives me error "Value can not be null.
Parameter name: inputBuffer"
I am unable to find where i am going wrong.Can u guys please let me know what steps should be taken to make it up and running.
Here is the Encryption Code
static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
byte[] encrypted;
// Create an AesManaged object
// with the specified key and IV.
using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
return encrypted;
}
and here is the decryption code
static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV)
{
try
{
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an AesManaged object
// with the specified key and IV.
using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
catch (Exception ex) {
return "Error";
}
}
and on button1 click i call the encryption method
using (AesManaged myAes = new AesManaged())
{
byte[] encrypted = EncryptStringToBytes_Aes(response, myAes.Key, myAes.IV);
string saveresponse = Convert.ToBase64String(encrypted);
}
and on button 2 i call decryption method
using (AesManaged myAes = new AesManaged())
{
byte[] temp= Convert.FromBase64String(response)
response = DecryptStringFromBytes_Aes(temp, myAes.Key, myAes.IV);
}
The problem was the using (AesManaged myAes = new AesManaged()){} block what it does it generates the new key and IV for encryption and decryption.So while decryption the key and IV doesnt match hence the error generates.Just remove the using block and declare the Aesmanaged myAes object at global level and the problem is solved. So the final code would look like
AesManaged myAes = new AesManaged();
On button one click to encrypt;
byte[] encrypted = EncryptStringToBytes_Aes(response, myAes.Key, myAes.IV);
string saveresponse = Convert.ToBase64String(encrypted);
and button2 click to decrypt
byte[] temp = Convert.FromBase64String(response);
response = DecryptStringFromBytes_Aes(temp, myAes.Key, myAes.IV);
Thats it, happpy coding.
I have used this example as a base, to read and write an encrypted cookie. Problem is that the decrypted string that gets returned contains invalid characters. i.e. the cookie value is
'MyValue'
and what gets returned is
Z!������3z�^��
This is the code I use:
protected void Button1_Click(object sender, EventArgs e)
{
HttpCookie myCookie = new HttpCookie("MyCookie");
string valString = "MyValue";
string keyAsString = "BJF8hXsXce7dhCWjGICNrnq1Gc8mWyMlODbiYvXTXCo=";
byte[] myKey = Convert.FromBase64String(keyAsString);
// Create a new instance of the AesManaged
// class. This generates a new key and initialization
// vector (IV).
using (AesManaged myAes = new AesManaged())
{
//Set default values as padding mode and ciphermode not supported in Silverlight
byte[] encrypted = EncryptStringToBytes_Aes(valString, myKey, myAes.IV);
myCookie.Value = Convert.ToBase64String(encrypted, 0, (int)encrypted.Length);
string roundtrip = DecryptStringFromBytes_Aes(Convert.FromBase64String(myCookie.Value), myAes.Key, myAes.IV);
}
//
myCookie.Expires = DateTime.Now.AddDays(1d);
Response.Cookies.Add(myCookie);
}
And the encryption/decryption functions are:
static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key, byte[] IV)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
byte[] encrypted;
// Create an AesManaged object
// with the specified key and IV.
using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
aesAlg.Mode = CipherMode.ECB;
// Create a decryptor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
// Return the encrypted bytes from the memory stream.
return encrypted;
}
static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV)
{
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an AesManaged object
// with the specified key and IV.
using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
aesAlg.Padding = PaddingMode.None;
aesAlg.Mode = CipherMode.ECB;
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
Looks like some sort of encoding issue. At first I thought the problem was reading the cookie value itself. But even if I try to decrypt the value just encrypted i.e.
string roundtrip = DecryptStringFromBytes_Aes(encrypted, myAes.Key,
myAes.IV);
I still get the same issue.
Not sure if this will help but the main goal is to just READ the cookie. Initially, the cookie will get created from a 3rd party PHP app using a shared key (hence I used the ECB CipherMode). This code is just a sample to make sure that I can read encrypted cookies.