C# Rijndael Encryption not accepting any Key except "mykey123"

Question

I found this script on http://www.codeproject.com/Articles/26085/File-Encryption-and-Decryption-in-C. It works fine when I use the static key // string password = @"myKey1234"; // Your Key Here. when I pass in a different key, it doesn't work string password = @keyPwd;. You can see in my code I'm passing key to function it is not working.

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;


namespace CSVEncrypts
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        string inputFile = "";
        string outputFilePath = "";
        string oFilePathName = "";

// EncryptFile
        private void EncryptFile(string inputFile, string outputFile,string keyPwd )
        {
            try
            {
               // string password = @"myKey123"; // Your Key Here
                string password = @keyPwd; 
                UnicodeEncoding UE = new UnicodeEncoding();
                byte[] key = UE.GetBytes(password);
                string cryptFile = outputFile;
                FileStream fsCrypt = new FileStream(cryptFile, FileMode.Create);
                RijndaelManaged RMCrypto = new RijndaelManaged();

                CryptoStream cs = new CryptoStream(fsCrypt,RMCrypto.CreateEncryptor(key, key),CryptoStreamMode.Write);
                FileStream fsIn = new FileStream(inputFile, FileMode.Open);
                int data;
                while ((data = fsIn.ReadByte()) != -1)
                    cs.WriteByte((byte)data);
                fsIn.Close();
                cs.Close();
                fsCrypt.Close();
            }
            catch
            {
                MessageBox.Show("Encryption failed!", "Error");
            }
        }


// Decrypt
        private void DecryptFile(string inputFile, string outputFile, string keyPwd)
        {
            {
                //string password = @"myKey123"; // Your Key Here
                string password = @keyPwd; // Your Key Here
                UnicodeEncoding UE = new UnicodeEncoding();
                byte[] key = UE.GetBytes(password);
                FileStream fsCrypt = new FileStream(inputFile, FileMode.Open);
                RijndaelManaged RMCrypto = new RijndaelManaged();
                CryptoStream cs = new CryptoStream(fsCrypt,
                RMCrypto.CreateDecryptor(key, key),CryptoStreamMode.Read);

                FileStream fsOut = new FileStream(outputFile, FileMode.Create);
                int data;
                while ((data = cs.ReadByte()) != -1)
                fsOut.WriteByte((byte)data);
                fsOut.Close();
                cs.Close();
                fsCrypt.Close();
            }

        }

        private void button1_Click(object sender, EventArgs e)
        {

           if (inputFile != "")
            {
                oFilePathName = outputFilePath + "\\" + textBox1.Text;
                EncryptFile(inputFile, oFilePathName,keytextBox.Text);
            }
        }



        private void button2_Click(object sender, EventArgs e)
        {

            if (inputFile != "") ;
            {
                oFilePathName = outputFilePath + "\\" + textBox1.Text;
              DecryptFile(inputFile, oFilePathName, keytextBox.Text);
            }
        }



        private void button3_Click(object sender, EventArgs e)
        {
            OpenFileDialog InputOpenFileDialog1 = new OpenFileDialog();
            if (InputOpenFileDialog1.ShowDialog() == System.Windows.Forms.DialogResult.OK)
            {
                string strInfilename = InputOpenFileDialog1.FileName;
                button3.Text = strInfilename;
                inputFile = strInfilename;
                outputFilePath = Path.GetDirectoryName(inputFile);
            }
        }


    }

}

Answer 1

A key should only contain bits that are indistinguishable from random. An password encoded to bytes is not a key. Especially when using Unicode encoding (which should have been named UTF16LE) many of the bits are set to zero. That means that the "key" doesn't contain enough entropy as well.

To create a key from a password you should derive it using a Password Based Key Derivation Function (PBKDF). Probably the best way to do this in the current .NET Crypto API is to use the class Rfc2898DeriveBytes which implements PBKDF2. PBKDF2 is defined in RFC 2898: PKCS #5: Password-Based Cryptography Specification V2.0. You may want to read that if you want to do, well, password based encryption.

Answer 2

By Rijndael I assume you really mean AES (Advanced Encryption Standard), AES is a subset of Rijndael with a block size of 128-bits, that is what you need.

AES keys are 128, 192 or 256 bits, it is best not to use a string, if you have a string first run it through a key derivation function such as PBKDF2. Keys really should be a byte array, not a character string. Make the keys the exactly correct size, this is probably your problem.

CreateDecryptor takes two arguments, the key and the iv, don't also use the key for the iv, the iv is considered public.

It is not clear from the code, you will need to consult the documentation to see if the default mode is CBC and that PKCS#7 (PKCS#5 padding is used interchangeably) padding is enabled.

If you want a secure encryption "out of the box: use RNCryptor, there is a C# version. you will also get multi-language/platform interoperability.

Getting encryption security correct is not easy and it is easy to make a mistake that ruins the security.