0

I am facing the AES padding issue. i am using the codes suggested in (generate a 128-bit string in C#) by Alcides Soares FIlho. Please note that my encryption side code is ...

private string Encrypt(string clearText)
         {

             string EncryptionKey = "I love chocolate";
             byte[] clearBytes = 
System.Text.Encoding.Unicode.GetBytes(clearText);
             using (Aes encryptor = Aes.Create())
             {

                 Rfc2898DeriveBytes pdb = new 
Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 
0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
                 encryptor.Key = pdb.GetBytes(32);
                 encryptor.IV = pdb.GetBytes(16);
                 using (MemoryStream ms = new MemoryStream())
                 {
                     using (CryptoStream cs = new CryptoStream(ms, 
encryptor.CreateEncryptor(), CryptoStreamMode.Write))
                     {
                         cs.Write(clearBytes, 0, clearBytes.Length);
                         cs.Close();
                     }
                     clearText = Convert.ToBase64String(ms.ToArray());
                 }
             }
             return clearText;
         }

Also, the value I am passing to cleartext is " Z4YAZZSQ 001F295E2589AWAN HANS". The encryption is happening. But decryption is failing.

decryption side code 

private string Decrypt(string cipherText)
    {
        string EncryptionKey = "I love chocolate";
        byte[] cipherBytes = Convert.FromBase64String(cipherText);
        using (Aes encryptor = Aes.Create())
        {

            Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, 
new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 
0x64, 0x65, 0x76 });
            encryptor.Key = pdb.GetBytes(32);
            encryptor.IV = pdb.GetBytes(16);
            using (MemoryStream ms = new MemoryStream())
            {
                using (CryptoStream cs = new CryptoStream(ms, 
encryptor.CreateDecryptor(), CryptoStreamMode.Write))
                {
                    cs.Write(cipherBytes, 0, cipherBytes.Length);
                    cs.Close();
                }
                cipherText = 
System.Text.Encoding.Unicode.GetString(ms.ToArray());
            }
        }
        return cipherText;
    }

I should be able to get back " Z4YAZZSQ 001F295E2589AWAN HANS"

but the following error is coming " padding is invalid and cannot be removed " Please suggest the solution.

zaph
  • 111,848
  • 21
  • 189
  • 228
user2786699
  • 11
  • 3
  • 1
    More than likely you are **not** facing the AES padding issue but rather failed decryption due to improper arguments, encodings and/or data. If the decryption fails the odds are the padding is also invalid. To verify the padding decrypt specifying no padding and then check the last 16 bytes (in hex). Debug, verify that the inputs are correct, that the encodings are correct, etc. Simplify by using a static key and VI for debugging elimination the key derivation, etc. remove as much code as possible to get a ,mimcl version of encryption/decryption working. Then add back the pieces one at a time. – zaph Feb 07 '18 at 15:25
  • Your code works fine (ignoring various security issues like hardcoded key, IV derived from key, etc.) You must therefore be doing something with the ciphertext that is corrupting it between encrypting and decrypting. – Iridium Feb 08 '18 at 09:03
  • Thank you all for the suggestion. Apparently using cs.FlushFinalBlock() after cs.write() resolved the issue. I still don't know how. But it worked. Also, @Iridium: As you have indicated there are some security issues, can you please provide some guidance for general industry practices. – user2786699 Feb 09 '18 at 05:20

1 Answers1

0

Whenever you are using padding there needs to be a final call to let the code know it is time to add the padding. That is why you need to call FlushFinalBlock.

zaph
  • 111,848
  • 21
  • 189
  • 228