0

I have problem when I transform a byte[] to a string.
I have used these ways so far:

  • System.Text.Encoding.UTF8.GetString(byteArray);

  • System.Text.Encoding.UTF8.GetString(byteArray);

I use Rijndael in order to encrypt some parameters to send them in an API and I follow this Microsoft-Documentation.

When I encrypt and decrypt as the documentation says everything works fine.
In the documentation there is no need for conversion byte[] to a string.

But in order to send it to the API I have to put them in an XML file. As a result I have to convert the encrypted byte[] to a string in order to send it. So when I send it in this ways I have Bad Credentials error, it is not acceptable. So I think that something is wrong with conversion.

When I make some tests with AES-site I have a nice string result. Like this:

For example:
The text : text is encrypted to something like this CfsfFYz5u+3psJy8RWV+HA==

This is exactly the expected format , like above (CfsfFYz5u+3psJy8RWV+HA==).

LopDev
  • 823
  • 10
  • 26
  • 2
    Encryption algorithm produce bytes, not strings. Strings are used when those bytes need to be sent in text form, eg as a HEX string or Base64. What you posted is Base64 – Panagiotis Kanavos Jul 02 '20 at 14:11
  • 1
    Rijndael algorithm and AES know nothing about strings. Better read your API's documentation. – Gusman Jul 02 '20 at 14:13
  • 2
    You can use [Convert.ToBase64String()](https://learn.microsoft.com/en-us/dotnet/api/system.convert.tobase64string?view=netcore-3.1) to convert a byte array to a Base64 string – Panagiotis Kanavos Jul 02 '20 at 14:13
  • @PanagiotisKanavos , in the documentation when it decrypt , the result is the initial a string – LopDev Jul 02 '20 at 14:14
  • 1
    This doesn't explain anything. What you posted looks like a Base64-encoded string. This has nothing to do with encryption, it's a common way to encode binary data as text. Use [Convert.ToBase64String()](https://learn.microsoft.com/en-us/dotnet/api/system.convert.tobase64string?view=netcore-3.1) to convert the byte array to a Base64 string – Panagiotis Kanavos Jul 02 '20 at 14:15
  • 2
    BTW the calculator page you link to clearly describes this as a Base64 string. That's not any official AES site, just a calculator someone created – Panagiotis Kanavos Jul 02 '20 at 14:16
  • 1
    The GetString methods of the various Encodings try and get a valid string from the supplied byte array. They may ignore or replace invalid bytes. Base64 on the other hand encodes the bytes as a (ASCII compliant) string, 3 bytes in 4 characters – Hans Kesting Jul 02 '20 at 15:04
  • 1
    Remember: converting binary to string: encoding. Converting text to binary: character encoding. What you are doing with `GetString` is to **character-decode** binary to text. That only makes sense if you'd have first encoded it using the reverse character-encoding algorithm. With base 64 you would **encode** any binary to text, so that you can decode it later. – Maarten Bodewes Jul 02 '20 at 18:36
  • @MaartenBodewes , I did this with Base64 string , it has the format that I want , but I still get the error from the API that the username and the password is wrong. – LopDev Jul 03 '20 at 09:29
  • @PanagiotisKanavos , I did this with Base64 string , it has the format that I want , but I still get the error from the API that the username and the password is wrong. – LopDev Jul 03 '20 at 09:29
  • What API, what password? You only posted a link to an AES calculator. What is your actual question? What API are you calling, what are its authentication requirements? If you call a SOAP web service why are you calculating anything by hand? There are well-defined standards for this like WS-Security that are supported by libraries like WCF – Panagiotis Kanavos Jul 03 '20 at 09:37
  • @PanagiotisKanavos, I refer to an API in which I have to encrypt the parameters using Rijndael ,in order to send them and I have to authenticate using Oauth 2.0 , could you please help me? , I would like to add that in the API Documentation it has samples in which the encrypted parameters have this format - CfsfFYz5u+3psJy8RWV+HA== , if you can help me I would appreciate it , thank you in advance – LopDev Jul 03 '20 at 09:58
  • @PanagiotisKanavos ,this is why I am confused . – LopDev Jul 03 '20 at 09:58
  • @PanagiotisKanavos , the only thing that API Documentation says about encryption, is that the encryption method should be the Rijndael algorithm and the format of the key , nothing else. Is it right that I follow the Microsoft Documentation (https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rijndaelmanaged?view=netcore-3.1) which is convert the parameters into byte[]? Do I have to do something else because the encrypted parameters , that I send to the API after the encryption method that Microsoft shows , are not recognizable as valid. – LopDev Jul 03 '20 at 11:27
  • @MaartenBodewes , as I can see you know things well , so if you can help also I would appreciate it , I tag PanagiothsKanavos because I can only tag one , I would like help from also from you if you know something about this , thank you in advance – LopDev Jul 03 '20 at 11:30
  • Please do **not** ask persons on SE for specific help. That's not what the site is for. You've posted an earlier question I think with at least some code. If you have related questions then please link to them. And if a question has been answered, then don't ask followup questions in the comments. Finally, we don't have your code, know the protocol or see the error, so our ability to help is limited even if it was on topic. – Maarten Bodewes Jul 03 '20 at 12:24
  • @LopDev what isn't valid? Who doesn't recognise what? What is your code, what are you calling? If .NET's encryption didn't work, *thousands* of developers would notice. .NET is used by almost all corporations for the very enterprise applications that require encryption, for 18 years now. Your initial question confused the BASE64 format for encrypted text. Perhaps there are other problems with the code too – Panagiotis Kanavos Jul 07 '20 at 06:59
  • @LopDev update the question with the *actual* code, service you call, and actual error message. A link to the docs of the service you use would help too - perhaps they need some extra information that's missing? Without those, you're asking people to just guess – Panagiotis Kanavos Jul 07 '20 at 07:00

0 Answers0