2

I am using exactly same class for Encrypting/Decrypting the string in two project , one project is targeting .NET Framework 4.8 and second .NET 5 . I have faced pretty strange thing with RijndaelManaged Algorithm , on .NET Framework application it works perfectly fine but on .NET 5 it throws "Specified key is not a valid size for this algorithm" error.

First question I have is why error doesn't occurs in .NET Framework app (I know that versions of System.Security.Cryptography dll is different for projects) , the key I am using is 12 bytes . As I have researched RijndaelManaged key accepts only 16/24/32 byte in .NET Framework and only 16 byte in .NET Core , as written in Remarks here - https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rijndaelmanaged?view=net-5.0

this.key = Convert.FromBase64String(Convert.ToBase64String(Encoding.UTF8.GetBytes("qwertyuiopas")))

This is how I get byte array for key , and it's 12 byte long.

How can I make this encryption work in .NET Core/5 application ?

Would appreciate any ideas , Thanks in advance !

Note : I can't change anything in .NET Framework app , I am working on .Net 5 project and I need to get valid encrypted string which then will get decrypted in .NET Framework application .

JmukhadzeT
  • 99
  • 1
  • 9
  • `Convert.FromBase64String(Convert.ToBase64String(Encoding.UTF8.GetBytes("qwertyuiopas")))` - question: why do you get the bytes that represent the UTF8-encoded string, convert it TO base64, and then convert it back to a byte array? Isn't `someData = Convert.FromBase64String(Convert.ToBase64String(someData));` effectively a no-op? – ProgrammingLlama Sep 24 '21 at 07:48
  • If your .NET Framework code currently works, perhaps the defaults for KeySize and BlockSize are different between .NET Framework and .NET 5. (Random shot in the dark here) – ProgrammingLlama Sep 24 '21 at 07:50
  • 1
    Some code that the audience at home can compile to reproduce (and diagnose) the problem would help. Textual descriptions of a problem don't always accurately convey the issue. – Jeroen Mostert Sep 24 '21 at 07:52
  • 1
    I've checked and this key doesn't work in .NET 4.8 either, with the same exception (as it should). – Evk Sep 24 '21 at 08:01
  • @Llama That's how it's written in .NET Framework project and I don't have access to change it . Convert.ToBase64String function needs byte array as an argument . – JmukhadzeT Sep 24 '21 at 08:04
  • @Evk `ICryptoTransform encryptor = this.rm.CreateEncryptor(this.key, vector);` this is where I get error in .NET 5 project but not in .NET Framework , this.key is the byte array got from `this.key = Convert.FromBase64String(Convert.ToBase64String(Encoding.UTF8.GetBytes("qwertyuiopas")))` and vector is 16 byte array filled with random values – JmukhadzeT Sep 24 '21 at 08:07
  • 1
    Ah, CreateEncryptor... Then take a look at this answer: https://stackoverflow.com/a/47442885/5311735 – Evk Sep 24 '21 at 08:13
  • 1
    Basically your NET 4.8 application has a bug and uses invalid key, so not really encrypting \ decrypting with Rijndael, and .NET in turn had a bug which allowed you to do that. The only way to fix this is to fix .NET 4.8 application. – Evk Sep 24 '21 at 08:15
  • @Evk Yeah that's exactly what I thought , Thanks for the help . – JmukhadzeT Sep 24 '21 at 08:18

1 Answers1

0

If you want your key to be of a fixed byte size, create it as that, and then convert it to base 64 for ease of storage.

You can do it in a separate console app if you want. Something like:

var rng = new RNGCryptoServiceProvider();

var key = new byte[16];
rng.GetNonZeroBytes(key);

var base64Key = Convert.ToBase64String(key);

return base64Key;
ste-fu
  • 6,879
  • 3
  • 27
  • 46