I am newbie in Cryptography.
Edited: It seems that I was wrong with using the right Encrypt/Decrypt algorithm so I change my question to:
How to convert these lines of codes to WinRT ?
The code is based on the code at http://msdn.microsoft.com/en-us/library/system.security.cryptography.aesmanaged.aspx
I need to do the same in WinRT:
Update:
There is a Cryptography and Certificate sample for WinRT (Windows 8.1) that solved my problem.
Please check: http://code.msdn.microsoft.com/windowsapps/Cryptography-and-3305467b
public static byte[] Encrypt(string plainText)
{
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
byte[] encrypted;
using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
return encrypted;
}
And
public static string Decrypt(byte[] cipherText)
{
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
string plaintext = null;
using (AesManaged aesAlg = new AesManaged())
{
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream // and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
Yes it is possible, but you should use the same:
character encoding of the plaintext, such as UTF-8
mode of operation
padding algorithm
(optional) string encoding of the ciphertext, such as base64 encoding or the easier to debug hexadecimal encoding
And of course the correct cipher (AES instead of Rijndael),symmetric key size and value and IV. Make sure you check each of the IO to these functions separately. Do not rely on defaults, set each value explicitly.
Note that using ECB mode is insecure. Currently you are probably mixing CBC and ECB mode, which won't work. For secure communications you should use authenticated encryption or a MAC (using a second key).
Related
I am facing strange issue with AES encryption and getting error while decryption.
Error while decrypt:
padding is invalid and cannot be removed
Encrypt Method:
private static string Encrypt(string plainText, byte[] key)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (key == null || key.Length <= 0)
throw new ArgumentNullException("Key");
byte[] encrypted;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create())
{
Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes("SharedPassword", key);
aesAlg.Key = deriveBytes.GetBytes(aesAlg.KeySize/8);
//aesAlg.IV = iv;
aesAlg.GenerateIV();
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
// Return the encrypted bytes from the memory stream.
return Convert.ToBase64String(encrypted);
}
Decrypt Method:
private static string Decrypt(string token, byte[] key)
{
byte[] cipherText = Convert.FromBase64String(token);
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (key == null || key.Length <= 0)
throw new ArgumentNullException("Key");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create())
{
Rfc2898DeriveBytes deriveBytes = new Rfc2898DeriveBytes("SharedPassword", key);
aesAlg.Key = deriveBytes.GetBytes(aesAlg.KeySize / 8);
aesAlg.GenerateIV();
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd(); // Error here
}
}
}
}
return plaintext;
}
I have tried many work around as mention below but none of them works.
AES decrypt fails with "Padding is invalid and cannot be removed"
C#: AES error: Padding is invalid and cannot be removed. Same key and everything, help
I don't get what is issue with code.
I'm trying to get two services to talk but I need to encrypt the message sent between them. It's early days so I'm hard coding the key, but here is what I have so far.
In c#
byte[] key = Convert.FromBase64String("QM3M8+Zbw5VYa70xtftksHHqM1UGmhOBjqOP82UtuAA=");
byte[] hexiv = Convert.FromBase64String("wRt00heBiu86mWSfuHmSag==");
using (RijndaelManaged myRijndael = new RijndaelManaged())
{
byte[] encrypted = EncryptStringToBytes(name, myRijndael.Key, myRijndael.IV);
string enc = Convert.ToBase64String(encrypted);
}
.....
static byte[] EncryptStringToBytes(string plainText, byte[] Key, byte[] IV)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
byte[] encrypted;
// Create an RijndaelManaged object
// with the specified key and IV.
using (RijndaelManaged rijAlg = new RijndaelManaged())
{
rijAlg.Key = Key;
rijAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = rijAlg.CreateEncryptor(rijAlg.Key, rijAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
This outputs my message as +CPJqIL6RhIHc5+u2Nvonw==
Then in PHP, I have the following:
$key = "Zbw5VYa70xtftksHHqM1UGmhOBjqOP82UtuAA=";
$hexiv = "wRt00heBiu86mWSfuHmSag==";
$string = base64_decode("+CPJqIL6RhIHc5+u2Nvonw==");
$cipher_alg = MCRYPT_RIJNDAEL_256;
$decrypted_string = mcrypt_decrypt($cipher_alg, $key, $string , MCRYPT_MODE_CBC, $hexiv);
echo $decrypted_string."<BR>";
But this is giving me Qˆ–⤻?/P¸Üu:·ey+–Uñ :,yL±�M
Hopefully the answer is fairly obvious but I can't see it.
You fell for the mcrypt trap.
MCRYPT_RIJNDAEL_256 isn't AES-256, it's the 256-bit block size variant of Rijndael. AES is always a 128-bit block size even with 256-bit keys.
Look into libsodium instead. There are bindings for .NET and PHP. If you upgrade to PHP 7.2 or higher, you should have it installed already.
The following string contains 20 bytes (160 bits). Do I have to make my keys and initialization vectors 128,192, or 256 or is there something I can do to make it 256 and keep the same key:
byte[] bbb = Encoding.ASCII.GetBytes("abcdefghijklmnopqrst");
// Define other methods and classes here
static string EncryptStringToBytes(string plainText, string Key, string IV)
{
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
string encrypted;
// Create an RijndaelManaged object
// with the specified key and IV.
using (RijndaelManaged rijAlg = new RijndaelManaged())
{
rijAlg.Mode = CipherMode.CBC;
rijAlg.BlockSize = 256;
rijAlg.KeySize = 256;
rijAlg.Key = Encoding.ASCII.GetBytes(Key);
rijAlg.IV = Encoding.ASCII.GetBytes(IV);
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = rijAlg.CreateEncryptor(rijAlg.Key, rijAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = Convert.ToBase64String(msEncrypt.ToArray());
}
}
}
// Return the encrypted bytes from the memory stream.
return encrypted;
}
static string DecryptStringFromBytes(string cipherText,string Key, string IV)
{
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an RijndaelManaged object
// with the specified key and IV.
using (RijndaelManaged rijAlg = new RijndaelManaged())
{
rijAlg.Mode = CipherMode.CBC;
rijAlg.BlockSize = 256;
rijAlg.KeySize = 256;
rijAlg.Key = Encoding.ASCII.GetBytes(Key);
rijAlg.IV = Encoding.ASCII.GetBytes(IV);
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, rijAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(Convert.FromBase64String(cipherText)))
{
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
{
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
It depends on which implementation of System.Security.Cryptography.SymmetricAlgorithm you're using. The legal key and block sizes are dependent upon the algorith. You can check the LegalKeySizes and LegalBlockSizes property to check what sizes are supported by your particular algorithm. You can also use the ValidKeySize() method to check if a particular key size is valid for your algorithm.
IIRC, the IV needs to be sized the same size as the block size in use.
Also, normally, you'd gen up an instance of your particular algorithm and let it create a random key and IV, which you can then save for later use.
I am trying to decode an AES cipher in C#. If I use the same AES object as when I encode them, everything is fine. But as soon as I create a different instance of AES, it does not work:
string original = "username,password,companyID";
byte[] encrypted;
using (Aes myAes1 = Aes.Create()) {
encrypted = EncryptStringToBytes_Aes(original, GetBytes("password"), myAes1.IV);
//test1
string test1 = DecryptStringFromBytes_Aes(encrypted, GetBytes("password"), myAes1.IV);
}
using (Aes myAes2 = Aes.Create()) {
//test2
string test2 = DecryptStringFromBytes_Aes(encrypted, GetBytes("password"), myAes2.IV);
}
So in this code, test1 uses myAes1 and it works out fine because the encryption also used myAes1. However test2 uses myAes2 and it doesn't work, here is the output:
test1 = username,password,companyID
test2 = t0�V�e]��Ԅ��yd,companyID
what am I doing wrong?
Here are the supporting functions, which I copied from online:
static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key,byte[] IV) {
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
byte[] encrypted;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create()) {
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream()) {
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)) {
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt)) {
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
// Return the encrypted bytes from the memory stream.
return encrypted;
}
static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV) {
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create()) {
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText)) {
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) {
using (StreamReader srDecrypt = new StreamReader(csDecrypt)) {
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
static byte[] GetBytes(string str) {
byte[] bytes = new byte[str.Length * sizeof(char)];
System.Buffer.BlockCopy(str.ToCharArray(), 0, bytes, 0, bytes.Length);
return bytes;
}
If you don't specify an IV, then one is randomly generated. You are using 2 different IV values when decrypting, which is why you are seeing different results.
I am trying to decode an AES cipher in C#. If I use the same AES object as when I encode them, everything is fine. But as soon as I create a different instance of AES, it does not work:
string original = "username,password,companyID";
byte[] encrypted;
using (Aes myAes1 = Aes.Create()) {
encrypted = EncryptStringToBytes_Aes(original, GetBytes("password"), myAes1.IV);
//test1
string test1 = DecryptStringFromBytes_Aes(encrypted, GetBytes("password"), myAes1.IV);
}
using (Aes myAes2 = Aes.Create()) {
//test2
string test2 = DecryptStringFromBytes_Aes(encrypted, GetBytes("password"), myAes2.IV);
}
So in this code, test1 uses myAes1 and it works out fine because the encryption also used myAes1. However test2 uses myAes2 and it doesn't work, here is the output:
test1 = username,password,companyID
test2 = t0�V�e]��Ԅ��yd,companyID
what am I doing wrong?
Here are the supporting functions, which I copied from online:
static byte[] EncryptStringToBytes_Aes(string plainText, byte[] Key,byte[] IV) {
// Check arguments.
if (plainText == null || plainText.Length <= 0)
throw new ArgumentNullException("plainText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
byte[] encrypted;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create()) {
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream()) {
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write)) {
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt)) {
//Write all data to the stream.
swEncrypt.Write(plainText);
}
encrypted = msEncrypt.ToArray();
}
}
}
// Return the encrypted bytes from the memory stream.
return encrypted;
}
static string DecryptStringFromBytes_Aes(byte[] cipherText, byte[] Key, byte[] IV) {
// Check arguments.
if (cipherText == null || cipherText.Length <= 0)
throw new ArgumentNullException("cipherText");
if (Key == null || Key.Length <= 0)
throw new ArgumentNullException("Key");
if (IV == null || IV.Length <= 0)
throw new ArgumentNullException("Key");
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
// Create an Aes object
// with the specified key and IV.
using (Aes aesAlg = Aes.Create()) {
aesAlg.Key = Key;
aesAlg.IV = IV;
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for decryption.
using (MemoryStream msDecrypt = new MemoryStream(cipherText)) {
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read)) {
using (StreamReader srDecrypt = new StreamReader(csDecrypt)) {
plaintext = srDecrypt.ReadToEnd();
}
}
}
}
return plaintext;
}
static byte[] GetBytes(string str) {
byte[] bytes = new byte[str.Length * sizeof(char)];
System.Buffer.BlockCopy(str.ToCharArray(), 0, bytes, 0, bytes.Length);
return bytes;
}
If you don't specify an IV, then one is randomly generated. You are using 2 different IV values when decrypting, which is why you are seeing different results.