Base64 '=' padding character Encrypt/Decrypt Problem

Discussion in 'ASP .Net Security' started by Phil C., Aug 2, 2005.

  1. Phil C.

    Phil C. Guest

    Hi. I testing some asp.net code that generates a 256 bit Aes Symmetric Key
    and a 256 bit entropy value.
    I encrypt the Aes key(without storing it as Base64) with the host's dpapi
    using the entropy value(without storing it as Base64),
    and then store the encrypted Aes key value and the entropy value in some
    SHARED VARIABLES AS BYTE ARRAYS(not Base64).
    I then decrypt the stored encrypted Aes value with the dpapi using the
    stored entropy value.

    I am declaring the default padding when generating the key as:
    aesProvider.Padding = PaddingMode.PKCS7


    After the encryption, for my comparison purposes, I display the unencrypted
    Aes key as a Base 64 value. Since 32 bytes is a multiple
    of three, one would not expect any BASE64 padding characters in the
    displayed value, yet I always get a value that ends in the Base64
    padding symbol of '=' which means a base64 padded group of 3 zeroes.

    When I decrypt the encrypted Aes key value, and convert it to Base64 for
    display, it always shows up as having the last character
    being an 'A' which is the base64 value for '0' or 'zero'

    I first suspected that the PKCS7 mode is causing my problems, but reading
    the PKCS7 help implies that the padding is used in the cipher blocks,
    not in the key generation. For convenience, I used the
    RijndaelManaged.GenerateKey() function to generate the key, BUT perhaps I
    might as well
    as used the RNGCryptoServiceProvider.GetBytes() to do this. Indeed, I used
    the RNGCryptoServiceProvider.GetBytes() to generate a 32 byte entropy
    value,
    yet when I convert it to base64 for viewing, it has an '=' as the last
    character, meaning that it too is incorrectly being padded.

    Below is a summary of what I get during the generate and encryption:
    Generate and Encrypt:

    Generated Aes Base64 Encoded String Symmetric Key:

    wzHp7M3tRpXiWw4SWkMzEmorBHTNEjENDgSeGi8B6Ns=



    Generated Aes Base64 Encoded String Symmetric Key Encrypted with Dpapi:

    AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAYfcANKBCn0WrzhCNlOn8SwQAAAACAAAAAAADZgAAqAAAABAAAABVt1GQd/7tXNI/sKRdwGmzAAAAAASAAACgAAAAEAAAAEzxv5pzWw2v2H4cSVVoK2woAAAAMc609Ix8n4QMFy44PHRsInDD44lvwZPL04uZg19szbnPJskt4gA5LhQAAABvMuTkmeSa2dv3BkXdJA4eHQxgGwA=

    Using Entropy

    Generated Entropy As Base64 Encoded String:

    WCXGLrtx1SN81b5e8aI11ntBvjRR11UmwSiqj2+9vaA=


    After Decryption, I get:
    Decrypt and Compare:

    Generated Aes Base64 Encoded String Symmetric Key:

    wzHp7M3tRpXiWw4SWkMzEmorBHTNEjENDgSeGi8B6Ns=

    Dpapi Decrypted Aes Base64 Encoded String Symmetric Key:

    wzHp7M3tRpXiWw4SWkMzEmorBHTNEjENDgSeGi8B6NsA


    The code behind is as follows (Sorry I could not color code the code):

    Imports System.Security.Cryptography
    Public Class EncryptDecryptWithDpapiBase64EncodedStrings
    Inherits System.Web.UI.Page
    'Public Shared entropyValueAsByte() As Byte
    'Public Shared dpapiEncryptedAesKeyAsByte() As Byte

    'Have to have shared variables because new page is emitted
    'on postback with new instance of page
    Private Shared _entropyValueAsByte(31) As Byte
    Protected WithEvents generatedB64AesKey As
    System.Web.UI.WebControls.TextBox
    Private Shared _dpapiEncryptedAesKeyAsByte() As Byte
    Public Shared Property entropyValueAsByte() As Byte()
    Get
    Return _entropyValueAsByte
    End Get
    Set(ByVal Value As Byte())
    _entropyValueAsByte = Value
    End Set
    End Property
    Public Shared Property dpapiEncryptedAesKeyAsByte() As Byte()
    Get
    Return _dpapiEncryptedAesKeyAsByte
    End Get
    Set(ByVal Value As Byte())
    _dpapiEncryptedAesKeyAsByte = Value
    End Set
    End Property

    #Region " Web Form Designer Generated Code "

    'This call is required by the Web Form Designer.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub
    InitializeComponent()

    End Sub
    Protected WithEvents cleartextTextBox As
    System.Web.UI.WebControls.TextBox
    Protected WithEvents ciphertextTextBox As
    System.Web.UI.WebControls.TextBox
    Protected WithEvents entropyCheckBox As
    System.Web.UI.WebControls.CheckBox
    Protected WithEvents encryptButton As System.Web.UI.WebControls.Button
    Protected WithEvents decryptButton As System.Web.UI.WebControls.Button
    Protected WithEvents generatedEntropyTextBox As
    System.Web.UI.WebControls.TextBox

    'NOTE: The following placeholder declaration is required by the Web Form
    Designer.
    'Do not delete or move it.
    Private designerPlaceholderDeclaration As System.Object

    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Init
    'CODEGEN: This method call is required by the Web Form Designer
    'Do not modify it using the code editor.
    InitializeComponent()
    End Sub

    #End Region

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Load
    'Put user code to initialize the page here
    End Sub
    Public Enum Store
    USE_MACHINE_STORE
    USE_USER_STORE
    End Enum
    Friend Function CreateKey() As Byte()


    'Create a new AES Service Provider
    Dim aesProvider As New RijndaelManaged
    'Declare the key size
    aesProvider.KeySize = 256
    aesProvider.BlockSize = 256
    aesProvider.Padding = PaddingMode.PKCS7

    aesProvider.GenerateKey()

    Return aesProvider.Key
    End Function

    Friend Function CreateEntropyValue() As Byte()
    Dim rng As New RNGCryptoServiceProvider
    Dim rng256EntropyByteValue(31) As Byte
    rng.GetBytes(rng256EntropyByteValue)
    Return rng256EntropyByteValue
    End Function
    Private Sub encryptButton_Click(ByVal sender As System.Object, ByVal e
    As System.EventArgs) Handles encryptButton.Click
    Dim dp As New RindjaelTest.Microsoft.Win32.DPAPI.DataProtector
    Dim AesKeyValueInBytes(31) As Byte

    AesKeyValueInBytes = CreateKey()
    generatedB64AesKey.Text = Convert.ToBase64String(AesKeyValueInBytes)
    If entropyCheckBox.Checked Then
    entropyValueAsByte = CreateEntropyValue()

    dpapiEncryptedAesKeyAsByte = dp.Encrypt(AesKeyValueInBytes,
    entropyValueAsByte, Store.USE_MACHINE_STORE)
    ciphertextTextBox.Text =
    Convert.ToBase64String(dpapiEncryptedAesKeyAsByte)
    generatedEntropyTextBox.Text =
    Convert.ToBase64String(entropyValueAsByte)
    Else
    dpapiEncryptedAesKeyAsByte = dp.Encrypt(AesKeyValueInBytes,
    Nothing, Store.USE_MACHINE_STORE)
    ciphertextTextBox.Text =
    Convert.ToBase64String(dpapiEncryptedAesKeyAsByte)
    End If
    ciphertextTextBox.Text.TrimEnd()
    End Sub

    Private Sub decryptButton_Click(ByVal sender As System.Object, ByVal e
    As System.EventArgs) Handles decryptButton.Click
    If Not dpapiEncryptedAesKeyAsByte Is Nothing Then
    Dim dp As New RindjaelTest.Microsoft.Win32.DPAPI.DataProtector
    If entropyCheckBox.Checked Then
    cleartextTextBox.Text =
    Convert.ToBase64String(dp.Decrypt(dpapiEncryptedAesKeyAsByte,
    entropyValueAsByte, Store.USE_MACHINE_STORE))
    Else
    cleartextTextBox.Text =
    Convert.ToBase64String(dp.Decrypt(dpapiEncryptedAesKeyAsByte, Nothing,
    Store.USE_MACHINE_STORE))
    End If
    cleartextTextBox.Text.TrimEnd()
    End If
    End Sub
    End Class
    Phil C., Aug 2, 2005
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    1
    Views:
    478
    Jonathan Allen
    Sep 25, 2004
  2. Replies:
    5
    Views:
    3,033
    srisha
    Aug 30, 2007
  3. cencio1980
    Replies:
    0
    Views:
    718
    cencio1980
    Jan 29, 2008
  4. Sherwood

    FormsAuthentication Encrypt/Decrypt Problem/Issue

    Sherwood, Jan 22, 2005, in forum: ASP .Net Security
    Replies:
    0
    Views:
    249
    Sherwood
    Jan 22, 2005
  5. Replies:
    1
    Views:
    415
    Daniel Martin
    Jun 16, 2007
Loading...

Share This Page