Length of data to decrypt is invalid Rijndael

Discussion in 'ASP .Net Security' started by hivie, Jun 13, 2005.

  1. hivie

    hivie Guest

    I am using the sample code from the book Building Secure Microsoft Asp.Net
    applications for the Encryption Library and I get the error "Length of data
    to decrypt is invalid. Here is the two methods that I apply:
    private void btnGetNextNumber_Click(object sender, System.EventArgs e)
    {
    GetNextNumber(ddlClientList.Items[ddlClientList.SelectedIndex].ToString());
    }
    protected string Encrypt(string sEncrypt)
    {
    byte[] IV = null;
    byte[] cipherText = null;
    byte[] key = null;
    EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
    Encryptor enc = new Encryptor(EncryptionAlgorithm.Rijndael);
    byte[] plainText = Encoding.ASCII.GetBytes(sEncrypt);

    if ((EncryptionAlgorithm.TripleDes == algorithm) ||
    (EncryptionAlgorithm.Rijndael == algorithm))
    { //3Des only work with a 16 or 24 byte key.
    key = Encoding.ASCII.GetBytes("password12345678");
    if (EncryptionAlgorithm.Rijndael == algorithm)
    { // Must be 16 bytes for Rijndael.
    IV = Encoding.ASCII.GetBytes("init vec is big.");
    }
    else
    {
    IV = Encoding.ASCII.GetBytes("init vec");
    }
    }
    else
    { //Des only works with an 8 byte key. The others uses variable length
    keys.
    //Set the key to null to have a new one generated.
    key = Encoding.ASCII.GetBytes("password");
    IV = Encoding.ASCII.GetBytes("init vec");
    }
    // Uncomment the next lines to have the key or IV generated for you.
    // key = null;
    // IV = null;

    enc.IV = IV;

    // Perform the encryption.
    cipherText = enc.Encrypt(plainText, key);
    // Retrieve the intialization vector and key. You will need it
    // for decryption.
    IV = enc.IV;
    key = enc.Key;

    // Look at your cipher text and initialization vector.



    return Convert.ToBase64String(cipherText);
    }
    protected string Decrypt(string cipherText)
    {
    byte[] IV = null;
    byte[] key = null;
    EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
    Decryptor dec = new Decryptor(algorithm);
    dec.IV = Encoding.ASCII.GetBytes("init vec is big.");
    key = Encoding.ASCII.GetBytes("password12345678");
    // Go ahead and decrypt.
    byte[] plainText = dec.Decrypt(Encoding.ASCII.GetBytes(cipherText), key);
    // Look at your plain text.
    return Encoding.ASCII.GetString(plainText);
    }

    This is nothing more than a adaptation off of the books Console app that is
    used to test it. I cannot figure out what is happening. The encryption
    appears to come through OK. Does anyone have any ideas?
    Thanks
    Heath
     
    hivie, Jun 13, 2005
    #1
    1. Advertising

  2. hivie

    hivie Guest

    Something that I noticed is that when (for debug) if I call Decrypt in the
    encrypt method before returning everything is as expected. It is only after
    the encrypted data is sent in the querystring that it fails. Is the
    querystring doing something to my data?

    "hivie" wrote:

    > I am using the sample code from the book Building Secure Microsoft Asp.Net
    > applications for the Encryption Library and I get the error "Length of data
    > to decrypt is invalid. Here is the two methods that I apply:
    > private void btnGetNextNumber_Click(object sender, System.EventArgs e)
    > {
    > GetNextNumber(ddlClientList.Items[ddlClientList.SelectedIndex].ToString());
    > }
    > protected string Encrypt(string sEncrypt)
    > {
    > byte[] IV = null;
    > byte[] cipherText = null;
    > byte[] key = null;
    > EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
    > Encryptor enc = new Encryptor(EncryptionAlgorithm.Rijndael);
    > byte[] plainText = Encoding.ASCII.GetBytes(sEncrypt);
    >
    > if ((EncryptionAlgorithm.TripleDes == algorithm) ||
    > (EncryptionAlgorithm.Rijndael == algorithm))
    > { //3Des only work with a 16 or 24 byte key.
    > key = Encoding.ASCII.GetBytes("password12345678");
    > if (EncryptionAlgorithm.Rijndael == algorithm)
    > { // Must be 16 bytes for Rijndael.
    > IV = Encoding.ASCII.GetBytes("init vec is big.");
    > }
    > else
    > {
    > IV = Encoding.ASCII.GetBytes("init vec");
    > }
    > }
    > else
    > { //Des only works with an 8 byte key. The others uses variable length
    > keys.
    > //Set the key to null to have a new one generated.
    > key = Encoding.ASCII.GetBytes("password");
    > IV = Encoding.ASCII.GetBytes("init vec");
    > }
    > // Uncomment the next lines to have the key or IV generated for you.
    > // key = null;
    > // IV = null;
    >
    > enc.IV = IV;
    >
    > // Perform the encryption.
    > cipherText = enc.Encrypt(plainText, key);
    > // Retrieve the intialization vector and key. You will need it
    > // for decryption.
    > IV = enc.IV;
    > key = enc.Key;
    >
    > // Look at your cipher text and initialization vector.
    >
    >
    >
    > return Convert.ToBase64String(cipherText);
    > }
    > protected string Decrypt(string cipherText)
    > {
    > byte[] IV = null;
    > byte[] key = null;
    > EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
    > Decryptor dec = new Decryptor(algorithm);
    > dec.IV = Encoding.ASCII.GetBytes("init vec is big.");
    > key = Encoding.ASCII.GetBytes("password12345678");
    > // Go ahead and decrypt.
    > byte[] plainText = dec.Decrypt(Encoding.ASCII.GetBytes(cipherText), key);
    > // Look at your plain text.
    > return Encoding.ASCII.GetString(plainText);
    > }
    >
    > This is nothing more than a adaptation off of the books Console app that is
    > used to test it. I cannot figure out what is happening. The encryption
    > appears to come through OK. Does anyone have any ideas?
    > Thanks
    > Heath
     
    hivie, Jun 13, 2005
    #2
    1. Advertising

  3. Heath,
    I've run into this a few times before. If I had to guess I would say
    that when you put the encrypted data into the URL it is getting (by default)
    urlencoded. Then when you take that encoded data back out of the query
    string and try to decrypt it before decoding it you get errors. I would
    force the url encode of the encrypted data BEFORE you put it in the query
    string and then force the url decode before you try to decrypt the data
    again.
    That should do it. If not let me know and we can try something else.
    Good Luck,
    Duane


    --
    Duane Laflotte
    MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I

    http://www.criticalsites.com/dlaflotte

    "hivie" <> wrote in message
    news:...
    > I am using the sample code from the book Building Secure Microsoft Asp.Net
    > applications for the Encryption Library and I get the error "Length of

    data
    > to decrypt is invalid. Here is the two methods that I apply:
    > private void btnGetNextNumber_Click(object sender, System.EventArgs e)
    > {
    >

    GetNextNumber(ddlClientList.Items[ddlClientList.SelectedIndex].ToString());
    > }
    > protected string Encrypt(string sEncrypt)
    > {
    > byte[] IV = null;
    > byte[] cipherText = null;
    > byte[] key = null;
    > EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
    > Encryptor enc = new Encryptor(EncryptionAlgorithm.Rijndael);
    > byte[] plainText = Encoding.ASCII.GetBytes(sEncrypt);
    >
    > if ((EncryptionAlgorithm.TripleDes == algorithm) ||
    > (EncryptionAlgorithm.Rijndael == algorithm))
    > { //3Des only work with a 16 or 24 byte key.
    > key = Encoding.ASCII.GetBytes("password12345678");
    > if (EncryptionAlgorithm.Rijndael == algorithm)
    > { // Must be 16 bytes for Rijndael.
    > IV = Encoding.ASCII.GetBytes("init vec is big.");
    > }
    > else
    > {
    > IV = Encoding.ASCII.GetBytes("init vec");
    > }
    > }
    > else
    > { //Des only works with an 8 byte key. The others uses variable length
    > keys.
    > //Set the key to null to have a new one generated.
    > key = Encoding.ASCII.GetBytes("password");
    > IV = Encoding.ASCII.GetBytes("init vec");
    > }
    > // Uncomment the next lines to have the key or IV generated for you.
    > // key = null;
    > // IV = null;
    >
    > enc.IV = IV;
    >
    > // Perform the encryption.
    > cipherText = enc.Encrypt(plainText, key);
    > // Retrieve the intialization vector and key. You will need it
    > // for decryption.
    > IV = enc.IV;
    > key = enc.Key;
    >
    > // Look at your cipher text and initialization vector.
    >
    >
    >
    > return Convert.ToBase64String(cipherText);
    > }
    > protected string Decrypt(string cipherText)
    > {
    > byte[] IV = null;
    > byte[] key = null;
    > EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
    > Decryptor dec = new Decryptor(algorithm);
    > dec.IV = Encoding.ASCII.GetBytes("init vec is big.");
    > key = Encoding.ASCII.GetBytes("password12345678");
    > // Go ahead and decrypt.
    > byte[] plainText = dec.Decrypt(Encoding.ASCII.GetBytes(cipherText), key);
    > // Look at your plain text.
    > return Encoding.ASCII.GetString(plainText);
    > }
    >
    > This is nothing more than a adaptation off of the books Console app that

    is
    > used to test it. I cannot figure out what is happening. The encryption
    > appears to come through OK. Does anyone have any ideas?
    > Thanks
    > Heath
     
    Duane Laflotte, Jun 13, 2005
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Hannibal111111

    Length of the data to decrypt is invalid

    Hannibal111111, Jun 27, 2006, in forum: ASP .Net
    Replies:
    0
    Views:
    7,249
    Hannibal111111
    Jun 27, 2006
  2. Ignacio De Marco

    Problems implementing Rijndael

    Ignacio De Marco, Sep 2, 2004, in forum: C Programming
    Replies:
    3
    Views:
    403
    Stephen Sprunk
    Sep 8, 2004
  3. Bishoy George

    Length of the data to decrypt is invalid

    Bishoy George, Apr 5, 2006, in forum: ASP .Net Security
    Replies:
    4
    Views:
    643
    Bishoy George
    Apr 7, 2006
  4. Barb
    Replies:
    0
    Views:
    514
  5. Replies:
    1
    Views:
    439
    Daniel Martin
    Jun 16, 2007
Loading...

Share This Page