Cryptographic Streaming

Discussion in 'ASP .Net Security' started by Dmitry Nogin, Feb 13, 2009.

  1. Dmitry Nogin

    Dmitry Nogin Guest

    Hi,

    What is wrong about the following simple encoding/decoding code snippet pair?
    I have a CryptographicException ("Padding is invalid and cannot be removed.") at the very end.



    class Program

    {

    static void Main(string[] args)

    {

    byte[] cipherText = Encript("Test message", "qwerty");

    string plainText = Decript(cipherText, "qwerty");

    }



    private static byte[] Encript(string plainText, string password)

    {

    byte[] salt = Encoding.ASCII.GetBytes("This is my salt");

    Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, salt);



    RijndaelManaged rm = new RijndaelManaged();

    rm.IV = rfc2898.GetBytes(rm.BlockSize / 8);

    rm.Key = rfc2898.GetBytes(rm.KeySize / 8);



    using (MemoryStream ms = new MemoryStream())

    using (ICryptoTransform ct = rm.CreateEncryptor())

    using (CryptoStream cs = new CryptoStream(ms, ct, CryptoStreamMode.Write))

    using (StreamWriter sw = new StreamWriter(cs))

    {

    sw.Write(plainText);

    sw.Flush();

    cs.FlushFinalBlock();

    return ms.GetBuffer();

    }

    }



    private static string Decript(byte[] cipherText, string password)

    {

    byte[] salt = Encoding.ASCII.GetBytes("This is my salt");

    Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, salt);



    RijndaelManaged rm = new RijndaelManaged();

    rm.IV = rfc2898.GetBytes(rm.BlockSize / 8);

    rm.Key = rfc2898.GetBytes(rm.KeySize / 8);



    using (MemoryStream ms = new MemoryStream(cipherText))

    using (ICryptoTransform ct = rm.CreateDecryptor())

    using (CryptoStream cs = new CryptoStream(ms, ct, CryptoStreamMode.Read))

    using(StreamReader sr = new StreamReader(cs))

    {

    return sr.ReadToEnd(); // <- Exception

    }

    }

    }



    Thanks a lot,
    -- dmitry
     
    Dmitry Nogin, Feb 13, 2009
    #1
    1. Advertisements

  2. Dmitry Nogin

    Dmitry Nogin Guest

    Sorry, it was very easy:

    return ms.GetBuffer(); => return ms.ToArray();
    Hi,

    What is wrong about the following simple encoding/decoding code snippet pair?
    I have a CryptographicException ("Padding is invalid and cannot be removed.") at the very end.



    class Program

    {

    static void Main(string[] args)

    {

    byte[] cipherText = Encript("Test message", "qwerty");

    string plainText = Decript(cipherText, "qwerty");

    }



    private static byte[] Encript(string plainText, string password)

    {

    byte[] salt = Encoding.ASCII.GetBytes("This is my salt");

    Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, salt);



    RijndaelManaged rm = new RijndaelManaged();

    rm.IV = rfc2898.GetBytes(rm.BlockSize / 8);

    rm.Key = rfc2898.GetBytes(rm.KeySize / 8);



    using (MemoryStream ms = new MemoryStream())

    using (ICryptoTransform ct = rm.CreateEncryptor())

    using (CryptoStream cs = new CryptoStream(ms, ct, CryptoStreamMode.Write))

    using (StreamWriter sw = new StreamWriter(cs))

    {

    sw.Write(plainText);

    sw.Flush();

    cs.FlushFinalBlock();

    return ms.GetBuffer();

    }

    }



    private static string Decript(byte[] cipherText, string password)

    {

    byte[] salt = Encoding.ASCII.GetBytes("This is my salt");

    Rfc2898DeriveBytes rfc2898 = new Rfc2898DeriveBytes(password, salt);



    RijndaelManaged rm = new RijndaelManaged();

    rm.IV = rfc2898.GetBytes(rm.BlockSize / 8);

    rm.Key = rfc2898.GetBytes(rm.KeySize / 8);



    using (MemoryStream ms = new MemoryStream(cipherText))

    using (ICryptoTransform ct = rm.CreateDecryptor())

    using (CryptoStream cs = new CryptoStream(ms, ct, CryptoStreamMode.Read))

    using(StreamReader sr = new StreamReader(cs))

    {

    return sr.ReadToEnd(); // <- Exception

    }

    }

    }



    Thanks a lot,
    -- dmitry
     
    Dmitry Nogin, Feb 13, 2009
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.