Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Length of data to decrypt is invalid Rijndael

Reply
Thread Tools

Length of data to decrypt is invalid Rijndael

 
 
hivie
Guest
Posts: n/a
 
      06-13-2005
I am using the sample code from the book Building Secure Microsoft Asp.Net
applications for the Encryption Library and I get the error "Length of data
to decrypt is invalid. Here is the two methods that I apply:
private void btnGetNextNumber_Click(object sender, System.EventArgs e)
{
GetNextNumber(ddlClientList.Items[ddlClientList.SelectedIndex].ToString());
}
protected string Encrypt(string sEncrypt)
{
byte[] IV = null;
byte[] cipherText = null;
byte[] key = null;
EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
Encryptor enc = new Encryptor(EncryptionAlgorithm.Rijndael);
byte[] plainText = Encoding.ASCII.GetBytes(sEncrypt);

if ((EncryptionAlgorithm.TripleDes == algorithm) ||
(EncryptionAlgorithm.Rijndael == algorithm))
{ //3Des only work with a 16 or 24 byte key.
key = Encoding.ASCII.GetBytes("password12345678");
if (EncryptionAlgorithm.Rijndael == algorithm)
{ // Must be 16 bytes for Rijndael.
IV = Encoding.ASCII.GetBytes("init vec is big.");
}
else
{
IV = Encoding.ASCII.GetBytes("init vec");
}
}
else
{ //Des only works with an 8 byte key. The others uses variable length
keys.
//Set the key to null to have a new one generated.
key = Encoding.ASCII.GetBytes("password");
IV = Encoding.ASCII.GetBytes("init vec");
}
// Uncomment the next lines to have the key or IV generated for you.
// key = null;
// IV = null;

enc.IV = IV;

// Perform the encryption.
cipherText = enc.Encrypt(plainText, key);
// Retrieve the intialization vector and key. You will need it
// for decryption.
IV = enc.IV;
key = enc.Key;

// Look at your cipher text and initialization vector.



return Convert.ToBase64String(cipherText);
}
protected string Decrypt(string cipherText)
{
byte[] IV = null;
byte[] key = null;
EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
Decryptor dec = new Decryptor(algorithm);
dec.IV = Encoding.ASCII.GetBytes("init vec is big.");
key = Encoding.ASCII.GetBytes("password12345678");
// Go ahead and decrypt.
byte[] plainText = dec.Decrypt(Encoding.ASCII.GetBytes(cipherText), key);
// Look at your plain text.
return Encoding.ASCII.GetString(plainText);
}

This is nothing more than a adaptation off of the books Console app that is
used to test it. I cannot figure out what is happening. The encryption
appears to come through OK. Does anyone have any ideas?
Thanks
Heath
 
Reply With Quote
 
 
 
 
hivie
Guest
Posts: n/a
 
      06-13-2005
Something that I noticed is that when (for debug) if I call Decrypt in the
encrypt method before returning everything is as expected. It is only after
the encrypted data is sent in the querystring that it fails. Is the
querystring doing something to my data?

"hivie" wrote:

> I am using the sample code from the book Building Secure Microsoft Asp.Net
> applications for the Encryption Library and I get the error "Length of data
> to decrypt is invalid. Here is the two methods that I apply:
> private void btnGetNextNumber_Click(object sender, System.EventArgs e)
> {
> GetNextNumber(ddlClientList.Items[ddlClientList.SelectedIndex].ToString());
> }
> protected string Encrypt(string sEncrypt)
> {
> byte[] IV = null;
> byte[] cipherText = null;
> byte[] key = null;
> EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
> Encryptor enc = new Encryptor(EncryptionAlgorithm.Rijndael);
> byte[] plainText = Encoding.ASCII.GetBytes(sEncrypt);
>
> if ((EncryptionAlgorithm.TripleDes == algorithm) ||
> (EncryptionAlgorithm.Rijndael == algorithm))
> { //3Des only work with a 16 or 24 byte key.
> key = Encoding.ASCII.GetBytes("password12345678");
> if (EncryptionAlgorithm.Rijndael == algorithm)
> { // Must be 16 bytes for Rijndael.
> IV = Encoding.ASCII.GetBytes("init vec is big.");
> }
> else
> {
> IV = Encoding.ASCII.GetBytes("init vec");
> }
> }
> else
> { //Des only works with an 8 byte key. The others uses variable length
> keys.
> //Set the key to null to have a new one generated.
> key = Encoding.ASCII.GetBytes("password");
> IV = Encoding.ASCII.GetBytes("init vec");
> }
> // Uncomment the next lines to have the key or IV generated for you.
> // key = null;
> // IV = null;
>
> enc.IV = IV;
>
> // Perform the encryption.
> cipherText = enc.Encrypt(plainText, key);
> // Retrieve the intialization vector and key. You will need it
> // for decryption.
> IV = enc.IV;
> key = enc.Key;
>
> // Look at your cipher text and initialization vector.
>
>
>
> return Convert.ToBase64String(cipherText);
> }
> protected string Decrypt(string cipherText)
> {
> byte[] IV = null;
> byte[] key = null;
> EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
> Decryptor dec = new Decryptor(algorithm);
> dec.IV = Encoding.ASCII.GetBytes("init vec is big.");
> key = Encoding.ASCII.GetBytes("password12345678");
> // Go ahead and decrypt.
> byte[] plainText = dec.Decrypt(Encoding.ASCII.GetBytes(cipherText), key);
> // Look at your plain text.
> return Encoding.ASCII.GetString(plainText);
> }
>
> This is nothing more than a adaptation off of the books Console app that is
> used to test it. I cannot figure out what is happening. The encryption
> appears to come through OK. Does anyone have any ideas?
> Thanks
> Heath

 
Reply With Quote
 
 
 
 
Duane Laflotte
Guest
Posts: n/a
 
      06-13-2005
Heath,
I've run into this a few times before. If I had to guess I would say
that when you put the encrypted data into the URL it is getting (by default)
urlencoded. Then when you take that encoded data back out of the query
string and try to decrypt it before decoding it you get errors. I would
force the url encode of the encrypted data BEFORE you put it in the query
string and then force the url decode before you try to decrypt the data
again.
That should do it. If not let me know and we can try something else.
Good Luck,
Duane


--
Duane Laflotte
MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
http://www.velocityreviews.com/forums/(E-Mail Removed)
http://www.criticalsites.com/dlaflotte

"hivie" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> I am using the sample code from the book Building Secure Microsoft Asp.Net
> applications for the Encryption Library and I get the error "Length of

data
> to decrypt is invalid. Here is the two methods that I apply:
> private void btnGetNextNumber_Click(object sender, System.EventArgs e)
> {
>

GetNextNumber(ddlClientList.Items[ddlClientList.SelectedIndex].ToString());
> }
> protected string Encrypt(string sEncrypt)
> {
> byte[] IV = null;
> byte[] cipherText = null;
> byte[] key = null;
> EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
> Encryptor enc = new Encryptor(EncryptionAlgorithm.Rijndael);
> byte[] plainText = Encoding.ASCII.GetBytes(sEncrypt);
>
> if ((EncryptionAlgorithm.TripleDes == algorithm) ||
> (EncryptionAlgorithm.Rijndael == algorithm))
> { //3Des only work with a 16 or 24 byte key.
> key = Encoding.ASCII.GetBytes("password12345678");
> if (EncryptionAlgorithm.Rijndael == algorithm)
> { // Must be 16 bytes for Rijndael.
> IV = Encoding.ASCII.GetBytes("init vec is big.");
> }
> else
> {
> IV = Encoding.ASCII.GetBytes("init vec");
> }
> }
> else
> { //Des only works with an 8 byte key. The others uses variable length
> keys.
> //Set the key to null to have a new one generated.
> key = Encoding.ASCII.GetBytes("password");
> IV = Encoding.ASCII.GetBytes("init vec");
> }
> // Uncomment the next lines to have the key or IV generated for you.
> // key = null;
> // IV = null;
>
> enc.IV = IV;
>
> // Perform the encryption.
> cipherText = enc.Encrypt(plainText, key);
> // Retrieve the intialization vector and key. You will need it
> // for decryption.
> IV = enc.IV;
> key = enc.Key;
>
> // Look at your cipher text and initialization vector.
>
>
>
> return Convert.ToBase64String(cipherText);
> }
> protected string Decrypt(string cipherText)
> {
> byte[] IV = null;
> byte[] key = null;
> EncryptionAlgorithm algorithm = EncryptionAlgorithm.Rijndael;
> Decryptor dec = new Decryptor(algorithm);
> dec.IV = Encoding.ASCII.GetBytes("init vec is big.");
> key = Encoding.ASCII.GetBytes("password12345678");
> // Go ahead and decrypt.
> byte[] plainText = dec.Decrypt(Encoding.ASCII.GetBytes(cipherText), key);
> // Look at your plain text.
> return Encoding.ASCII.GetString(plainText);
> }
>
> This is nothing more than a adaptation off of the books Console app that

is
> used to test it. I cannot figure out what is happening. The encryption
> appears to come through OK. Does anyone have any ideas?
> Thanks
> Heath



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
decrypt challenge - perl encrypt with ruby decrypt aktxyz@gmail.com Ruby 1 06-16-2007 01:30 PM
Length of the data to decrypt is invalid Hannibal111111 ASP .Net 0 06-27-2006 08:42 PM
CryptographicException: Length of the data to decrypt is invalid Barb ASP .Net Security 0 04-11-2006 08:30 PM
Length of the data to decrypt is invalid Bishoy George ASP .Net Security 4 04-07-2006 10:22 PM
Problems implementing Rijndael Ignacio De Marco C Programming 3 09-08-2004 04:15 PM



Advertisments