|
This is a fairly complex topic. You might want to read this[^] article to get some understanding of how to do it.
|
|
|
|
|
Thanks a lot, Pete!
I am going through the article right now, and am pretty sure it can solve my problem.
Bob Jiang
|
|
|
|
|
No problem. The concepts sure take me back.
|
|
|
|
|
Hi everyone,
i'm trying to decrypt some data that are sent me from an ASMX server. The server is not mine. The sysadmin provided me the decrypt function to decrypt the data:
public static string Decrypt(string strInputString, string strKeyString, string myIV)
{
if ((strInputString == null) || (strInputString.Length == 0))
{
return strInputString;
}
int num5;
int keySize = 0x100;
int blockSize = 0x100;
int length = keySize / 0x10;
if (strKeyString.Length > length)
{
strKeyString = strKeyString.Substring(0, length);
}
if (strKeyString.Length < length)
{
strKeyString = strKeyString.PadRight(length, '#');
}
Encoding.Unicode.GetBytes(strKeyString);
if (myIV.Length > length)
{
myIV = myIV.Substring(0, length);
}
if (myIV.Length < length)
{
myIV = myIV.PadRight(length, '#');
}
Encoding.Unicode.GetBytes(myIV);
byte[] bytes = Encoding.Unicode.GetBytes(strKeyString);
byte[] rgbIV = Encoding.Unicode.GetBytes(myIV);
RijndaelManaged managed = new RijndaelManaged
{
BlockSize = blockSize,
KeySize = keySize
};
MemoryStream stream = new MemoryStream();
for (int i = 0; i < strInputString.Length; i += 2)
{
stream.WriteByte(byte.Parse(strInputString.Substring(i, 2), NumberStyles.AllowHexSpecifier));
}
stream.Position = 0L;
MemoryStream stream2 = new MemoryStream();
CryptoStream stream3 = new CryptoStream(stream, managed.CreateDecryptor(bytes, rgbIV), CryptoStreamMode.Read);
while ((num5 = stream3.ReadByte()) != -1)
{
stream2.WriteByte((byte)num5);
}
stream3.Close();
stream2.Close();
stream.Close();
byte[] buffer3 = stream2.ToArray();
return Encoding.Unicode.GetString(buffer3);
}
I've created a Windows Form in C# that has four textbox, one for encrypted string, one for the key, one for the IV and the last for the decrypted result string.
When i receive this data from the server, I paste them in my form, and click on button associated to the decrypt function.
When the key is not at almost 16 character longer, it gets padded with "#" (pounds). Anytime the key doesn't need to be padded, the routine it's ok, and it prints the correct result string in the correct textbox. Anytime the key needs to be padded with "#", it shows me the exception "Padding in invalid and cannot be removed".
I've also tried to set PaddingMode to None, or other types, but it doesn't work. The sysadmin said that the problem is only mine. O_O
Does anyone can helps me ?
|
|
|
|
|
You usually get that error when the block size, key size, incorrect key, or initialization vector, or any combination thereof, don't match what was used to encrypt the data.
|
|
|
|
|
Yes, i know. But unfortunately i'm sure that the problem is the "#" character that the function use to pad the strings.
In fact, take a look to the encrypt function...
public static string Encrypt(string strInputString, string strKeyString, string myIV)
{
if ((strInputString == null) || (strInputString.Length == 0))
{
return strInputString;
}
int num4;
int keySize = 0x100;
int blockSize = 0x100;
int length = keySize / 0x10;
if (strKeyString.Length > length)
{
strKeyString = strKeyString.Substring(0, length);
}
if (strKeyString.Length < length)
{
strKeyString = strKeyString.PadRight(length, '#');
}
Encoding.Unicode.GetBytes(strKeyString);
if (myIV.Length > length)
{
myIV = myIV.Substring(0, length);
}
if (myIV.Length < length)
{
myIV = myIV.PadRight(length, '#');
}
Encoding.Unicode.GetBytes(myIV);
byte[] bytes = Encoding.Unicode.GetBytes(strKeyString);
byte[] rgbIV = Encoding.Unicode.GetBytes(myIV);
string str = "";
RijndaelManaged managed = new RijndaelManaged
{
BlockSize = blockSize,
KeySize = keySize
};
MemoryStream stream = new MemoryStream(Encoding.Unicode.GetBytes(strInputString));
MemoryStream stream2 = new MemoryStream();
CryptoStream stream3 = new CryptoStream(stream2, managed.CreateEncryptor(bytes, rgbIV), CryptoStreamMode.Write);
while ((num4 = stream.ReadByte()) != -1)
{
stream3.WriteByte((byte)num4);
}
stream3.Close();
stream2.Close();
stream.Close();
foreach (byte num5 in stream2.ToArray())
{
str = str + num5.ToString("X2");
}
return str;
}
It's perfectly specular to the decrypt function. If the key length >= 16, it's all ok, it doesn't get padded and the algorithm is ok. If the key length < 16, it gets padded with "#", and shows the exception.
I don't understand how VS could interpret a "#" in its textbox in a different way i want.
|
|
|
|
|
Try changing the PaddingMode so that you have managed.PaddingMode = PaddingMode.None;
|
|
|
|
|
Yes, I tried it before. The exception goes away, but the result is not what I expect. As result I get a string with asian character, but i know that the result must be a comprehensible alphanumerical string.
|
|
|
|
|
The padding mode needs to be set on both sides of the encryption. The alternative is for you to pad your key with a different character. Why does it have to be #?
|
|
|
|
|
My answer to Dave K. in the last reply will responds to your question. Thank you so much.
|
|
|
|
|
You've got a ton of problems with this code.
First, The two lines where you have:
Encoding.Unicode.GetBytes(...);
are getting the bytes all right, but then completely ignoring the returned data and dropping it. These lines do absolutely nothing.
Next, the length of the IV in bytes must be the block size divided by 8, not the key size. This line:
int length = keysize / 0x10;
should be
int length = blockSize / 16;
Also, you're using the Unicode encoding to convert a string to bytes. This limits your key string to 16 caharacters (for a 256 bit block size) since Unicode will return 2 bytes for every character in your IV and key strings. You're cutting the maximum size of your source string in half by using it.
I'd also factor out the code that does the string trimming and conversion to bytes with the following. I think it's pretty obvious what it does and how you use it:
public static byte[] UnicodeConvertStringToVector(string source, int sizeInBits)
{
int maxStringLength = sizeInBits / (UnicodeEncoding.CharSize * 8);
if (source.Length > maxStringLength) {
source = source.Substring(0, maxStringLength);
} else if (source.Length < maxStringLength) {
source = source.PadRight(maxStringLength, "#");
}
return Encoding.Unicode.GetBytes(source);
}
And finally, from the point where you declare bytes and rgbIV , your code is just a freaking mess. It's no wonder it doesn't work correctly. I don't know what the hell you're doing in there, but it shouldn't be returning a string. It should be returning an array of bytes.
I'm probably shooting myself in the foot by posting this, but here's the "cleaned up" code for this part:
byte[] keyData = UnicodeConvertStringToVector(myKeyString, keySize);
byte[] ivData = UnicodeConvertStringToVector(myIV, length);
byte[] encryptedData = null;
using (MemoryStream outputStream = new MemoryStream())
{
using (CryptoStream cryptStream = new CryptoStream(outputStream, managed.CreateEncryptor(keyData, ivData), CryptoStreamMode.Write))
{
using (StreamWriter encryptStream = new StreamWriter(cryptStream))
{
encryptStream.Write(strInputString);
}
encryptedData = outputStream.ToArray;
}
}
return encryptedData;
Your code might make a bit more sense if you used meaningful variable names instead of the generic "stream1", "stream2" garbage. Also, nobody puts "str" on the front of their variable names anymore.
modified 1-Aug-12 11:24am.
|
|
|
|
|
Dear Dave,
please accept my apologies for not explaining before my situation.
That two functions are not mine. I'm developing an application that will be installed on a client that will communicates with an ASMX server. This application haft to do so much things, but one of these, is decrypting data received via SOAP from the ASMX server. Given that this server is not mine, its sys administrator sent me these two functions, in order to implement them in my software. So i can't control either the encrypt function (because the data are encrypted from the server, and it sends them already encrypted) or the server. The sysadmin said me that the data received via SOAP must be decrypted in this way, when i explained my problem to him, he just said "there are hundreds clients working with that function, so the problem is yours. Check your .NET Framework and VStudio installations".
This evening i will apply your suggestions on my code, and i'll check the result. In the meanwhile, thank you so much for your help.
|
|
|
|
|
If he gave you the decryption function and the correct keys, and it still doesn't work, the problem is entirely HIS, not yours. If the code he gave you doesn't work as he advertised, then HE needs to get you code that does work with his broken implementation.
This has nothing to do with the .NET or VS installations. This has everything to do with poorly written code.
|
|
|
|
|
Dave Kreskowiak wrote: If he gave you the decryption function and the correct keys, and it still doesn't work, the problem is entirely HIS, not yours.
Yes, I absolutely believe in your opinion. Unfortunately, he's working for the Government, he created the Web Service that i haft to query, and he makes the rules, so I can say him what you said me, but knowing his behavior, surely he will not accept my advices. In Italian Government there is not a Supervisor Authority which may act against bad IT technicians.
Seeing your culture, may I ask an information? I've not developed the C# soap client yet, so in order to test the most complex function of this client (the decrypt function), i'm requesting the data with a PHP SOAP Client. My PHP SOAP Client print the result of the SOAP request in a textarea, so i copy-and-paste my three values in three textboxes in a C# Windows Form Application (encrypted, key and IV), and print the result in another textbox.
It can be differences between receiving directly the data with a C# SOAP Client, and receiving them with a PHP SOAP Client? The clients (developed by others) that he compares to the mine, are done completely in C#. My client is able to decrypt only strings where their key doesn't need to be padded with "#", their clients decrypt indistinctly all the encrypted strings...
|
|
|
|
|
The SOAP wrapper shouldn't matter with this function, based on what I've seen.
|
|
|
|
|
Really, he shouldn't be distributing source code for this to you to use in your own app. He should be giving you a library .DLL that you can use that handles this stuff.
Seriously, how much are you paying this guy and for what?? This is piss-poor quality code you've been given.
|
|
|
|
|
Dave Kreskowiak wrote: He should be giving you a library .DLL that you can use that handles this stuff.
He did it. He sent me a .DLL containing the Decrypt method:
public string Decrypt(strInputString, strKeyString, myIV);
but when i call that function, the program writes a log file showing "Cryptographic Exception: Padding is invalid and cannot be removed". After that, i decompiled the .DLL and asked to the sysadmin if the function i found in the .DLL (what i posted here) was correct, and he said it was. Running the function from the sourcecode, and running it from .DLL added by reference, shows the same error.
Unfortunately, i tried your suggestions, and they doesn't work. I've changed the length assignment, from keySize/0x10 to blockSize/16. I've changed the function which I use to retrieve bytes of Key and IV, using your UnicodeConvertStringToVector(). I had to fix it, because Visual Studio considers characters in "" like a string and '' like a char, so i substituted them. But it shows always the same exception at the same point:
stream2.WriteByte((byte)num5);
in the last while{}.
I'm burning my brains on this from more than 2 weeks. Unfortunately I'm a PHP/C/C++ Guru, and i know C# & RijndaelManaged only a bit.
In the last try i noticed one thing. When debugging, managed.Key and managed.IV don't contain what bytes and rgbIV do. I was thinking that the algorithm doesn't assign correctly the values in the RijndaelManaged object, but if it is true, why can i decrypt all the strings where the key does not need to be padded ?
Thank you so much for your help.
|
|
|
|
|
If he sent you a .DLL and it's not working, then the problem is either in what you're doing to test this with your SOAP client app or it's with the code he's using to "encrypt" the data and "decrypt" it. Frankly, what he's doing in that code is ... suspicious.
|
|
|
|
|
I am going to find a .NET extension library in my .NET application development.
Do you have any recommendation for high quality .NET extension library? free or commercial both are okay.
diligent hands rule....
|
|
|
|
|
What kind of functionality are you looking for?
[Edit]
Programmer's Paradise[^] lists almost 300 libraries of various kinds. A popular source of free (source code included) libraries is CodePlex[^].
[/Edit]
/ravi
|
|
|
|
|
cover base classes in .NET framework etc.. thanks
diligent hands rule....
|
|
|
|
|
That's still a pretty wide area. The BCL encompasses file I/O, graphics, database database interactions, XML document manipulation and much more. Can you not narrow down your requirements?
/ravi
|
|
|
|
|
As Ravi has stated, please narrow down what your requirements are. What is wrong with the base classes that are already in the .NET Framework?
"Any sort of work in VB6 is bound to provide several WTF moments." - Christian Graus
|
|
|
|
|
You really don't have any idea what you want, do you?
You've been asked multiple times and you still can't narrow this down to anything other than "something"?
|
|
|
|
|
|