Invalid length for a Base-64 char array or string in decryption

Question

5.00/5 (1 vote)

See more:

Hello,

I am working with asp.net webapplication. I uploaded my project files on live server. While browsing i am getting below error in some systems only. And in some other systems its working fine. Can you suggest me any solution for this problem

Exception : Invalid length for a Base-64 char array or string

Above exception is coming in below code

C#

protected void btnGo_Click(object sender, EventArgs e)
        {
            try
            {
                //decrypting email
                string email = GlobalMethods.Decrypt(Request["Email"].ToString(), true);
                //getting entered user name
                string user = txtUser.Text;
                //getting entered dob
                DateTime DOB = DateTime.ParseExact(txtdob.Text, "dd/MM/yyyy", CultureInfo.InvariantCulture, DateTimeStyles.None).Date;
                
                //validating in db
                DataTable dt = bll.getUser_vaild(email, user, DOB);
                //if exists display next screen to update password
                if (dt.Rows.Count > 0)
                {
                    this.ClientScript.RegisterStartupScript(this.GetType(), "edit", "document.getElementById('view2').style.display='block';", true);
                }
                else
                    ScriptManager.RegisterStartupScript(this, this.GetType(), "temp", "<script language='javascript'>alert('Invalid details');</script>", false);
            }
            catch (Exception ex)
            {
                ErrorLogger.WriteLogFile(HttpContext.Current.Request.UserHostAddress, this.GetType().Name, System.Reflection.MethodBase.GetCurrentMethod().Name, ex.Message.ToString());
                ScriptManager.RegisterStartupScript(this, this.GetType(), "temp", "<script language='javascript'>alert('" + ex.Message + "');</script>", false);
            }
        }

Below are Encrypt, Decrypt methods :

public static string Encrypt(string toEncrypt, bool useHashing)
{
byte[] keyArray;
byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);

System.Configuration.AppSettingsReader settingsReader =
new AppSettingsReader();
// Get the key from config file

string key = (string)settingsReader.GetValue("SecurityKey",
typeof(String));
//System.Windows.Forms.MessageBox.Show(key);
//If hashing use get hashcode regards to your key
if (useHashing)
{
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
//Always release the resources and flush data
// of the Cryptographic service provide. Best Practice

hashmd5.Clear();
}
else
keyArray = UTF8Encoding.UTF8.GetBytes(key);

TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)
tdes.Mode = CipherMode.ECB;
//padding mode(if any extra byte added)

tdes.Padding = PaddingMode.PKCS7;

ICryptoTransform cTransform = tdes.CreateEncryptor();
//transform the specified region of bytes array to resultArray
byte[] resultArray =
cTransform.TransformFinalBlock(toEncryptArray, 0,
toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//Return the encrypted data into unreadable string format
return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}
public static string Decrypt(string cipherString, bool useHashing)
{
byte[] keyArray;
//get the byte code of the string

cipherString = cipherString.Replace(' ', '+');

byte[] toEncryptArray = Convert.FromBase64String(cipherString);

System.Configuration.AppSettingsReader settingsReader =
new AppSettingsReader();
//Get your key from config file to open the lock!
string key = (string)settingsReader.GetValue("SecurityKey",
typeof(String));

if (useHashing)
{
//if hashing was used get the hash code with regards to your key
MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
//release any resource held by the MD5CryptoServiceProvider

hashmd5.Clear();
}
else
{
//if hashing was not implemented get the byte code of the key
keyArray = UTF8Encoding.UTF8.GetBytes(key);
}

TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
//set the secret key for the tripleDES algorithm
tdes.Key = keyArray;
//mode of operation. there are other 4 modes.
//We choose ECB(Electronic code Book)

tdes.Mode = CipherMode.ECB;
//padding mode(if any extra byte added)
tdes.Padding = PaddingMode.PKCS7;

ICryptoTransform cTransform = tdes.CreateDecryptor();
byte[] resultArray = cTransform.TransformFinalBlock(
toEncryptArray, 0, toEncryptArray.Length);
//Release resources held by TripleDes Encryptor
tdes.Clear();
//return the Clear decrypted TEXT
return UTF8Encoding.UTF8.GetString(resultArray);
}

Thanks,

Posted 14-Nov-13 0:11am

Mada Naga Sankar

Updated 14-Nov-13 2:07am

v3

Add a Solution

2 solutions

Solution 2

By looking at this code i can't say what the exact problem is.

but you may check the Length of the Email or other field in Data Access Layer.

- Chetan

Posted 14-Nov-13 0:30am

Chetan Patel

Comments

Mada Naga Sankar 14-Nov-13 7:25am

http://test.com/UpdatePassword.aspx?Email=SaA86OnEcyacFgD6aJagiRQcW/GnU+rz+5txW2sV+e4=

this is the url. In some systems its working, but not in some other

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

OriginalGriff · Accepted Answer · 2013-11-14T00:28:00

Solution 1

At a guess (and that's all it can be at this stage) your Request["Email"] is not returning encrypted data.

Check it, either by using the debugger, or by logging the returned value somewhere and examining it afterwards.

Posted 14-Nov-13 0:28am

OriginalGriff

Comments

Mada Naga Sankar 14-Nov-13 7:26am

http://test.com/UpdatePassword.aspx?Email=SaA86OnEcyacFgD6aJagiRQcW/GnU+rz+5txW2sV+e4=

this is the url. In some systems its working, but not in some other

OriginalGriff 14-Nov-13 7:36am

I'm not that surprised: you have characters in there which could easily confuse some browsers:
/
+
=
Are all candidates for causing confusion.
Have you tried using the HttpUtility.HtmlEncode method?
http://msdn.microsoft.com/en-us/library/73z22y6h(v=vs.110).aspx

Mada Naga Sankar 14-Nov-13 7:57am

HttpUtility.HtmlEncode is returning original text only, not encoded text. Is there anything to change?

OriginalGriff 14-Nov-13 8:12am

No - but it's the use of base64 as a request that's doing it - a quick check here using chrome for:
http://localhost:49581/SM/Default.aspx?Email=SaA86OnEcyacFgD6aJagiRQcW/GnU+rz+5txW2sV+e4=
gives a Request["Email"] of:
SaA86OnEcyacFgD6aJagiRQcW/GnU rz 5txW2sV e4=
so the '+' characters have been replaced with spaces - which makes some sense.
You could try doing a string.Replace to revert them, but it's worth a check that none of the other chars Base-64 strings can contain do anything similar. (And then there is whatever IE, and Opera, and Firefox may do - might be worth dumping Base64 and rolling your own...)

Mada Naga Sankar 14-Nov-13 8:20am

Its already there.If u see my decrypt method, below line is replacing ' ' with '+'

cipherString = cipherString.Replace(' ', '+');

OriginalGriff 14-Nov-13 9:29am

So you need to look at what the other systems do - but it would probably be easier and safer to replace it with your own method - what if the last character in a valid string is '+'? I suspect that the various systems will remove it completely instead of replacing it with a space. And that you can't detect...

BTW: When you edit a question and post code, enclose it in pre tags - that reserves the formatting and engages the syntax highlighter, making it easier to read.

Mada Naga Sankar 15-Nov-13 0:38am

Found the problem

Link will be in mail. If they click link in outlook :
Email=DQ+H4/5oY5eITXpAHVNl2w9pyfBRHqALuqPardpGMDc

In gmail :
Email=DQ+H4/5oY5eITXpAHVNl2w9pyfBRHqALuqPardpGMDc=

From outlook it is removing '=' at end. Need to search for solution.

OriginalGriff 15-Nov-13 3:45am

As I said, "brew your own".
From your response I assume this is part of a registration system?
If so, then don't use the email - send 'em a GUID instead and cross reference that to the user record in your DB. That's what I do!

Mada Naga Sankar 5-Dec-13 7:17am

Yes changed it. Thanx.

OriginalGriff 5-Dec-13 7:32am

You're welcome!