Don't Roundtrip Ciphertext Via a String Encoding

re: Don't Roundtrip Ciphertext Via a String Encoding

Robin — Mon, 21 Nov 2005 12:13:06 GMT

I have been trying this code, but it fails on the conversion of the Base64String to byte (byte[] rawData = Convert.FromBase64String. The error I got in the first place was about an invalid character, namely the comma.

When I removed the comma and replaced it with a slash, I got the invalid length for a Base-64 char arry.

From MSDN I learned, the string has to be at least 4 characters, ignoring the white space characters, plus it has to be a multiple of 4, ignoring the white space characters.

Have I misread something, or am I doing something wrong here?

I would like to know the solution.

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Wed, 23 Nov 2005 00:32:59 GMT

Hi Robin,

I haven't seen that problem before. Do you have repro code available?

-Shawn

re: Don't Roundtrip Ciphertext Via a String Encoding

SKiLLa — Fri, 02 Dec 2005 14:32:08 GMT

@Robin --> I tried the code above and it works fine. Did you add the:

byte[] encrypted = memoryStream.ToArray();
return Convert.ToBase64String(encrypted);

byte[] rawData = Convert.FromBase64String(data);

changes ?

re: Don't Roundtrip Ciphertext Via a String Encoding

cw — Tue, 13 Dec 2005 02:45:09 GMT

THANKYOU!!

re: Don't Roundtrip Ciphertext Via a String Encoding

Hristo Yankov — Wed, 01 Feb 2006 22:08:34 GMT

Flawless!

re: Don't Roundtrip Ciphertext Via a String Encoding

tyson m — Sun, 19 Feb 2006 04:06:33 GMT

i cant encrypt ascii special characters like xml - how is that possible ??

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Wed, 22 Feb 2006 20:27:38 GMT

The encryption classes don't care about "special" characters, they only see a stream of bytes. What problem are you seeing exactly?

-Shawn

re: Don't Roundtrip Ciphertext Via a String Encoding

Sam — Fri, 24 Feb 2006 15:36:32 GMT

So I think I'm in bad shape. My encryption function doesn't return the same value in ASP 2.0 as it does in 1.1. I'm sure its because of the different behavior in Encoding classes. What can I do? I have WAY too much data encrypted under my "bad scheme". I need a way to get the "old encoding methods" from 1.1, and include them in my project. Any ideas?

Thanks a bunch. I'm in a pickle!

Sam

Public Function EncryptString(ByVal Source As String) As String

Dim larrSourceData As Byte()
Dim larrDestinationData As Byte()

larrSourceData = Encoding.Unicode.GetBytes(Source)

Call SetAESValues()
larrDestinationData = _AESManaged.CreateEncryptor.TransformFinalBlock(larrSourceData, 0, larrSourceData.Length)

Return Encoding.Unicode.GetString(larrDestinationData)

End Function

re: Don't Roundtrip Ciphertext Via a String Encoding

Aleks — Mon, 27 Feb 2006 15:42:18 GMT

Hi all,

I have a problem with this code.
When I encode two times the exactely same string I get a different encrypted string.

Any help ?

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Mon, 27 Feb 2006 19:20:22 GMT

Hi Sam,

Your best bet is probably to bind old versions of your application to the v1.1 framework via an app.config file, and create a new version of your application which does not use the Encoding classes to store ciphertext.

When you install the new version, you could have some sort of upgrade utility that is also bound to the v1.1 runtime and reads in the old data, writing it out in base 64. Or you could have the new version of the application detect old data files and run the upgrade tool automatically.

-Shawn

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Mon, 27 Feb 2006 19:21:31 GMT

Hi Aleks,

The fact that ciphertext differs does not mean that it's incorrect. If you're using symmetric encryption, you should chekc that your key, IV, and padding mode are the same. Asymmetric encryption will always have different output due to reandom padding.

As long as you can round trip your data, you should be fine.

-Shawn

re: Don't Roundtrip Ciphertext Via a String Encoding

Aleks — Mon, 27 Feb 2006 19:31:14 GMT

OK Now I have it functionning (I hope). It was because of the "salt" that I didn't need.

The problem is that, for some string, the decryption fail with the old method (without Base64) and the new one too (with Base64).
Theses strings are passwords and I absolutely need to have it functionning as quick as possible.

I can send some code by email I you'd like ...

Thank you shawnfa

The .NET Security Blog

Peter Stathakos - Stack Of Toast — Fri, 17 Mar 2006 21:26:40 GMT

re: Don't Roundtrip Ciphertext Via a String Encoding

MarkW — Wed, 15 Nov 2006 21:36:50 GMT

I have heard rumours that a certain type of implementation of AES (128bit) has been cracked (in milliseconds rather than years). If this is true, how can we be sure that the Rijndael implementation within this Crypto namespace is not at risk.

Just curious ;)

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Mon, 18 Dec 2006 04:07:56 GMT

I hadn't seen anything about AES being cracked, so I'm not sure I can comment on RijndaelManaged :-)

-Shawn

re: Don't Roundtrip Ciphertext Via a String Encoding

John Glynn — Fri, 29 Dec 2006 23:10:35 GMT

How can you store encrypted values in a database if they aren't converted into strings?

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Tue, 02 Jan 2007 21:53:09 GMT

Hi John,

You could store the encrypted byte array as a blob field in the database, or you can continue to store as a string. However, when converting to a string do not use the Encoding classes, but instead use Convert.ToBase64String / Convert.FromBase64String. This will create a string that can always be round-tripped back to the original byte array.

-Shawn

Your encryption algorithm may fail moving to .NET 2.0

CodeClimber — Sun, 14 Jan 2007 03:52:12 GMT

Your encryption algorithm may fail moving to .NET 2.0

Remember not to use strings for random byte sequences.

I'm not a Klingon — Thu, 15 Feb 2007 20:47:51 GMT

A different, more secure, Shawn , blogged " Don't Roundtrip Ciphertext Via a String Encoding ". I've

Encryption / license issues when upgrading from .Net 1.1 to .Net 2 « Cottleston Pie

Sun, 01 Apr 2007 08:08:06 GMT

PingBack from http://fernandof.wordpress.com/2007/04/01/encryption-license-issues-when-upgrading-from-net-11-to-net-2/

re: Don't Roundtrip Ciphertext Via a String Encoding

Amir Hussein — Fri, 13 Apr 2007 04:26:42 GMT

When I decrypt a binary file I can not be opened! The PDF Document wheb decrypted is blank. Why? amirhussein@gmail.com

re: Don't Roundtrip Ciphertext Via a String Encoding

michelle — Fri, 13 Apr 2007 19:06:42 GMT

Okaaayy... So what if we don't want to use Base64? I'm trying to encrypt and store text that has commas, colons, etc -- more than just the letters and numbers that Base64 includes.

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Fri, 13 Apr 2007 20:33:16 GMT

Hi Michelle,

Base64 is just used to encode the ciphertext, you certainly do not need to limit your input to characters that appear in the base64 set. In fact your input to the encryption algorithm doesn't even need to be a string at all.

For instance (all hypothetical and not the real encodings):

Plaintext: "Here-Is=Some:Plain, Text"

Ciphertext: 0x12, 0x34, 0x56, 0x78, ...

Cipertext to base64: abcdefg1234==

The in the reverse

Base64: abcdefg1234==

Ciphertext from base64: 0x12, 0x34, 0x56, 0x78 ...

Plaintext decrypted: "Here-Is=Some:Plain, Text"

-Shawn

Base64 Data in XML File

Jason Siatkowski — Fri, 27 Apr 2007 17:01:46 GMT

Hi All, I'm hoping that this thread still gets read. I am having a problem with encrypting and decrypting an XML file. Since the relevant code blocks are fairly short, I will post them in this message.

This block of code passes my XML to the encryption method.

MemoryStream myDataStream = new MemoryStream();

myDS.WriteXml(myDataStream, XmlWriteMode.IgnoreSchema);

byte[] myBytes = myDataStream.GetBuffer();

blCryptography.EncryptByte(myBytes);

string encryptedTransactionData = Convert.ToBase64String(myBytes);

That call to blCryptography is the actual encryption method, it looks like this...

public static byte[] EncryptByte(byte[] data)

{

if ( data == null || data.Length == 0 )

throw new CryptoException("Data: Cannot use null data");

byte[] initVectorBytes = Encoding.ASCII.GetBytes(InitVector);

byte[] saltValueBytes = Encoding.ASCII.GetBytes(Salt);

SymmetricAlgorithm sma = blCryptography.CreateRijndael(PassPhrase, saltValueBytes);

sma.IV = initVectorBytes;

using ( MemoryStream msEncrypt = new MemoryStream() )

using ( CryptoStream encStream = new CryptoStream(msEncrypt, sma.CreateEncryptor(), CryptoStreamMode.Write))

{

encStream.Write(data, 0, data.Length);

encStream.FlushFinalBlock();

return msEncrypt.ToArray();

}

As far as I can tell, that works fine.

Now, the other side is what's giving me fits.

Here's the code to decrypt the xml

string myXML = myReader.GetString(1);

myReader.Close();

byte[] baEncryptedData = Convert.FromBase64String(myXML);

byte[] baClearData = blCryptography.DecryptByte(baEncryptedData);

MemoryStream myStream = new MemoryStream(baClearData);

myDS.ReadXml(myStream, XmlReadMode.IgnoreSchema);

And finally, again the call to blCryptography is the decrypt method:

public static byte[] DecryptByte(byte[] data)

{

if ( data == null || data.Length == 0 )

throw new CryptoException("Data: Cannot use null data");

byte[] initVectorBytes = Encoding.ASCII.GetBytes(InitVector);

byte[] saltValueBytes = Encoding.ASCII.GetBytes(Salt);

SymmetricAlgorithm sma = blCryptography.CreateRijndael(PassPhrase, saltValueBytes);

sma.IV = initVectorBytes;

sma.Padding = PaddingMode.None;

using ( MemoryStream msDecrypt = new MemoryStream(data) )

using ( CryptoStream csDecrypt = new CryptoStream(msDecrypt, sma.CreateDecryptor(), CryptoStreamMode.Read) )

{

// Decrypted bytes will always be less then encrypted bytes, so len of encrypted data will be big enouph for buffer.

byte[] fromEncrypt = new byte[data.Length]; // Read as many bytes as possible.

int read = csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length);

if ( read < fromEncrypt.Length )

{

// Return a byte array of proper size.

byte[] clearBytes = new byte[read];

Buffer.BlockCopy(fromEncrypt, 0, clearBytes, 0, read);

return clearBytes;

}

return fromEncrypt;

}

I hope that's readable. The only other wrinkle I can think of is that there is an image field in the XML file and it is a BASE64 encoded string. I'm wondering what happens if you base64encode a string that already is! Or vice versa!

The problem I get is an invalid character message when I try to read the XML into the dataset.

Can anyone help me figure this out?

Thanks very much!

--Jason

re: Don't Roundtrip Ciphertext Via a String Encoding

sergeda — Tue, 01 May 2007 02:38:33 GMT

Hi.

Somebody managed to use base64?

I have used:

Dim inputInBytes() As Byte = utf8encoder.GetBytes(plainText)

Now I have replaced it with:

Dim inputInBytes() As Byte = Convert.FromBase64String(plainText)

But now I've got another error: "Invalid length for a Base-64 char array" in this string. Please help me with this.

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Mon, 07 May 2007 21:35:29 GMT

Hi Sergeda,

You'll want to use Convert.ToBase64String() here, since you're trying to create a base64 string.

-Shawn

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Mon, 07 May 2007 22:01:51 GMT

Hi Jason,

These lines of code jump out at me:

byte[] initVectorBytes = Encoding.ASCII.GetBytes(InitVector);

byte[] saltValueBytes = Encoding.ASCII.GetBytes(Salt);

are InitVector and Salt both real ASCII strings?

-Shawn

re: Don't Roundtrip Ciphertext Via a String Encoding

David — Fri, 30 Jan 2009 18:17:11 GMT

Hmm if you call Convert.FromBase64String(plaintext) with a small string (such as "hello" I receive: "Invalid length for a Base-64 char array.". What am I doing wrong!?

re: Don't Roundtrip Ciphertext Via a String Encoding

shawnfa — Fri, 30 Jan 2009 20:45:55 GMT

FromBase64String takes a base64 string as input, not a plaintext string. You're looking for ToBase64String to convert your "hello" string into base64. (You'll also need to convert it to a byte array -- so something to the effect of Convert.ToBase64String(Encoding.UTF8.GetBytes("hello"))

re: Don't Roundtrip Ciphertext Via a String Encoding

TheAgent — Mon, 23 Feb 2009 21:48:38 GMT

Could someone please tell me if my code is suffering from the problem discussed here? I'm in a hurry and need to fix this ASAP. Here is my code:

Public Shared Function Encrypt(ByVal text As String, Optional ByVal additionalKey As String = "") As String

If text Is Nothing Then text = String.Empty

tripleDes.Key = TruncateHash(additionalKey & m_key, tripleDes.KeySize \ 8)

tripleDes.IV = TruncateHash("", tripleDes.BlockSize \ 8)

Dim plaintextBytes() As Byte = System.Text.Encoding.Unicode.GetBytes(text)

Dim ms As New System.IO.MemoryStream

Dim encStream As New CryptoStream(ms, tripleDes.CreateEncryptor(), System.Security.Cryptography.CryptoStreamMode.Write)

encStream.Write(plaintextBytes, 0, plaintextBytes.Length)

encStream.FlushFinalBlock()

encStream.Dispose()

Return Convert.ToBase64String(ms.ToArray)

End Function

Public Shared Function Decrypt(ByVal encryptedText As String, Optional ByVal additionalKey As String = "") As String

tripleDes.Key = TruncateHash(additionalKey & m_key, tripleDes.KeySize \ 8)

tripleDes.IV = TruncateHash("", tripleDes.BlockSize \ 8)

Dim encryptedBytes() As Byte = Convert.FromBase64String(encryptedtext)

Dim ms As New System.IO.MemoryStream

Dim decStream As New CryptoStream(ms, tripleDes.CreateDecryptor(), System.Security.Cryptography.CryptoStreamMode.Write)

decStream.Write(encryptedBytes, 0, encryptedBytes.Length)

Try

decStream.FlushFinalBlock()

Catch ex As Exception

Finally

decStream.Dispose()

End Try

Return System.Text.Encoding.Unicode.GetString(ms.ToArray) 'Convert.ToBase64String(ms.ToArray)

End Function

Thank you really. I don't have the time to read the post carefully.

re: Don't Roundtrip Ciphertext Via a String Encoding

Odys — Tue, 31 Mar 2009 11:56:57 GMT

That's solve my problem

Thanks!!

re: Don't Roundtrip Ciphertext Via a String Encoding

Nidhi — Fri, 22 May 2009 07:02:54 GMT

Hi, This is what I am using in my decrypt method..but i m getting the error of bad data Can anyone help me out:

public static string DecryptString(string strEncData, string strKey, string strIV)

{

ICryptoTransform ct;

MemoryStream ms;

CryptoStream cs;

byte[] byt;

SymmetricAlgorithm mCSP=SymmetricAlgorithm.Create();

mCSP = new TripleDESCryptoServiceProvider();

mCSP.Key = Convert.FromBase64String(strKey);

mCSP.IV = Convert.FromBase64String(strIV);

ct = mCSP.CreateDecryptor(mCSP.Key,mCSP.IV);

byt = Convert.FromBase64String(strEncData);

ms = new MemoryStream();

cs = new CryptoStream(ms,ct, CryptoStreamMode.Write);

cs.Write(byt,0,byt.Length);

cs.FlushFinalBlock();

cs.Close();

return Encoding.UTF8.GetString(ms.ToArray());

}

Strange encoding

Pete — Thu, 16 Jul 2009 22:36:33 GMT

I hope this gets read:

The signature to compare is (2) concatenated base64 encoded strings with a comma delimiter between them. Client is using OsterMiller Java utilities which they claim ignores bad characters (the comma) - so when I go to decode the string to verifyData against the signature in XML, it fails. If I replace the comma with nothing it fails because of invalid characters but If I just write it to the window without the comma it has no invalid characters, just (2) paddings, which I suppose is wrong too. What do I do?