1

I'm using this function to Encrypt/Decrypt data using AES because it looked simple and clean (googl'ed code)

public static string Encrypt(string toEncrypt)
    {
        byte[] keyArray = UTF8Encoding.UTF8.GetBytes("3a8114db34d5623d4fd1ee0fb0ga7a73"); // 256-AES key
        byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);
        RijndaelManaged rDel = new RijndaelManaged();
        rDel.Key = keyArray;
        rDel.Mode = CipherMode.CBC;
        rDel.Padding = PaddingMode.PKCS7; // better lang support
        ICryptoTransform cTransform = rDel.CreateEncryptor();
        byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
        return Convert.ToBase64String(resultArray, 0, resultArray.Length);
    }
    public static string Decrypt(string toDecrypt)
    {
        byte[] keyArray = UTF8Encoding.UTF8.GetBytes("3a8114db34d5623d4fd1ee0fb0ga7a73"); // AES-256 key
        byte[] toEncryptArray = Convert.FromBase64String(toDecrypt);
        RijndaelManaged rDel = new RijndaelManaged();
        rDel.Key = keyArray;
        rDel.Mode = CipherMode.CBC;
        rDel.Padding = PaddingMode.PKCS7; // better lang support
        ICryptoTransform cTransform = rDel.CreateDecryptor();
        byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
        return UTF8Encoding.UTF8.GetString(resultArray);
    }

I'm trying to encrypt the data "test garbage" and thats what i receive back:

YfhyS3GE/liPCaXR0cMHfQ==

However, I tried the same key/phrase on a lot of online-aes encrypt/decrypt and all of them are returning

U2FsdGVkX184u0/vPgA/B0rxofp5Iuqm7hfn4+QZAhg=

Can anyone actually tell me whats wrong?

Alexandre
  • 395
  • 3
  • 5
  • 17

2 Answers2

1

First a few issues with your code. Apparently Google doesn't always return the best code on top.

  • You are getting a key through the UTF8 encoding, which is silly. This produces a very weak key: 
 // 256-AES key
 byte[] keyArray = UTF8Encoding.UTF8.GetBytes("3a8114db34d5623d4fd1ee0fb0ga7a73");
  • You are using CBC mode but the IV is not (explicitly) set.

Then you compare to some online-aes encrypt/decrypt services and you see a difference. That's because they probably (hopefully) work different.

The main thing here is that your 2 methods are a match and you can round-trip your data. But a good encryption would use a different way to get Key and IV.

I'm not exactly sure why you see a different (smaller) length encrypted data but that's up to a whole list of settings : Key length, Padding mode etc.

H H
  • 263,252
  • 30
  • 330
  • 514
1

"3a8114db34d5623d4fd1ee0fb0ga7a73" is hex encoded 128 bit key not a utf8 encoded 256 bit key.

That said simple and clean doesn't necessarily mean correct. For example, the code your using does use a random IV, but doesn't include it in the wire format, you'll never be able to decrypt what you encrypt.

I have a cut and paste style simple code sample that I try to keep up to date and reviewed that uses authenticated encryption using AES:

Modern Examples of Symmetric Authenticated Encryption of a string. C#

Community
  • 1
  • 1
jbtule
  • 31,383
  • 12
  • 95
  • 128
  • Your class is pretty awesome, but doesn't solve my problem. I was wondering how those online-aes-encrypt/decrypt work because they all give the same result, I experimented over 10 functions none of them output the same result. – Alexandre Jan 11 '13 at 15:46
  • If that is your question, you should probably include your "lot of online-aes encrypt/decrypt services", because in general, a good aes encryption implementation would not give the same result even if you ran it twice, it's not supposed to be distinguishable from random data. That's why you have an IV, and why typically you included it with your ciphertext and for another service to decrypt it you typically have to have an agreed upon wire format, the typical is to prepend the IV to your ciphertext but it's not a standard. – jbtule Jan 11 '13 at 15:54
  • I just tought they SHOULD be equal, then your answer is correct and will change implementation on my side. – Alexandre Jan 11 '13 at 15:59