Error RijndaelManaged, "Padding is invalid and cannot be removed"

Question

I have error from CryptoStream:

Padding is invalid and cannot be removed.

Code

public MemoryStream EncrypteBytes(Stream inputStream, string passPhrase, string saltValue)
{
    RijndaelManaged RijndaelCipher = new RijndaelManaged();
    RijndaelCipher.Padding = PaddingMode.PKCS7;
    RijndaelCipher.Mode = CipherMode.CBC;
    byte[] salt = Encoding.ASCII.GetBytes(saltValue);
    PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, salt, "SHA1", 2);

    ICryptoTransform Encryptor = RijndaelCipher.CreateEncryptor(password.GetBytes(32), password.GetBytes(16));
    MemoryStream memoryStream = new MemoryStream();
    CryptoStream cryptoStream = new CryptoStream(memoryStream, Encryptor, CryptoStreamMode.Write);
    var buffer = new byte[1024];
    var read = inputStream.Read(buffer, 0, buffer.Length);
    while (read > 0)
    {
        cryptoStream.Write(buffer, 0, read);
        read = inputStream.Read(buffer, 0, buffer.Length);
    }

    cryptoStream.FlushFinalBlock();
    memoryStream.Position = 0;
    return memoryStream;
}

// Example usage: DecryptBytes(encryptedBytes, "SensitivePhrase", "SodiumChloride");
public byte[] DecrypteBytes(MemoryStream memoryStream, string passPhrase, string saltValue)
{
    RijndaelManaged RijndaelCipher = new RijndaelManaged();
    RijndaelCipher.Padding = PaddingMode.PKCS7;

    RijndaelCipher.Mode = CipherMode.CBC;
    byte[] salt = Encoding.ASCII.GetBytes(saltValue);
    PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, salt, "SHA1", 2);

    ICryptoTransform Decryptor = RijndaelCipher.CreateDecryptor(password.GetBytes(32), password.GetBytes(16));


    CryptoStream cryptoStream = new CryptoStream(memoryStream, Decryptor, CryptoStreamMode.Read);
    byte[] plainBytes = new byte[memoryStream.Length];

    int DecryptedCount = cryptoStream.Read(plainBytes, 0, plainBytes.Length);

    return plainBytes;
}

You're either using a different `passPhrase` or a different `saltValue` (or both) between encrypting and decrypting, as your code seems to work for me. — Iridium, May 01 '14 at 12:51
You might be interested in [`Stream.CopyTo`](http://msdn.microsoft.com/en-us/library/dd782932.aspx) to simplify your code. If your messages are short (they seem to be since you're using `MemoryStream`) you can throw out all those streams entirely and just use `encryptor.TransformFinalBlock` — CodesInChaos, May 01 '14 at 14:15

score 18 · Accepted Answer · answered Jun 19 '14 at 19:28

Use PaddingMode.Zeros to fix problem , Following code:

   public byte[] EncryptFile(Stream input, string password, string salt)
            {

                // Essentially, if you want to use RijndaelManaged as AES you need to make sure that:
                // 1.The block size is set to 128 bits
                // 2.You are not using CFB mode, or if you are the feedback size is also 128 bits

                var algorithm = new RijndaelManaged { KeySize = 256, BlockSize = 128 };
                var key = new Rfc2898DeriveBytes(password, Encoding.ASCII.GetBytes(salt));

                algorithm.Key = key.GetBytes(algorithm.KeySize / 8);
                algorithm.IV = key.GetBytes(algorithm.BlockSize / 8);
                algorithm.Padding = PaddingMode.Zeros;

                using (Stream cryptoStream = new MemoryStream())
                using (var encryptedStream = new CryptoStream(cryptoStream, algorithm.CreateEncryptor(), CryptoStreamMode.Write))
                {
                    CopyStream(input, encryptedStream);

                    return ReadToEnd(cryptoStream);
                }
            }

            public byte[] DecryptFile(Stream input, Stream output, string password, string salt)
            {
                // Essentially, if you want to use RijndaelManaged as AES you need to make sure that:
                // 1.The block size is set to 128 bits
                // 2.You are not using CFB mode, or if you are the feedback size is also 128 bits
                var algorithm = new RijndaelManaged { KeySize = 256, BlockSize = 128 };
                var key = new Rfc2898DeriveBytes(password, Encoding.ASCII.GetBytes(salt));

                algorithm.Key = key.GetBytes(algorithm.KeySize / 8);
                algorithm.IV = key.GetBytes(algorithm.BlockSize / 8);
                algorithm.Padding = PaddingMode.Zeros;

                try
                {
                    using (var decryptedStream = new CryptoStream(output, algorithm.CreateDecryptor(), CryptoStreamMode.Write))
                    {
                        CopyStream(input, decryptedStream);
                        return ReadToEnd(output);
                    }
                }
                catch (CryptographicException ex)
                {
                    throw new InvalidDataException("Please supply a correct password");
                }
                catch (Exception ex)
                {
                    throw new Exception(ex.Message);
                }
            }

I hop help you.

Hi @amir do you have the CopyStream and ReadToEnd function for this code , i tried some alternates for it and getting some bug while decryption. — Aravind, Apr 03 '15 at 13:20

score 11 · Answer 2 · edited May 01 '14 at 16:07

11

Please check your pass phrase - it should be same in both methods EncrypteBytes and DecrypteBytes. If both are not same, then it will generate the error.

edited May 01 '14 at 16:07

Lars A. Brekken

24,405
3
25
27

answered May 01 '14 at 10:54

Dhaval Patel

7,471
6
37
70

1

see the error on mentioned link https://www.flickr.com/photos/97185741@N08/13893695390/ – Dhaval Patel May 01 '14 at 11:11
@HenkHolterman: if your not 101% sure then do not make down vote. – Dhaval Patel May 01 '14 at 11:14
1

Seems you're right, had to test that first. Still think the length computations are fishy. You'll have to edit before I can cancel the vote. – H H May 01 '14 at 11:29
It's not fair! Your answer should be marked correct! Thank you. – Mojtaba Rezaeian Feb 11 '16 at 06:27
+1 Your answer is correct. I changed my key and recreated this. Writing a try catch to capture this error and return a more appropriate response. Thanks – GrahamJRoy Mar 05 '18 at 08:59

score 1 · Answer 3 · answered Sep 25 '17 at 10:20

My problem was I was taking the encryped output in bytes and converting it to a string. The string back to byte array (for decrypting) was not the same. I was using UTF8Encoding, then I tried ASCIIEnconding. Neither worked.

Convert.FromBase64String/ToBase64String worked fine, got rid of the padding issues and actually decrypted the data.

Rajib Chy · Answer 4 · 2018-08-23T22:27:41.233

It's work

using (FileStream fs = new FileStream( absolute, FileMode.Open )) {
    // create a CryptoStream in read mode
    using (CryptoStream cryptoStream = new CryptoStream( fs, decryptor, CryptoStreamMode.Read )) {
        int readLength = ( int )fs.Length;
        byte[] buffer = new byte[readLength];
        cryptoStream.Read( buffer, 0, readLength );
        using (MemoryStream ms = new MemoryStream( buffer )) {
            BinaryFormatter bf = new BinaryFormatter( );
            settings = ( SettingsJson )bf.Deserialize( ms );// Deserialize SettingsJson array
        }
    }
    fs.Close( );
}

Error RijndaelManaged, "Padding is invalid and cannot be removed"

Code

4 Answers4

Linked