1

I found this on the error log file, but the website still working fine. I unable to reproduce the issue, I still worry about it because I saw this happens quite frequent on the error log.

Anyone have what caused the error?

public static string Decrypt(string inputText)
{
    if (String.IsNullOrEmpty(inputText))
        return string.Empty;
    RijndaelManaged rijndaelCipher = new RijndaelManaged();
    byte[] encryptedData = Convert.FromBase64String(inputText);
    PasswordDeriveBytes secretKey = new PasswordDeriveBytes(ENCRYPTION_KEY, SALT);

    using (ICryptoTransform decryptor = rijndaelCipher.CreateDecryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
    {
        using (MemoryStream memoryStream = new MemoryStream(encryptedData))
        {
            using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
            {
                byte[] plainText = new byte[encryptedData.Length];
                int decryptedCount = cryptoStream.Read(plainText, 0, plainText.Length);
                return Encoding.Unicode.GetString(plainText, 0, decryptedCount);
            }
        }
    }
}

The error throws at the line below

return Encoding.Unicode.GetString(plainText, 0, decryptedCount);

And this is what saw on the error logs

System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
   at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
   at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
   at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
   at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
   at System.IO.Stream.Close()
   at QueryStringModule.Decrypt(String inputText) in line 135
   at QueryStringModule.context_BeginRequest(Object sender, EventArgs e) in E:\SSv45\Pages\QueryStringModule.cs:line 46
   at System.Web.HttpApplication.SyncEventExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Thanks Ming-fei

Avery Lam
  • 19
  • 3
  • http://stackoverflow.com/a/8590161/1663001 – DavidG Oct 21 '15 at 08:59
  • It could be anything: encoding error, wrong key, wrong mode, wrong padding mode. Please show the encryption code and try to make it a [Minimal, Complete, and Verifiable example](http://stackoverflow.com/help/mcve). – Artjom B. Oct 21 '15 at 12:13

2 Answers2

2

Yes, you should be worried, because of multiple reasons, the main one is your data not being decrypted of course.

But looking into the code there is a lot to worry about as well:

  1. for a website URL-safe base 64 should be used to avoid random decryption errors;
  2. the encryption key and salt seem constant, in that case using PasswordDeriveBytes is not required and only provides false protection + an unwanted slow down;
  3. the key and IV will be static so you can distinguish between ciphertext;
  4. PasswordDeriveBytes is not secure for data beyond 20 bytes and may even repeat bytes of the key in the IV;
  5. the Read method may not return all of the data bytes;
  6. it is using Unicode encoding, which in the case of Microsoft means UTF-16LE, basically requiring two times as many bytes for normal text;
  7. no explicit error handling or distinguishing between system exceptions and input related exceptions.

You should not be using CBC over network connections where a man in the middle is possible because of padding oracle attacks. Your "encrypted" data may not be confidential!. If there are many, many logs about this then somebody may actually be decrypting your ciphertext as we speak.

Basically this code manages to jump in each and every possible pit available. The issue you are experiencing is probably due to #1 or #5.

You should however create a complete redesign of the code, preferably by someone that knows what he/she is doing.

Maarten Bodewes
  • 90,524
  • 13
  • 150
  • 263
1

Your code is using Rijndael, which is a block cypher, meaning it encrypts data in 16 character blocks (128 bit blocks).

If the last block of the data being encrypted is not long enough (<128 bits), padding has to be added to it to ensure it's encryptable.

If you are explicitly setting the padding during encryption, you need to make sure you explicitly set it as well during decryption. If you are not explicitly setting it during the encryption, then you don't need to explicitly set it during decryption - just make sure the two methods match.

You can also get this error if the key used when encrypting is not the same as the one used for decryption.

Sk93
  • 3,676
  • 3
  • 37
  • 67