How to encrypt query string avoiding plus sign and slashes and backslashes?

Question

Every time I try new encryption algorithm to get encrypted string and use it in QUeryString I face a problem of generating not clean string (string that doesn't contain (+) sign and (/) ).
I want to use it in ASP.NET MVC. Isn't there a way to encrypt a string avoiding these signs ?.

I'm encrypting a string (either if it is a valid query string or not it shouldn't matter) then I append this string to a URL I have

EDIT 1: Here's the encrypting code:

        public string Encrypt(string inputText, string key = "", string salt = "")
    {
        key = !string.IsNullOrEmpty(key) ? key : EncryptionKey;
        salt = !string.IsNullOrEmpty(salt) ? salt : EncryptionSalt;

        byte[] plainText = Encoding.UTF8.GetBytes(inputText);

        using (RijndaelManaged rijndaelCipher = new RijndaelManaged())
        {
            PasswordDeriveBytes secretKey = new PasswordDeriveBytes(Encoding.ASCII.GetBytes(key), Encoding.ASCII.GetBytes(salt));
            using (ICryptoTransform encryptor = rijndaelCipher.CreateEncryptor(secretKey.GetBytes(32), secretKey.GetBytes(16)))
            {
                using (MemoryStream memoryStream = new MemoryStream())
                {
                    using (CryptoStream cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                    {
                        cryptoStream.Write(plainText, 0, plainText.Length);
                        cryptoStream.FlushFinalBlock();
                        string base64 = Convert.ToBase64String(memoryStream.ToArray());

                        // Generate a string that won't get screwed up when passed as a query string.
                        string urlEncoded = HttpUtility.UrlEncode(base64);
                        return urlEncoded;
                    }
                }
            }
        }
    }

EDIT 2:
Example of the encoded string:

1|6

Just like that, And I want to receive it by a string argument in ASP.NET MVC action.

You should be URL encoding whatever you put in the query string, so it won't matter if the encrypted string contains those characters. — Jack A., Mar 17 '16 at 17:59
@JackA. I did, I got something like: K2DH%2bdFZN8HmSDeyt1pvBA%3d%3d And it caused a white page in my ASP.NET MVC — Dabbas, Mar 17 '16 at 18:03
You're going to have to include details of how the query string is being produced and consumed, including the code that does both. — Jack A., Mar 17 '16 at 18:06
It is still unclear what you are encrypting - please show all relevant code. Note that you can only encrypt querystring *values* in URLs that are to be interpreted by the server, the rest of the format needs to be intact or the server won't understand how to parse it. (?key1=value&key2=encryptedValue&key3=encryptedValue) — NightOwl888, Mar 17 '16 at 18:10
@NightOwl888 I'm encrypting a string (either if it is a valid query string or not it shouldn't matter) then I append this string to a URL I have — Dabbas, Mar 17 '16 at 18:14
We need to see the code that adds the encrypted string to the URL as well as the code that receives the encrypted string from the URL. One note: you should not include the call to `UrlEncode` in your encryption function. — Jack A., Mar 17 '16 at 18:14
Why are you encryption part of the querry string. The issue is Base64 has there characters that many need URL encoding: \, + and =. Note that is you use https the url string is sent encrypted but may end up in logs. — zaph, Mar 17 '16 at 18:16
@JackA. it's just appending strings, no special methods at all, just a simple appending. — Dabbas, Mar 17 '16 at 18:16
@Dabbas: And how do you consume this "just simple appended" string on the server side? — derpirscher, Mar 17 '16 at 18:18
Related question: [Need an Encryption/decryption method does not have a '/' in the encrypted string](http://stackoverflow.com/questions/15109313/need-an-encryption-decryption-method-does-not-have-a-in-the-encrypted-string) — CodesInChaos, Mar 22 '16 at 12:21

derpirscher · Accepted Answer · 2016-03-17T18:27:16.333

2

Well, you could for instance convert to a HEX string instead of base64, this will only contain letters A-F and 0-9, so no problem with url encoding, but I'm quite sure, that's not the root of your problem.

Do you encrypt each parameter value separately or do you encrypt the whole query string together. Because if you are doing the latter, the server won't be able to get the parameter values. If you are doing the former, you will have to decrypt each parameter value separately on the server as well.

EDIT

I have done something similar years back, because it was an requirement of a customer. So I had all my actions just accepting one parameter

http://example.com/Home/SomeAction?value=SomeEncryptedString

SomeEncryptedString contained an encrypted (and of course URLEncoded afterwards) querystring (value1=hello&value2=world). And on the server side, first step in the action was to decrypt the string and parse the result into a NameValue collection.

edited Mar 17 '16 at 18:27

answered Mar 17 '16 at 18:17

derpirscher

14,418
3
18
35

1

Converting the bytes to hexa instead of using base64 saved me, thanks :) – Dabbas Mar 17 '16 at 18:27
@Dabbas Using hex rather than base 64 will eliminate the special characters, but if you are handling your query string correctly, the special characters should not cause a problem. You might benefit from learning how to fix the actual problem rather than simply working around it. – Jack A. Mar 17 '16 at 18:58
@JackA. But how to handle it "correctly" ?, if it's generated with errors (those chars I mean) I need first to avoid generating these chars in order to be able to request the URL and get the query string then handle it. – Dabbas Mar 18 '16 at 07:13
@Dabbas If you are correctly ENcoding it when adding to the URL and correctly DEcoding it when retrieving it from the URL, then the presence of special characters should not cause a problem. That's why we've been asking to see that code. – Jack A. Mar 18 '16 at 14:38

How to encrypt query string avoiding plus sign and slashes and backslashes?

1 Answers1