6

I have been looking at a lot of different C# encryption examples. In most examples the encryption Key as well as the Initialization Vector (IV) are passed into the encryption/decryption methods as an array of bytes.

I would like to store the Key and IV as strings. The Key in a Hardware Security Module and the IV as an nvarchar in the SQL Server database.

I keep running into propblems on how to properly convert the Key and the IV as string. Some examples say to use Base64 Encoding while other examples use Encoding.UTF8.

Here is an example that generates an IV and converts it to a Base64 string...

using (var aesProvider = new AesCryptoServiceProvider())
{
    aesProvider.GenerateIV();
    var ivBase64 = Convert.ToBase64String(aesProvider.IV);
    return ivBase64;
}

However, when I pass this string representation of the IV into the encryption method and then convert it back to a byte array the following code fails saying the IV is not the proper size.

byte[] initVectorBytes = Encoding.UTF8.GetBytes(initializationVector);`
// intermediate code excluded for brevity
ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes);

Is there a standard way of converting an encryption Key and IV back and forth between a byte array and String representation?

webworm
  • 10,587
  • 33
  • 120
  • 217
  • 2
    [This is the best answer on encryption](http://stackoverflow.com/a/10366194/542251) I've found. I basically just use this code now. It accepts a string BTW – Liam Mar 22 '16 at 16:46
  • @Liam - Thanks for the great example! Which one of the code example do you use? There are a bunch listed. – webworm Mar 22 '16 at 17:01
  • It depends! I recently used the SimpleDecryptWithPassword, I wasn't that concerned about security I mainly wanted to obfuscate some data. The method you use will depend on how secure you want the data – Liam Mar 22 '16 at 17:06
  • @webworm have you found an actual solution to this? Maybe it's Jim Flood's answer here? – superjos Mar 20 '18 at 09:10
  • @superjos: Yes indeed. I should have marked it as the answer. I have since marked it as the answer. Thanks for catching this. – webworm Mar 20 '18 at 20:13

1 Answers1

11

You cannot convert binary data to UTF-8 and back again. Some binary sequences are not valid UTF-8 characters and when you convert to UTF-8 that data is lost. It's the equivalent of some characters getting set to '?' when converting between encodings.

You can instead use base64 encoding of binary data to text, and then base64 decode to get back the original binary.

Try converting this to UTF-8, for example: "\x00?\xdc\x80" (that's four bytes: 0, 63, 220, 128). It won't encode to UTF-8 -- it's not valid.

The standard way is using Base-64 encoding - How do I encode and decode a base64 string?

Alexei Levenkov
  • 98,904
  • 14
  • 127
  • 179
Jim Flood
  • 8,144
  • 3
  • 36
  • 48
  • 1
    Awesome example. I think I was getting confused because the Encryption/Decryption methods I was using made use of UTF8 encoding .. `byte[] plainTextBytes = Encoding.UTF8.GetBytes(plainText);` – webworm Mar 22 '16 at 16:59