AES Padding cant be removed

Question

Description

I am using a slightly modified security class taken straight from codeproject.com, I am using it to encrypt/decrypt aes byte arrays.

I have tested that the key generation method in these produces the same key, and they are given the same password and salt. they also have the same IV

the error is always on the line after the CryptoStream.Write in the AES_Decrypt function

"An unhandled exception of type 'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll

Additional information: Padding is invalid and cannot be removed."

(yes i know having a static salt is bad, this is only for testing purposes)

Solutions that didn't work

Paddingmode.Zeros
Paddingmode.None
.FlushFinalBlock();

Code

using System.Security.Cryptography;
using System.IO;
using System;

namespace FinexCore
{
    public class Security
    {
        /*
         * AES encrypt and decrypt from:
         * http://www.codeproject.com/Articles/769741/Csharp-AES-bits-Encryption-Library-with-Salt 
         */

        // Set your salt here, change it to meet your flavor:
        // The salt bytes must be at least 8 bytes.
        private byte[] saltBytes = new byte[] { 1, 2, 3, 4, 5, 6, 7, 8}; //8 bytes

        public byte[] AES_Encrypt(byte[] bytesToBeEncrypted, byte[] passwordBytes)
        {
            byte[] encryptedBytes = null;

            using (MemoryStream ms = new MemoryStream())
            {
                using (RijndaelManaged AES = new RijndaelManaged())
                {
                    AES.Padding = PaddingMode.PKCS7;

                    AES.KeySize = 256;
                    AES.BlockSize = 128;

                    var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);

                    AES.Key = key.GetBytes(AES.KeySize / 8);
                    AES.IV = key.GetBytes(AES.BlockSize / 8);

                    AES.Mode = CipherMode.CBC;

                    using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write))
                    {
                        cs.Write(bytesToBeEncrypted, 0, bytesToBeEncrypted.Length);
                        cs.FlushFinalBlock();
                    }
                    encryptedBytes = ms.ToArray();
                }
            }

            return encryptedBytes;
        }
    
        public byte[] AES_Decrypt(byte[] bytesToBeDecrypted, byte[] passwordBytes)
        {
            byte[] decryptedBytes = null;

            using (MemoryStream ms = new MemoryStream())
            {
                using (RijndaelManaged AES = new RijndaelManaged())
                {
                    AES.Padding = PaddingMode.PKCS7;

                    AES.KeySize = 256;
                    AES.BlockSize = 128;

                    var key = new Rfc2898DeriveBytes(passwordBytes, saltBytes, 1000);
                    AES.Key = key.GetBytes(AES.KeySize / 8);
                    AES.IV = key.GetBytes(AES.BlockSize / 8);

                    AES.Mode = CipherMode.CBC;

                    using (var cs = new CryptoStream(ms, AES.CreateDecryptor(), CryptoStreamMode.Write))
                    {
                        cs.Write(bytesToBeDecrypted, 0, bytesToBeDecrypted.Length);
                        cs.FlushFinalBlock();
                    }
                    decryptedBytes = ms.ToArray();
                }
            }

            return decryptedBytes;
        }

        public void Wipe()
        {
            Array.Clear(saltBytes, 0, saltBytes.Length);
        }
    }
}

note: the save and load functions are called with the exact same password

The code that calls the encryption

public void Load(byte[] password)
    {
        Security decryptor = new Security();
        byte[] bytes = decryptor.AES_Decrypt(System.IO.File.ReadAllBytes(Pathname()), password);

        using (MemoryStream stream = new MemoryStream(bytes))
        {
            var binaryFormatter = new System.Runtime.Serialization.Formatters.Binary.BinaryFormatter();
            Root = (Folder)binaryFormatter.Deserialize(stream);
        }
        Array.Clear(bytes, 0, bytes.Length);
        Array.Clear(password, 0, password.Length);
        decryptor.Wipe();
    }

    public void Save(byte[] password)
    {
        byte[] bytes;
        using (MemoryStream stream = new MemoryStream())
        {
            var binaryFormatter = new System.Runtime.Serialization.Formatters.Binary.BinaryFormatter();
            binaryFormatter.Serialize(stream, Root);
            bytes = stream.ToArray();
        }

        Security encryptor = new Security();
        bytes = encryptor.AES_Encrypt(bytes, password);

        System.IO.File.WriteAllBytes(Pathname(), bytes);
        Array.Clear(bytes, 0, bytes.Length);
        Array.Clear(password, 0, password.Length);
        encryptor.Wipe();
    }

Code for testing key generation

static void keytests()
{
    byte[] passwordBytes = { 1, 2, 3, 4, 5, 6, 7, 8, 9 };
    byte[] saltBytes = { 1, 2, 3, 4, 5, 6, 7, 8};
    int iterations = 1000;

    var key1 = new Rfc2898DeriveBytes(passwordBytes, saltBytes, iterations);
    var key2 = new Rfc2898DeriveBytes(passwordBytes, saltBytes, iterations);

    Console.WriteLine(BTS(key1.GetBytes(256 / 8)));
    Console.WriteLine(BTS(key2.GetBytes(256 / 8)));
}

public static string BTS(byte[] ba)
{
    StringBuilder hex = new StringBuilder(ba.Length * 2);
    foreach (byte b in ba)
        hex.AppendFormat("{0:x2}", b);
    return hex.ToString();
}

Works fine for me: http://ideone.com/Ny9ezA. How are you calling this stuff? — NullUserException, Aug 08 '16 at 16:55
this is how it is called http://pastebin.com/cp4yFige when calling the save and load functions, i use the exact same password — DOSLuke, Aug 08 '16 at 18:14
right but its dumb how you need to make a good question to gain rep, but you need rep to make a better question — DOSLuke, Aug 08 '16 at 18:35
You are doing a lot of needless stuff and not doing other things that probably ought to be done. — Ňɏssa Pøngjǣrdenlarp, Aug 08 '16 at 19:48
Why are you using serialization? This is needlessly adding another layer to the code — NullUserException, Aug 08 '16 at 19:57
can you encrypt a class without serializing it? if you look, on the load it casts it to a Folder, and thats what I am serializing. I dont think its unnecessary ;) — DOSLuke, Aug 08 '16 at 20:13
Presumably PaddingMode.None and PaddingMode.Zeros gave you different exceptions, though. Either of them would solve this specific problem, since they aren't modes that remove padding. — bartonjs, Aug 09 '16 at 13:44
no, the same exception in the same place still happened. i think lel. i tried a lot of different things. ill update tonight after work — DOSLuke, Aug 09 '16 at 17:55
Paddingmode.None gives the same error as PKCS7, but Zeros gives a different error, basically it decrypts it (improperly) and then the deserialization fails because it isnt the right byte array, garbled, etc — DOSLuke, Aug 10 '16 at 04:34
if this gets to 100 views and no attempted answers, im deleting it so i dont keep refreshing the page to check for one — DOSLuke, Aug 10 '16 at 12:23

AES Padding cant be removed

Description

Solutions that didn't work

Related Questions

Related Links

Code

The code that calls the encryption

Code for testing key generation

0 Answers0