2

I enter the name of archive in a textbox to get the message of this archive.

I write password in a textbox

I Calculate the salt.

Button Click

    private void button1_Click_1(object sender, EventArgs e)
    {
        String message;
        String password;
        String result;
        String resultSalt;
        String nameResult;
        byte[] salt;


        password = textBox2.Text;
        nameResult = textBox3.Text;
        new RNGCryptoServiceProvider().GetBytes(salt = new byte[16]);

        resultSalt = Convert.ToBase64String(salt);

        if (radioButton1.Checked == true)
        {
            message = readArchive();
            result = Encrypt(message,password,resultSalt);
            try
            {
                File.WriteAllText(nameResult, result);
                MessageBox.Show("Encrypt Ok");
            }
            catch
            {
                MessageBox.Show("Error");
            }

        }
        else
        {
            message = readArchive();
            result = Decrypt(message,password,result);
            try
            {
                File.WriteAllText(nameResult, resultSalt);
                MessageBox.Show("Decrypt OK");
            }
            catch
            {
                MessageBox.Show("Error");
            }

        }
    }

Method Encrypt

    public static string Encrypt(string message, string pass, string salt)
    {
        AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
        DeriveBytes rgb = new Rfc2898DeriveBytes(pass, Encoding.Unicode.GetBytes(salt), 9);
        byte[] key = rgb.GetBytes(aes.KeySize >> 3);
        byte[] iv = rgb.GetBytes(aes.BlockSize >> 3);
        aes.Mode = CipherMode.CBC;
        aes.Key = key;
        aes.IV = iv;
        ICryptoTransform encryptor = aes.CreateEncryptor();
        byte[] data = Encoding.Unicode.GetBytes(message);
        byte[] dataencrypt = encryptor.TransformFinalBlock(data, 0, data.Length);
        return Convert.ToBase64String(dataencrypt);
    }

Method decrypt

    public static string Decrypt(string message, string pass, string salt)
    {
        AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
        DeriveBytes rgb = new Rfc2898DeriveBytes(pass, Encoding.Unicode.GetBytes(salt), 9);
        byte[] key = rgb.GetBytes(aes.KeySize >> 3);
        byte[] iv = rgb.GetBytes(aes.BlockSize >> 3);
        aes.Mode = CipherMode.CBC;
        aes.Key = key;
        aes.IV = iv;
        ICryptoTransform decryptor = aes.CreateDecryptor();
        byte[] data = Convert.FromBase64String(message);
        byte[] datadecrypt = decryptor.TransformFinalBlock(data, 0, data.Length);
        return Encoding.Unicode.GetString(datadecrypt);
    }

Method readArchive

    private string readArchive()
    {
        String nameArchive = textBox1.Text;
        String text = "";
        try
        {

            text = File.ReadAllText(@nameArchive);

        }
        catch
        {

            MessageBox.Show("Error.");
        }
        return text;
    }

Error line

byte[] datadecrypt = decryptor.TransformFinalBlock(data, 0, data.Length);

Unhandled exception of type 'System.Security.Cryptography.CryptographicException' in System.Core.dll

Additional information: The padding between characters is not valid and can not be removed.

Teddy
  • 35
  • 5
  • need more info. what's the exception message? and does it has any inner exception and what is it? – GhostTW Nov 05 '17 at 11:02
  • `Unicode.GetBytes(salt)` is weak, but it has to match the encryption. – H H Nov 05 '17 at 11:55
  • Write up a complete [mcve] with the Decryption _and_ the Encryption code. – H H Nov 05 '17 at 11:56
  • The PaddingMode should also match that on the Encryption. But quite possibly you're mangling the Base64 somewhere along the line. – H H Nov 05 '17 at 11:58
  • With almost no exception a padding error means that the decryption failed due to incorrect inputs. – zaph Nov 05 '17 at 14:49

1 Answers1

2

You are base64 encoding your salt with: resultSalt = Convert.ToBase64String(salt) before passing it to your Encrypt(..) and then taking the byte value of the base64 encoded string with Encoding.Unicode.GetBytes(salt). This is probably not what you want, instead pass it as a byte[], or do a proper base64 decode before you use it.

But this is not the main problem .. the main problem is that you pass the result to your Decrypt(..) instead of resultSalt. But when you do that, you need to ensure that it's the same as used on the Encrypt(..) .. currently you generate a new salt on each click.

Ebbe M. Pedersen
  • 7,250
  • 3
  • 27
  • 47