0

I am using following code to encrypt and decrypt the password,

public static string EncryptStringPassword(string plainSourceStringToEncrypt)
{
    //Set up the encryption objects
    using (AesCryptoServiceProvider acsp = GetProvider(Encoding.Default.GetBytes(Key)))
    {
        byte[] sourceBytes = Encoding.ASCII.GetBytes(plainSourceStringToEncrypt);
        ICryptoTransform ictE = acsp.CreateEncryptor();

        //Set up stream to contain the encryption
        MemoryStream msS = new MemoryStream();

        //Perform the encrpytion, storing output into the stream
        CryptoStream csS = new CryptoStream(msS, ictE, CryptoStreamMode.Write);
        csS.Write(sourceBytes, 0, sourceBytes.Length);
        csS.FlushFinalBlock();

        //sourceBytes are now encrypted as an array of secure bytes
        byte[] encryptedBytes = msS.ToArray(); //.ToArray() is important, don't mess with the buffer

        //return the encrypted bytes as a BASE64 encoded string
        return Convert.ToBase64String(encryptedBytes);
    }
}

//AES
public static string DecryptStringPassword(string base64StringToDecrypt)
{
    //Set up the encryption objects
    using (AesCryptoServiceProvider acsp = GetProvider(Encoding.Default.GetBytes(Key)))
    {
        byte[] RawBytes = Convert.FromBase64String(base64StringToDecrypt);
        ICryptoTransform ictD = acsp.CreateDecryptor();

        //RawBytes now contains original byte array, still in Encrypted state

        //Decrypt into stream
        MemoryStream msD = new MemoryStream(RawBytes, 0, RawBytes.Length);
        CryptoStream csD = new CryptoStream(msD, ictD, CryptoStreamMode.Read);
        //csD now contains original byte array, fully decrypted

        //return the content of msD as a regular string
        return (new StreamReader(csD)).ReadToEnd();
    }
}

private static AesCryptoServiceProvider GetProvider(byte[] key)
{
    AesCryptoServiceProvider result = new AesCryptoServiceProvider();
    result.BlockSize = 128;
    result.KeySize = 128;
    result.Mode = CipherMode.CBC;
    result.Padding = PaddingMode.PKCS7;

    result.GenerateIV();
    result.IV = new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 };

    byte[] RealKey = GetKey(key, result);
    result.Key = RealKey;
    // result.IV = RealKey;
    return result;
}

Suddenly while verifying one of the users password, I am getting error "padding is invalid and can not be removed".

for other users it working fine. Only for one user its giving problem.

Will it be possible if password has been changed recently and whether it contains any particular character? or will length of the password can produce this error? Will it be because of password itself (as i said may be length or something)

(before same user has no problem signing in the app)

otherwise what can be reason for getting above error?

Gaurav
  • 782
  • 5
  • 12
Harsha
  • 21
  • 1
  • 2
  • 2
    Don't store passwords. Ever. Also not encrypted. Use a good hasing algorithm instead. – Bart Friederichs Jan 21 '19 at 09:56
  • https://stackoverflow.com/q/8583112/2845389 – Kaushik Jan 21 '19 at 09:58
  • Possible duplicate of [Padding is invalid and cannot be removed?](https://stackoverflow.com/questions/8583112/padding-is-invalid-and-cannot-be-removed) – Ian Kemp Jan 21 '19 at 11:15
  • I am not storing the passwords anywhere for my application. Application on tab sends encrypted password to web application via web service. Where password is decrypted and checked against the ADID userid and password. So while decrypting I am getting the above error. – Harsha Jan 22 '19 at 03:10
  • as per this post, stackoverflow.com/q/8583112/2845389, I am explicitly setting padding mode to PKCS7. My doubt is so far its working perfect. Suddenly what happened and that to only one user. So I suspect is it because of password itself. User need to change their password every 6 months I think (users own organisation rule). So far user might have changed password at least 2 to 3 times since using our app but did not have any issue. – Harsha Jan 22 '19 at 03:12

0 Answers0