1

I'm trying to use the Key below given to me by my client to encrypt a string

   public static string EncryptKey()
        {
            var word = "9999";
            var key = "Z1UbeuBT7Uu3SZinrq0vzuDVXBU5FbiKksopJswQGk81";
            var iv = "KUNd9fhw48li2WUZ";
            byte[] result = null;
            byte[] wordBytes = Encoding.UTF8.GetBytes(word);
            using (MemoryStream ms = new MemoryStream())
            {
                using (RijndaelManaged AES = new RijndaelManaged())
                {
                    AES.Key = Convert.FromBase64String(key);
                    AES.IV = Encoding.UTF8.GetBytes(iv);

                    using (var cs = new CryptoStream(ms, AES.CreateEncryptor(), CryptoStreamMode.Write))
                    {
                        cs.Write(wordBytes, 0, wordBytes.Length);
                        cs.Close();
                    }
                    byte[] encryptedBytes = ms.ToArray();
                    result = encryptedBytes;
                    return Convert.ToBase64String(result);
                }
            }
        }

but I get an error

System.Security.Cryptography.CryptographicException: 'Specified key is not a valid size for this algorithm.

The client has been using this Key.

What am I doing wrong?

Emeka Ani
  • 11
  • 4
  • How long is `AES.Key` after it is set? – Artjom B. Oct 25 '20 at 20:36
  • My key length is 33 after Converting FromBase64String(key) but the AES.Key is expecting a length of 32. – Emeka Ani Oct 25 '20 at 20:43
  • I don't know if the way I'm converting the Key to Byte arrays is the cause of the error or something else I'm doing wrong. – Emeka Ani Oct 25 '20 at 20:47
  • Well, you're key is invalid. Perhaps the implementation of your client is more forgiving that yours. Have you tried to use only the first 32 bytes of the key? – Artjom B. Oct 25 '20 at 21:01
  • Yes, the first 32byte encrypts but won't decrypt when I send it to the client API. – Emeka Ani Oct 25 '20 at 21:06
  • The client insisted that the key is valid and other people consuming the API has been using it as well. – Emeka Ani Oct 25 '20 at 21:07
  • Kindly help me - you get a key & init-vector from your client to encrypt some data (here "9999"). Did the client give more information about the encryption (AES mode, key derivation) or anything more? Is the API the client uses for decryption public available so we can run a test from our side? – Michael Fehr Oct 25 '20 at 21:38
  • The client didn't give further information on the AES Mode, I'm just trying to figure it out myself as they seem not to have technical people that will give more information in this regard. The error happens on the line where I try to assign value to the AES.Key = Convert.FromBase64String(key); Unfortunately the API for decryption is not public. – Emeka Ani Oct 25 '20 at 21:52
  • 2
    Your client need to understand that encryption is not like translation or simple mathematics.Without exact details about encryption you will not been able to encrypt that your client is been able to decrypt. It could be helpful to see a running encryption (or decryption) code in any language to help you. If you can't get this information - sorry for writing it - it is time to say "good bye" to your client :-( – Michael Fehr Oct 25 '20 at 22:05
  • Thanks, I appreciate your efforts, I will get back to my client. I just wanted to be sure I'm not missing something. So is now certain the Key is invalid. Thanks – Emeka Ani Oct 25 '20 at 22:59
  • "So is now certain the Key is invalid" - nobody said this. When base64-decoding the string with the key gives a 33 byte long array that is not usable as direct input to an AES function. Some systems are doing a key derivation with an input string (e.g. PBKDF2) and then there is no length limitations. But your client has to provide some more informations to run a correct encryption. – Michael Fehr Oct 25 '20 at 23:43

1 Answers1

0

My client uses

HttpServerUtility.UrlTokenDecode(string input);

for decoding the base64 string.

Hope this helps someone in the future.

Emeka Ani
  • 11
  • 4
  • How does this help you/us in your problem that the keysize is not fitting AES needs? – Michael Fehr Oct 27 '20 at 15:18
  • converting the key to byte arrays using Convert.FromBase64String(key) gives us a key array with a length of 33 which causes the error above because the AES.Key is expecting a key array with a length of 32. HttpServerUtility.UrlTokenDecode(key) this will return a key array with a length of 32. I hope you understand now? Thanks. – Emeka Ani Oct 27 '20 at 16:36
  • `HttpServerUtility` seems to use a (MS proprietary?) variant of Base64url where the padding characters are replaced by their number, i.e. `Z1UbeuBT7Uu3SZinrq0vzuDVXBU5FbiKksopJswQGk81` corresponds to the [RFC 4648](https://en.wikipedia.org/wiki/Base64#Variants_summary_table) base64url variant (with padding characters) `Z1UbeuBT7Uu3SZinrq0vzuDVXBU5FbiKksopJswQGk8=`, which is converted to the _same_ 32 `byte[]` with `Convert.FromBase64String()`, see [here](https://stackoverflow.com/a/35435664). – Topaco Oct 27 '20 at 18:36