I’m working on a mvc application over .Net, to secure my sensitive information such as info in web.config I’ve got two functions that encrypts and decrypts information using Triple DES, however I’m new to this and succeeded to reach by the help of a friend.
The Encryption function is working fine and returning me back the correct string however when I’m trying to decrypt the same string I’m getting
Exception Details: System.Security.Cryptography.CryptographicException: Bad Data.
Error on this line of the Decrypt function:
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length);
I tried to work it out in few ways that I’ve included as commented code, but they didn’t help, kindly help me out with this.
public static string Encrypt(string Message, string Passphrase)
{
byte[] Results;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(GetSHA256String(Passphrase)));
TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
TDESAlgorithm.Key = TDESKey;
TDESAlgorithm.Mode = CipherMode.ECB;
TDESAlgorithm.Padding = PaddingMode.PKCS7;
byte[] DataToEncrypt = UTF8.GetBytes(Message);
try
{
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length);
}
finally
{
TDESAlgorithm.Clear();
HashProvider.Clear();
}
return Convert.ToBase64String(Results);
//return Encoding.UTF8.GetString(Results);
}
public static string Decrypt(string Message, string Passphrase)
{
byte[] Results;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(GetSHA256String(Passphrase)));
TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
TDESAlgorithm.Key = TDESKey;
TDESAlgorithm.Mode = CipherMode.ECB;
TDESAlgorithm.Padding = PaddingMode.PKCS7;
try
{
byte[] DataToDecrypt = Convert.FromBase64String(Message);
//byte[] DataToDecrypt = UTF8.GetBytes(Message);
//byte[] DataToDecrypt = Encoding.UTF8.GetBytes(Message);
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length); // << ERROR is here.
}
finally
{
TDESAlgorithm.Clear();
HashProvider.Clear();
}
return UTF8.GetString(Results);
}
The TripleDES algorithm specifies an IV (Initialization Vector) which is used to ensure that repeated encryption of the same data with the same key produces different ciphertext. To decrypt successfully, the same IV must be used in the decryption process as was used during encryption.
As you are not currently specifying the IV (
TDESAlgorithm.IV) when performing the encryption, the algorithm is setting it to a random value. The algorithm is also setting the IV used during decryption to a random value (but not the same one as used in the encryption), so the decryption process is failing.To correct the issue you can use the following (note that the IV randomly generated at the encryption phase is output from the
Encryptmethod and passed to theDecryptmethod):Note that you will need to store the IV along with the ciphertext if you are to successfully decrypt the data later.