Bad data while decrypting information using Triple DES
https://stackoverflow.com/questions/10781007
-
11-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I’m working on a mvc application over .Net, to secure my sensitive information such as info in web.config I’ve got two functions that encrypts and decrypts information using Triple DES, however I’m new to this and succeeded to reach by the help of a friend.
The Encryption function is working fine and returning me back the correct string however when I’m trying to decrypt the same string I’m getting
Exception Details: System.Security.Cryptography.CryptographicException: Bad Data.
Error on this line of the Decrypt function:
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length);
I tried to work it out in few ways that I’ve included as commented code, but they didn’t help, kindly help me out with this.
public static string Encrypt(string Message, string Passphrase)
{
byte[] Results;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(GetSHA256String(Passphrase)));
TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
TDESAlgorithm.Key = TDESKey;
TDESAlgorithm.Mode = CipherMode.ECB;
TDESAlgorithm.Padding = PaddingMode.PKCS7;
byte[] DataToEncrypt = UTF8.GetBytes(Message);
try
{
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length);
}
finally
{
TDESAlgorithm.Clear();
HashProvider.Clear();
}
return Convert.ToBase64String(Results);
//return Encoding.UTF8.GetString(Results);
}
public static string Decrypt(string Message, string Passphrase)
{
byte[] Results;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(GetSHA256String(Passphrase)));
TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
TDESAlgorithm.Key = TDESKey;
TDESAlgorithm.Mode = CipherMode.ECB;
TDESAlgorithm.Padding = PaddingMode.PKCS7;
try
{
byte[] DataToDecrypt = Convert.FromBase64String(Message);
//byte[] DataToDecrypt = UTF8.GetBytes(Message);
//byte[] DataToDecrypt = Encoding.UTF8.GetBytes(Message);
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length); // << ERROR is here.
}
finally
{
TDESAlgorithm.Clear();
HashProvider.Clear();
}
return UTF8.GetString(Results);
}
Solution
The TripleDES algorithm specifies an IV (Initialization Vector) which is used to ensure that repeated encryption of the same data with the same key produces different ciphertext. To decrypt successfully, the same IV must be used in the decryption process as was used during encryption.
As you are not currently specifying the IV (TDESAlgorithm.IV) when performing the encryption, the algorithm is setting it to a random value. The algorithm is also setting the IV used during decryption to a random value (but not the same one as used in the encryption), so the decryption process is failing.
To correct the issue you can use the following (note that the IV randomly generated at the encryption phase is output from the Encrypt method and passed to the Decrypt method):
public static string Encrypt(string Message, string Passphrase, out byte[] iv)
{
byte[] Results;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(GetSHA256String(Passphrase)));
TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
TDESAlgorithm.Key = TDESKey;
TDESAlgorithm.Mode = CipherMode.ECB;
TDESAlgorithm.Padding = PaddingMode.PKCS7;
// Capture the randomly generated IV
iv = TDESAlgorithm.IV;
byte[] DataToEncrypt = UTF8.GetBytes(Message);
try
{
ICryptoTransform Encryptor = TDESAlgorithm.CreateEncryptor();
Results = Encryptor.TransformFinalBlock(DataToEncrypt, 0, DataToEncrypt.Length);
}
finally
{
TDESAlgorithm.Clear();
HashProvider.Clear();
}
return Convert.ToBase64String(Results);
//return Encoding.UTF8.GetString(Results);
}
public static string Decrypt(string Message, string Passphrase, byte[] iv)
{
byte[] Results;
System.Text.UTF8Encoding UTF8 = new System.Text.UTF8Encoding();
MD5CryptoServiceProvider HashProvider = new MD5CryptoServiceProvider();
byte[] TDESKey = HashProvider.ComputeHash(UTF8.GetBytes(GetSHA256String(Passphrase)));
TripleDESCryptoServiceProvider TDESAlgorithm = new TripleDESCryptoServiceProvider();
TDESAlgorithm.Key = TDESKey;
// Apply the same IV used during encryption
TDESAlgorithm.IV = iv;
TDESAlgorithm.Mode = CipherMode.ECB;
TDESAlgorithm.Padding = PaddingMode.PKCS7;
try
{
byte[] DataToDecrypt = Convert.FromBase64String(Message);
//byte[] DataToDecrypt = UTF8.GetBytes(Message);
//byte[] DataToDecrypt = Encoding.UTF8.GetBytes(Message);
ICryptoTransform Decryptor = TDESAlgorithm.CreateDecryptor();
Results = Decryptor.TransformFinalBlock(DataToDecrypt, 0, DataToDecrypt.Length); // << ERROR is here.
}
finally
{
TDESAlgorithm.Clear();
HashProvider.Clear();
}
return UTF8.GetString(Results);
}
Note that you will need to store the IV along with the ciphertext if you are to successfully decrypt the data later.
OTHER TIPS
I faced the issue recently. An empty value had been passed to the Decrypt(). The TransformFinalBlock() (inside Decrypt()) throws Bad Data Exception if the Message (data to be decrypted) is empty.
So please add a null/empty check to the data that you want to decrypt before you call Decrypt().
