Proper C# Rijndael IV Usage/Storage

StackOverflow https://stackoverflow.com/questions/12998848

Question

Afternoon,

So I'm fairly new to all these encryption methods and usages. I've just started building an Encryption Implementation. Now My method of encryption and decryption seems to be working fine.. Till I read I failed horribly for using a Hardcoded IV in the RijndaelManaged class.

I'm reading everywhere that It's better(and safer) to have each encrypted file's IV be uniquely generated at "Encryption time" and saved at the front/beginning of the File where as the rest of encrypted bytes are saved directly after this. (If I understand this correctly)

I've been having a real hard time figuring out my problem, because each time I Encrypt a file, I write the IV to the first 16 bytes(As the class, MSDN, Google and some folk on this forum suggested) of the file and directly after that I write the rest of the Encrypted bytes to the filestream. (The IV is saved in plaintext..Or well unencrypted bytes < Also is this okey?)

My problem is when I try to decrypt the file using precisely the same Key it fails: Before I start reading chunks of the file for decryption(Buffering) I try to read the File's first 16bytes for the plaintexted IV and use it in the RijndaelManaged Class instance.

This seems to fail. I checked, I think I may be making some schoolboy error somewhere: Because I can't seem to read the same 16 bytes from the Encrypted file once I wish to decrypt it.

This is the Code I use to do the File handling PRIOR to Encryption(Not the encryption it self)

using (RijndaelManaged RM = new RijndaelManaged())
using (FileStream StreamIN = new FileStream(FileIN, FileMode.Open, FileAccess.Read))
using (FileStream StreamOUT = new FileStream(FileOUT, FileMode.Append, FileAccess.Write))
{
    //Setup Variable ChunkSize and The Total bytes Read into the streams
    int ChunkSize = 1024 * 1024 * 32; 

    RM.GenerateIV();

    foreach (var item in RM.IV)
    {
        Console.Write("[ " + item + "] ");
    }

    StreamOUT.Seek(0, SeekOrigin.Begin);
    StreamOUT.Write(RM.IV, 0, RM.IV.Length);
    StreamOUT.Seek(RM.IV.Length, SeekOrigin.Begin);

    int TotalBytesRead = 0;                       

    //File Buffer Implementation
    for (long i = 0; i < StreamIN.Length; i += ChunkSize)
    {
        //ChunkData byte array determined by ChunkSize
        byte[] ChunkData = new byte[ChunkSize];
        //Current Bytes Read from the IN Stream
        int BytesRead = 0;
        while ((BytesRead = StreamIN.Read(ChunkData, 0, ChunkSize)) > 0)
        {
            //Call Encryption from local Class

            Console.WriteLine("Bytes Read: {0}", TotalBytesRead += BytesRead);

            ChunkData = Crypt.Encrypt(ChunkData, KeyBytes, RM.IV);

            //Write byte array to File
            StreamOUT.Write(ChunkData, 0, BytesRead);
        }
    }
}

And this is my code for File handling PRIOR to Decryption(Not Decryption itself)

using (RijndaelManaged RM = new RijndaelManaged())
using (FileStream StreamIN = new FileStream(FileIN, FileMode.Open, FileAccess.Read))
using (FileStream StreamOUT = new FileStream(FileOUT, FileMode.Append, FileAccess.Write))
{
    //Setup Variable ChunkSize and The Total bytes Read into the streams
    int ChunkSize = 1024 * 1024 * 32; 


    StreamIN.Seek(0, SeekOrigin.Begin);
    int Read = StreamIN.Read(RM.IV, 0, 16);
    StreamIN.Seek(RM.IV.Length, SeekOrigin.Begin);

    int TotalBytesRead = 0;

    foreach (var item in RM.IV)
    {
        Console.Write("[ " + item + "] ");
    }

    //File Buffer Implementation
    for (long i = 0; i < StreamIN.Length; i += ChunkSize)
    {
        //ChunkData byte array determined by ChunkSize
        byte[] ChunkData = new byte[ChunkSize];
        //Current Bytes Read from the IN Stream
        int BytesRead = 0;

        while ((BytesRead = StreamIN.Read(ChunkData, 0, ChunkSize)) > 0)
        {

            Console.WriteLine("Bytes Read: {0}", TotalBytesRead += BytesRead);                                

            //Call Decryption from local Class
            ChunkData = Crypt.Decrypt(ChunkData, KeyBytes, RM.IV);

            //Write byte Array to file
            StreamOUT.Write(ChunkData, 0, BytesRead);
        }
    }
}

I think that's all of it? Also, the "Console" and other useless calls are only made to help me check and figure out the problem thusfar. I'm using Visual Studios 2010, and trying to implement the RijndaelManaged class.

The Encryption/Decryption Methods are passed the FileChunks(byte array) with my Key and the IV and these return a byte array(Crypted) which is saved to the stream.

I Hope my question is clear? If not Ill try to explain better, I've read everywhere looking for help on this particular problem but most other questions posted here are outside of my scope.

I really would appreciate any help, I'm sure I'm making a clown mistake somewhere..

Thank you!!

Was it helpful?

Solution

As per long-standing Framework guidelines, it looks like SymmetricAlgorithm.IV has been written not to return an internal array. This means that it's handing you back a copy, so subsequent changes to it aren't reflected in the RijndaelManaged instance.

// Effectively reading the persisted value into a temporary array
// and throwing away the temporary.
int Read = StreamIN.Read(RM.IV, 0, 16);

In order to make the change stick and set the IV to the persisted value, you need to actually set the IV property explicitly, rather than just modifying the value it returned previously.

byte[] persistedIv = new byte[16];
StreamIN.Read(persistedIv, 0, persistedIv.Length);
RM.IV = persistedIv;
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top