You are using zero padding. This pads the message with zero bytes until it reaches the block size (32 bytes in your case). Since zero padding is ambiguous (can't distinguish between an input that ended with zero bytes and the padding), .net doesn't remove it automatically.
So you have two choices:
- Use PKCS7 padding for both encryption and decryption (that's what I recommend)
- Manually strip all terminal zero bytes from the decrypted plaintext.
Your crypto isn't good either:
- Keys and IVs should be binary, not ASCII (use base64 encoding here)
- Using ASCII on the plaintext silently corrupts unicode characters - Use utf-8 instead
- You need a new random IV for each encryption call and need to read it back during decryption
- You should add a MAC, else active attacks (such as padding oracles) can often break it.
- Use
TransformFinalBlock
instead of those memory streams. - Why use Rijndael256 over AES?