I am trying to encrypt and decrypt an xml file. The program trys to open, edit, and reencrypt the data, But I get the error "System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed." When I encrypt, then decrypt running the program twice, It works just fine, but the program creates an error when doing them both.
This is a very common error, but also a very vague one, with many different "scenarios". I've searched for a while one ways to fix it, and I've tried all of the "fixes" online. None have worked yet.
class Program
{
static void Main(string[] args)
{
}
public static void encFile(string input, string password)
{
GCHandle gch = GCHandle.Alloc(password, GCHandleType.Pinned);
FileEncrypt(input, password);
ZeroMemory(gch.AddrOfPinnedObject(), password.Length * 2);
gch.Free();
}
public static string output;
public static void decFile(string input, string password)
{
GCHandle gch = GCHandle.Alloc(password, GCHandleType.Pinned);
// Decrypt the file
output = FileDecrypt(input, password);
}
[DllImport("KERNEL32.DLL", EntryPoint = "RtlZeroMemory")]
public static extern bool ZeroMemory(IntPtr Destination, int Length);
/// <summary>
/// Encrypts a file from its path and a plain password.
/// </summary>
/// <param name="inputFile"></param>
/// <param name="password"></param>
private static void FileEncrypt(string inputFile, string password)
{
File.WriteAllText(Path.GetDirectoryName(inputFile) + "\\" + Path.GetFileNameWithoutExtension(inputFile) + ".dat", Crypto.EncryptStringAES(File.ReadAllText(inputFile), "Password123!"));
}
/// <summary>
/// Decrypts an encrypted file with the FileEncrypt method through its path and the plain password.
/// </summary>
/// <param name="inputFile"></param>
/// <param name="outputFile"></param>
/// <param name="password"></param>
private static string FileDecrypt(string inputFile, string password)
{
return Crypto.DecryptStringAES(File.ReadAllText(inputFile), password);
}
}
public class Crypto
{
//While an app specific salt is not the best practice for
//password based encryption, it's probably safe enough as long as
//it is truly uncommon. Also too much work to alter this answer otherwise.
private static byte[] _salt = Encoding.ASCII.GetBytes("rxONBa*&e03!%76N9mBlbR#@Xl&A&w");
/// <summary>
/// Encrypt the given string using AES. The string can be decrypted using
/// DecryptStringAES(). The sharedSecret parameters must match.
/// </summary>
/// <param name="plainText">The text to encrypt.</param>
/// <param name="sharedSecret">A password used to generate a key for encryption.</param>
public static string EncryptStringAES(string plainText, string sharedSecret)
{
if (string.IsNullOrEmpty(plainText))
throw new ArgumentNullException("plainText");
if (string.IsNullOrEmpty(sharedSecret))
throw new ArgumentNullException("sharedSecret");
string outStr = null; // Encrypted string to return
RijndaelManaged aesAlg = null; // RijndaelManaged object used to encrypt the data.
try
{
// generate the key from the shared secret and the salt
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, _salt);
// Create a RijndaelManaged object
aesAlg = new RijndaelManaged();
aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
aesAlg.Padding = PaddingMode.PKCS7;
// Create a decryptor to perform the stream transform.
ICryptoTransform encryptor = aesAlg.CreateEncryptor(aesAlg.Key, aesAlg.IV);
// Create the streams used for encryption.
using (MemoryStream msEncrypt = new MemoryStream())
{
// prepend the IV
msEncrypt.Write(BitConverter.GetBytes(aesAlg.IV.Length), 0, sizeof(int));
msEncrypt.Write(aesAlg.IV, 0, aesAlg.IV.Length);
using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
{
using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
{
//Write all data to the stream.
swEncrypt.Write(plainText);
}
}
outStr = Convert.ToBase64String(msEncrypt.ToArray());
}
}
finally
{
// Clear the RijndaelManaged object.
if (aesAlg != null)
aesAlg.Clear();
}
// Return the encrypted bytes from the memory stream.
return outStr;
}
/// <summary>
/// Decrypt the given string. Assumes the string was encrypted using
/// EncryptStringAES(), using an identical sharedSecret.
/// </summary>
/// <param name="cipherText">The text to decrypt.</param>
/// <param name="sharedSecret">A password used to generate a key for decryption.</param>
public static string DecryptStringAES(string cipherText, string sharedSecret)
{
if (string.IsNullOrEmpty(cipherText))
throw new ArgumentNullException("cipherText");
if (string.IsNullOrEmpty(sharedSecret))
throw new ArgumentNullException("sharedSecret");
// Declare the RijndaelManaged object
// used to decrypt the data.
RijndaelManaged aesAlg = null;
// Declare the string used to hold
// the decrypted text.
string plaintext = null;
try
{
// generate the key from the shared secret and the salt
Rfc2898DeriveBytes key = new Rfc2898DeriveBytes(sharedSecret, _salt);
// Create the streams used for decryption.
byte[] bytes = Convert.FromBase64String(cipherText);
using (MemoryStream msDecrypt = new MemoryStream(bytes))
{
// Create a RijndaelManaged object
// with the specified key and IV.
aesAlg = new RijndaelManaged();
aesAlg.Key = key.GetBytes(aesAlg.KeySize / 8);
// Get the initialization vector from the encrypted stream
aesAlg.IV = ReadByteArray(msDecrypt);
aesAlg.Padding = PaddingMode.PKCS7;
// Create a decrytor to perform the stream transform.
ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);
using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(csDecrypt))
// Read the decrypted bytes from the decrypting stream
// and place them in a string.
plaintext = srDecrypt.ReadToEnd();
}
}
}
finally
{
// Clear the RijndaelManaged object.
if (aesAlg != null)
aesAlg.Clear();
}
return plaintext;
}
private static byte[] ReadByteArray(Stream s)
{
byte[] rawLength = new byte[sizeof(int)];
if (s.Read(rawLength, 0, rawLength.Length) != rawLength.Length)
{
throw new SystemException("Stream did not contain properly formatted byte array");
}
byte[] buffer = new byte[BitConverter.ToInt32(rawLength, 0)];
if (s.Read(buffer, 0, buffer.Length) != buffer.Length)
{
throw new SystemException("Did not read byte array properly");
}
return buffer;
}
}
Running the following code that encrypts then decrypts will produce the error:
static void Main(string[] args)
{
string password = "Password123!";
encFile(@"C:\DIR\test.xml", password);
decFile(@"C:\DIR\test.dat", password);
Console.WriteLine(output);
}
But if you try first running this code that only encrypts the file:
static void Main(string[] args)
{
string password = "Password123!";
encFile(@"C:\DIR\test.xml", password);
}
and then decrypting the file in another process after the encryption:
static void Main(string[] args)
{
string password = "Password123!";
decFile(@"C:\DIR\test.dat", password);
Console.WriteLine(output);
}
Then the program will output the contents correctly, without an error.
How can I encrypt and decrypt the file in one run, without any errors.
The variable password, and the parameter with the same name, point to the same constant string. The first of your methods will zero that string out.
static void Main(string[] args)
{
string password = "Password123!";
encFile(@"C:\KaliPatriot\test.xml", password);
// password is now "\0\0\0\0\0\0\0\0\0"
decFile(@"C:\KaliPatriot\test.dat", password);
Console.WriteLine(output);
}
Using a string like this is very dangerous. Strings are supposed (and assumed) to be immutable and .NET also uses interning for strings.
You have managed to get UB (Undefined Behaviour) in C#, not something to be proud of.