When I try to encrypt a string using Bouncycastle V1.8.5 (aes256, gcm, nopadding), I get the Error Message
Exception calling "DoFinal" with "2" argument(s): "Output buffer too short"
My Code:
Add-Type -Path "C:\Program Files\PackageManagement\NuGet\Packages\BouncyCastle.1.8.5\lib\BouncyCastle.Crypto.dll"
$secretmessage = "Totalgeheim!"
$secretmessageBytes = [System.Text.Encoding]::UTF8.GetBytes($secretmessage)
$bytes = [system.byte[]]::CreateInstance([System.Byte],16)
[System.Security.Cryptography.RNGCryptoServiceProvider]::new().GetNonZeroBytes($bytes)
$key = $bytes
$bytes = [system.byte[]]::CreateInstance([System.Byte],8)
([System.Security.Cryptography.RNGCryptoServiceProvider]::new()).GetNonZeroBytes($bytes)
$salt = $bytes
[byte]$nonSecretPayload = $null
$cipher = [Org.BouncyCastle.Crypto.Modes.GcmBlockCipher]::new([Org.BouncyCastle.Crypto.Engines.AesEngine]::new())
$parameters = [Org.BouncyCastle.Crypto.Parameters.AeadParameters]::new([Org.BouncyCastle.Crypto.Parameters.KeyParameter]::new($key), 128, $salt, $nonSecretPayload) #payload als byte!!!
$cipher.Init($true, $parameters)
$ciphertext = [System.Text.Encoding]::UTF8.GetBytes($cipher.GetOutputSize($secretmessageBytes.Length))
$len = $cipher.ProcessBytes($secretmessageBytes, 0, $secretmessageBytes.Length, $ciphertext, 0)
$cipher.DoFinal($ciphertext, $len)
Does anyone has an idea, why this is not working as expected?
$cipher.GetOutputSize()
will output the byte-length as an integer - passing it to UTF8Encoding.GetBytes()
, implicitly converting it to a string, will result in an array of only a few bytes.
Replace this line:
$ciphertext = [System.Text.Encoding]::UTF8.GetBytes($cipher.GetOutputSize($secretmessageBytes.Length))
... with:
$ciphertext = [byte[]]::new($cipher.GetOutputSize($secretmessageBytes.Length))
If your script needs to run on versions older than PowerShell 5.0, use New-Object
or Array.CreateInstance()
instead:
$cipherText = [array]::CreateInstance([byte], $cipher.GetOutputSize($secretmessageBytes.Length))
# or
$cipherText = New-Object 'byte[]' -ArgumentList $cipher.GetOutputSize($secretmessageBytes.Length)