Search code examples
c#asp.net-mvc.net-6.0.net-4.5

Differences in Cryptography between .NET Core 6 and ASP.NET MVC on .NET 4.5

I am using this method in an ASP.NET MVC app on .NET 4.5, and on a .NET Core 6 app. I don't get the same result decryptedValues.

I debug and I found that decryptedByteCount in ASP.NET MVC is 20, but in .NET 6, it is 16. Note that cipherTexts and passphrase are exactly the same.

What do I have to change in the .NET 6 version?

public static Dictionary<string, string> Decrypt(string[] cipherTexts, string passPhrase)
{
    var decryptedValues = new Dictionary<string, string>();

    if (cipherTexts == null || cipherTexts.Count() == 0 || string.IsNullOrEmpty(passPhrase))
    {
        return decryptedValues;
    }

    cipherTexts = cipherTexts.Where(q => !string.IsNullOrEmpty(q))
                             .Distinct().ToArray();

    using (PasswordDeriveBytes password = new PasswordDeriveBytes(passPhrase, null))
    {
        byte[] keyBytes = password.GetBytes(keysize / 8);

        using (RijndaelManaged symmetricKey = new RijndaelManaged())
        {
            symmetricKey.Mode = CipherMode.CBC;
            symmetricKey.Key = keyBytes;
            symmetricKey.IV = initVectorBytes;

            using (ICryptoTransform decryptor = symmetricKey.CreateDecryptor())
            {
                foreach (var cipherTextOrig in cipherTexts)
                {
                    // Revert mis behaved characters. StackOverflow: "some type of standard... substituting '-' with '+' and '_' by '/'"
                    // the Trim will remove the delimited char in case user choose the null value
                    var cipherTextFixed = cipherTextOrig.Trim(',').Replace("-", "+").Replace("_", "/");

                    var decryptedArray = new List<string>();

                    foreach (var cipherText in cipherTextFixed.Split(','))
                    {
                        byte[] cipherTextBytes = Convert.FromBase64String(cipherText);

                        using (MemoryStream memoryStream = new MemoryStream(cipherTextBytes))
                        {
                            using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                            {
                                byte[] plainTextBytes = new byte[cipherTextBytes.Length];
                                int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
                                decryptedArray.Add(Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount));
                            }
                        }
                    }

                    decryptedValues.Add(cipherTextOrig, String.Join(",", decryptedArray));
                }
            }
        }
    }

    return decryptedValues;
}
Solution

  • Replace

    byte[] plainTextBytes = new byte[cipherTextBytes.Length];
                        int decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
                        decryptedArray.Add(Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount));

    with `

    using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                            {
                                using (StreamReader streamReader = new StreamReader(cryptoStream))
                                {
                                    return streamReader.ReadToEnd().ToString();
                                }
                            }`