C# AES 256-Bit Decrypt given Encrypted Text and Secret

Question

Somebody asked me how I would decrypt a given AES 256-bit encrypted string if I knew the secret key. I'm not very familiar with encryption, so I sat down to look into the problem.

I found this example on MSDN, and tried to modify it to do only the Decrypt:

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

internal class AesExample
{
    public static void Main()
    {
        var encryptedString = "U2FsdGVkX1/cHT8XuHCfpw0AV4jpaO8JfLqUeCRJqjY=";
        var secret = "SPARKY";

        // I know this is not the correct way to get my input byte arrays...
        // Just illustrating that I DO need byte arrays.
        var encryptedBytes = Encoding.UTF8.GetBytes(encryptedString);
        var secretBytes = Encoding.UTF8.GetBytes(secret);

        try
        {
            using (var aes = new AesManaged())
            {
                aes.Key = secretBytes;

                // Decrypt the bytes to a string. 
                var decryptedString = Decrypt(encryptedBytes, aes.Key, aes.IV);

                //Display the original data and the decrypted data.
                Console.WriteLine("Encrypted: {0}", encryptedString);
                Console.WriteLine("Decrypted: {0}", decryptedString);
            }
        }
        catch (Exception e)
        {
            Console.WriteLine("Error: {0}", e.Message);
        }
    }

    private static string Decrypt(byte[] cipherText, byte[] key, byte[] iv)
    {
        // Declare the string used to hold 
        // the decrypted text. 
        string plaintext;

        // Create an AesManaged object 
        // with the specified key and IV. 
        using (var aes = new AesManaged())
        {
            aes.Key = key;
            aes.IV = iv;

            // Create a decrytor to perform the stream transform.
            var decryptor = aes.CreateDecryptor(aes.Key, aes.IV);

            // Create the streams used for decryption. 
            using (var msDecrypt = new MemoryStream(cipherText))
            {
                using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
                {
                    using (var srDecrypt = new StreamReader(csDecrypt))
                    {
                        // Read the decrypted bytes from the decrypting stream 
                        // and place them in a string.
                        plaintext = srDecrypt.ReadToEnd();
                    }
                }
            }
        }

        return plaintext;
    }
}

Of course as soon as I hit the following line, a CryptographicExcetion is thrown with the message "Specified key is not a valid size for this algorithm." ==> aes.Key = secretBytes

Someone suggested taking a SHA1 hash of the secret and trimming that to 20 byes. I tried that, and I started getting a new CryptographicException with the message "Length of the data to decrypt is invalid."

So, I have a few questions:

1) Is this even possible given only the encrypted text and secret key?

2) If so, are them some base assumptions one would need to make, like the CipherMode? I was reading that the ECB mode doesn't have a initialization vector. That's why I ask.

3) What would I need to do to put the inputs (encrypted text and secret key) into the correct Byte[] format for the decryption to work?

Thanks!

Answer 1

You probably need more information to make this work. To answer your specific questions:

1. Yes, except that you don't have the secret key. "SPARKY" is not a valid AES key, as DavidH mentions, though passwords are routinely used to derive secret keys through what are called key derivation functions. You could try running your password through Rfc2898DeriveBytes (a popular KDF in .NET) to derive different AES keys that might work, but it too takes parameters that you apparently don't have. You could also try various SHA hash digests of your password, though again 20 bytes is not a valid AES key - you need a 16, 24 or 32 byte key.
2. If you don't have an IV, then yes, you'll have to assume the encryption uses ECB. (But note that in general you should never use ECB mode.)
3. Your encrypted string appears to be encoded using base64. Converting it to a byte array is simple enough in .NET using Convert.FromBase64String(encryptedString);.

This sounds like a fun exercise, but you're probably just going to end up frustrated without a bit more information.

Answer 2

AES key lengths are 128, 192, and 256 bit depending on the cipher you want to use. You must ensure that your string is the appropriate length of bytes.