Reputation: 2788
Encrypt & Decrypt querystring values using AES 256
I am using the following code to Encrypt/Decrypt a querystring and pass it from one page to another. The resulting output is missing a '+' (see at the bottom of the question). What can I do to make sure the '+' comes thru as I am already using urlencode/urldecode?
//Encryption page
protected void Page_Load(object sender, EventArgs e)
{
string text = "ABCDEFGHIJKLMNOPQRSTUVWXYZ";
Response.Write("256:" + Decrypt256(Encrypt256(text)));
Response.Write(string.Format("<br/><a href=\"decrypt.aspx?p={0}\">{0}</a>", HttpUtility.UrlEncode(Encrypt256(text))));
}
private const string AesIV256 = @"!QAZ2WSX#EDC4RFV";
private const string AesKey256 = @"5TGB&YHN7UJM(IK<5TGB&YHN7UJM(IK<";
private string Encrypt256(string text)
{
// AesCryptoServiceProvider
AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
aes.BlockSize = 128;
aes.KeySize = 256;
aes.IV = Encoding.UTF8.GetBytes(AesIV256);
aes.Key = Encoding.UTF8.GetBytes(AesKey256);
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
// Convert string to byte array
byte[] src = Encoding.Unicode.GetBytes(text);
// encryption
using (ICryptoTransform encrypt = aes.CreateEncryptor())
{
byte[] dest = encrypt.TransformFinalBlock(src, 0, src.Length);
// Convert byte array to Base64 strings
return Convert.ToBase64String(dest);
}
}
/// <summary>
/// AES decryption
/// </summary>
private string Decrypt256(string text)
{
// AesCryptoServiceProvider
AesCryptoServiceProvider aes = new AesCryptoServiceProvider();
aes.BlockSize = 128;
aes.KeySize = 256;
aes.IV = Encoding.UTF8.GetBytes(AesIV256);
aes.Key = Encoding.UTF8.GetBytes(AesKey256);
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
// Convert Base64 strings to byte array
byte[] src = System.Convert.FromBase64String(text);
// decryption
using (ICryptoTransform decrypt = aes.CreateDecryptor())
{
byte[] dest = decrypt.TransformFinalBlock(src, 0, src.Length);
return Encoding.Unicode.GetString(dest);
}
}
Decryption page (I use this page to print out what I the decrypted string from the first page and then compare it what I get in the URL:
protected void Page_Load(object sender, EventArgs e)
{
string urlValue = HttpUtility.UrlDecode(Request.QueryString["p"].Trim());
Decrypt256(Encoding.ASCII.GetString(s2));
Response.Write(urlValue + "<br /><br />");
Response.Write("AUwsHc8j/llULnuwVnspNwolBUAhl5GFqC6iOrUN5euZFrOgFVypqTGfhAaooLxa0Fko+9KGtRh3UcQJtzkfSw==");
}
The end result is the following two lines (the first line is the output from the URL). They almost match except the first URL (the encoded/decoded querystring result) is missing the '+' symbol. Any idea how to avoid this?
AUwsHc8j/llULnuwVnspNwolBUAhl5GFqC6iOrUN5euZFrOgFVypqTGfhAaooLxa0Fko 9KGtRh3UcQJtzkfSw==
AUwsHc8j/llULnuwVnspNwolBUAhl5GFqC6iOrUN5euZFrOgFVypqTGfhAaooLxa0Fko+9KGtRh3UcQJtzkfSw==
Upvotes: 11
Views: 28850
Answers (1)
Reputation: 2788
ok fixed it, simply removed the urldecode method. The decode appears to happen automatically.
Upvotes: 5
Related Questions
- ASP.NET Core MVC Encrypt/Decrypt QueryString Values
- how to pass encrypted query string in asp.net
- Encrypt Query String including keys
- How can I encrypt a querystring in asp.net?
- How can you secure/encrypt your querystring in asp.net?
- How to Encrypt/Decrypt query string data
- Encrypt query string
- How to encrypt query strings in asp.net?
- Encrypt the querystring in C#.net
- Encrypt querystring using HttpHandler