Reputation: 4151
Empty output stream at AES decrypt. Reason?
I trying to decrypt something and don't understand why I getting empty result. I don't getting any errors through. I think that's weird. Even if key is invalid then decrypted junk should be meaningless bytes, but not empty. I made minimal example.
Aes aes = Aes.Create();
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
aes.KeySize = 128;
aes.Key = new byte[] { 0x5f, 0x4d, 0xcc, 0x3b, 0x5a, 0xa7, 0x65, 0xd6, 0x1d, 0x83, 0x27, 0xde, 0xb8, 0x82, 0xcf, 0x99 };
aes.IV = new byte[] { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
// Create a decryptor to perform the stream transform.
ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
// Create the streams used for decryption.
string encrypted_str_b64 = "E1UinhOTTy8Sj/IxCPEM+UNhIpTXIXnOAUtPgA35erJmvRc22gsdvIgcMZORZ2SY";
byte[] ecrypted_junk = Convert.FromBase64String(encrypted_str_b64);
string plaintext = string.Empty;
using (MemoryStream memoryStream = new MemoryStream(ecrypted_junk))
{
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
{
using (StreamReader srDecrypt = new StreamReader(cryptoStream))
{
cryptoStream.FlushFinalBlock();
byte[] temp_buf = new byte[1024];
int read_bytes = cryptoStream.Read(temp_buf, 0, temp_buf.Length); //read_bytes = 0...
plaintext = srDecrypt.ReadToEnd(); //string is empty...
}
}
}
Upvotes: 1
Views: 378
Answers (1)
Reputation: 49390
No data is decrypted because CryptoStream is empty when decrypting the data. This is because it was cleared with FlushFinalBlock() before the actual reading. According to the comment, FlushFinalBlock() was implemented because of the otherwise occurring padding exception, but this is no solution for the problem.
If the FlushFinalBlock() call is removed, a CryptographicException: Padding is invalid and cannot be removed is generated, indicating an error during decryption (e.g. typically when using a key that is not identical to the key used to generate the ciphertext).
The direct cause of the padding exception is that the decryption produces a wrong plaintext (consisting of meaningless bytes), which therefore produces an invalid PKCS7 padding at the end. If the decryption would be done without padding (PaddingMode.None), this exception would not be generated and the result would be indeed meaningless bytes.
So the real solution to the problem is to use the correct key, i.e. the key with which the ciphertext was created. Otherwise a decryption is practically impossible.
Just for completeness: The posted code uses a buffer (temp_buf ) that is implemented for testing purposes according to the comment. The data is written to this 1024 byte buffer with CryptoStream#Read(). The rest is read with StreamReader#ReadToEnd(). If the data fits completely into the buffer, the 2nd part does not return any more data and thus returns an empty string, even in case of a successful decryption, which would not be an failure (with regard to the comment //string is empty... in the posted code).
Upvotes: 3
Related Questions
- C# AES decrypted output is not the same as input
- C# - Problem with AES Decryption - always get null
- Encryption and Decryption of files results in a blank file when decrypting
- Decryption using Aes fails
- C# AES encryption / decryption returning incorrect result
- Decryption with CryptoStream using aes fails
- .NET AES-128 decryption returns a blank string
- Aes decryptor gives empty string
- Trying to Encrypt/Decrypt using AES. Progress == null;
- Incorrect result of AES decryption while using MemoryStream