CODEWITHSUNDEEP
encryption.net-5bouncycastlerijndaelmanaged
rednerus
rednerus

Reputation: 401

RijndaelManaged Decryption in .net 5 not working

I have below code in .net framework to decrypt some information and it is working fine. I have been tasked to upgrade this code to .net 5 and the same code is not working.

Current code in .net framework works fine

private static string DecryptStringFromBytes(string cypherText, byte[] key)
{
    byte[] cipherTextBytes = Convert.FromBase64String(cipherText);

    if (key == null || key.Length <= 0)
        throw new ArgumentNullException("key");

    string plaintext;
    using (var rijAlg = new RijndaelManaged())
    {
        rijAlg.BlockSize = 256;
        rijAlg.Key = key;
        rijAlg.Mode = CipherMode.CBC;
        rijAlg.Padding = PaddingMode.Zeros;
        rijAlg.IV = ASCIIEncoding.ASCII.GetBytes(MD5(MD5(_encryptionKey)));

        ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, rijAlg.IV);
        using (var msDecrypt = new MemoryStream(cipherTextBytes))
        using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
        using (var srDecrypt = new StreamReader(csDecrypt))
            plaintext = srDecrypt.ReadToEnd();
    }
    return plaintext;
}

private static string MD5(string testString)
{
    byte[] asciiBytes = ASCIIEncoding.ASCII.GetBytes(testString);
    byte[] hashedBytes = MD5CryptoServiceProvider.Create().ComputeHash(asciiBytes);
    string hashedString = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
    return hashedString;
}

The same code when I tried in .net 5 it is giving me the below error. "BlockSize must be 128 in this implementation"

When I changed the block size in the above code to 128- the error disappeared but the decrypted text is all with glibberish text (not in readable format).

I did some research on this and I realized that .net core does not yet support 256 block size and a workaround is to use it with Bouncy Castle library. I did some google search on this and after looking at some samples I updated the code to the below

public static string DecryptFromBouncyCastle(string cipherText, byte[] key)
{
    byte[] cipherTextBytes = Convert.FromBase64String(cipherText);
    if (key == null || key.Length <= 0)
        throw new ArgumentNullException("key");

    var ivStringBytes = new byte[16];

    var engine = new RijndaelEngine(256);
    var blockCipher = new CbcBlockCipher(engine);
    var cipher = new PaddedBufferedBlockCipher(blockCipher, new ZeroBytePadding());
    var keyParam = new KeyParameter(key);
    var keyParamWithIV = new ParametersWithIV(keyParam, ivStringBytes, 0, 32);
    cipher.Init(false, keyParamWithIV);
    var outputBytes = new byte[cipher.GetOutputSize(cipherTextBytes.Length)];
    var length = cipher.ProcessBytes(cipherTextBytes, outputBytes, 0);
    var finalBytes = cipher.DoFinal(outputBytes, 0, length);
    var resultText = Encoding.UTF8.GetString(finalBytes);
    return resultText;
}

private static string MD5(string testString)
{
    byte[] asciiBytes = ASCIIEncoding.ASCII.GetBytes(testString);
    byte[] hashedBytes = MD5CryptoServiceProvider.Create().ComputeHash(asciiBytes);
    string hashedString = BitConverter.ToString(hashedBytes).Replace("-", "").ToLower();
    return hashedString;
}

This code is not giving me any error but I see some part of the decryption was working. I see 30% of the decrypted text and rest some junk characters.

I am not so familiar with the encryption/decryption internals and I am struggling to understand where the problem is. It may be a small issue but I could not figure out.

I would appreciate if someone could review this code and let me know where the issue is with my code or suggest if any other better alternate solution.

Upvotes: 0

Views: 529

Answers (1)

Topaco
Topaco

Reputation: 49251

The IV and the DoFinal() call must be modified:

var ivStringBytes = ASCIIEncoding.ASCII.GetBytes(MD5(MD5(_encryptionKey)));     // Fix 1
...
length += cipher.DoFinal(outputBytes, length);                                  // Fix 2
var resultText = Encoding.UTF8.GetString(outputBytes, 0, length);               // Fix 3

Note that a static IV is insecure. Also, AES should be preferred over Rijndael with a 256 bits blocksize.

Upvotes: 1

Related Questions