Decrypting an encoded base64 into a token to extract claims using AES-CBC in C#

Question

I am currently working on an authentication from an external third party that sends us an encoded base64 string which we -in turn- should decode it and then, decrypt it to fetch the user claims. Here is the method I created in C# to decrypt the value we receive from them:

var key = Encoding.UTF8.GetBytes(_secretKey);
byte[] iv;

using (var aesAlg = Aes.Create())
{
    var decodedBytes = Convert.FromBase64String(_jwtEncryptedToken);

    iv = new byte[16];
    Array.Copy(decodedBytes, 0, iv, 0, iv.Length);

    aesAlg.Key = key;
    aesAlg.IV = iv;
    aesAlg.Mode = CipherMode.CBC;
    aesAlg.Padding = PaddingMode.PKCS7;

    ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);


    using (var msDecrypt = new MemoryStream(decodedBytes))
    {
        using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
        {
            using (var srDecrypt = new StreamReader(csDecrypt))
            {
                return srDecrypt.ReadToEnd();
            }
        }
    }
}

When I try to test it along with the encoded base64 I receive, it always returns an error saying that, "Input data is not a complete block"

P.S. The secret key is of a 16 characters and the _jwtEncryptedToken is the encoded base64 that I receive

Can anyone help with this?

Thanks in advance.

Answer 1

For decryption you need the Key and the initialization vector IV.

It is not clear if the Message to decryption is after the IV or it is in another variable.

Considering you received IV and Message in separated way

string decryptAES(string EncodedToken, string EncryptedMSG)
{
    byte[] key = Encoding.UTF8.GetBytes(_secretKey); 
    byte[] iv;

    using (var aesAlg = Aes.Create())
    {
        var decoded_IV_Bytes = Convert.FromBase64String(EncodedToken);
        var toDecodeBytes = Convert.FromBase64String(EncryptedMSG);

        iv = new byte[16];
        Array.Copy(decoded_IV_Bytes, 0, iv, 0, iv.Length);

        aesAlg.Key = key;
        aesAlg.IV = iv;
        aesAlg.Mode = CipherMode.CBC;
        aesAlg.Padding = PaddingMode.PKCS7;

        ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);

        using (var msDecrypt = new MemoryStream(toDecodeBytes))
        {
            using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
            {
                using (var srDecrypt = new StreamReader(csDecrypt))
                {
                    return srDecrypt.ReadToEnd();
                }
            }
        }
    }
}

note that the IV is encoded with base64, but it is not encrypted.

try the code with:

string _secretKey = "1234567890abcdef";
decryptAES("ZmVkY2JhMDk4NzY1NDMyMQ==", "a4/W0T6oxPGbqsHbx3N1gA==");

Considering you received IV and Message concatenated

public static string decryptAES2(string EncryptedMSG)
{
    byte[] key = Encoding.UTF8.GetBytes(_secretKey);
    byte[] iv;
    byte[] toDecodeBytes;

    using (var aesAlg = Aes.Create())
    {
        var decodedBytes = Convert.FromBase64String(EncryptedMSG);
        iv = new byte[16];
        Array.Copy(decodedBytes, 0, iv, 0, iv.Length);

        toDecodeBytes = new byte[decodedBytes.Length - 16];
        Array.Copy(decodedBytes, 16, toDecodeBytes, 0, decodedBytes.Length - 16);

        aesAlg.Key = key;
        aesAlg.IV = iv;
        aesAlg.Mode = CipherMode.CBC;
        aesAlg.Padding = PaddingMode.PKCS7;

        ICryptoTransform decryptor = aesAlg.CreateDecryptor(aesAlg.Key, aesAlg.IV);

        using (var msDecrypt = new MemoryStream(toDecodeBytes))
        {
            using (var csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
            {
                using (var srDecrypt = new StreamReader(csDecrypt))
                {
                    return srDecrypt.ReadToEnd();
                }
            }
        }
    }
}

try the code with:

string _secretKey = "1234567890abcdef";
decryptAES2("ZmVkY2JhMDk4NzY1NDMyMWuP1tE+qMTxm6rB28dzdYA=");