Problem Encrypting a Cookie Using Handmade Encryption (ASP.NET)

Question

I am facing a weird problem:

I am encrypting the contents of a cookie.

My code works fine when I run it in Visual Studio, but gives me a "Bad Request, HTTP Error 400. The request is badly formed." when I run it from the server.

Here is the class for encryption Encrypt Cook.cs, resides in app_code:

public class EncryptCook
{
public EncryptCook()
{
    //
    // TODO: Add constructor logic here
    //
}

public  string EncryptString(string data)
{
    try
    {
        string encryptString = "";
        if (data != "")
        {
            char a;
            int key = Convert.ToInt16(DateTime.Now.Day);
            int j = 0;

            for (int i = 0; i < data.Length; i++)
            {

                j = (int)data[i];
                j = j + key;
                a = (char)j;
                encryptString = encryptString + Convert.ToString(a);

            }
        }
        return encryptString;
    }
    catch
    {
        return "";
    }
}

public   string DeEncryptString(string data)
{
    try
    {
        string encryptString = "";
        if (data != "")
        {

            char a;
            int j = 0;
            int key = Convert.ToInt16(DateTime.Now.Day);
            for (int i = 0; i < data.Length; i++)
            {

                j = (int)data[i];
                j = j - key;
                a = (char)j;
                encryptString = encryptString + Convert.ToString(a);

            }
        }
        return encryptString;
    }
    catch
    {
        return "";
    }

}

Pretty simple, it takes a string, extracts the characters from it and replaces the character with another one, for example, given "a" and that todays date is 13, it will replace it with the 13th character after "a", i.e. "m".

Here is my login control:

protected void Button1_Click(object sender, EventArgs e)
{
//code for retrieving user, which works fine
EncCook cook=new EncCook();
HttpCookie cookie = new HttpCookie("loginstatus");
            cookie["userid"] =cook.EncryptString(name);
            cookie["username"] = cook.EncryptString(doctor);
            cookie["email"] = cook.EncryptString(email);
            cookie["address"] = cook.EncryptString(address);
 Response.Cookies.Add(cookie);
}

Well, this code works fine in the local machine, but gives me a "Bad Request HTTP Error 400. The request is badly formed." error.

I think that it's because of the encoding, but I am not sure, like if its 20 today then ~ + 20 will look like a box character.

Thanks

Answer 1

Please don't use home-brewed encryption. It can only end in embarrassment. And if you catch an exception, you should probably rethrow it or return null, not the empty string. The error is likely because your so-called encryption is creating byte sequences that are not valid in the current charset.