. Advertisement .
..3..
. Advertisement .
..4..
Hi developer experts, I have a small but frustrating use case, and so far, I couldn’t get my head around this problem & ideal solution. I am running my command and facing one problem with the padding is invalid and cannot be removed. Below is the command I used:
public void Cryptography(XmlDocument doc, bool cryptographyMode)
{
RijndaelManaged key = null;
try
{
// Create a new Rijndael key.
key = new RijndaelManaged();
const string passwordBytes = "Password1234"; //password here
byte[] saltBytes = Encoding.UTF8.GetBytes("SaltBytes");
Rfc2898DeriveBytes p = new Rfc2898DeriveBytes(passwordBytes, saltBytes);
// sizes are devided by 8 because [ 1 byte = 8 bits ]
key.IV = p.GetBytes(key.BlockSize/8);
key.Key = p.GetBytes(key.KeySize/8);
if (cryptographyMode)
{
Ecrypt(doc, "Content", key);
}
else
{
Decrypt(doc, key);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
// Clear the key.
if (key != null)
{
key.Clear();
}
}
}
private void Decrypt(XmlDocument doc, SymmetricAlgorithm alg)
{
// Check the arguments.
if (doc == null)
throw new ArgumentNullException("Doc");
if (alg == null)
throw new ArgumentNullException("alg");
// Find the EncryptedData element in the XmlDocument.
XmlElement encryptedElement = doc.GetElementsByTagName("EncryptedData")[0] as XmlElement;
// If the EncryptedData element was not found, throw an exception.
if (encryptedElement == null)
{
throw new XmlException("The EncryptedData element was not found.");
}
// Create an EncryptedData object and populate it.
EncryptedData edElement = new EncryptedData();
edElement.LoadXml(encryptedElement);
// Create a new EncryptedXml object.
EncryptedXml exml = new EncryptedXml();
// Decrypt the element using the symmetric key.
byte[] rgbOutput = exml.DecryptData(edElement, alg); <---- I GET THE EXCEPTION HERE
// Replace the encryptedData element with the plaintext XML element.
exml.ReplaceData(encryptedElement, rgbOutput);
}When I run it, I get the following error:
Padding is invalid and cannot be removedI am looking forward to gaining some knowledge from all experts. Thank you, guys!
The cause:
When the same key and initialization vector are being used for both encoding and decoding, the error is caused by data encoding. That makes the error “padding is invalid and cannot be removed”.
Solution:
The block cypher Rijndael/AES is used. It encrypts data in 16-character blocks of 128 bits. To ensure that the message’s last block is always the correct size, cryptographic padding is utilized.
Your decryption technique is looking for whatever padding it has set as default, but it can’t locate it. For both encryption and decryption, as @NetSquirrel points out, you must specifically set the padding. You should use
PKCS#7padding for the best results.You must ensure that the keys used to encrypt or decrypt have the same . The padding method even if not explicitly set should still allow for proper decryption/encryption (if not set they will be the same). However, if you use a different set keys for encryption than for decryption, will receive this error.
You cannot use any algorithm to dynamically generate keys. Both encryption and decryption keys must be identical. One common way is to have the caller provide the keys in the constructor of the encryption methods class, to prevent the encryption/decryption process having any hand in creation of these items. It is focused on the task at hand (encrypting or decrypting data) so the caller must provide the
iv,keycodes.