Rijndael decryption in C#

Question

I need to decrypt a string using Rijndael and those values:

key size - 192

block size - 128

key - cmdAj45F37I5ud2134FDg2fF

When I'm using the code below I get an error : string size illigle, can anyone help me?

public static string DecryptRijndael(string value, string encryptionKey) {

        var key = Encoding.UTF8.GetBytes(encryptionKey); //must be 16 chars 
        var rijndael = new RijndaelManaged
        {
            BlockSize = 128,
            IV = key,
            KeySize = 192,
            Key = key
        };

        var buffer = Convert.FromBase64String(value);
        var transform = rijndael.CreateDecryptor();
        string decrypted;
        using (var ms = new MemoryStream())
        {
            using (var cs = new CryptoStream(ms, transform, CryptoStreamMode.Write))
            {
                cs.Write(buffer, 0, buffer.Length);
                cs.FlushFinalBlock();
                decrypted = Encoding.UTF8.GetString(ms.ToArray());
                cs.Close();
            }
            ms.Close();
        }

        return decrypted;

}

Answer 1

Can you see the comment in your code that says the key "must be 16 chars"? Your key looks more like 24 characters to me!

In this case you're re-using the key as the IV -- not recommended best practice anyway -- but the size of the IV must match the block size, which is set to 128 bits/16 bytes.

Having said that, the problem I just described should give you the error "Specified initialization vector (IV) does not match the block size for this algorithm", not "string size illigle", so this might be a red herring.

Answer 2

One (big) problem is in using UTF8.GetBytes() to get the byte[] from string. It is hard to control the number of bytes and it is not very safe.

Use Rfc2898DeriveBytes.GetBytes() instead. And then you can specify the desired length.

But of course you have to do that while encrypting as well.
And I agrre with Luke's remarks about the IV