tags:

views:

435

answers:

2
Q: 

'Bad Data' When decrypting messages using DES3

Hello,

C# 2008

I am using the following code to encrypt and encrypt a message. However, when I attempt to decrypt I get a 'Bad Data' error.

Is there anything wrong with my code below?

Many thanks,

public string encryptText(string text)
    {
        try
        {
            TripleDESCryptoServiceProvider encrypt = new TripleDESCryptoServiceProvider();

            encrypt.Key = new byte[] { 0, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 144, 89, 55, 34, 21, 13, 8, 5, 3, 2, 1, 0 };
            encrypt.IV = new byte[] { 1, 2, 3, 5, 8, 13, 21, 34 };
            byte[] byteText = Encoding.Unicode.GetBytes(text);

            ICryptoTransform encryptor = encrypt.CreateEncryptor();

            byte[] encryptedText = encryptor.TransformFinalBlock(byteText, 0, byteText.Length);

            return Encoding.Unicode.GetString(encryptedText);
        }
        catch (Exception ex)
        {
            Console.Write(ex.Message);

            return ex.Message;
        }

    }

    /// Decrypt the text
    public string decryptText(string encryptedText)
    {
        try
        {
            byte[] bytesText = Encoding.Unicode.GetBytes(encryptedText);

            TripleDESCryptoServiceProvider decrypt = new TripleDESCryptoServiceProvider();

            decrypt.Key = new byte[] { 0, 1, 2, 3, 5, 8, 13, 21, 34, 55, 89, 144, 144, 89, 55, 34, 21, 13, 8, 5, 3, 2, 1, 0 };
            decrypt.IV = new byte[] { 1, 2, 3, 5, 8, 13, 21, 34 };

            ICryptoTransform decryptor = decrypt.CreateDecryptor();

            byte[] originalText = decryptor.TransformFinalBlock(bytesText, 0, encryptedText.Length);

            return Encoding.Unicode.GetString(originalText);
        }
        catch (Exception ex)
        {
            Console.Write(ex.Message);

            return ex.Message;
        }
    }
+4  A: 

You're taking the encrypted bytes and converting them to a string using Encoding.Unicode, but then you're taking the string and converting it back to bytes using Encoding.Default. That's pretty much guaranteed not to work (unless the default happens to be UTF-16).

However, you should use either of these - converting arbitrary binary data to text using an encoding is a bad idea. Use Convert.ToBase64String (in the encryptor) and Convert.FromBase64String (in the decryptor) instead.

(I'd also very much query the wisdom of returning an exception message as if it were the successful result of encrypting/decrypting, but hopefully you only did that for the sake of the sample code.)

Jon Skeet  2009-06-01 09:53:45
+1  A: 

Yup, there are a few mistakes in the code.

  • encryptedText and bytesText must be the same byte array. As Jon Skeet suggest you could use Base64 encoding.

  • The IV is part of the ciphertext. Hence you don't have to set the IV when you decrypt.

  • The default mode of encryption is CBC. This mode requires that IV is random (rsp. unpredictable). Hence you must not set a fixed IV, when you encrypt. When you create the CryptoServiceProvider a random IV is already set. Hence overwritting the IV with a fixed value decreases your security.

  • Putting a key explicitly in the code isn't a great idea. I hope you'll change this once your code leaves the experimental state.

  • Is there a reason to use TripleDes? Otherwise you might want to consider using AES instead.

Accipitridae  2009-06-01 11:06:00
Hello, thanks for the comments. Just a simple question. How can I use the Base64 as I need to convert my data into a byte array and for that I need to encode? Thanks
robUK  2009-06-01 11:16:40
Hello, For putting the key in the code. I would have thought to be safe as once this is complied (using Class library) I will just get a DLL that would be difficult to reverse engineer. However, if this is unsafe practice. Where is the best place to store the key?
robUK  2009-06-01 11:20:40
Ok, I can't say for sure how easy it is to find the key using just common tools for inspecting DLLs, but I would certainly not rely on DLLs keeping any information secret. More common is to keep the keys in separate key files. This simplifies the key management, since it is more clear where the sensitive information is.
Accipitridae  2009-06-01 20:41:58

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?