TripleDes Data error.

[JC]

Hi,

I have created 2 methods, one the encrypts a string using tripledes
and one that decrypts that string. THis works fine if i pass the
string directly to the decypt function. However, when I then save the
encrypted result in a varbinary field (128 length) in SQL, then pull
it back into the decrypt function the decypting is very very sketchy,
some values are mangled, others are unable to be unencrypted. The
error that occurs is 'bad data'.

The functions are included below, any help woudl be greatly
appreciated cos this starting to drive me balmy!

public Byte[] myEncrypt(string sInput)
{
UTF8Encoding utf8encoder = new UTF8Encoding();
Byte[] inputBytes = utf8encoder.GetBytes(sInput);

TripleDESCryptoServiceProvider tdesProvider = new
TripleDESCryptoServiceProvider();
ICryptoTransform cryptoTransform =
tdesProvider.CreateEncryptor(tripleDes.Key,tripleDes.IV);

MemoryStream encryptedStream = new MemoryStream();
CryptoStream cryptStream = new
CryptoStream(encryptedStream,cryptoTransform,CryptoStreamMode.Write);

cryptStream.Write(inputBytes,0,inputBytes.Length);
cryptStream.FlushFinalBlock();
encryptedStream.Position = 0;

Byte[] bResult = new Byte[encryptedStream.Length];
encryptedStream.Read(bResult,0,encryptedStream.ToArray().Length);
cryptStream.Close();
return bResult;
}
public string myDecrypt(Byte[] inputInBytes)
{
TripleDESCryptoServiceProvider tdesProvider = new
TripleDESCryptoServiceProvider();
ICryptoTransform cryptoTranform =
tdesProvider.CreateDecryptor(tripleDes.Key,tripleDes.IV);

MemoryStream decryptedStream = new MemoryStream();
CryptoStream cryptStream = new
CryptoStream(decryptedStream,cryptoTranform,CryptoStreamMode.Write);
cryptStream.Write(inputInBytes,0,inputInBytes.Length);
cryptStream.FlushFinalBlock();
decryptedStream.Position=0;

Byte[] result = new Byte[decryptedStream.Length];
decryptedStream.Read(result,0,decryptedStream.ToArray().Length);
cryptStream.Close();
UTF8Encoding myutf = new UTF8Encoding();

return myutf.GetString(result).ToString();

}

 

[Jon Skeet [C# MVP]]

I have created 2 methods, one the encrypts a string using tripledes
and one that decrypts that string.

You should be careful with terminology here - you don't pass a string
into the decrypt method, you pass a byte array (or rather, a reference
to a byte array to be pedantic, but that's not as important).

THis works fine if i pass the
string directly to the decypt function. However, when I then save the
encrypted result in a varbinary field (128 length) in SQL, then pull
it back into the decrypt function the decypting is very very sketchy,
some values are mangled, others are unable to be unencrypted. The
error that occurs is 'bad data'.

For one thing, you're still using Stream.Read incorrectly - why do you
have these two lines:

Byte[] bResult = new Byte[encryptedStream.Length];
encryptedStream.Read(bResult,0,encryptedStream.ToArray().Length);

rather than just:

Byte[] bResult = encryptedStream.ToArray();

?

You're also still creating a new UTF8Encoding every time you call
either method instead of just using Encoding.UTF8Encoding. That won't
be causing the problem, but it's bad style.


What I *suspect* is happening is that the byte array is getting mangled
in the database - and that will have nothing to do with your
encryption/decryption code itself. My guess is that your encrypted data
is over 128 bytes in length.

I suggest you write a bit of code to create some random bit of binary
data, and just work on getting that in and out of the database without
mangling it.

 

[Nicholas]

I would actually store it as a Base64 string: System.Convert.ToBase64String
and you can get it back with System.Convert.FromBase64String

Nick

 

[James Crane]

Hi Nick,

Thanks for your suggestion for storing data as strings. Can I ask if
there is an advantage sotring the information this way, over binary
format?

Thanks

 

[James Crane]

Thank you Jon, I have made the changes you suggested - I appreciate any
help like that on best practise.