从 Java 转换为 C# - 使用 PKCS5Padding 解密 CBC-AES-256

Question

I'm trying to decrypt 'Instant Notifications' from ClickBank, they have code samples for decoding in several languages but not C# so I'm trying to translate the Java code: https://support.clickbank.com/hc/en-us/articles/220376507-Instant-Notification-Service-INS-#Code%20Samples

I've tried several different ways over the last few days but no luck! Help pls SO, what am I missing?

Java:

final StringBuilder buffer = new StringBuilder();
final String secretKey = "YOUR SECRET KEY";


String line;
final BufferedReader reader = theRequest.getReader();
while(null != (line = reader.readLine())) {
   buffer.append(line);
}


   final JSONParser parser = new JSONParser();
   final JSONObject obj = (JSONObject) parser.parse(buffer.toString()); 

   final String initializationVector = (String) obj.get("iv");
   final String encryptedNotification = (String) obj.get("notification"); 
   final MessageDigest digest = MessageDigest.getInstance("SHA-1");
   digest.reset();
   digest.update(secretKey.getBytes("UTF-8"));
   final String key = new String(Hex.encodeHex(digest.digest())).substring(0, 32);


   final IvParameterSpec iv = new IvParameterSpec(DatatypeConverter.parseBase64Binary(initializationVector));
   final SecretKeySpec keySpec = new SecretKeySpec(key.getBytes(), "AES");
   final Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
   cipher.init(Cipher.DECRYPT_MODE, keySpec, iv);

   final JSONObject notification = (JSONObject) parser.parse(
   new String(cipher.doFinal(DatatypeConverter.parseBase64Binary(encryptedNotification)),
                 "ISO-8859-1"));`

C#

        const string secretKey = "YOUR SECRET KEY";
        string sContent = "";
        using (System.IO.Stream receiveStream = Request.InputStream)
        {
            receiveStream.Position = 0;
            using (System.IO.StreamReader readStream =
                   new System.IO.StreamReader(receiveStream, Encoding.UTF8))
            {
                sContent = readStream.ReadToEnd();
            }
        }
        dynamic json = System.Web.Helpers.Json.Decode(sContent);
        string initializationVector = json.iv;
        string encryptedNotification = json.notification;

        //turn the key into a fixed length string via SHA-1 hash
        SHA1 sha1 = SHA1Managed.Create();
        byte[] hash = sha1.ComputeHash(Encoding.UTF8.GetBytes(secretKey));
        var key = Org.BouncyCastle.Utilities.Encoders.Hex.Encode(hash);
        var keyString = Convert.ToBase64String(key).Substring(0, 32);
        //var key = BitConverter.ToString(hash).Substring(0, 32);

        var iv = Convert.FromBase64String(initializationVector);
        byte[] keyspec = Encoding.UTF8.GetBytes(keyString);

         using (var rijndaelManaged =
               new RijndaelManaged { Key = keyspec, IV = iv, Mode = CipherMode.CBC, Padding = PaddingMode.PKCS7 })
        using (var memoryStream =
               new MemoryStream(Convert.FromBase64String(encryptedNotification)))
        using (var cryptoStream =
               new CryptoStream(memoryStream,
                   rijndaelManaged.CreateDecryptor(keyspec, iv),
                   CryptoStreamMode.Read))
        {
            var result = new StreamReader(cryptoStream).ReadToEnd();
        }

gives the error - 'Padding is invalid and cannot be removed.'

So I'm guessing I must be creating the key wrong, I've tried different ways of hashing and hex encoding but none seem to work. Please advise guys! Thanks for your time

Edit: removing useless extra code

Answer 1

Oh dear, a bank that uses CBC to send messages. This Java code sample looks like "my first attempt at crypto", and coming from a bank, that's not a bank that you should trust.

The key is indeed wrong, you should try key = Hex.ToHexString() and then convert the sub string of the result to ASCII using Encoding.ASCII.GetBytes(key) . The additional base 64 or bit conversion is not present in the Java code and should not be used.