AES encryption and decryption

Question

I'm not really sure how to explain this so I'll add my code and try to work through it from there. As you can see this is hardly following common programming standards. I'm trying to remove all "randomness" from the key and iv generation so I have provided my own string and added it to the AES values appropriately.

Once I have that value encrypted I convert it to a string and store it in a database as the password parameter. My problem is with being able to decrypt it back to the original password value, which is needed later for certain web requests. I've tried converting the string value back into a byte array but I get an "Invalid block size" error followed by "Bad PKCS7 padding. Invalid Length 250". No idea what any of that means.

Any ideas?

    static public void Main()
{
    string original ="{password for testing purposes}";
    string originalkey = "{128 key}";
    string originaliv = "{16 iv}";


    byte[] enckey = Encoding.UTF8.GetBytes(originalkey);
    byte[] enciv = Encoding.UTF8.GetBytes(originaliv);

    using (AesManaged myAes = new AesManaged())
    {
        myAes.Key = enckey;             
        myAes.IV = enciv;
        byte[] encrypted = EncryptStringToBytes_Aes(original, myAes.Key, myAes.IV);
        string result = Encoding.UTF8.GetString(encrypted);

        string roundtrip = DecryptStringFromBytes_Aes(encrypted, myAes.Key, myAes.IV);


        Console.WriteLine("Encrypted:   {0}", result);
        Console.WriteLine("Round Trip: {0}", roundtrip);


        byte[] decrypted = Encoding.UTF8.GetBytes(result);

        roundtrip = DecryptStringFromBytes_Aes(decrypted, myAes.Key, myAes.IV);


        Console.WriteLine("Encrypted:   {0}", roundtrip);
        Console.WriteLine("Round Trip: {0}", result);

   }
       }

Answer 1

You're taking binary, non-text data and converting it to a string, then trying to turn it back into binary data. If you want to store a string representation of the encrypted data, I would suggest using a binary-to-text encoding algorithm such as Base64 encoding (see An efficient way to Base64 encode a byte array? ).

If you can store it as binary (eg in a SQL Server varbinary column), then you can skip the string encoding entirely.

byte[] encrypted = EncryptStringToBytes_Aes(original, myAes.Key, myAes.IV);
roundtrip = DecryptStringFromBytes_Aes(encrypted, myAes.Key, myAes.IV);

Console.WriteLine("Original:   {0}", original);
Console.WriteLine("Decrypted:   {0}", roundtrip);

Answer 2

The problem is the encoding you're using. It's assuming that the byte array is a UTF8 string, which I'm not sure it is. Using a Jon Skeet answer from this question , I would go with the following for converting your byte array to string and back:

string result = Convert.ToBase64String(encrypted);
...
byte[] decrypted = Convert.FromBase64String(result);