AES 128 bit with ECB ciphermode algorithm decrypts correctly with an invalid key?

Question

Hi i am learning Encryption / Decryption part. I have created two methods for Encryption / Decryption using AES 128 bit with ECB cipher mode and PKCS7 padding.

Below is the code.

public class EncClass
    {
        public string Encrypt(string text)
        {

            byte[] src = Encoding.UTF8.GetBytes(text);
            byte[] key = Encoding.ASCII.GetBytes("contactcentre");
            RijndaelManaged aes = new RijndaelManaged();
            aes.Mode = CipherMode.ECB;
            aes.Padding = PaddingMode.PKCS7;
            aes.KeySize = 128;

            using (ICryptoTransform encrypt = aes.CreateEncryptor(key, null))
            {
                byte[] dest = encrypt.TransformFinalBlock(src, 0, src.Length);
                encrypt.Dispose();
                return Convert.ToBase64String(dest);
            }
        }

        public string Decrypt(string text)
        {

            byte[] src = Convert.FromBase64String(text);
            RijndaelManaged aes = new RijndaelManaged();
            byte[] key = Encoding.ASCII.GetBytes("contactcentrT");
            aes.KeySize = 128;
            aes.Padding = PaddingMode.PKCS7;
            aes.Mode = CipherMode.ECB;
            using (ICryptoTransform decrypt = aes.CreateDecryptor(key, null))
            {
                byte[] dest = decrypt.TransformFinalBlock(src, 0, src.Length);
                decrypt.Dispose();
                return Encoding.UTF8.GetString(dest);
            }
        }
    }

Notice that in Encryption i have passed contactcentre key and in decryption I have passed contactcentrT . It is doing proper encryption and decryption in that case.

    var encString = encClass.Encrypt(@"manoj");
    var decString = encClass.Decrypt(encString);

Though my both keys are not matching, still it is working properly. Just wanted to know how this could happen?

Answer 1

You are passing invalid key to aes.CreateEncryptor (and CreateDecryptor ). Valid key sizes for AES are 128, 192 and 256, and your key is 13*8=104 bits. If you try to assign it to aes.Key - that will throw exception. However, aes.CreateEncryptor has a bug and it does not correctly validate key size if key size is less than block size (less than 128 bits), despite stating explicitly in documentation that "The key size must be 128, 192, or 256 bits". This bug is fixed in .NET Core by the way (at least in version 2) where it correctly throws exception for your code.

So, since you are passing invalid key and CreateEncryptor by mistake allowed it - you are not really encrypting with AES and anything can happen. For example if you pass key of 1 byte (or 2, or 7) - index out of range exception will be thrown. My assumption (by looking at source code) is algorithm implementation assumes key size in bytes is divisable by 4, and uses those 4-byte blocks. First 12 characters of your key are the same, and the rest (be it 1,2 or 3 characters) are not used, because number of 4-byte blocks is calculated as keySize / 4 (and 13 / 4 = 3).

Anyway, any assumptions of why this happens does not matter much, because algorithm is executed with invalid input and any results produced by doing that are irrelevant.

Given that info - never pass key directly to aes.CreateEncryptor but assign it to aes.Key first and then pass that ( aes.CreateEncryptor(aes.Key, iv) )