Is this how Encryption/Decryption Really works ?

Mike

Hi,

I have been experimenting with the RijndaelManaged Cryptography class in C#
and have stumbled upon a "peculiarity".

Following code is standalone Console App that demonstrates

using System;
using System.Text;
using System.IO;
using System.Security.Cryptography;

namespace EncryptTheMAC
{

class Program1
{
static void Main(string[] args)
{
string Password = "password";
string MAC = "00:01:36:09:32:88";

SymmetricAlgorithm myAlg = new RijndaelManaged();

byte[] saltValueBytes = Encoding.ASCII.GetBytes(Password);

PasswordDeriveBytes passwordKey = new
PasswordDeriveBytes(Password, saltValueBytes, "SHA1", 3);

myAlg.Key = passwordKey.GetBytes(myAlg.KeySize / 8);
myAlg.IV = passwordKey.GetBytes(myAlg.BlockSize / 8);

byte[] Data = Encoding.ASCII.GetBytes(MAC);

ICryptoTransform myEncrypter = myAlg.CreateEncryptor();

MemoryStream mStream = new MemoryStream();

CryptoStream csEncrypt = new CryptoStream(mStream, myEncrypter,
CryptoStreamMode.Write);

csEncrypt.Write(Data, 0, Data.Length);

csEncrypt.FlushFinalBlock();
csEncrypt.Close();
mStream.Close();

byte[] EncryptedData = mStream.ToArray();

//
// De-Encrypt the Data
//

string Password1 = "password1";

SymmetricAlgorithm myAlg1 = new RijndaelManaged();

byte[] saltValueBytes1 = Encoding.ASCII.GetBytes(Password1);

PasswordDeriveBytes passwordKey1 = new
PasswordDeriveBytes(Password1, saltValueBytes1, "SHA1", 3);

myAlg1.Key = passwordKey1.GetBytes(myAlg1.KeySize / 8);
myAlg1.IV = passwordKey1.GetBytes(myAlg1.BlockSize / 8);
ICryptoTransform myDecryptor = myAlg1.CreateDecryptor();

MemoryStream msOutput = new MemoryStream(EncryptedData);

CryptoStream DecryptStream = new CryptoStream(msOutput,
myDecryptor, CryptoStreamMode.Read);

StreamReader sr = new StreamReader(DecryptStream);

string ab = sr.ReadLine();
Console.WriteLine(ab);
Console.ReadLine();
}
}
}


If I change the definition of variable "Password1" to be something different
from the original value at the start of the program, the third line from the
end
string ab = sr.ReadLine();

causes an Exception

"Padding is invalid and cannot be removed"

The only way it appears that I can get around this is to put a
try...catch... around the sr.ReadLine().

I would have expected the sr.ReadLine() line to have returned random data,
not raise an exception. I have searched on MSDN and various other sources
and cannot find any thing of value. Is it possible that I am using the
cryptography API's incorrectly. Code above is duplicated in places to show
the error.

Thanks in advance

Dec 16 '05 #1

Cody Powell

Mike, it makes sense to me that you'd get an exception when trying to
decrypt with a different key because Rijndael is a symmetric algorithm.
That means that you must decrypt it with the same key you used for
encryption. With symmetric encryption, you encrypt using the key and
when you decrypt, you just reverse the original process, essentially.
If you don't have the same key, you can't reverse that original
transformation.

If you were encrypting/decrypting with an asymmetric algorithm (like
RSA) and you changed the key when trying to decrypt, I think you would
get the random data that you're expecting. Not with a symmetric
algorithm, though, because you're breaking the symmetry between the
encryption key and the decryption key, and the transformation would
thus fail.

I'm no encryption expert, but that's my $.02. Simon Singh's "Code
Book" is a really good resource for learning about symmetric vs.
asymmetric encryption.

Cody Powell

Dec 16 '05 #2

Mike

Thanks for response Cody.

when you word it like that, I suppose it makes sense. What I did not
understand really was why the exception, I cannot find it documented
anywhere. It also makes following code snippet fail.

StreamReader sr = new StreamReader(DecryptStream);
string ab;
try
{
ab = sr.ReadLine();
}
catch
{
ab = "BAD DATA";
}
finally
{
sr.Close();
}
return ab;
It causes another exception in the finally clause when trying to close the
StreamReader sr. It all works fine if I dont attempt any operations on the
StreamReader when the password is incorrect.

It is a shame that a status could not be returned somehow instead of the
exception every time you look at the StreamReader.

Mike

"Cody Powell" wrote:

Mike, it makes sense to me that you'd get an exception when trying to
decrypt with a different key because Rijndael is a symmetric algorithm.
That means that you must decrypt it with the same key you used for
encryption. With symmetric encryption, you encrypt using the key and
when you decrypt, you just reverse the original process, essentially.
If you don't have the same key, you can't reverse that original
transformation.

If you were encrypting/decrypting with an asymmetric algorithm (like
RSA) and you changed the key when trying to decrypt, I think you would
get the random data that you're expecting. Not with a symmetric
algorithm, though, because you're breaking the symmetry between the
encryption key and the decryption key, and the transformation would
thus fail.

I'm no encryption expert, but that's my $.02. Simon Singh's "Code
Book" is a really good resource for learning about symmetric vs.
asymmetric encryption.

Cody Powell

Dec 17 '05 #3

Jon Skeet [C# MVP]

Mike <Mi**@discussions.microsoft.com> wrote:

<snip>

I would have expected the sr.ReadLine() line to have returned random data,
not raise an exception. I have searched on MSDN and various other sources
and cannot find any thing of value. Is it possible that I am using the
cryptography API's incorrectly. Code above is duplicated in places to show
the error.

Some cryptography algorithms always give data regardless of whether the
key is correct. Others "spot" incorrect keys, either early on or (as in
this case) spot when the stream ends in an unexpected way. If you'd
written more data, you'd be able to read garbage out for a while before
running into the exception.

--
Jon Skeet - <sk***@pobox.com>
http://www.pobox.com/~skeet Blog: http://www.msmvps.com/jon.skeet
If replying to the group, please do not mail me too

Dec 17 '05 #4