467,926 Members | 1,396 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 467,926 developers. It's quick & easy.

Base64 '=' padding character Problem

(Cross post from framework.aspnet.security)

Hi. I testing some asp.net code that generates a 256 bit Aes Symmetric Key
and a 256 bit entropy value.
I encrypt the Aes key(without storing it as Base64) with the host's dpapi
using the entropy value(without storing it as Base64),
and then store the encrypted Aes key value and the entropy value in some
I then decrypt the stored encrypted Aes value with the dpapi using the
stored entropy value.

I am declaring the default padding when generating the key as:
aesProvider.Padding = PaddingMode.PKCS7
After the encryption, for my comparison purposes, I display the unencrypted
Aes key as a Base 64 value. Since 32 bytes is a multiple
of three, one would not expect any BASE64 padding characters in the
displayed value, yet I always get a value that ends in the Base64
padding symbol of '=' which means a base64 padded group of 3 zeroes.

When I decrypt the encrypted Aes key value, and convert it to Base64 for
display, it always shows up as having the last character
being an 'A' which is the base64 value for '0' or 'zero'

I first suspected that the PKCS7 mode is causing my problems, but reading
the PKCS7 help implies that the padding is used in the cipher blocks,
not in the key generation. For convenience, I used the
RijndaelManaged.GenerateKey() function to generate the key, BUT perhaps I
might as well
as used the RNGCryptoServiceProvider.GetBytes() to do this. Indeed, I used
the RNGCryptoServiceProvider.GetBytes() to generate a 32 byte entropy
yet when I convert it to base64 for viewing, it has an '=' as the last
character, meaning that it too is incorrectly being padded.

Below is a summary of what I get during the generate and encryption:
Generate and Encrypt:

Generated Aes Base64 Encoded String Symmetric Key:


Generated Aes Base64 Encoded String Symmetric Key Encrypted with Dpapi:


Using Entropy

Generated Entropy As Base64 Encoded String:

After Decryption, I get:
Decrypt and Compare:

Generated Aes Base64 Encoded String Symmetric Key:


Dpapi Decrypted Aes Base64 Encoded String Symmetric Key:

The code behind is as follows (Sorry I could not color code the code):

Imports System.Security.Cryptography
Public Class EncryptDecryptWithDpapiBase64EncodedStrings
Inherits System.Web.UI.Page
'Public Shared entropyValueAsByte() As Byte
'Public Shared dpapiEncryptedAesKeyAsByte() As Byte

'Have to have shared variables because new page is emitted
'on postback with new instance of page
Private Shared _entropyValueAsByte(31) As Byte
Protected WithEvents generatedB64AesKey As
Private Shared _dpapiEncryptedAesKeyAsByte() As Byte
Public Shared Property entropyValueAsByte() As Byte()
Return _entropyValueAsByte
End Get
Set(ByVal Value As Byte())
_entropyValueAsByte = Value
End Set
End Property
Public Shared Property dpapiEncryptedAesKeyAsByte() As Byte()
Return _dpapiEncryptedAesKeyAsByte
End Get
Set(ByVal Value As Byte())
_dpapiEncryptedAesKeyAsByte = Value
End Set
End Property

#Region " Web Form Designer Generated Code "

'This call is required by the Web Form Designer.
<System.Diagnostics.DebuggerStepThrough()> Private Sub

End Sub
Protected WithEvents cleartextTextBox As
Protected WithEvents ciphertextTextBox As
Protected WithEvents entropyCheckBox As
Protected WithEvents encryptButton As System.Web.UI.WebControls.Button
Protected WithEvents decryptButton As System.Web.UI.WebControls.Button
Protected WithEvents generatedEntropyTextBox As

'NOTE: The following placeholder declaration is required by the Web Form
'Do not delete or move it.
Private designerPlaceholderDeclaration As System.Object

Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Init
'CODEGEN: This method call is required by the Web Form Designer
'Do not modify it using the code editor.
End Sub

#End Region

Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
System.EventArgs) Handles MyBase.Load
'Put user code to initialize the page here
End Sub
Public Enum Store
End Enum
Friend Function CreateKey() As Byte()
'Create a new AES Service Provider
Dim aesProvider As New RijndaelManaged
'Declare the key size
aesProvider.KeySize = 256
aesProvider.BlockSize = 256
aesProvider.Padding = PaddingMode.PKCS7


Return aesProvider.Key
End Function

Friend Function CreateEntropyValue() As Byte()
Dim rng As New RNGCryptoServiceProvider
Dim rng256EntropyByteValue(31) As Byte
Return rng256EntropyByteValue
End Function
Private Sub encryptButton_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles encryptButton.Click
Dim dp As New RindjaelTest.Microsoft.Win32.DPAPI.DataProtector
Dim AesKeyValueInBytes(31) As Byte

AesKeyValueInBytes = CreateKey()
generatedB64AesKey.Text = Convert.ToBase64String(AesKeyValueInBytes)
If entropyCheckBox.Checked Then
entropyValueAsByte = CreateEntropyValue()

dpapiEncryptedAesKeyAsByte = dp.Encrypt(AesKeyValueInBytes,
entropyValueAsByte, Store.USE_MACHINE_STORE)
ciphertextTextBox.Text =
generatedEntropyTextBox.Text =
dpapiEncryptedAesKeyAsByte = dp.Encrypt(AesKeyValueInBytes,
ciphertextTextBox.Text =
End If
End Sub

Private Sub decryptButton_Click(ByVal sender As System.Object, ByVal e
As System.EventArgs) Handles decryptButton.Click
If Not dpapiEncryptedAesKeyAsByte Is Nothing Then
Dim dp As New RindjaelTest.Microsoft.Win32.DPAPI.DataProtector
If entropyCheckBox.Checked Then
cleartextTextBox.Text =
Convert.ToBase64String(dp.Decrypt(dpapiEncryptedAe sKeyAsByte,
entropyValueAsByte, Store.USE_MACHINE_STORE))
cleartextTextBox.Text =
Convert.ToBase64String(dp.Decrypt(dpapiEncryptedAe sKeyAsByte, Nothing,
End If
End If
End Sub
End Class

Nov 21 '05 #1
  • viewed: 2553

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

1 post views Thread by Oliver Kurz | last post: by
1 post views Thread by mvdevnull | last post: by
6 posts views Thread by John | last post: by
1 post views Thread by scott | last post: by
5 posts views Thread by Jay | last post: by
13 posts views Thread by aruna.eies.eng | last post: by
26 posts views Thread by Jim Brandley | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.