开发者

My "Length of the data to decrypt is invalid" error

I have a got a client/server application. Server and Client communication is encrypted. Server sends encrypted message to client and client decrypt message and gets it. Same as for Clients messages. "I'm getting Length of the data to decrypt is invalid" error if I sends big data to client or clients send big data to server. There is no problem if sending data is small length. Is there any limits for encr开发者_Go百科ypting or decrypting data length ?

Here is my code:

  static byte[] Encrypt(byte[] plaintext, byte[] key, byte[] IV)
    {
        RijndaelManaged myRijndael = new RijndaelManaged();
        myRijndael.Padding = PaddingMode.PKCS7;
        ICryptoTransform encryptor = myRijndael.CreateEncryptor(key, IV);
        MemoryStream msEncrypt = new MemoryStream();
        CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write);
        csEncrypt.Write(plaintext, 0, plaintext.Length);
        csEncrypt.FlushFinalBlock();

        return msEncrypt.ToArray();

    }


    public static string Encrypt(string plainText, string password)
    {

        byte[] byteDizi = Encoding.Unicode.GetBytes(plaintext);


        PasswordDeriveBytes pdb = new PasswordDeriveBytes(password,
                                                          new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 
                                                                      0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76});


        byte[] sifreliV = Encrypt(byteDizi,
           pdb.GetBytes(32), pdb.GetBytes(16));
        return Convert.ToBase64String(sifreliV);

    }


    // Dekriptolama bir parola ve IV kullanarak

    static byte[] Decrypt(byte[] encryptedData,
                          byte[] Key, byte[] IV)
    {
        RijndaelManaged myRijndael = new RijndaelManaged();
        myRijndael.Padding = PaddingMode.PKCS7;
        ICryptoTransform decryptor = myRijndael.CreateDecryptor(Key, IV);
        MemoryStream msDecrypt = new MemoryStream(encryptedData);
        CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read);
        byte[] fromEncrypt = new byte[encryptedData.Length];
        csDecrypt.Read(fromEncrypt, 0, fromEncrypt.Length);

        return fromEncrypt;

    }


    public static string Decrypt(string encryptedData, string password)
    {

        byte[] encryptedByte = Convert.FromBase64String(encryptedData);

        PasswordDeriveBytes pdb = new PasswordDeriveBytes(password,
                                                          new byte[] {0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 
                                                                      0x64, 0x76, 0x65, 0x64, 0x65, 0x76});

        byte[] DecryptedData = Decrypt(encryptedByte,
            pdb.GetBytes(32), pdb.GetBytes(16));

        return Encoding.Unicode.GetString(DecryptedData);
    }
}


Others have mentioned suggestions that I think will help; I don't immediately see any issues with the code you posted that would cause the behavior you would describe.

What I do want to mention is that there are some serious security issues with this implementation:

  1. The password salt is not specific to the password. It is best to store the salt in the database with the password. Each password should have a unique, random salt. That way, if someone discovers the password for one password hash, they won't know if other user accounts have the same password.

  2. The initialization vector ("IV") is coming from the password, just like the key is. That means every encryption done by a user with the same password will have the same IV. IVs should never be reused. http://en.wikipedia.org/wiki/Initialization_vector#Properties states that IVs must be unique and unpredictable. Use RNGCryptoServiceProvider to generate random IVs.

    Typically I like to generate the random IV in my encryption function. Then I prepend the IV to the encrypted message. The decrypt function strips off the IV from the beginning of the encrypted message to initialize the decryption class, and then decrypts the rest of the bytes.

    The reason for this is that two messages that start with the same plaintext (for example, a common header structure) and encrypted with the same key will have identical ciphertext at the beginning. An attacker can use this to discover the key.

Modern cryptography only works well if all the details are done perfectly. Otherwise, even small implementation issues can cause it quickly falls apart with serious security issues - and nobody notices until it's broken. Get what you have working, then implement these changes.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜