AES256 decryption corrupting first bytes

Question

I've been around this problem for some hours now, and I still can't find why it happens.

I have a string that it encrypted with AES, and then decrypted back to it's original state. However, the decryption seems to modify the original string, corrupting the first bytes.

Instead of returning bc85f420763f79e69becb..., it returns ?OqG?b3Mf~ J???j9becb..., then keeps returning the rest of the plain text correctly.

Here's the methods I used to encrypt and decrypt:

private byte[] EncryptAES256(string text, byte[] key)
{
    if (string.IsNullOrWhiteSpace(text)) throw new ArgumentNullException("text");
    if (key == null || key.Length <= 0) throw new ArgumentNullException("key");

    byte[] encryptedText;
    try
    {
        AesManaged aes = new AesManaged();
        aes.Padding = PaddingMode.PKCS7;
        aes.GenerateIV();
        aes.Key = key;
        ICryptoTransform encryptor = aes.CreateEncryptor(aes.Key, aes.IV);
        using (MemoryStream msEncrypt = new MemoryStream())
        {
            using (CryptoStream csEncrypt = new CryptoStream(msEncrypt, encryptor, CryptoStreamMode.Write))
            {
                using (StreamWriter swEncrypt = new StreamWriter(csEncrypt))
                {

                    swEncrypt.Write(text);
                }
                encryptedText = msEncrypt.ToArray();
            }
        }
    }
    catch (Exception ex)
    {
        Exception exceptionToBeThrown = new Exception(ex.Message, ex.InnerException);
        throw exceptionToBeThrown;
    }
    return encryptedText;
}

private string DecryptAES256(byte[] text, byte[] key)
{
    if (text == null || text.Length <= 0) throw new ArgumentNullException("text");
    if (key == null || key.Length <= 0) throw new ArgumentNullException("key");

    string decryptedText;
    try
    {
        AesManaged aes = new AesManaged();
        aes.Padding = PaddingMode.PKCS7;
        aes.GenerateIV();
        aes.Key = key;
        ICryptoTransform decryptor = aes.CreateDecryptor(aes.Key, aes.IV);
        using (MemoryStream msDecrypt = new MemoryStream(text))
        {
            using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
            {
                using (StreamReader srDecrypt = new StreamReader(csDecrypt))
                {
                    decryptedText = srDecrypt.ReadToEnd();
                }
            }
        }
    }
    catch (Exception ex)
    {
        Exception exceptionToBeThrown = new Exception(ex.Message, ex.InnerException);
        throw exceptionToBeThrown;
    }
    return decryptedText;
}

Did I mess something up?

Answer 1

You are using different IVs when encrypting and decrypting. When decrypting you must specify the same IV as the one you used when encrypting the data.

From the docs of GenerateIV (emphasis mine):

Generates a random initialization vector (IV) to be used for the algorithm.

You can either use a constant IV that you define in your code and pass to the AesManaged instance, or you can store the IV that was used to encrypt the data along with the data and then read it before decrypting the rest.