Encrypt and decrypt with MachineKey in C#

Question

I'm trying to encrypt and decrypt Id with MachineKey.

Here is my code that calls the encrypt and decrypt functions:

 var encryptedId = Encryption.Protect(profileId.ToString(), UserId);
 var decryptedId = Encryption.UnProtect(encryptedId, UserId);

Here is the functions:

public static string Protect(string text, string purpose)
{
    if(string.IsNullOrEmpty(text))
    {
        return string.Empty;
    }

    byte[] stream = Encoding.Unicode.GetBytes(text);
    byte[] encodedValues = MachineKey.Protect(stream, purpose);
    return HttpServerUtility.UrlTokenEncode(encodedValues);
}

public static string UnProtect(string text, string purpose)
{
    if(string.IsNullOrEmpty(text))
    {
        return string.Empty;
    }

    byte[] stream = HttpServerUtility.UrlTokenDecode(text);
    byte[] decodedValues = MachineKey.Unprotect(stream, purpose);
    return Encoding.UTF8.GetString(decodedValues);
}

The input to the Protect method is 15. This results that the encryptedId variable holds the following string: 6wOttbtJoVBV7PxhVWXGz4AQVYcuyHvTyJhAoPu4Okd2aKhhCGbKlK_T4q3GgirotfOZYZXke0pMdgwSmC5vxg2

To encrypt this, I send this string as a parameter to the UnProtect method. The result of the decryption should be 15, but is instead: 1\05\0

I can't understand why. I have tried to use only integers in this function, but I still have the same problem. The output of the decrypt differs.

Answer 1

You have an encoding mismatch, you encode a buffer containing the UTF-16 (Encoding.Unicode) representation of the string (which will interleave \0 as you see given that it uses 2 bytes per character for that string) but you decode it as UTF-8 (Encoding.UTF8). You need to be consistent in both methods.