I'm writing a password encryption routine. I've written the below app to illustrate my problem. About 20% of the time, this code works as expected. The rest of the time, the decryption throws a cryptographic exception - "The data is invalid".
I believe the problem is in the encryption portion, because the decryption portion works the same every time. That is, if the encryption routine yields a value that the decryption routine can decrypt, it can always decrypt it. But if the encryption routine yields a value that chokes the decryption routine, it always chokes. So the decrypt routine is consistent; the encrypt routine is not.
I suspect my use of Unicode encoding is incorrect, but I've tried others with the same result.
What am I doing wrong?
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Security.Cryptography;
namespace DataProtectionTest
{
public partial class Form1 : Form
{
private static readonly byte[] entropy = { 1, 2, 3, 4, 1, 2, 3, 4 };
private string password;
public Form1()
{
InitializeComponent();
}
private void btnEncryptIt_Click(object sender, EventArgs e)
{
Byte[] pw = Encoding.Unicode.GetBytes(textBox1.Text);
Byte[] encryptedPw = ProtectedData.Protect(pw, entropy, DataProtectionScope.LocalMachine);
password = Encoding.Unicode.GetString(encryptedPw);
}
private void btnDecryptIt_Click(object sender, EventArgs e)
{
Byte[] pwBytes = Encoding.Unicode.GetBytes(password);
try
{
Byte[] decryptedPw = ProtectedData.Unprotect(pwBytes, entropy, DataProtectionScope.LocalMachine);
string pw = Encoding.Unicode.GetString(decryptedPw);
textBox2.Text = pw;
}
catch (CryptographicException ce)
{
textBox2.Text = ce.Message;
}
}
}
}
On the advice of a colleague, I opted for Convert.ToBase64String. Works well. Corrected program below.
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Text;
using System.Windows.Forms;
using System.Security.Cryptography;
namespace DataProtectionTest
{
public partial class Form1 : Form
{
private static readonly byte[] entropy = { 1, 2, 3, 4, 1, 2, 3, 4 };
private string password;
public Form1()
{
InitializeComponent();
}
private void btnEncryptIt_Click(object sender, EventArgs e)
{
Byte[] pw = Encoding.Unicode.GetBytes(textBox1.Text);
Byte[] encryptedPw = ProtectedData.Protect(pw, entropy, DataProtectionScope.LocalMachine);
//password = Encoding.Unicode.GetString(encryptedPw);
password = Convert.ToBase64String(encryptedPw);
}
private void btnDecryptIt_Click(object sender, EventArgs e)
{
//Byte[] pwBytes = Encoding.Unicode.GetBytes(password);
Byte[] pwBytes = Convert.FromBase64String(password);
try
{
Byte[] decryptedPw = ProtectedData.Unprotect(pwBytes, entropy, DataProtectionScope.LocalMachine);
string pw = Encoding.Unicode.GetString(decryptedPw);
textBox2.Text = pw;
}
catch (CryptographicException ce)
{
textBox2.Text = ce.Message;
}
}
}
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With