Storing/Converting the encryption key and IV as strings

Question

I have been looking at a lot of different C# encryption examples. In most examples the encryption Key as well as the Initialization Vector (IV) are passed into the encryption/decryption methods as an array of bytes.

I would like to store the Key and IV as strings. The Key in a Hardware Security Module and the IV as an nvarchar in the SQL Server database.

I keep running into propblems on how to properly convert the Key and the IV as string. Some examples say to use Base64 Encoding while other examples use Encoding.UTF8.

Here is an example that generates an IV and converts it to a Base64 string...

using (var aesProvider = new AesCryptoServiceProvider())
{
    aesProvider.GenerateIV();
    var ivBase64 = Convert.ToBase64String(aesProvider.IV);
    return ivBase64;
}

However, when I pass this string representation of the IV into the encryption method and then convert it back to a byte array the following code fails saying the IV is not the proper size.

byte[] initVectorBytes = Encoding.UTF8.GetBytes(initializationVector);`
// intermediate code excluded for brevity
ICryptoTransform encryptor = symmetricKey.CreateEncryptor(keyBytes, initVectorBytes);

Is there a standard way of converting an encryption Key and IV back and forth between a byte array and String representation?

Answer 1

You cannot convert binary data to UTF-8 and back again. Some binary sequences are not valid UTF-8 characters and when you convert to UTF-8 that data is lost. It's the equivalent of some characters getting set to '?' when converting between encodings.

You can instead use base64 encoding of binary data to text, and then base64 decode to get back the original binary.

Try converting this to UTF-8, for example: "\x00?\xdc\x80" (that's four bytes: 0, 63, 220, 128). It won't encode to UTF-8 -- it's not valid.

The standard way is using Base-64 encoding - How do I encode and decode a base64 string?