Hello,
I implemented a simple class wrapping a SymmetricAlgorithm (RijndaelManaged) and providing the usual two public methods: Encrypt and Decrypt.
Everything works well if I encrypt a string and then feed the encrypted result to the Decrypt method.
After a while I suddenly realized that, being public, these methods could be invoked even with inappropriate arguments.
A brief test shown that if you try to decrypt a string that is, actually, plain text (e.g.: "test"), you get an exception.
Here is my method:
public static string Decrypt(string textToDecrypt)
{
if (string.IsNullOrEmpty(textToDecrypt))
{
throw new ArgumentException("Invalid input string", "textToDecrypt");
}
string decryptedText = string.Empty;
byte[] dataToDecrypt = Convert.FromBase64String(textToDecrypt);
using (MemoryStream inputStream = new MemoryStream(dataToDecrypt))
{
ICryptoTransform decryptor = algorithm.CreateDecryptor();
using (CryptoStream cryptoStream = new CryptoStream(inputStream,
decryptor,
CryptoStreamMode.Read))
using (StreamReader reader = new StreamReader(cryptoStream))
{
decryptedText = reader.ReadToEnd();
}
}
return decryptedText;
}
I get an error when trying to convert from base64 string but even if I replace
byte[] dataToDecrypt = Convert.FromBase64String(textToDecrypt);
with
byte[] dataToDecrypt = ASCIIEncoding.ASCII.GetBytes(textToDecrypt);
I get a cryptographic exception in FlushFinalBlock due to the fact that the input array has the wrong dimension (not coherent with the block size expected by the algorithm).
I cannot figure how to check if the input string is an encrypted one before trying to decrypt.
At the moment I wrapped the content of the method in a try catch block but it's not a good solution.
There's plenty of examples on the web about encryption and decryption but all the Decrypt methods suffer of this weakness.
Any suggestions?
I implemented a simple class wrapping a SymmetricAlgorithm (RijndaelManaged) and providing the usual two public methods: Encrypt and Decrypt.
Everything works well if I encrypt a string and then feed the encrypted result to the Decrypt method.
After a while I suddenly realized that, being public, these methods could be invoked even with inappropriate arguments.
A brief test shown that if you try to decrypt a string that is, actually, plain text (e.g.: "test"), you get an exception.
Here is my method:
public static string Decrypt(string textToDecrypt)
{
if (string.IsNullOrEmpty(textToDecrypt))
{
throw new ArgumentException("Invalid input string", "textToDecrypt");
}
string decryptedText = string.Empty;
byte[] dataToDecrypt = Convert.FromBase64String(textToDecrypt);
using (MemoryStream inputStream = new MemoryStream(dataToDecrypt))
{
ICryptoTransform decryptor = algorithm.CreateDecryptor();
using (CryptoStream cryptoStream = new CryptoStream(inputStream,
decryptor,
CryptoStreamMode.Read))
using (StreamReader reader = new StreamReader(cryptoStream))
{
decryptedText = reader.ReadToEnd();
}
}
return decryptedText;
}
I get an error when trying to convert from base64 string but even if I replace
byte[] dataToDecrypt = Convert.FromBase64String(textToDecrypt);
with
byte[] dataToDecrypt = ASCIIEncoding.ASCII.GetBytes(textToDecrypt);
I get a cryptographic exception in FlushFinalBlock due to the fact that the input array has the wrong dimension (not coherent with the block size expected by the algorithm).
I cannot figure how to check if the input string is an encrypted one before trying to decrypt.
At the moment I wrapped the content of the method in a try catch block but it's not a good solution.
There's plenty of examples on the web about encryption and decryption but all the Decrypt methods suffer of this weakness.
Any suggestions?