Login/Register
Decrypt Rijndael 256 Block Size with BouncyCastle
Asked Answered
Solved c#bouncycastleencryption-symmetric
E

1

5

We have a helper class for doing encryption that, if I'm going to be honest, was probably copied from Stack Overflow years ago.

Currently we're trying to port some of this code to .NET Core and we're finding that it doesn't work because the .NET Core implementation of RijndaelManaged doesn't support a 256 blocksize. From what I've read, it seems like BouncyCastle should still support it, but I can't get it to work. The "unencrypted" text is just a bunch of gibberish. I'm sure I'm doing something wrong, but for the life of me I can't figure this out.

Here's the original .Net Framework version of the class:

internal static class StringEncryptor
{
    private const int Keysize = 256;
    private const int _iterations = 1000;
    private const int _hashLenth = 20;

    public static string Encrypt(string plainText, string superSecretPassPhrase)
    {
        // Salt and IV is randomly generated each time, but is preprended to encrypted cipher text
        // so that the same Salt and IV values can be used when decrypting.  
        var saltStringBytes = Generate256BitsOfRandomEntropy();
        var ivStringBytes = Generate256BitsOfRandomEntropy();
        var plainTextBytes = Encoding.UTF8.GetBytes(plainText);
        using (var password = new Rfc2898DeriveBytes(superSecretPassPhrase, saltStringBytes, _iterations))
        {
            var keyBytes = password.GetBytes(Keysize / 8);
            using (var symmetricKey = new RijndaelManaged())
            {
                symmetricKey.BlockSize = 256;
                symmetricKey.Mode = CipherMode.CBC;
                symmetricKey.Padding = PaddingMode.PKCS7;
                using (var encryptor = symmetricKey.CreateEncryptor(keyBytes, ivStringBytes))
                {
                    using (var memoryStream = new MemoryStream())
                    {
                        using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))
                        {
                            cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);
                            cryptoStream.FlushFinalBlock();
                            // Create the final bytes as a concatenation of the random salt bytes, the random iv bytes and the cipher bytes.
                            var cipherTextBytes = saltStringBytes;
                            cipherTextBytes = cipherTextBytes.Concat(ivStringBytes).ToArray();
                            cipherTextBytes = cipherTextBytes.Concat(memoryStream.ToArray()).ToArray();
                            memoryStream.Close();
                            cryptoStream.Close();
                            return WebEncoders.Base64UrlEncode(cipherTextBytes);
                            //return System.Web.HttpServerUtility.UrlTokenEncode(cipherTextBytes);
                        }
                    }
                }
            }
        }
    }



    public static string Decrypt(string cipherText, string superSecretPassPhrase)
    {
        if (cipherText == null)
        {
            throw new ArgumentNullException(nameof(cipherText));
        }
        // Get the complete stream of bytes that represent:
        // [32 bytes of Salt] + [32 bytes of IV] + [n bytes of CipherText]
        var cipherTextBytesWithSaltAndIv = WebEncoders.Base64UrlDecode(cipherText);
        // Get the saltbytes by extracting the first 32 bytes from the supplied cipherText bytes.
        var saltStringBytes = cipherTextBytesWithSaltAndIv.Take(Keysize / 8).ToArray();
        // Get the IV bytes by extracting the next 32 bytes from the supplied cipherText bytes.
        var ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(Keysize / 8).Take(Keysize / 8).ToArray();
        // Get the actual cipher text bytes by removing the first 64 bytes from the cipherText string.
        var cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip((Keysize / 8) * 2).Take(cipherTextBytesWithSaltAndIv.Length - ((Keysize / 8) * 2)).ToArray();

        using (var password = new Rfc2898DeriveBytes(superSecretPassPhrase, saltStringBytes, _iterations))
        {
            var keyBytes = password.GetBytes(Keysize / 8);
            using (var symmetricKey = new RijndaelManaged())
            {
                symmetricKey.BlockSize = 256;
                symmetricKey.Mode = CipherMode.CBC;
                symmetricKey.Padding = PaddingMode.PKCS7;
                using (var decryptor = symmetricKey.CreateDecryptor(keyBytes, ivStringBytes))
                {
                    using (var memoryStream = new MemoryStream(cipherTextBytes))
                    {
                        using (var cryptoStream = new CryptoStream(memoryStream, decryptor, CryptoStreamMode.Read))
                        {
                            var plainTextBytes = new byte[cipherTextBytes.Length];
                            var decryptedByteCount = cryptoStream.Read(plainTextBytes, 0, plainTextBytes.Length);
                            memoryStream.Close();
                            cryptoStream.Close();
                            return Encoding.UTF8.GetString(plainTextBytes, 0, decryptedByteCount);
                        }
                    }
                }
            }
        }
    }

    private static byte[] Generate256BitsOfRandomEntropy()
    {
        var randomBytes = new byte[32]; // 32 Bytes will give us 256 bits.
        using (var rngCsp = new RNGCryptoServiceProvider())
        {
            // Fill the array with cryptographically secure random bytes.
            rngCsp.GetBytes(randomBytes);
        }
        return randomBytes;
    }
}

And here is my attempt to get the Decrypt method working with BouncyCastle:

    /// <summary>
    /// Decrypt a string
    /// </summary>
    /// <param name="cipherText"></param>
    /// <returns></returns>
    public static string Decrypt(string cipherText)
    {
        if (cipherText == null)
        {
            throw new ArgumentNullException(nameof(cipherText));
        }
        // Get the complete stream of bytes that represent:
        // [32 bytes of Salt] + [32 bytes of IV] + [n bytes of CipherText]
        var cipherTextBytesWithSaltAndIv = WebEncoders.Base64UrlDecode(cipherText);
        // Get the saltbytes by extracting the first 32 bytes from the supplied cipherText bytes.
        var saltStringBytes = cipherTextBytesWithSaltAndIv.Take(Keysize / 8).ToArray();
        // Get the IV bytes by extracting the next 32 bytes from the supplied cipherText bytes.
        var ivStringBytes = cipherTextBytesWithSaltAndIv.Skip(Keysize / 8).Take(Keysize / 8).ToArray();
        // Get the actual cipher text bytes by removing the first 64 bytes from the cipherText string.
        var cipherTextBytes = cipherTextBytesWithSaltAndIv.Skip((Keysize / 8) * 2).Take(cipherTextBytesWithSaltAndIv.Length - ((Keysize / 8) * 2)).ToArray();

        using (var password = new Rfc2898DeriveBytes(superSecretPassPhrase, saltStringBytes, _iterations))
        {
            var keyBytes = password.GetBytes(Keysize / 8);
            var engine = new RijndaelEngine(256);
            var blockCipher = new CbcBlockCipher(engine);
            var cipher = new PaddedBufferedBlockCipher(blockCipher, new Pkcs7Padding());
            var keyParam = new KeyParameter(keyBytes);
            var keyParamWithIV = new ParametersWithIV(keyParam, ivStringBytes, 0, 32);
            cipher.Init(true, keyParamWithIV);
            var outputBytes = new byte[cipher.GetOutputSize(cipherTextBytes.Length)];
            var length = cipher.ProcessBytes(cipherTextBytes, outputBytes, 0);
            var finalBytes = cipher.DoFinal(outputBytes, 0, length);
            var final = Encoding.UTF8.GetString(finalBytes);
            return final;
        }
    }
}

Thanks in advance! I'm sure I'm doing something dumb, but I'm not a cryptographic expert, and I'm having trouble finding good BouncyCastle examples.

Ecto answered 30/11, 2018 at 14:31 Comment(3)
Please define what you mean by "can't get it to work".Skit
Oh yeah, that's kind of important information, huh? Edited my question to include the fact that the output text is a bunch of gibberish instead of the expected string.Ecto
Thank you for posting, literally saved my day! Do you have the implementation of Encrypt too with BouncyCastle? Thanks in advance!Docila
H
6

I believe your problem is in the line

cipher.Init(true, keyParamWithIV);

the first parameter initializes the cipher for encryption if true and for decryption if false. If you set it to false it should work.

See http://people.eecs.berkeley.edu/~jonah/bc/org/bouncycastle/crypto/paddings/PaddedBufferedBlockCipher.html#init(boolean,%20org.bouncycastle.crypto.CipherParameters)

Horaciohorae answered 30/11, 2018 at 16:19 Comment(1)
Thanks! That was definitely the big piece I was missing!Ecto

© 2022 - 2024 — McMap. All rights reserved.