invalid length while decrypting TripleDESCryptoServiceProvider

public static string DESDecrypt(string sToDecrypt)

if (0 == sToDecrypt.Length) return "";

byte[] Code = Convert.FromBase64String(sToDecrypt);

string decrypted = ASCIIEncoding.ASCII.GetString(des.CreateDecryptor().TransformFinalBlock(Code, 0, Code.Length));

return decrypted;

What is "des" and where is it declared?

Typical implementation of TripleDES:

public static string Encrypt(string toEncrypt, string key, bool useHashing)
{
    byte[] keyArray;
    byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(toEncrypt);

    if(useHashing)
    {
        MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
        keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
    }
    else
        keyArray = UTF8Encoding.UTF8.GetBytes(key);

    TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
    tdes.Key = keyArray;
    tdes.Mode = CipherMode.ECB;
    tdes.Padding = PaddingMode.PKCS7;

    ICryptoTransform cTransform = tdes.CreateEncryptor();
    byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);

    return Convert.ToBase64String(resultArray, 0, resultArray.Length);
}

public static string Decrypt(string toDecrypt, string key, bool useHashing)
{
    byte[] keyArray;
    byte[] toEncryptArray = Convert.FromBase64String(toDecrypt);

    if(useHashing)
    {
        MD5CryptoServiceProvider hashmd5 = new MD5CryptoServiceProvider();
        keyArray = hashmd5.ComputeHash(UTF8Encoding.UTF8.GetBytes(key));
    }
    else
        keyArray = UTF8Encoding.UTF8.GetBytes(key);

    TripleDESCryptoServiceProvider tdes = new TripleDESCryptoServiceProvider();
    tdes.Key = keyArray;
    tdes.Mode = CipherMode.ECB;
    tdes.Padding = PaddingMode.PKCS7;

    ICryptoTransform cTransform = tdes.CreateDecryptor();
    byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);

    return UTF8Encoding.UTF8.GetString(resultArray);
}

Hi, go through the below link. this might help you a bit.

http://66.129.67.4/t/1251859.aspx

http://www.derkeiler.com/pdf/Newsgroups/microsoft.public.dotnet.security/2004-07/0024.pdf

http://forums.msdn.microsoft.com/en-US/netfxnetcom/thread/97141091-8ee9-4bb8-a24d-2c4b5fa2b8ff/

You can also find more info. here.

http://www.codeproject.com/KB/dotnet/Cryptography_MD5_TriDES.aspx

http://www.codeproject.com/KB/security/encryption_decryption.aspx

Hope this helps you a bit. All the Best..!!!

Rakesh Vikram

Hi,

you need to use the same key used in encryption for decryption also.

while encrypting store the key created in database.

and while decryption fetch the key from the datbase and use the same...

or use common key for encryption all time. Its better to store the key in web.config and use it...

or you can hard code key directly in your code....

public static string DESEncrypt(string data)
     {
         try
         {
             string results = "";
             DESCryptoServiceProvider des = new DESCryptoServiceProvider();
             Byte[] keybytes = Encoding.ASCII.GetBytes("???hf@?");
             Byte[] vectorbytes = Encoding.ASCII.GetBytes("V$?????");
             ICryptoTransform encryptor = des.CreateEncryptor(keybytes, vectorbytes);
             Byte[] databytes = Encoding.Default.GetBytes(data);
             Byte[] cipherbytes = encryptor.TransformFinalBlock(databytes, 0, databytes.Length);
             results = Convert.ToBase64String(cipherbytes);
             return results;
         }
         catch(Exception ex)
         {
             return string.Empty;
         }
     }

    public static string DESDecrypt(String cipher)
    {
        try
        {
            string results = "";
            Byte[] clearbytes;
            Byte[] vectorbytes = Encoding.ASCII.GetBytes("V$?????");
            Byte[] keybytes = Encoding.ASCII.GetBytes("???hf@?");
            Byte[] cipherbytes = Convert.FromBase64String(cipher);
            DESCryptoServiceProvider des = new DESCryptoServiceProvider();
            ICryptoTransform decryptor = des.CreateDecryptor(keybytes, vectorbytes);
            clearbytes = decryptor.TransformFinalBlock(cipherbytes, 0, cipherbytes.Length);
            results = Encoding.Default.GetString(clearbytes);
            return results;
        }
        catch (Exception ex)
        {
            return string.Empty;
        }
    }

use the same key used in encryption for decryption ,store the key in web.config and use it:
public static string DESEncrypt(string data)
     {
         try
         {
             string results = "";
             DESCryptoServiceProvider des = new DESCryptoServiceProvider();
             Byte[] keybytes = Encoding.ASCII.GetBytes("???hf@?");
             Byte[] vectorbytes = Encoding.ASCII.GetBytes("V$?????");
             ICryptoTransform encryptor = des.CreateEncryptor(keybytes, vectorbytes);
             Byte[] databytes = Encoding.Default.GetBytes(data);
             Byte[] cipherbytes = encryptor.TransformFinalBlock(databytes, 0, databytes.Length);
             results = Convert.ToBase64String(cipherbytes);
             return results;
         }
         catch(Exception ex)
         {
             return string.Empty;
         }
     }

    public static string DESDecrypt(String cipher)
    {
        try
        {
            string results = "";
            Byte[] clearbytes;
            Byte[] vectorbytes = Encoding.ASCII.GetBytes("V$?????");
            Byte[] keybytes = Encoding.ASCII.GetBytes("???hf@?");
            Byte[] cipherbytes = Convert.FromBase64String(cipher);
            DESCryptoServiceProvider des = new DESCryptoServiceProvider();
            ICryptoTransform decryptor = des.CreateDecryptor(keybytes, vectorbytes);
            clearbytes = decryptor.TransformFinalBlock(cipherbytes, 0, cipherbytes.Length);
            results = Encoding.Default.GetString(clearbytes);
            return results;
        }
        catch (Exception ex)
        {
            return string.Empty;
        }
    }