locked
encryption problem

    Question

  • Hi folks. I have a hybrid application that must have an encryption functionality. Most of my application is on the weblayer and I including the logic to encrypt / decrypt on native code but I am having a problem.

    I simplified the code (see below) and I always get an error when I try to run the application (complies fine). I get the message: "The supported user buffer is not valid for the requested operation".

    I always get the message in this line: IBuffer^encryptedBuffer = CryptographicEngine::Encrypt(key, buffer, iv);

    Confess that my knowledge about encryption is not good, but I was trying to follow the example on buildwindows.com as much as possible.

    BinaryStringEncoding

    encoding = BinaryStringEncoding::Utf8;

    IBuffer^buffer = CryptographicBuffer::ConvertStringToBinary("my content", encoding);

    SymmetricKeyAlgorithmProvider^algorithm = SymmetricKeyAlgorithmProvider::OpenAlgorithm("AES_CBC");

    UINT32keyLength = 32;

    IBuffer^keyMaterial = CryptographicBuffer::GenerateRandom(keyLength);

    CryptographicKey^key = algorithm->CreateSymmetricKey(keyMaterial);

    IBuffer^iv = CryptographicBuffer::GenerateRandom(algorithm->BlockLength);

    IBuffer^encryptedBuffer = CryptographicEngine::Encrypt(key, buffer, iv);

    returnCryptographicBuffer::ConvertBinaryToString(encoding, encryptedBuffer);

    Could someone help me ? Thanks in advance

    Monday, May 14, 2012 8:26 PM

Answers

  •  

    Hello,

     

    The Message buffer length must be multiple of block length, in your codes the "my count" message is too short for the algorithm, the block length is 16.

    If you change codes to this, it will work fine.

     

    IBuffer

    ^buffer = CryptographicBuffer::ConvertStringToBinary(L"12345678123456781234567812345678", encoding);

    Therefore, you should add an assertion in your codes.

     

    	if ((buffer->Length % algorithm->BlockLength) != 0)
    	{
    		throw exception("Message buffer length must be multiple of block length.");
    	}

    Best regards,

    Jesse


    Jesse Jiang [MSFT]
    MSDN Community Support | Feedback to us

    • Marked as answer by Lex_BR Thursday, May 17, 2012 4:15 PM
    Wednesday, May 16, 2012 9:20 AM
  • Thanks Jesse for uncovering the problem, but I have a better solution:

    The real mistake was to use AES_CBC, which does not pad instead of AES_CBC_PKCS7 which does pad the input data to the correct block size.

    See the SymmetricKeyAlgorithmProvider class

    http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.cryptography.core.symmetrickeyalgorithmprovider.aspx

    Two things for Microsoft to fix:

    #1 Make the error message precise-  it should be something like: The data input size is not correct. 

    #2 Fix all the documentation that lacks the ^ symbol:  IBuffer^encryptedBuffer =CryptographicEngine::Encrypt(key, buffer, iv);

    not IBuffer    encryptedBuffer =CryptographicEngine::Encrypt(key, buffer, iv);


    • Edited by Andrew7Webb Wednesday, May 16, 2012 3:02 PM spelling
    • Marked as answer by Lex_BR Thursday, May 17, 2012 4:16 PM
    Wednesday, May 16, 2012 12:07 PM

All replies

  •  

    Hello,

     

    The Message buffer length must be multiple of block length, in your codes the "my count" message is too short for the algorithm, the block length is 16.

    If you change codes to this, it will work fine.

     

    IBuffer

    ^buffer = CryptographicBuffer::ConvertStringToBinary(L"12345678123456781234567812345678", encoding);

    Therefore, you should add an assertion in your codes.

     

    	if ((buffer->Length % algorithm->BlockLength) != 0)
    	{
    		throw exception("Message buffer length must be multiple of block length.");
    	}

    Best regards,

    Jesse


    Jesse Jiang [MSFT]
    MSDN Community Support | Feedback to us

    • Marked as answer by Lex_BR Thursday, May 17, 2012 4:15 PM
    Wednesday, May 16, 2012 9:20 AM
  • Thanks Jesse for uncovering the problem, but I have a better solution:

    The real mistake was to use AES_CBC, which does not pad instead of AES_CBC_PKCS7 which does pad the input data to the correct block size.

    See the SymmetricKeyAlgorithmProvider class

    http://msdn.microsoft.com/en-us/library/windows/apps/windows.security.cryptography.core.symmetrickeyalgorithmprovider.aspx

    Two things for Microsoft to fix:

    #1 Make the error message precise-  it should be something like: The data input size is not correct. 

    #2 Fix all the documentation that lacks the ^ symbol:  IBuffer^encryptedBuffer =CryptographicEngine::Encrypt(key, buffer, iv);

    not IBuffer    encryptedBuffer =CryptographicEngine::Encrypt(key, buffer, iv);


    • Edited by Andrew7Webb Wednesday, May 16, 2012 3:02 PM spelling
    • Marked as answer by Lex_BR Thursday, May 17, 2012 4:16 PM
    Wednesday, May 16, 2012 12:07 PM
  • Hi Jess and Andrew. Thank you so much for the feedback. It passsed the point where I was having problem, now I ran into another but I will start playing here and do some researches.

    Thank you once again

    Steven Alexander

    Thursday, May 17, 2012 4:15 PM