locked
MD5 Hash and Windows.Security.Cryptography - "Bad Data" RRS feed

  • Question

  • We're currently using the MD5 algorithm and TripleDes in System.Security.Cryptography to secure some data.  The encrypt/decrypt works just fine.  We're now trying to port this to a marketplace app using Windows.Security.Cryptography but we're recieving a "Bad Data" error when decrypting.  Below is my method to Encrypt which the resultant string is decrypted just fine by our webservice.  The next method shows my attempt at using Windows.Security.Cryptography but this results in "Bad Data" during decrypt.

    MemoryStream encryptedStream = new MemoryStream();
          TripleDESCryptoServiceProvider tripleDes = new TripleDESCryptoServiceProvider();
          tripleDes.GenerateIV();
    
          //use md5 to create a 128bit key out of the preshared key for tripledes
          MD5 md5hasher = MD5.Create();
          //also appended a simple salt - somebody that got ahold of the key would also need the salt out of the code
          tripleDes.Key = md5hasher.ComputeHash(
            Encoding.UTF8.GetBytes(key + "HereIsWhereMySaltGoes"));
    
    
          CryptoStream cStream = new CryptoStream(
            encryptedStream,
            tripleDes.CreateEncryptor(),
            CryptoStreamMode.Write);
    
    
          // Convert the passed string to a byte array.
          byte[] unencryptedBytes = Encoding.UTF8.GetBytes(data);
    
          // Write the byte array to the crypto stream and flush it.
          cStream.Write(unencryptedBytes, 0, unencryptedBytes.Length);
          cStream.FlushFinalBlock();
    
          //encode the encrypted data as base64 and append the initialization vector
          String base64EncryptedDataPlusIV =
            Convert.ToBase64String(encryptedStream.ToArray())
            + ":" + Convert.ToBase64String(tripleDes.IV);
    
          // Close the streams.
          cStream.Close();
          encryptedStream.Close();
    
          // Return the encrypted string plus the iv.
          return base64EncryptedDataPlusIV;


    I've tried to port this to a MarketPlace app and Windows.Security.Cryptography with the following

              

    public static String Encrypt(string data, String key)
        {
          HashAlgorithmProvider md5hasher = Windows.Security.Cryptography.Core.HashAlgorithmProvider.OpenAlgorithm(HashAlgorithmNames.Md5);
          SymmetricKeyAlgorithmProvider tripleDes = SymmetricKeyAlgorithmProvider.OpenAlgorithm(SymmetricAlgorithmNames.TripleDesCbcPkcs7);
    
    
          IBuffer tripleDesKey = md5hasher.HashData(CryptographicBuffer.ConvertStringToBinary(key + "HereIsWhereMySaltGoes", BinaryStringEncoding.Utf8));
    
          byte[] tripleDesKeyArray;
          CryptographicBuffer.CopyToByteArray(tripleDesKey, out tripleDesKeyArray);
          CryptographicKey cryptoKey = tripleDes.CreateSymmetricKey(CryptographicBuffer.CreateFromByteArray(PadToMultipleOf(tripleDesKeyArray, 32)));
    
          IBuffer iv = CryptographicBuffer.GenerateRandom(8);
          IBuffer dataToEncrypt = Windows.Security.Cryptography.CryptographicBuffer.ConvertStringToBinary(data, BinaryStringEncoding.Utf8);
    
          IBuffer buffEncrypt = CryptographicEngine.Encrypt(cryptoKey, dataToEncrypt, iv);
    
          String encryptedDataPlusIV = String.Format("{0}:{1}", CryptographicBuffer.EncodeToBase64String(buffEncrypt),
            CryptographicBuffer.EncodeToBase64String(iv));
          return encryptedDataPlusIV;
        }
    private static byte[] PadToMultipleOf(byte[] src, int len)
        {
          Array.Resize(ref src, len);
          return src;
        }

    However, when trying to decrypt, the same webservice call simply says bad data.  What am I missing?



    • Edited by BlainLevitt Monday, December 23, 2013 4:14 PM
    • Moved by Anne Jing Wednesday, December 25, 2013 6:05 AM main about windows API
    Monday, December 23, 2013 4:13 PM

All replies

  • Hi,

    Your problem is not main about how to develop windows store app. You should go to Application Security for Windows Desktop to post your problem. In there, you can get more professional help!

    Best Wishes!


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey. Thanks<br/> MSDN Community Support<br/> <br/> Please remember to &quot;Mark as Answer&quot; the responses that resolved your issue. It is a common way to recognize those who have helped you, and makes it easier for other visitors to find the resolution later.

    Wednesday, December 25, 2013 6:03 AM
  • I have the same problem

    https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/ff72ecd6-cc6d-43e3-a581-be7e697400d5/tripledescryptoserviceprovider-bad-data?forum=windowssecurity

    • Edited by Pit Defrih Wednesday, July 8, 2015 10:10 AM
    Wednesday, July 8, 2015 9:58 AM