none
AES/CBC/PKCS5Padding in UWP App. RRS feed

  • Question

  • Hi All,

    I am developing an app in UWP ,which I want to decrypt an folder which was encrypt in "AES/CBC/PKCS5Padding" .

    I used "SymmetricAlgorithmNames.AesCbcPkcs7" for decryption but I am getting an error "Specified padding mode is not valid for this algorithm."

    please help me how can I get rid of this error. 

    If I checked with one sample by taking normal folder, I encrypted and decrypted with my methods using "SymmetricAlgorithmNames.AesCbcPkcs7" it was working fine, but the folder which was encrypted in server using "AES/CBC/PKCS5Padding" was not decrypting properly in UWP app.

    Here is my code for decryption - 

     public static async Task<bool> DecryptFolder(string fileName, StorageFolder folder, string decryptionPassword)
            {
                try
                {

                                        (folder = C:\Users\...\Packages\...\TempState and FileName= "pi-offline-content.enc")

                   string postfix = "de_";

                    StorageFile deLargefile = await folder.CreateFileAsync($"{postfix}{fileName}", CreationCollisionOption.ReplaceExisting);

                    using (Stream input = new FileStream($"{folder.Path}\\{fileName}", FileMode.OpenOrCreate))
                    {
                        using (Stream output = new FileStream(deLargefile.Path, FileMode.OpenOrCreate))
                        {
                            output.Position = 0;
                            byte[] buffer = new byte[1024 * 1024];
                            ICryptoTransform decryptor = GetCryptoTransform(false,decryptionPassword);
                            while (await input.ReadAsync(buffer, 0, buffer.Length) > 0)
                            {
                                var data = await AESDecryptToStorage(buffer, decryptor);
                                await output.WriteAsync(data, 0, data.Length);
                            }
                        }
                    }

                    return true;
                }
                catch (Exception ex)
                {
                    LogHelper.ExceptionLogging(ex, "EncryptionDecryptionHelper.DecryptUSBFile");
                }

                return false;
            }

     private static ICryptoTransform GetCryptoTransform(bool isEncryption, string pwd = "")
            {
                byte[] passByte = Encoding.ASCII.GetBytes(pwd == "" ? PDSConstants.ENCRYPTION_PWD : pwd);
                byte[] saltBytes = Encoding.ASCII.GetBytes(PDSConstants.ENCRYPTION_SALT);
                Aes aes = Aes.Create();
                aes.Padding = PaddingMode.PKCS7;  (Tried with PaddingMode.None; not getting error but not getting decrypted properly bcs file is not unzipping after this as I need to unzip the file "pi-offline-content.enc" after decryption)
                aes.Mode = CipherMode.CBC;
                return isEncryption ? aes.CreateEncryptor(passByte, saltBytes) : aes.CreateDecryptor(passByte, saltBytes);
            }

     private static async Task<byte[]> AESDecryptToStorage(byte[] bytesToBeDecrypted, ICryptoTransform decryptor)
            {
                byte[] decryptedBytes = null;
                using (MemoryStream ms = new MemoryStream())
                {
                    using (var cs = new CryptoStream(ms, decryptor, CryptoStreamMode.Write))
                    {
                        await cs.WriteAsync(bytesToBeDecrypted, 0, bytesToBeDecrypted.Length);
                    }
                    decryptedBytes = ms.ToArray();
                }
                return decryptedBytes;
            }

    NOTE: Its a large file (1.8GB) decrypting in chunks. Same working properly with Android code as they are using  "AES/CBC/PKCS5Padding" .


    sandeep chauhan


    Wednesday, November 6, 2019 2:10 PM

All replies

  • Hi,

    According to the document, SymmetricAlgorithmNames Class doesn't support AesCbcPkcs5 but does support AesCbcPkcs7. That's the reason for the unexpected behavior. 

    Here is a similar question that you can refer to: AES/CBC/PKCS5Padding in windows store apps. In the thread, it mentioned that AesCbcPkcs5 is not supported as well. Another thing is that it provides a link about the difference between AesCbcPkcs5 and AesCbcPkcs7.

    Best regards,

    Roy


    "Developing Universal Windows apps" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Developing Universal Windows apps" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Thursday, November 7, 2019 1:51 AM
    Moderator
  • HI Roy

    Thanks for reply.

    Yes, I read PKCS5Padding doesn't support in windows. But in Java used PKCS5Padding. So problem is we have a app which made in Windows and Android and have back end in Java. Android is able to decrypt the same as android support it. So what the solution here to work it in Windows. I asked our server team to make PKCS7Padding and None in java but Java doesn't support.

    Could anyone suggest for this scenario.

    Regards

    Sandeep Chauhan


    sandeep chauhan

    Friday, November 8, 2019 5:42 AM
  • Hi,

    I'm sorry to say that I don't have a good suggestion here. You could try to submit a feature request about supporting KCS5Padding in the FeedBack Hub. Open the FeedBack Hub from the Start Menu and Click the 'suggest a feature' button. Then complete form and submit it.

    Best regards,

    Roy


    "Developing Universal Windows apps" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Developing Universal Windows apps" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Monday, November 11, 2019 7:43 AM
    Moderator
  • Hi 

    I have asked to my server team to make changes at server end now they are using "AES/CBC/NoPadding". Now I also made changes into my method like aes.Padding = PaddingMode.None;  But this time I am getting below error.

    "Offset to Central Directory cannot be held in an Int64."

    I have uploaded my encrypted file(5 MB), you can download and try to decrypt using my code.

    https://drive.google.com/open?id=1ixlwcZy-NoJf6GfgJHBe6rgO7uYr6tIf

    Password: ZUSE1VTXN4PTUM6U

    Salt: "bef825-1d6b-422f"

    NOTE: Remember, This is small file (5MB), Later It would be a large file like 2GB/3GB so decryption, we are doing in chunks in our code.


    sandeep chauhan



    Tuesday, November 12, 2019 1:04 PM
  • Hi,

    Are you using AesManaged Class? The document mentioned that is is not supported for UWP but it's avaiable in .NetCore. I'd suggest you to use SymmetricAlgorithmProvider and CryptographicEngine in UWP apps for encryption.

    Best regards,

    Roy


    "Developing Universal Windows apps" forum will be migrating to a new home on Microsoft Q&A (Preview)!
    We invite you to post new questions in the "Developing Universal Windows apps" forum’s new home on Microsoft Q&A (Preview)!
    For more information, please refer to the sticky post.

    Friday, November 15, 2019 6:28 AM
    Moderator