Microsoft KB Archive/842791

= A System.Security.Cryptography.CryptographicException exception occurs when you try to use the RijndaelManaged class to decrypt data =

Article ID: 842791

Article Last Modified on 6/9/2004

-

APPLIES TO


 * Microsoft .NET Framework 1.1
 * Microsoft .NET Framework 1.0

-





SYMPTOMS
When you try to use the RijndaelManaged class to decrypt data, a System.Security.Cryptography.CryptographicException exception may occur. Additionally, you may receive the following error message:

An unhandled exception of type 'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll

Additional information: PKCS7 padding is invalid and cannot be removed.



CAUSE
This problem occurs because the initialization vector that you are using to try to decrypt the data is different from the initialization vector that you used to encrypt the data.

The RijndaelManaged class does not zero out an initialization vector. Therefore, each instance of the RijndaelManaged class has an initialization vector that is different from other instances of the RijndaelManaged class. Even if you use the same secret key, you cannot decrypt data that was encrypted by using a different initialization vector.

Note In rare cases, two instances of the RijndaelManaged class may have the same initialization vector.



WORKAROUND
To work around this problem, use the same initialization vector that you used to encrypt the data:  Start Microsoft Visual Studio .NET. Use Microsoft Visual Basic .NET to create a Console Application project. By default, the Module1.vb file is created.  In the Module1.vb file, replace the existing code with the following code: Option Explicit On Option Strict On

Imports System Imports System.IO Imports System.Security.Cryptography Imports System.Net.Sockets

Module Module1 Sub Main ' Perform encryption.

' Use a file stream to create and then open a file. Dim FileWriteStream As FileStream = New FileStream(&quot;C:\Test.txt&quot;, FileMode.Create)

' Create an instance of the RijndaelManaged class. Dim FirstInstance As New RijndaelManaged

' Create a symmetric Rijndael object for encryption. ' You are specifying the default values for the secret key and the initialization vector. ' These default values are generated when you create the first instance of the RijndaelManaged class. Dim Encryptor As ICryptoTransform = FirstInstance.CreateEncryptor(FirstInstance.Key, FirstInstance.IV)

' Initialize a new instance of the CryptoStream class with the destination file stream, ' the cryptographic transformation to use, and the mode of the stream. Dim CryptoWriteStream As New CryptoStream(FileWriteStream, Encryptor, CryptoStreamMode.Write)

' Initialize a new stream writer for writing to the CryptoStream object. Dim MyStreamWriter As New StreamWriter(CryptoWriteStream)

' Write some data to the CryptoStream object. MyStreamWriter.WriteLine(&quot;Hello World!&quot;)

' Inform the user that the encrypted data was written. Console.WriteLine(&quot;The encrypted data was written.&quot;)

' Close all streams and writers. MyStreamWriter.Close CryptoWriteStream.Close FileWriteStream.Close

' Perform decryption.

' Use a file stream to open the file that you had written the encrypted data to. Dim FileReadStream As FileStream = New FileStream(&quot;C:\Test.txt&quot;, FileMode.Open)

' Create another instance of the RijndaelManaged class. Dim SecondInstance As New RijndaelManaged

' Create a symmetric Rijndael object for decryption. ' You are specifying the same secret key and initialization vector that you used to encrypt the data. Dim Decryptor As ICryptoTransform = SecondInstance.CreateDecryptor(FirstInstance.Key, FirstInstance.IV)

' Initialize a new instance of the CryptoStream class with the source file stream, ' the cryptographic transformation to use, and the mode of the stream. Dim CryptoReadStream As New CryptoStream(FileReadStream, Decryptor, CryptoStreamMode.Read)

' Initialize a new stream reader for reading from the CryptoStream object. Dim MyStreamReader As New StreamReader(CryptoReadStream)

' Read the encrypted data, and then display the decrypted data. ' The displayed data is the same as the original data that you had encrypted. Console.WriteLine(&quot;The decrypted data is: {0}&quot;, MyStreamReader.ReadToEnd) Console.WriteLine(&quot;Press ENTER to exit.&quot;) Console.ReadLine

' Close all streams and writers. MyStreamReader.Close CryptoReadStream.Close FileReadStream.Close

End Sub End Module  Build and then run your application. A console window appears that contains the following text:

The encrypted data was written.

The decrypted data is: Hello World!

Press ENTER to exit.

 Press ENTER to quit the program.

<div class="status_section">

STATUS
This behavior is by design.

<div class="moreinformation_section">

Steps to reproduce the behavior
 Start Visual Studio .NET.</li> Use Visual Basic .NET to create a Console Application project. By default, the Module1.vb file is created.</li>  In the Module1.vb file, replace the existing code with the following code: Option Explicit On Option Strict On

Imports System Imports System.IO Imports System.Security.Cryptography Imports System.Net.Sockets

Module Module1 Sub Main ' Perform encryption.

' Use a file stream to create and then open a file. Dim FileWriteStream As FileStream = New FileStream(&quot;C:\Test.txt&quot;, FileMode.Create)

' Create an instance of the RijndaelManaged class. Dim FirstInstance As New RijndaelManaged

' Create a symmetric Rijndael object for encryption. ' You are specifying the default values for the secret key and the initialization vector. ' These default values are generated when you create the first instance of the RijndaelManaged class. Dim Encryptor As ICryptoTransform = FirstInstance.CreateEncryptor(FirstInstance.Key, FirstInstance.IV)

' Initialize a new instance of the CryptoStream class with the destination file stream, ' the cryptographic transformation to use, and the mode of the stream. Dim CryptoWriteStream As New CryptoStream(FileWriteStream, Encryptor, CryptoStreamMode.Write)

' Initialize a new stream writer for writing to the CryptoStream object. Dim MyStreamWriter As New StreamWriter(CryptoWriteStream)

' Write some data to the CryptoStream object. MyStreamWriter.WriteLine(&quot;Hello World!&quot;)

' Inform the user that the encrypted data was written. Console.WriteLine(&quot;The encrypted data was written.&quot;)

' Close all streams and writers. MyStreamWriter.Close CryptoWriteStream.Close FileWriteStream.Close

' Perform decryption.

' Use a file stream to open the file that you had written the encrypted data to. Dim FileReadStream As FileStream = New FileStream(&quot;C:\Test.txt&quot;, FileMode.Open)

' Create another instance of the RijndaelManaged class. Dim SecondInstance As New RijndaelManaged

' Create a symmetric Rijndael object for decryption. ' You are specifying the same secret key that you used to encrypt the data. ' You are also specifying the default value for the initialization vector. ' This default value is generated when you create the second instance of the RijndaelManaged class. Dim Decryptor As ICryptoTransform = SecondInstance.CreateDecryptor(FirstInstance.Key, SecondInstance.IV)

' Initialize a new instance of the CryptoStream class with the source file stream, ' the cryptographic transformation to use, and the mode of the stream. Dim CryptoReadStream As New CryptoStream(FileReadStream, Decryptor, CryptoStreamMode.Read)

' Initialize a new stream reader for reading from the CryptoStream object. Dim MyStreamReader As New StreamReader(CryptoReadStream)

' Read the encrypted data, and then display the decrypted data. ' The displayed data is the same as the original data that you had encrypted. Console.WriteLine(&quot;The decrypted data is: {0}&quot;, MyStreamReader.ReadToEnd) Console.WriteLine(&quot;Press ENTER to exit.&quot;) Console.ReadLine

' Close all streams and writers. MyStreamReader.Close CryptoReadStream.Close FileReadStream.Close

End Sub End Module </li> Build and then run your application. The behavior that is mentioned in the &quot;Symptoms&quot; section may occur.</li></ol>

<div class="references_section">