【问题标题】:Padding is invalid and cannot be removed when decrypting string填充无效,解密字符串时无法移除
【发布时间】:2016-11-15 09:02:35
【问题描述】:

我有一个 AES 加密有效负载的网页,以及一个要在站点的查询字符串中发送的公钥(这是客户的请求,不是我的选择),有效负载将在其中被解密并采取行动。

这是网页:

<!DOCTYPE html>
<html>
<head>
    <title></title>
    <meta charset="utf-8" />
</head>
<body>

</body>

</html>

<script src="Scripts/CryptoJS/core.js"></script>
<script src="Scripts/CryptoJS/cipher-core.js"></script>
<script src="Scripts/CryptoJS/aes.js"></script>
<script src="Scripts/CryptoJS/enc-utf16.js"></script>
<script src="Scripts/CryptoJS/enc-base64.js"></script>

<script>
    var payload = "you can do this Rick!";
    var keyvalue = '1234567890ABCDEF';

    var key = CryptoJS.enc.Utf8.parse(keyvalue);
    var iv = CryptoJS.enc.Utf8.parse(keyvalue);


    var encrypted = CryptoJS.AES.encrypt(CryptoJS.enc.Utf8.parse(payload), key,
       {
           keySize: 128 ,
           iv: iv,
           mode: CryptoJS.mode.CBC,
           padding: CryptoJS.pad.Pkcs7
       });

    window.location = "Home/To?encrptedPayload=" + encrypted + "&ivPublicKeyNonEncrypted=" + keyvalue;

</script>

这是接收调用的控制器:

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Security.Cryptography;
using System.Text;
using System.Web;
using System.Web.Mvc;

namespace Workbench2.Controllers
{
    public class HomeController : Controller
    {
        byte[] Key = Encoding.UTF8.GetBytes("1234567890ABCDEF");

        public ActionResult Index()
        {
            return View();
        }

        public ActionResult To(string encrptedPayload, string ivPublicKeyNonEncrypted)
        {
            string result = "";

            var bIv = Encoding.UTF8.GetBytes(ivPublicKeyNonEncrypted);

            // Create an RijndaelManaged object
            // with the specified key and IV.
            using (RijndaelManaged rijAlg = new RijndaelManaged())
            {
                rijAlg.KeySize = 128;
                rijAlg.Key = Key;
                rijAlg.IV = bIv;
                rijAlg.Padding=PaddingMode.PKCS7;
                rijAlg.Mode=CipherMode.CBC;

                // Create a decrytor to perform the stream transform.
                ICryptoTransform decryptor = rijAlg.CreateDecryptor(rijAlg.Key, rijAlg.IV);                

                // Create the streams used for decryption.
                var bPayload = Encoding.UTF8.GetBytes(encrptedPayload);
                using (MemoryStream msDecrypt = new MemoryStream(bPayload))
                {
                    using (CryptoStream csDecrypt = new CryptoStream(msDecrypt, decryptor, CryptoStreamMode.Read))
                    {
                        using (StreamReader srDecrypt = new StreamReader(csDecrypt))
                        {
                            // Read the decrypted bytes from the decrypting stream
                            // and place them in a string.
                            result = srDecrypt.ReadToEnd(); // THIS LINE THROWS ERROR                            }
                    }
                }

            }

            return View(result);
        }               
    }
}

我收到消息“填充无效,无法删除。”当以下行执行时:

结果 = srDecrypt.ReadToEnd();

【问题讨论】:

  • 如果您对加密字符串进行 URL 编码,会有所不同吗?

标签: c# .net encryption


【解决方案1】:

加密的数据是二进制,除非您以某种方式对其进行了编码 - see e.g. this,否则您无法将其传递到字符串中。如果您需要以字符串形式移动它,请使用base64 之类的编码。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 1970-01-01
    • 2018-07-17
    • 1970-01-01
    • 2012-05-24
    • 1970-01-01
    • 2014-05-16
    • 1970-01-01
    相关资源
    最近更新 更多