关于加密：在.NET中使用AES加密 – CryptographicException表示填充无效且无法删除

Using AES encryption in .NET - CryptographicException saying the padding is invalid and cannot be removed

我用C编写了一些AES加密代码，但很难让它正确加密和解密。如果我输入"test"作为密码短语，"这个数据必须对每个人保密！"我收到以下例外情况：

1
2
3
4
5
6
7
8

System.Security.Cryptography.CryptographicException: Padding is invalid and cannot be removed.
at System.Security.Cryptography.RijndaelManagedTransform.DecryptData(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount, Byte[]& outputBuffer, Int32 outputOffset, PaddingMode paddingMode, Boolean fLast)
at System.Security.Cryptography.RijndaelManagedTransform.TransformFinalBlock(Byte[] inputBuffer, Int32 inputOffset, Int32 inputCount)
at System.Security.Cryptography.CryptoStream.FlushFinalBlock()
at System.Security.Cryptography.CryptoStream.Dispose(Boolean disposing)
at System.IO.Stream.Close()
at System.IO.Stream.Dispose()
...

如果我输入的字符少于16个，就没有输出。

我相信在加密中我需要一些特殊的处理，因为AES是一个分组密码，但我不确定这到底是什么，而且我在网上找不到任何显示如何处理的示例。这是我的代码：

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

using System;
using System.IO;
using System.Security.Cryptography;
using System.Text;

public static class DatabaseCrypto
{
public static EncryptedData Encrypt(string password, string data)
{
return DatabaseCrypto.Transform(true, password, data, null, null) as EncryptedData;
}

public static string Decrypt(string password, EncryptedData data)
{
return DatabaseCrypto.Transform(false, password, data.DataString, data.SaltString, data.MACString) as string;
}

private static object Transform(bool encrypt, string password, string data, string saltString, string macString)
{
using (AesManaged aes = new AesManaged())
{
aes.Mode = CipherMode.CBC;
aes.Padding = PaddingMode.PKCS7;
int key_len = aes.KeySize / 8;
int iv_len = aes.BlockSize / 8;
const int salt_size = 8;
const int iterations = 8192;

byte[] salt=encrypt ? new byte[salt_size] : Convert.FromBase64String(saltString);
if (encrypt)
{
new RNGCryptoServiceProvider().GetBytes(salt);
}

byte[] bc_key = new Rfc2898DeriveBytes("BLK" + password, salt, iterations).GetBytes(key_len);
byte[] iv = new Rfc2898DeriveBytes("IV" + password, salt, iterations).GetBytes(iv_len);
byte[] mac_key = new Rfc2898DeriveBytes("MAC" + password, salt, iterations).GetBytes(16);

aes.Key = bc_key;
aes.IV = iv;

byte[] rawData = encrypt ? Encoding.UTF8.GetBytes(data) : Convert.FromBase64String(data);

using (ICryptoTransform transform = encrypt ? aes.CreateEncryptor() : aes.CreateDecryptor())
using (MemoryStream memoryStream = encrypt ? new MemoryStream() : new MemoryStream(rawData))
using (CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, encrypt ? CryptoStreamMode.Write : CryptoStreamMode.Read))
{
if (encrypt)
{
cryptoStream.Write(rawData, 0, rawData.Length);

return new EncryptedData(salt, mac_key, memoryStream.ToArray());
}
else
{
byte[] originalData = new byte[rawData.Length];
int count = cryptoStream.Read(originalData, 0, originalData.Length);

return Encoding.UTF8.GetString(originalData, 0, count);
}
}
}
}
}

public class EncryptedData
{
public EncryptedData()
{
}

public EncryptedData(byte[] salt, byte[] mac, byte[] data)
{
this.Salt=salt;
this.MAC = mac;
this.Data = data;
}

public EncryptedData(string salt, string mac, string data)
{
this.SaltString = salt;
this.MACString = mac;
this.DataString = data;
}

public byte[] Salt
{
get;
set;
}

public string SaltString
{
get { return Convert.ToBase64String(this.Salt); }
set { this.Salt=Convert.FromBase64String(value); }
}

public byte[] MAC
{
get;
set;
}

public string MACString
{
get { return Convert.ToBase64String(this.MAC); }
set { this.MAC = Convert.FromBase64String(value); }
}

public byte[] Data
{
get;
set;
}

public string DataString
{
get { return Convert.ToBase64String(this.Data); }
set { this.Data = Convert.FromBase64String(value); }
}
}

static void ReadTest()
{
Console.WriteLine("Enter password:");
string password = Console.ReadLine();

using (StreamReader reader = new StreamReader("aes.cs.txt"))
{
EncryptedData enc = new EncryptedData();
enc.SaltString = reader.ReadLine();
enc.MACString = reader.ReadLine();
enc.DataString = reader.ReadLine();

Console.WriteLine("The decrypted data was:" + DatabaseCrypto.Decrypt(password, enc));
}
}

static void WriteTest()
{
Console.WriteLine("Enter data:");
string data = Console.ReadLine();
Console.WriteLine("Enter password:");
string password = Console.ReadLine();

EncryptedData enc = DatabaseCrypto.Encrypt(password, data);

using (StreamWriter stream = new StreamWriter("aes.cs.txt"))
{
stream.WriteLine(enc.SaltString);
stream.WriteLine(enc.MACString);
stream.WriteLine(enc.DataString);

Console.WriteLine("The encrypted data was:" + enc.DataString);
}
}

在需要填充的模式(如cbc)中使用像aes这样的块密码时，必须注意输出总是块大小的倍数。为此，pkcs7等填充模式将在加密过程结束时向密码添加一些字节。但是你必须让加密机知道什么时候结束。为此，您只需插入语句

1	cryptoStream.FlushFinalBlock();

之后

1	cryptoStream.Write(rawData, 0, rawData.Length);

PS：

也许它只是为了调试，但是您的salt生成方法每次都会生成完全相同的salt。