Decryption Error: Bad Data

[yawanur03]

I am working on encrypting and decrypting user passwords. I am working on this usingmvc3 vb.net and sql server 2008 for the database. I am able to encrypt the password but I couldnt decrypt it and everytime i try to decrypt it, it would give a a 'bad data' error. Pls help! Need to fix this asap.
Here's the codes:

Code:

Imports System.Security.Cryptography
Imports System.IO
Imports System.Text

Public NotInheritable Class PasswordEncryption

    Private TripleDes As New TripleDESCryptoServiceProvider

    Private Function TruncateHash(
    ByVal key As String,
    ByVal length As Integer) As Byte()

        Dim sha1 As New SHA1CryptoServiceProvider
        Dim keyBytes() As Byte =
            System.Text.Encoding.Unicode.GetBytes(key)
        Dim hash() As Byte = sha1.ComputeHash(keyBytes)
        ReDim Preserve hash(length - 1)
        Return hash
    End Function

    Sub New(ByVal key As String)
        TripleDes.Key = TruncateHash(key, TripleDes.KeySize \ 8)
        TripleDes.IV = TruncateHash("", TripleDes.BlockSize \ 8)
    End Sub

    Public Function EncryptData(
    ByVal plaintext As String) As String

        Dim plaintextBytes() As Byte =
            System.Text.Encoding.Unicode.GetBytes(plaintext)

        Dim ms As New System.IO.MemoryStream

        Dim encStream As New CryptoStream(ms,
            TripleDes.CreateEncryptor(),
            System.Security.Cryptography.CryptoStreamMode.Write)

        encStream.Write(plaintextBytes, 0, plaintextBytes.Length)
        encStream.FlushFinalBlock()

        Return Convert.ToBase64String(ms.ToArray)
    End Function


    Public Function DecryptData(
    ByVal encryptedtext As String) As String

        Dim encryptedBytes() As Byte = Convert.FromBase64String(encryptedtext)

        Dim ms As New System.IO.MemoryStream

        Dim decStream As New CryptoStream(ms,
            TripleDes.CreateDecryptor(),
            System.Security.Cryptography.CryptoStreamMode.Write)
        Try


            decStream.Write(encryptedBytes, 0, encryptedBytes.Length)
            decStream.FlushFinalBlock()


        Catch ex As Exception

        End Try
        Return System.Text.Encoding.Unicode.GetString(ms.ToArray)


   End Function
End Class

and here's my code for the controller:

Code:

 Function ViewUsers(ByVal users As Users) As ViewResult

            Dim pwordList = New List(Of String)()

            Dim pwordQuery = From pword In db.UsersDB
                             Select pword.Password
            pwordList.AddRange(pwordQuery)

            For Each pass As String In pwordList

                PassEncrypt = New PasswordEncryption(pass)
                PassEncrypt.DecryptData(pass)
            Next

            Return View(db.UsersDB)
        End Function

[gep13]

Hello,

Since you are using ASP.Net MVC, I am going to move this thread to the MVC forum.

Gary

[MattP]

Here's the code I have for TripleDES. You should be able to modify it to provide a new constructor that accepts a string key.

Code:

Imports System.IO
Imports System.Text
Imports System.Security.Cryptography

Public Class TripleDES

    Private ReadOnly _des As New TripleDESCryptoServiceProvider
    Private ReadOnly _uni As New UnicodeEncoding
    Private ReadOnly _key() As Byte
    Private ReadOnly _iv() As Byte

    Public Sub New(key() As Byte, iv() As Byte)
        _key = key
        _iv = iv
    End Sub

    Public Function Encrypt(input() As Byte) As Byte()
        Return CryptoTransform(input, _des.CreateEncryptor(_key, _iv))
    End Function

    Public Function Encrypt(text As String) As String
        Dim input() = _uni.GetBytes(text)
        Dim output() = CryptoTransform(input, _des.CreateEncryptor(_key, _iv))
        Return Convert.ToBase64String(output)
    End Function

    Public Function Decrypt(input() As Byte) As Byte()
        Return CryptoTransform(input, _des.CreateDecryptor(_key, _iv))
    End Function

    Public Function Decrypt(text As String) As String
        Dim input() = Convert.FromBase64String(text)
        Dim output() = CryptoTransform(input, _des.CreateDecryptor(_key, _iv))
        Return _uni.GetString(output)
    End Function

    Private Function CryptoTransform(input() As Byte, transform As ICryptoTransform) As Byte()
        Dim result As Byte()

        Using ms As New MemoryStream
            Using cs As New CryptoStream(ms, transform, CryptoStreamMode.Write)
                cs.Write(input, 0, input.Length)
                cs.FlushFinalBlock()
                ms.Position = 0
                result = ms.ToArray()
            End Using
        End Using

        Return result
    End Function
End Class

Here's a small test to see if things work.

Code:

    Private Sub Form1_Load(sender As System.Object, e As System.EventArgs) Handles MyBase.Load
        Dim key() As Byte = {1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24}
        Dim iv() As Byte = {10, 9, 8, 7, 6, 5, 4, 3}
        Dim des As New TripleDES(key, iv)

        Dim originalString = "MattP"
        Dim encryptedString = des.Encrypt(originalString)
        Dim decryptedString = des.Decrypt(encryptedString)
    End Sub

As for your code it appears that you're passing in their unencrypted password to create the key & iv for encrypting it and then trying to pass in the encrypted password to create the key & iv when decrypting.