A System.Security.Cryptography.CryptographicException exception occurs when you try to use the RijndaelManaged class to decrypt data (842791)


The information in this article applies to:

  • Microsoft .NET Framework 1.1
  • Microsoft .NET Framework 1.0

SYMPTOMS

When you try to use the RijndaelManaged class to decrypt data, a System.Security.Cryptography.CryptographicException exception may occur. Additionally, you may receive the following error message:
An unhandled exception of type 'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll

Additional information: PKCS7 padding is invalid and cannot be removed.

CAUSE

This problem occurs because the initialization vector that you are using to try to decrypt the data is different from the initialization vector that you used to encrypt the data.

The RijndaelManaged class does not zero out an initialization vector. Therefore, each instance of the RijndaelManaged class has an initialization vector that is different from other instances of the RijndaelManaged class. Even if you use the same secret key, you cannot decrypt data that was encrypted by using a different initialization vector.

Note In rare cases, two instances of the RijndaelManaged class may have the same initialization vector.

WORKAROUND

To work around this problem, use the same initialization vector that you used to encrypt the data:
  1. Start Microsoft Visual Studio .NET.
  2. Use Microsoft Visual Basic .NET to create a Console Application project. By default, the Module1.vb file is created.
  3. In the Module1.vb file, replace the existing code with the following code:
    Option Explicit On 
Option Strict On

Imports System
Imports System.IO
Imports System.Security.Cryptography
Imports System.Net.Sockets

Module Module1
    Sub Main()
        ' Perform encryption.

        ' Use a file stream to create and then open a file.
        Dim FileWriteStream As FileStream = New FileStream("C:\Test.txt", FileMode.Create)

        ' Create an instance of the RijndaelManaged class.
        Dim FirstInstance As New RijndaelManaged

        ' Create a symmetric Rijndael object for encryption.
        ' You are specifying the default values for the secret key and the initialization vector.
        ' These default values are generated when you create the first instance of the RijndaelManaged class.
        Dim Encryptor As ICryptoTransform = FirstInstance.CreateEncryptor(FirstInstance.Key, FirstInstance.IV)

        ' Initialize a new instance of the CryptoStream class with the destination file stream,
        ' the cryptographic transformation to use, and the mode of the stream.
        Dim CryptoWriteStream As New CryptoStream(FileWriteStream, Encryptor, CryptoStreamMode.Write)

        ' Initialize a new stream writer for writing to the CryptoStream object.
        Dim MyStreamWriter As New StreamWriter(CryptoWriteStream)

        ' Write some data to the CryptoStream object.
        MyStreamWriter.WriteLine("Hello World!")

        ' Inform the user that the encrypted data was written.
        Console.WriteLine("The encrypted data was written.")

        ' Close all streams and writers.
        MyStreamWriter.Close()
        CryptoWriteStream.Close()
        FileWriteStream.Close()

        ' Perform decryption.

        ' Use a file stream to open the file that you had written the encrypted data to.
        Dim FileReadStream As FileStream = New FileStream("C:\Test.txt", FileMode.Open)

        ' Create another instance of the RijndaelManaged class.
        Dim SecondInstance As New RijndaelManaged

        ' Create a symmetric Rijndael object for decryption.
        ' You are specifying the same secret key and initialization vector that you used to encrypt the data.
        Dim Decryptor As ICryptoTransform = SecondInstance.CreateDecryptor(FirstInstance.Key, FirstInstance.IV)

        ' Initialize a new instance of the CryptoStream class with the source file stream,
        ' the cryptographic transformation to use, and the mode of the stream.
        Dim CryptoReadStream As New CryptoStream(FileReadStream, Decryptor, CryptoStreamMode.Read)

        ' Initialize a new stream reader for reading from the CryptoStream object.
        Dim MyStreamReader As New StreamReader(CryptoReadStream)

        ' Read the encrypted data, and then display the decrypted data.
        ' The displayed data is the same as the original data that you had encrypted.
        Console.WriteLine("The decrypted data is: {0}", MyStreamReader.ReadToEnd())
        Console.WriteLine("Press ENTER to exit.")
        Console.ReadLine()

        ' Close all streams and writers.
        MyStreamReader.Close()
        CryptoReadStream.Close()
        FileReadStream.Close()

    End Sub
End Module
  4. Build and then run your application. A console window appears that contains the following text:The encrypted data was written.
    The decrypted data is: Hello World!
    Press ENTER to exit.
  5. Press ENTER to quit the program.

STATUS

This behavior is by design.

MORE INFORMATION

Steps to reproduce the behavior

  1. Start Visual Studio .NET.
  2. Use Visual Basic .NET to create a Console Application project. By default, the Module1.vb file is created.
  3. In the Module1.vb file, replace the existing code with the following code:
    Option Explicit On 
Option Strict On

Imports System
Imports System.IO
Imports System.Security.Cryptography
Imports System.Net.Sockets

Module Module1
    Sub Main()
        ' Perform encryption.

        ' Use a file stream to create and then open a file.
        Dim FileWriteStream As FileStream = New FileStream("C:\Test.txt", FileMode.Create)

        ' Create an instance of the RijndaelManaged class.
        Dim FirstInstance As New RijndaelManaged

        ' Create a symmetric Rijndael object for encryption.
        ' You are specifying the default values for the secret key and the initialization vector.
        ' These default values are generated when you create the first instance of the RijndaelManaged class.
        Dim Encryptor As ICryptoTransform = FirstInstance.CreateEncryptor(FirstInstance.Key, FirstInstance.IV)

        ' Initialize a new instance of the CryptoStream class with the destination file stream,
        ' the cryptographic transformation to use, and the mode of the stream.
        Dim CryptoWriteStream As New CryptoStream(FileWriteStream, Encryptor, CryptoStreamMode.Write)

        ' Initialize a new stream writer for writing to the CryptoStream object.
        Dim MyStreamWriter As New StreamWriter(CryptoWriteStream)

        ' Write some data to the CryptoStream object.
        MyStreamWriter.WriteLine("Hello World!")

        ' Inform the user that the encrypted data was written.
        Console.WriteLine("The encrypted data was written.")

        ' Close all streams and writers.
        MyStreamWriter.Close()
        CryptoWriteStream.Close()
        FileWriteStream.Close()

        ' Perform decryption.

        ' Use a file stream to open the file that you had written the encrypted data to.
        Dim FileReadStream As FileStream = New FileStream("C:\Test.txt", FileMode.Open)

        ' Create another instance of the RijndaelManaged class.
        Dim SecondInstance As New RijndaelManaged

        ' Create a symmetric Rijndael object for decryption.
        ' You are specifying the same secret key that you used to encrypt the data.
        ' You are also specifying the default value for the initialization vector.
        ' This default value is generated when you create the second instance of the RijndaelManaged class.
        Dim Decryptor As ICryptoTransform = SecondInstance.CreateDecryptor(FirstInstance.Key, SecondInstance.IV)

        ' Initialize a new instance of the CryptoStream class with the source file stream,
        ' the cryptographic transformation to use, and the mode of the stream.
        Dim CryptoReadStream As New CryptoStream(FileReadStream, Decryptor, CryptoStreamMode.Read)

        ' Initialize a new stream reader for reading from the CryptoStream object.
        Dim MyStreamReader As New StreamReader(CryptoReadStream)

        ' Read the encrypted data, and then display the decrypted data.
        ' The displayed data is the same as the original data that you had encrypted.
        Console.WriteLine("The decrypted data is: {0}", MyStreamReader.ReadToEnd())
        Console.WriteLine("Press ENTER to exit.")
        Console.ReadLine()

        ' Close all streams and writers.
        MyStreamReader.Close()
        CryptoReadStream.Close()
        FileReadStream.Close()

    End Sub
End Module
  4. Build and then run your application. The behavior that is mentioned in the "Symptoms" section may occur.

REFERENCES

For more information, visit the following Microsoft Developer Network (MSDN) Web sites:

Decrypting data
http://msdn.microsoft.com/library/en-us/cpguide/html/cpcondecryptingdata.asp

Encrypting data
http://msdn.microsoft.com/library/en-us/cpguide/html/cpconencryptingdata.asp

Generating keys for encryption and decryption
http://msdn.microsoft.com/library/en-us/cpguide/html/cpcongeneratingkeysforencryptiondecryption.asp

CryptographicException class
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfsystemsecuritycryptographycryptographicexceptionclasstopic.asp

RijndaelManaged class
http://msdn.microsoft.com/library/en-us/cpref/html/frlrfSystemSecurityCryptographyRijndaelManagedClassTopic.asp

Modification Type:MajorLast Reviewed:6/9/2004
Keywords:kbSecurity kbCrypt kbSample kberrmsg kbcode kbprb KB842791 kbAudDeveloper
©2004 Microsoft Corporation. All rights reserved.