Encrpted and Decrypted password

Question

1.00/5 (1 vote)

See more:

Hi I am a beginner I am creating an Login Form in windows forms application and I have done encryption and decryption iam getting exeception in decrypted method whether I am not calling the methods on my add method correctly or not

as

C#

An unhandled exception of type 'System.Security.Cryptography.CryptographicException' occurred in System.Core.dll

Additional information: The input data is not a complete block.

C#

private void btnlogin_Click(object sender, EventArgs e)
        {
            Encrypt(tbpwd.Text);//calling an encrypted method
            Decrypt(tbpwd.Text);//calling an decrypted method
            SqlConnection cn = new SqlConnection("data source=AP134;initial catalog=Agilepoint;integrated security=sspi");
            string qry = "insert into Logininfo(email,password) values('" + tbemail.Text + "','" + tbpwd.Text + "')";
            SqlCommand cmd = new SqlCommand(qry, cn);
            cn.Open();
            cmd.ExecuteNonQuery();
            cn.Close();
            
        }
               private string Encrypt(string password)
        {
            string EncryptionKey = "GDTDJJW765946HN";
            byte[] clearBytes = Encoding.Unicode.GetBytes(password);
            using (Aes encryptor = Aes.Create())
            {
                Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
                encryptor.Key = pdb.GetBytes(32);
                encryptor.IV = pdb.GetBytes(16);
                using (MemoryStream ms = new MemoryStream())
                {
                    using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateEncryptor(), CryptoStreamMode.Write))
                    {
                        cs.Write(clearBytes, 0, clearBytes.Length);
                        cs.Close();
                    }
                    password = Convert.ToBase64String(ms.ToArray());
                }
            }
            return password;
        }




        private string Decrypt(string password)
        {
            string EncryptionKey = "GDTDJJW765946HN";
            byte[] cipherBytes = Convert.FromBase64String(password);
            using (Aes encryptor = Aes.Create())
            {
                Rfc2898DeriveBytes pdb = new Rfc2898DeriveBytes(EncryptionKey, new byte[] { 0x49, 0x76, 0x61, 0x6e, 0x20, 0x4d, 0x65, 0x64, 0x76, 0x65, 0x64, 0x65, 0x76 });
                encryptor.Key = pdb.GetBytes(32);
                encryptor.IV = pdb.GetBytes(16);
                using (MemoryStream ms = new MemoryStream())
                {
                    using (CryptoStream cs = new CryptoStream(ms, encryptor.CreateDecryptor(), CryptoStreamMode.Write))
                    {
                        cs.Write(cipherBytes, 0, cipherBytes.Length);
                        cs.Close();//here I am getting exception
                    }
                    password = Encoding.Unicode.GetString(ms.ToArray());
                }
            }
            return password;
        }

Posted 23-Nov-15 19:08pm

jyothi joy

Add a Solution

Comments

Sergey Alexandrovich Kryukov 24-Nov-15 1:16am

The whole idea is wrong. Password should never be decrypted. This is never needed. The authentication should compare not passwords, but some cryptic piece of data; normally, cryptographic hash is used. This way, nobody knows original password, not matter how much of access one has, nobody except the person who created it.
—SA

jyothi joy 24-Nov-15 1:41am

ok sir then how I have to implement plz give me some idea about this

lukeer 24-Nov-15 2:39am

As he wrote. When user sets the password, "encrypt" it in the input form. Then leave it encrypted forever.
At the time user needs to authenticate, "encrypt" whatever user typed and compare to the stored encrypted password.

You never decrypt the password.

You have an encryption key and a decryption key there. They're identical. That's called symmetric encryption. You don't use it in this case because anyone that gets to see your code knows the key and can decrypt all the passwords even if you didn't provide a decryption method.

Instead you use a "cryptographic hash method". Those methods are irreversible. No matter who gets your code, it won't help reconstructing the passwords from their hashes.

Member 13706680 3-Apr-18 7:58am

Imports System
Imports System.Collections.Generic
Imports System.Text
Imports System.IO
Imports System.Security.Cryptography
Public Class FileReadWrite
Dim errorMessage As String = "The current operation is not supported."
Dim nullException As New NullReferenceException
Dim cryptographicException As _
New CryptographicException(errorMessage, nullException)
Public Shared key As Byte() = {21, 10, 64, 10, 100, 40, 200, 4,
21, 54, 65, 246, 5, 62, 1, 54,
54, 6, 8, 9, 65, 4, 65, 9}
Private Shared iv As Byte() = {0, 0, 0, 0, 0, 0, 0, 0}
Public Shared Function ReadFile(FilePath As String) As String

Dim fi As New FileInfo(FilePath)
If fi.Exists = False Then
Return String.Empty
End If
Dim fin As New FileStream(FilePath, FileMode.Open, FileAccess.Read)
Dim tdes As TripleDES = New TripleDESCryptoServiceProvider()
Dim cs As New CryptoStream(fin, tdes.CreateDecryptor(key, iv), CryptoStreamMode.Read)
Dim SB As New StringBuilder()
Dim ch As Integer
Dim i As Integer = 0
While i < fin.Length
ch = cs.ReadByte()
If ch = 0 Then
Exit While
End If
SB.Append(Convert.ToChar(ch))
System.Math.Max(System.Threading.Interlocked.Increment(i), i - 1)
End While
cs.Close()
fin.Close()
Return SB.ToString()
End Function
Public Shared Sub WriteFile(FilePath As String, Data As String)
Dim fout As New FileStream(FilePath, FileMode.OpenOrCreate, FileAccess.Write)
Dim tdes As TripleDES = New TripleDESCryptoServiceProvider()
Dim cs As New CryptoStream(fout, tdes.CreateEncryptor(key, iv), CryptoStreamMode.Write)
Dim d As Byte() = Encoding.ASCII.GetBytes(Data)
cs.Write(d, 0, d.Length)
cs.WriteByte(0)
cs.Close()
fout.Close()
End Sub
End Class

The above code gives me the error: An unhandled exception of type 'System.Security.Cryptography.CryptographicException' occurred in mscorlib.dll Additional information: Bad Data

Please help me to solve this error. I appreicate.

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CPallini · Accepted Answer · 2015-11-23T20:47:00

Solution 1

Others already (correctly) pointed out you shouldn't decrypt passwords.

Now back to the original question:

Quote:
Encrypt(tbpwd.Text);//calling an encrypted method
Decrypt(tbpwd.Text);//calling an decrypted method

you are getting an error because your are trying to decrypt the plain text.

Posted 23-Nov-15 20:47pm

CPallini

Comments

Sergey Alexandrovich Kryukov 24-Nov-15 3:28am

5ed.
—SA

CPallini 24-Nov-15 3:49am

Thank you.